notebooks/ERR/2023_002

Product: Vertex AI Workbench
Rule class: ERR - Something that is wrong

Description

Creating notebook inside VPC requires user and service-*@gcp-sa-notebooks.iam.gserviceaccount.com to have compute.subnetworks.use and compute.subnetworks.useExternalIp permissions in VPC project

Remediation

1. Add “AI Platform Notebooks Service Agent” Role to the Google-provided service account in the format of “service-%number%@gcp-sa-notebooks.iam.gserviceaccount.com” in the project which hosts the notebooks

2. Add “Compute Network User” Role to the account or Google-provided service account in the format of “service-%number%@gcp-sa-notebooks.iam.gserviceaccount.com” in the project which hosts the VPC

3. It is also possible to only add compute.subnetworks.use and compute.subnetworks.useExternalIp permissions to the Google-provided service account in the format of “service-%number%@gcp-sa-notebooks.iam.gserviceaccount.com” in the project which hosts the VPC

Further information

• Creating user-managed notebooks instances - Troubleshooting