Vertex AI controls for generative AI use cases

Vertex AI lets you build and use generative AI, including AI solutions, search, and conversation, on a single platform. This document includes the best practices and guidelines for Vertex AI when running generative AI workloads on Google Cloud.

Required Vertex AI controls

The following controls are strongly recommended for your Vertex AI environment.

Define the access mode for Vertex AI Workbench notebooks and instances

Google control ID VAI-CO-4.1
Category Required
Description

This list constraint defines the permitted access modes for Vertex AI Workbench notebooks and instances. The allow or deny list can specify multiple users using service-account mode or single-user access using single-user mode.
Applicable products
  • Vertex AI Workbench
  • Organization Policy Service
Path constraints/ainotebooks.accessMode
Operator Is
Value
  • service-account
  • single-user
Related NIST-800-53 controls
  • AC-3
  • AC-17
  • AC-20
Related CRI profile controls
  • PR.AC-3.1
  • PR.AC-3.2
  • PR.AC-4.1
  • PR.AC-4.2
  • PR.AC-4.3
  • PR.AC-6.1
  • PR.PT-3.1
  • PR.PT-4.1

Disable file downloads on Vertex AI Workbench instances

Google control ID VAI-CO-4.2
Category Required
Description

The ainotebooks.disableFileDownloads boolean constraint prevents you from creating Vertex AI Workbench instances with the file download option enabled. By default, you can enable the file download option on any Vertex AI Workbench instance.
Applicable products
  • Organization Policy Service
  • Vertex AI Workbench
Path constraints/ainotebooks.disableFileDownloads
Operator Is
Value
  • True
Type Boolean
Related NIST-800-53 controls
  • AC-3
  • AC-17
  • AC-20
Related CRI profile controls
  • PR.AC-3.1
  • PR.AC-3.2
  • PR.AC-4.1
  • PR.AC-4.2
  • PR.AC-4.3
  • PR.AC-6.1
  • PR.PT-3.1
  • PR.PT-4.1

Disable root access on Vertex AI Workbench user-managed notebooks and instances

Google control ID VAI-CO-4.3
Category Required
Description

The ainotebooks.disableRootAccess boolean constraint prevents you from creating Vertex AI Workbench user-managed notebooks and instances with root access enabled. By default, Vertex AI Workbench user-managed notebooks and instances can have root access enabled.
Applicable products
  • Organization Policy Service
  • Vertex AI Workbench
Path constraints/ainotebooks.disableRootAccess
Operator Is
Value
  • True
Type Boolean
Related NIST-800-53 controls
  • AC-3
  • AC-17
  • AC-20
Related CRI profile controls
  • PR.AC-3.1
  • PR.AC-3.2
  • PR.AC-4.1
  • PR.AC-4.2
  • PR.AC-4.3
  • PR.AC-6.1
  • PR.PT-3.1
  • PR.PT-4.1

Disable terminal on Vertex AI Workbench instances

Google control ID VAI-CO-4.4
Category Required
Description

The ainotebooks.disableTerminal boolean constraint prevents you from creating Vertex AI Workbench instances with the terminal enabled. By default, you can enable the terminal on Vertex AI Workbench instances.
Applicable products
  • Organization Policy Service
  • Vertex AI Workbench
Path constraints/ainotebooks.disableTerminal
Operator Is
Value
  • True
Type Boolean
Related NIST-800-53 controls
  • AC-3
  • AC-17
  • AC-20
Related CRI profile controls
  • PR.AC-3.1
  • PR.AC-3.2
  • PR.AC-4.1
  • PR.AC-4.2
  • PR.AC-4.3
  • PR.AC-6.1
  • PR.PT-3.1
  • PR.PT-4.1

Restrict environment options on Vertex AI Workbench notebooks and instances

Google control ID VAI-CO-4.5
Category Required
Description

The ainotebooks.environmentOptions list constraint defines the VM and container image options that you can select when creating Vertex AI Workbench notebooks and instances. You must explicitly specify the options that you want to allow or deny.

The expected format for VM instances is: ainotebooks-vm/PROJECT_ID/IMAGE_TYPE/CONSTRAINED_VALUE. Replace IMAGE_TYPE with image-family or image-name

For example:

ainotebooks-vm/deeplearning-platform-release/image-family/pytorch-1-4-cpu ainotebooks-vm/deeplearning-platform-release/image-name/pytorch-latest-cpu-20200615

The expected format for container images is: ainotebooks-container/CONTAINER_REPOSITORY:TAG

For example:

ainotebooks-container/gcr.io/deeplearning-platform-release/tf-gpu.1-15:latest ainotebooks-container/gcr.io/deeplearning-platform-release/tf-gpu.1-15:m48
Applicable products
  • Organization Policy Service
  • Vertex AI Workbench
Path constraints/ainotebooks.environmentOptions
Operator Is
Type List
Related NIST-800-53 controls
  • AC-3
  • AC-17
  • AC-20
Related CRI profile controls
  • PR.AC-3.1
  • PR.AC-3.2
  • PR.AC-4.1
  • PR.AC-4.2
  • PR.AC-4.3
  • PR.AC-6.1
  • PR.PT-3.1
  • PR.PT-4.1

Enforce automatic scheduled upgrades on Vertex AI Workbench user-managed notebooks and instances

Google control ID VAI-CO-4.6
Category Required
Description

The ainotebooks.requireAutoUpgradeSchedule boolean constraint prevents you from creating Vertex AI Workbench user-managed notebooks and instances without an automatic upgrade schedule.

To define a cron schedule for the automatic upgrades, use the notebook-upgrade-schedule metadata flag. For example:

--metadata=notebook-upgrade-schedule="00 19 * * MON"
Applicable products
  • Organization Policy Service
  • Vertex AI Workbench
Path constraints/ainotebooks.requireAutoUpgradeSchedule
Operator Is
Value
  • True
Type Boolean
Related NIST-800-53 controls
  • MA-2
  • MA-3
Related CRI profile controls
  • PR.AC-3.1
  • PR.AC-3.2
  • PR.AC-4.1
  • PR.AC-4.2
  • PR.AC-4.3
  • PR.AC-6.1
  • PR.PT-3.1
  • PR.PT-4.1

Restrict public access on new Vertex AI Workbench notebooks and instances

Google control ID VAI-CO-4.7
Category Required
Description

This boolean constraint restricts access from public IP addresses to Vertex AI Workbench notebooks and instances. By default, public IP addresses can access Vertex AI Workbench notebooks and instances.
Applicable products
  • Organization Policy Service
  • Vertex AI Workbench
Path constraints/ainotebooks.restrictPublicIp
Operator is
Value
  • True
Type Boolean
Related NIST-800-53 controls
  • AC-3
  • AC-17
  • AC-20
  • SC-7
  • SC-8
Related CRI profile controls
  • PR.AC-3.1
  • PR.AC-3.2
  • PR.AC-4.1
  • PR.AC-4.2
  • PR.AC-4.3
  • PR.AC-6.1
  • PR.DS-2.1
  • PR.DS-2.2
  • PR.DS-5.1
  • PR.PT-3.1
  • PR.PT-4.1
  • DE.CM-1.1
  • DE.CM-1.2
  • DE.CM-1.3
  • DE.CM-1.4

Restrict VPC networks on Vertex AI Workbench instances

Google control ID VAI-CO-4.8
Category Required
Description

The ainotebooks.restrictVpcNetworks list constraint defines the VPC networks that a user can select when creating Vertex AI Workbench instances. By default, a Vertex AI Workbench instance can be created in any VPC network.

Use one of the following formats to define an allowed or denied list of networks:

  • under:organizations/ORGANIZATION_ID
  • under:folders/FOLDER_ID
  • under:projects/PROJECT_ID
  • projects/PROJECT_ID/global/networks/NETWORK_NAME
Applicable products
  • Organization Policy Service
  • Vertex AI Workbench
Path constraints/ainotebooks.restrictVpcNetworks
Operator is
Type List
Related NIST-800-53 controls
  • AC-3
  • AC-17
  • AC-20
  • SC-7
  • SC-8
Related CRI profile controls
  • PR.AC-3.1
  • PR.AC-3.2
  • PR.AC-4.1
  • PR.AC-4.2
  • PR.AC-4.3
  • PR.AC-5.1
  • PR.AC-5.2
  • PR.AC-6.1
  • PR.DS-2.1
  • PR.DS-2.2
  • PR.DS-5.1
  • PR.PT-3.1
  • PR.PT-4.1
  • DE.CM-1.1
  • DE.CM-1.2
  • DE.CM-1.3
  • DE.CM-1.4

What's next