slawek/gemini-ent
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
main
gemini-ent/README.md
T

118 lines
3.2 KiB
Markdown
Raw Permalink Blame History

# Gemini Enterprise Agent Platform — Terraform Scaffold
Provisions the infrastructure needed to use the Gemini Enterprise Agent Platform (Vertex AI Agent Engine) on an existing GCP project: required APIs, service accounts, and IAM bindings.
> **AI-generated code.** This module was scaffolded with AI assistance. Review all resources and IAM bindings before applying to a production project.
## Prerequisites
- Terraform >= 1.5.0
- An existing GCP project
- `gcloud` CLI authenticated with permissions to enable APIs and manage IAM
## Usage
```bash
cp terraform.tfvars.example terraform.tfvars
# edit terraform.tfvars — set your project_id
terraform init
terraform plan
terraform apply
```
## Variables
| Name | Required | Default | Description |
|---|---|---|---|
| `project_id` | yes | — | Existing GCP project ID |
| `prefix` | no | `gemini` | Short prefix applied to all resource names |
## Outputs
| Name | Description |
|---|---|
| `project_id` | GCP project ID |
| `agent_sa_email` | Runtime service account email (for apps) |
| `code_assist_sa_email` | Code Assist enterprise SA email |
## What gets created
- **7 GCP APIs** enabled (`aiplatform`, `cloudaicompanion`, `discoveryengine`, `dialogflow`, `secretmanager`, `iam`, `cloudresourcemanager`)
- **2 service accounts** — one for app runtime, one for IDE enterprise config
- **4 project IAM bindings**
## Setting up credentials
Use Application Default Credentials:
```bash
gcloud auth application-default login
gcloud config set project <your-project-id>
```
For workloads running on GCP (Cloud Run, GKE, Compute Engine), attach the service account to the resource — no credentials file needed.
## Granting developer access to Gemini Code Assist
```bash
# Single user
gcloud projects add-iam-policy-binding <project-id> \
--member="user:<you@domain>" \
--role="roles/cloudaicompanion.user"
# Create a Google Group (recommended for teams)
gcloud identity groups create devs@<domain> \
--organization=<organization-id> \
--display-name="Gemini Developers" \
--description="Users with access to Gemini Code Assist"
# Add a member to the group
gcloud identity groups memberships add \
--group-email=devs@<domain> \
--member-email=<you@domain>
# Grant the group access
gcloud projects add-iam-policy-binding <project-id> \
--member="group:devs@<domain>" \
--role="roles/cloudaicompanion.user"
```
## VS Code setup
1. Install the **Gemini Code Assist** extension from the VS Code Marketplace
2. Sign in with a Google account that has `roles/cloudaicompanion.user` on the project
3. In Settings, set **Cloud AI Companion: Project** to your `project_id`
## Creating a GCP project
If you don't have a project yet:
```bash
# List available folders to find your folder ID
gcloud resource-manager folders list --organization=<organization-id>
# Create a new project inside a folder
gcloud projects create <project-id> \
--name="<display-name>" \
--folder=<folder-id>
# Link a billing account (required before enabling APIs)
gcloud billing projects link <project-id> \
--billing-account=<billing-account-id>
# Verify
gcloud projects describe <project-id>
```
To find your billing account ID:
```bash
gcloud billing accounts list
```
## License
[MIT](LICENSE) © 2026 Slawomir Koszewski
Reference in New Issue View Git Blame Copy Permalink