We can use the following command to create a service account on AI Platform Unified (GCP):
gcloud beta services identity create --service=aiplatform.googleapis.com
but this will create only one service account but we need two:
"AI Platform Service Agent": servicexxx@gcp-sa-aiplatform.iam.gserviceaccount.com
we also need to have this second service account created:
"AI Platform Custom Code Service Agent":service-xxx@gcp-sa-aiplatform-cc.iam.gserviceaccount.com
the second one has "-cc" in the name and is for custom training.
How can we create automatically the second service account "service-xxx@gcp-sa-aiplatform-cc.iam.gserviceaccount.com" ?
While waiting for GCP to provide a clean solution, running this dummy job (nothing need to provided by the user in the new project), will automatically create the SA we need :
gcloud beta ai custom-jobs create --display-name test1 --region europe-west4 --worker-pool-spec=replica-count=1,machine-type=n1-highmem-2,container-image-uri=gcr.io/google-appengine/python
and almost immediatly after the job is submitted, the following will be creating:
"AI Platform Custom Code Service Agent":service-xxx@gcp-sa-aiplatform-cc.iam.gserviceaccount.com