google-cloud-platformservice-accountsgoogle-ai-platform

How to create a AI Platform Custom Code Service Agent "service-xxxx@gcp-sa-aiplatform-cc.iam.gserviceaccount.com"?


We can use the following command to create a service account on AI Platform Unified (GCP):

gcloud beta services identity create --service=aiplatform.googleapis.com

but this will create only one service account but we need two:

"AI Platform Service Agent": servicexxx@gcp-sa-aiplatform.iam.gserviceaccount.com

we also need to have this second service account created:

"AI Platform Custom Code Service Agent":service-xxx@gcp-sa-aiplatform-cc.iam.gserviceaccount.com

the second one has "-cc" in the name and is for custom training.

How can we create automatically the second service account "service-xxx@gcp-sa-aiplatform-cc.iam.gserviceaccount.com" ?

service agent

access control


Solution

  • While waiting for GCP to provide a clean solution, running this dummy job (nothing need to provided by the user in the new project), will automatically create the SA we need :

    gcloud beta ai custom-jobs create --display-name test1 --region europe-west4 --worker-pool-spec=replica-count=1,machine-type=n1-highmem-2,container-image-uri=gcr.io/google-appengine/python
    

    and almost immediatly after the job is submitted, the following will be creating:

    "AI Platform Custom Code Service Agent":service-xxx@gcp-sa-aiplatform-cc.iam.gserviceaccount.com