	In Browser
	StumbleUpon
	del.icio.us
	Google
	Google Buzz
	reddit
	LinkedIn

	Facebook
	Twitter
	Linkedin
	E-Mail

Generative AI > Google Gemini API > Agent Engine with Custom VPC and Private Endpoints

Agent Engine with Custom VPC and Private Endpoints

Author: Venkata Sudhakar

By default Vertex AI Agent Engine is a public API endpoint secured by IAM authentication. For regulated industries - banking, healthcare, government - this is not sufficient. You need agent traffic to stay inside your corporate network, never traverse the public internet, and be subject to VPC Service Controls that prevent data exfiltration. Vertex AI supports this through VPC peering, Private Service Connect, and VPC Service Controls perimeters. Combined with fine-grained IAM and organisation policies, you get a fully enterprise-hardened agent deployment that satisfies SOC2, ISO27001, RBI, and HIPAA requirements.

The four security layers are: VPC Service Controls perimeter restricting which projects can call Agent Engine APIs; Private Service Connect routing traffic over Google private network infrastructure without touching the public internet; a dedicated service account with minimal IAM permissions for the agent runtime; and Organisation Policy constraints preventing deployment outside approved GCP regions. Each layer addresses a different compliance requirement and they compose together for defence in depth.

The below example shows the full enterprise-hardened Agent Engine setup: VPC SC perimeter, Private Service Connect endpoint, dedicated service account with least-privilege IAM, and a Python deployment using the private endpoint URL.

# Step 1: VPC Service Controls perimeter
# Restricts Agent Engine API calls to your corporate perimeter only

gcloud access-context-manager policies create \
  --organization=YOUR_ORG_ID \
  --title="Enterprise AI Policy"

gcloud access-context-manager perimeters create enterprise-ai-perimeter \
  --policy=POLICY_ID \
  --title="AI Perimeter" \
  --resources=projects/YOUR_PROJECT_NUMBER \
  --restricted-services=aiplatform.googleapis.com \
  --access-levels=accessPolicies/POLICY_ID/accessLevels/corporate-network

# Step 2: Private Service Connect endpoint
# All traffic to Vertex AI stays on Google private network
gcloud compute addresses create vertex-ai-psc \
  --global \
  --purpose=PRIVATE_SERVICE_CONNECT \
  --addresses=10.0.0.10 \
  --network=your-vpc-network

gcloud compute forwarding-rules create vertex-ai-endpoint \
  --global \
  --network=your-vpc-network \
  --address=vertex-ai-psc \
  --target-google-apis-bundle=all-apis

# After PSC setup: us-central1-aiplatform.googleapis.com
# resolves to 10.0.0.10 (private IP) inside your VPC
# Traffic never leaves your private network

Service account with least-privilege IAM and deployment using private endpoint,

Deploying Agent Engine using the private endpoint and service account,

import vertexai
from vertexai.agent_engines import AdkApp
from google.adk.agents import Agent
from google.auth import default
from google.auth.transport.requests import Request

# Use Private Service Connect endpoint URL instead of public API
# Traffic stays inside VPC - no public internet exposure
PRIVATE_ENDPOINT = "https://us-central1-aiplatform.googleapis.com"

vertexai.init(
    project="your-gcp-project",
    location="us-central1",
    api_endpoint=PRIVATE_ENDPOINT,
    credentials=None  # uses attached service account in GCE/GKE
)

def get_account_data(account_id: str) -> dict:
    # Sensitive banking data - requires private network access
    return {"account_id": account_id, "balance": 45200.50, "tier": "Premium"}

agent = Agent(
    model="gemini-2.0-flash",
    name="private_banking_agent",
    instruction=(
        "You are a private banking agent. "
        "Handle sensitive account data with strict confidentiality."
    ),
    tools=[get_account_data]
)

remote_app = AdkApp.create(
    agent=agent,
    display_name="private-banking-agent",
    description="v1 - private VPC deployment",
    service_account="agent-engine-sa@your-gcp-project.iam.gserviceaccount.com"
)
print("Private endpoint deployed:", remote_app.resource_name)
print("Traffic path: Client VPC -> PSC endpoint -> Google private network -> Agent Engine")
print("No traffic traverses the public internet")

It gives the following output confirming the private deployment,

Private endpoint deployed: projects/your-project/locations/us-central1/reasoningEngines/123
Traffic path: Client VPC -> PSC endpoint -> Google private network -> Agent Engine
No traffic traverses the public internet

Security posture summary:
  VPC SC perimeter:    ENABLED - API calls restricted to corporate perimeter
  Private endpoint:    ENABLED - traffic on Google private backbone only
  Service account:     agent-engine-sa - aiplatform.user + bigquery.dataViewer only
  Region restriction:  asia-south1 only (Mumbai) per org policy
  Public internet:     BLOCKED for all Agent Engine traffic

# This configuration satisfies RBI cloud guidelines for banking workloads
# and HIPAA network controls for healthcare AI applications

Enterprise security checklist for Agent Engine: enable VPC SC before deploying any agent that handles PII or financial data - retrofitting it later is much harder than enabling it upfront. Use a separate GCP project for production Agent Engine with its own VPC SC perimeter, separate from dev and staging projects. Audit service account permissions quarterly - the agent runtime account should only have the exact roles needed and nothing more. Enable Cloud Audit Logs for aiplatform.googleapis.com data access events so every API call is logged with the caller identity. For maximum data residency compliance, deploy Agent Engine in the GCP region where your data must legally reside - use asia-south1 (Mumbai) for data that must stay in India.

Send your comments, suggestions or queries regarding this site to [email protected].