This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Log in to ask a question
Get hands-on experience with 20+ free Google Cloud products and $300 in free credit for new customers.
Log in to ask a question

Unable to Edit Metadata of VM Instances Created from Vertex AI Workbench "INSTANCES"

Posted on 08-22-2024 07:54 PM
hayashikennta
Bronze 1
Bronze 1
Reply posted on --/--/---- --:-- AM

Hello,

I'm experiencing an issue with VM Instances created from the "INSTANCES" section of Vertex AI Workbench. Specifically, I am unable to edit the metadata of these instances, although I can change labels without any problem.

Error Message is 
Editing VM instance "instance-name" failed. Error: Required 'Current principal doesn't have permission to mutate this resource!' permission for 'instance-name'

Interestingly, when I create VM Instances from the "USER-MANAGED NOTEBOOKS" section of Vertex AI Workbench, I can edit the metadata without any issues. This makes me believe that the problem might not be related to permissions, as I have already been granted compute.instances.setMetadata and compute.instances.update permissions.

Additional Context: My main objective is to add an SSH authentication key to the instance, but this seems to be conflicting with the enable-oslogin:TRUE metadata that is automatically set when the instance is created. This might be the root cause of the issue.

Has anyone else encountered this issue? Any insights or suggestions would be greatly appreciated.

Thank you!

1 2 690
Topic Labels
2 REPLIES 2

Posted on --/--/---- --:-- AM
McMaco
Staff
Reply posted on --/--/---- --:-- AM

Hello hayashikennta,

To add an additional SSH authentication or to secure your instance you can deploy your Vertex AI Workbench instance with the default Google-managed network, which uses a default VPC network and subnet. Instead of the default network, you can specify a VPC network to use with your instance.

By default, Google Cloud automatically encrypts data when it is at rest using encryption keys managed by Google. If you have specific compliance or regulatory requirements related to the keys that protect your data, you can use customer-managed encryption keys (CMEK) with your Vertex AI Workbench instances. For more information, see Customer-managed encryption keys.

For additional resources in setting up authentication to use ssh to access jupyterLab or your instances. May this documentation will provide details on how to create your main objective which is to add an SSH authentication key to the instance.

I hope the above information is helpful.

0 Likes

Posted on --/--/---- --:-- AM
chrisgoodman
Bronze 4
Bronze 4
Reply posted on --/--/---- --:-- AM

I have an issue which I think is similar. I have a VM created for a Workbench Instance on a shared VPC. When I try to attach a disk  I get the same error message on the console.
Editing VM instance "instance-name" failed. Error: Required 'Current principal doesn't have permission to mutate this resource!' permission for 'instance-name'

The error logs report that the principal is missing compute.instances.attachDisk. 
But the principal has role Compute Instance Admin (v1), which includes that permission. 

Top Solution Authors
View all