# Gemini Enterprise Agent Platform — Terraform Scaffold

Provisions the infrastructure needed to use the Gemini Enterprise Agent Platform (Vertex AI Agent Engine) on an existing GCP project: required APIs, service accounts, and IAM bindings.

> **AI-generated code.** This module was scaffolded with AI assistance. Review all resources and IAM bindings before applying to a production project.

## Creating a GCP project

```bash
# List available folders to find your folder ID
gcloud resource-manager folders list --organization=ORGANIZATION_ID

# Create a new project inside a folder
gcloud projects create PROJECT_ID \
  --name="PROJECT_DISPLAY_NAME" \
  --folder=FOLDER_ID

# Link a billing account (required before enabling APIs)
gcloud billing projects link PROJECT_ID \
  --billing-account=BILLING_ACCOUNT_ID

# Verify
gcloud projects describe PROJECT_ID
```

To find your billing account ID:

```bash
gcloud billing accounts list
```

## Prerequisites

- Terraform >= 1.5.0
- An existing GCP project
- `gcloud` CLI authenticated with permissions to enable APIs and manage IAM

## Usage

```bash
cp terraform.tfvars.example terraform.tfvars
# edit terraform.tfvars — set your project_id

terraform init
terraform plan
terraform apply
```

## Variables

| Name | Required | Default | Description |
|---|---|---|---|
| `project_id` | yes | — | Existing GCP project ID |
| `prefix` | no | `gemini` | Short prefix applied to all resource names |

## Outputs

| Name | Description |
|---|---|
| `project_id` | GCP project ID |
| `agent_sa_email` | Runtime service account email (for apps) |
| `code_assist_sa_email` | Code Assist enterprise SA email |

## What gets created

- **7 GCP APIs** enabled (`aiplatform`, `cloudaicompanion`, `discoveryengine`, `dialogflow`, `secretmanager`, `iam`, `cloudresourcemanager`)
- **2 service accounts** — one for app runtime, one for IDE enterprise config
- **4 project IAM bindings**

## Setting up credentials

Use Application Default Credentials:

```bash
gcloud auth application-default login
gcloud config set project <your-project-id>
```

For workloads running on GCP (Cloud Run, GKE, Compute Engine), attach the service account to the resource — no credentials file needed.

## Granting developer access to Gemini Code Assist

```bash
# Single user
gcloud projects add-iam-policy-binding PROJECT_ID \
  --member="user:YOU@DOMAIN" \
  --role="roles/cloudaicompanion.user"

# Google Group (recommended for teams)
gcloud projects add-iam-policy-binding PROJECT_ID \
  --member="group:devs@DOMAIN" \
  --role="roles/cloudaicompanion.user"
```

## VS Code setup

1. Install the **Gemini Code Assist** extension from the VS Code Marketplace
2. Sign in with a Google account that has `roles/cloudaicompanion.user` on the project
3. In Settings, set **Cloud AI Companion: Project** to your `project_id`

## License

[MIT](LICENSE) © 2026 Slawomir Koszewski