Solved: Re: Permission denied error when calling vertex ai...

iamdbestjoy · 03-27-2024 10:24 AM

Hi,

I am trying to call vertex ai text embedding from a google cloud function like below.

aiplatform.init(project=project,location=location)

model = TextEmbeddingModel.from_pretrained("textembedding-gecko@001")

embeddings = model.get_embeddings(sentences)

However I am getting a permission denied error.

google.api_core.exceptions.PermissionDenied: 403 Permission 'aiplatform.endpoints.predict' denied on resource '//aiplatform.googleapis.com/projects/algo-ai-dev-081c04/locations/us-central1/publishers/google/models/textembedding-gecko@001' (or it may not exist). [reason: "IAM_PERMISSION_DENIED"

What IAM permission/ role should i add to my service account to solve this

healthjeanie

Did you ever get this issue resolved? We are facing the same and despite assigning all possible Vertex AI roles (admin, user, AI platform) to the service account, we keep getting it. Please post if you found a solution. Thank you.

Health Jeanie team

View solution in original post

nceniza

Can you try adding these roles:

Reference:

https://cloud.google.com/vertex-ai/generative-ai/docs/access-control#predefined_roles

healthjeanie

How safe and recommended is to assigning these roles esp Vertex AI admin to a service account? Shouldn't Vertex AI Agent be enough for this access?

Something seems not right here, we are stuck with this error for 3 days now and we tried everything. Can you please suggest a solution?

Thank you.

Health Jeanie team

healthjeanie

Did you ever get this issue resolved? We are facing the same and despite assigning all possible Vertex AI roles (admin, user, AI platform) to the service account, we keep getting it. Please post if you found a solution. Thank you.

Health Jeanie team

mahmoudgabr

please advise how did you solve it we are facing the same issue.

VikramM

We are facing the same issue, can you suggest what we can do here? we already have the AI platform user assigend.

akashkunwar

I have done everything but still the issue persist. Has anyone solved it?

all_your_base_7

Running into the same issue of a Google Cloud Function accessing Vertex AI. Anyone successfully solve this?

all_your_base_7

Alright, I think I figured it out - granted I'm not 100% sure of root cause. The issue has to do with the service accounts. Cloud Functions use the default service account for compute unless you specify otherwise. For some reason the default Compute service account doesn't have access to Vertex AI (granted you can get into Gemini if you have the API key). I got around the problem by creating a new custom service account and giving it VertexAI permissions - then attaching that new custom service account to my cloud functions.

To be honest I'm still not exactly sure why this works but it does, it could be a bug, like I gave a slew of IAM permissions to the default service account and no luck.

I suspect this doesn't have visibility because (1) most dev shops have a well-laid out IAM set of rules that are already custom and (2) most use cloud functions with Vertex AI simply for Gemini and not the other features (eg embeddings). Still though, I'd expect to see this raised more often.

akashkunwar

Thanks, It worked.

Permission denied error when calling vertex ai text embedding from google cloud funtion