Set up the environment

Before you work with Vertex AI Agent Engine, you need to make sure your environment is set up. You need to have a Google Cloud project with billing enabled, have the required permissions, set up a Cloud Storage bucket, and install the Vertex AI SDK for Python. Use the following topics to ensure ready to start working with Vertex AI Agent Engine.

For a reference Terraform example to streamline Vertex AI Agent Engine environment setup and deployment, consider exploring the agent-starter-pack.

Set up your Google Cloud project

Every project can be identified in two ways: the project number or the project ID. The PROJECT_NUMBER is automatically created when you create the project, whereas the PROJECT_ID is created by you, or whoever created the project. To set up a project:

  1. Sign in to your Google Cloud account. If you're new to Google Cloud, create an account to evaluate how our products perform in real-world scenarios. New customers also get $300 in free credits to run, test, and deploy workloads.

  2. In the Google Cloud console, on the project selector page, select or create a Google Cloud project.

    Go to project selector

  3. Verify that billing is enabled for your Google Cloud project.

  4. Enable the Vertex AI, Cloud Storage, Cloud Logging, Cloud Monitoring, and Cloud Trace APIs.

    Enable the APIs

  5. In the Google Cloud console, on the project selector page, select or create a Google Cloud project.

    Go to project selector

  6. Verify that billing is enabled for your Google Cloud project.

  7. Enable the Vertex AI, Cloud Storage, Cloud Logging, Cloud Monitoring, and Cloud Trace APIs.

    Enable the APIs

    8.

Get the required roles

To get the permissions that you need to use Vertex AI Agent Engine, ask your administrator to grant you the following IAM roles on your project:

For more information about granting roles, see Manage access to projects, folders, and organizations.

You might also be able to get the required permissions through custom roles or other predefined roles.

Set up the identity and permissions for your agent

Agents that you deploy on Vertex AI Agent Engine run using service accounts as their identity.

You have two options for the service account:

  • Default Service Agent: By default, agents use the AI Platform Reasoning Engine Service Agent. This Google-managed service account has the Vertex AI Reasoning Engine Service Agent role (roles/aiplatform.reasoningEngineServiceAgent), which includes the default permissions required for deployed agents.
  • Custom Service Account: You can specify your own service account for the agents to use. This gives you more granular control over the permissions granted to the agents.

Using the default service agent

The AI Platform Reasoning Engine Service Agent is used by default. You can view the full list of default permissions in the IAM documentation.

If your agent requires permissions beyond the default set, you can grant this Service Agent additional roles:

  1. Go to the IAM page and check the "Include Google-provided role grants" checkbox.

    Go to IAM

  2. Find the principal which matches service-PROJECT_NUMBER@gcp-sa-aiplatform-re.iam.gserviceaccount.com.

  3. Add the required roles to the principal by clicking the edit button and then the save button.

Manually generate the default service agent

While the Reasoning Engine Service Agent is automatically provisioned during Vertex AI Agent Engine deployment, there might be scenarios where you need to manually generate it beforehand. This is particularly important when you need to grant specific roles to the service agent to ensure the deployment process has the necessary permissions and avoid potential deployment failures.

Here are the steps to manually generate a Reasoning Engine Service Agent:

  1. Generate the Reasoning Engine Service Agent using the Google Cloud CLI.

    gcloud beta services identity create --service=aiplatform.googleapis.com --project=PROJECT-ID-OR-PROJECT-NUMBER

  2. Go to the IAM page and click Grant Access.

    Go to IAM

  3. In Add principals section, in the New principals field, enter service-PROJECT_NUMBER@gcp-sa-aiplatform-re.iam.gserviceaccount.com.

  4. In the Assign roles section, find and select the roles you need.

  5. Click the Save button.

Using a custom service account

To use your own service account, you need to grant it the necessary permissions to run the agent. Your custom service account will likely need the Vertex AI User role (roles/aiplatform.user).

  1. If you don't have a service account, create one. See Create service accounts.

  2. Grant the service account the Vertex AI User (roles/aiplatform.user) role.

  3. Grant any other roles required by your agent code to the service account.

  4. When deploying your agent, specify the email address of your custom service account. See Configure a custom service account for details.

Cross-project custom service account

If your custom service account is from a different project, you need additional configurations in both the project where the service account resides and the project where you deploy the agent.

  1. Disable cross-project service account usage organization policy: In the project where the service account is located, ensure that the iam.disableCrossProjectServiceAccountUsage organization policy is NOT enforced. See Disable cross-project service account usage enforcement for more details.

  2. Grant permissions to the Vertex AI Service Agent: In the project where the service account is located, grant the Service Account Token Creator (roles/iam.serviceAccountTokenCreator) role to the Vertex AI Service Agent (service-RESOURCE_PROJECT_NUMBER@gcp-sa-aiplatform.iam.gserviceaccount.com) of the project where you will deploy the agent.

  3. Grant permissions to the custom service account: In the project where you plan to deploy the agent, grant the necessary roles to the custom service account, as described in Using a custom service account. This typically includes the Vertex AI User role (roles/aiplatform.user) and any other roles required by your agent code.

Create a Cloud Storage bucket

Vertex AI Agent Engine stages the artifacts of your deployed agents in a Cloud Storage bucket as part of the deployment process. Make sure the principal that is authenticated to use Vertex AI (either yourself or a service account) has Storage Admin access to this bucket. This is needed because Vertex AI SDK for Python writes your code to this bucket.

If you already have a bucket set up, you can skip this step. Otherwise, you can follow the standard instructions for creating a bucket.

  • In the Google Cloud console, go to the Cloud Storage Buckets page.

    Go to Buckets

  • Click Create.
  • On the Create a bucket page, enter your bucket information. To go to the next step, click Continue.
    1. In the Get started section, do the following:
      • Enter a globally unique name that meets the bucket naming requirements.
      • To add a bucket label, expand the Labels section (), click Add label, and specify a key and a value for your label.
    2. In the Choose where to store your data section, do the following:
      1. Select a Location type.
      2. Choose a ___location where your bucket's data is permanently stored from the Location type drop-down menu.
      3. To set up cross-bucket replication, select Add cross-bucket replication via Storage Transfer Service and follow these steps:

        Set up cross-bucket replication

        1. In the Bucket menu, select a bucket.

        2. In the Replication settings section, click Configure to configure settings for the replication job.

          The Configure cross-bucket replication pane appears.

          • To filter objects to replicate by object name prefix, enter a prefix that you want to include or exclude objects from, then click Add a prefix.
          • To set a storage class for the replicated objects, select a storage class from the Storage class menu. If you skip this step, the replicated objects will use the destination bucket's storage class by default.
          • Click Done.
    3. In the Choose how to store your data section, do the following:
      1. Select a default storage class for the bucket or Autoclass for automatic storage class management of your bucket's data.
      2. To enable hierarchical namespace, in the Optimize storage for data-intensive workloads section, select Enable hierarchical namespace on this bucket.
    4. In the Choose how to control access to objects section, select whether or not your bucket enforces public access prevention, and select an access control method for your bucket's objects.
    5. In the Choose how to protect object data section, do the following:
      • Select any of the options under Data protection that you want to set for your bucket.
        • To enable soft delete, click the Soft delete policy (For data recovery) checkbox, and specify the number of days you want to retain objects after deletion.
        • To set Object Versioning, click the Object versioning (For version control) checkbox, and specify the maximum number of versions per object and the number of days after which the noncurrent versions expire.
        • To enable the retention policy on objects and buckets, click the Retention (For compliance) checkbox, and then do the following:
          • To enable Object Retention Lock, click the Enable object retention checkbox.
          • To enable Bucket Lock, click the Set bucket retention policy checkbox, and choose a unit of time and a length of time for your retention period.
      • To choose how your object data will be encrypted, expand the Data encryption section (), and select a Data encryption method.
  • Click Create.

    • Install and initialize the Vertex AI SDK for Python

    This section presumes that you have set up a Python development environment, or are using Colab (or any other suitable runtime that has set it up for you).

    (Optional) Set up a virtual environment

    We also recommend setting up a virtual environment to isolate your dependencies.

    Installation

    To minimize the set of dependencies that you have to install, we have separated out the dependencies into:

    • agent_engines: the set of packages required for deployment to Vertex AI Agent Engine.
    • adk: the set of compatible Agent Development Kit packages.
    • langchain: the set of compatible LangChain and LangGraph packages.
    • ag2: the set of compatible AG2 packages.
    • llama_index: the set of compatible LlamaIndex packages.

    When installing the Vertex AI SDK for Python, you can specify the dependencies required (separated by commas). To install all of them:

    pip install google-cloud-aiplatform[agent_engines,adk,langchain,ag2,llama_index]>=1.88.0

    Authentication

    Colab

    Run the following code:

    from google.colab import auth

auth.authenticate_user(project_id="PROJECT_ID")

    Cloud Shell

    No action required.

    Local Shell

    Run the following command:

    gcloud auth application-default login

    Import and initialize the SDK

    Run the following code to import and initialize the SDK for Vertex AI Agent Engine:

    import vertexai
from vertexai import agent_engines

vertexai.init(
    project="PROJECT_ID",
    ___location="LOCATION",
    staging_bucket="gs://BUCKET_NAME",
)

    where

    What's next