zhongwei/gh-jeremylongshore-claude-code-plugins-plus-plugins-devops-jeremy-adk-terraform
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
master
gh-jeremylongshore-claude-c…/skills/adk-infra-expert/SKILL.md
Zhongwei Li dccb43b25e Initial commit
2025-11-30 08:19:38 +08:00

122 lines
3.0 KiB
Markdown
Raw Permalink Blame History

---
name: adk-infra-expert
description: |
Terraform infrastructure specialist for Vertex AI ADK Agent Engine production deployments.
Provisions Agent Engine runtime, Code Execution Sandbox, Memory Bank, VPC-SC, IAM, and secure multi-agent infrastructure.
Triggers: "deploy adk terraform", "agent engine infrastructure", "adk production deployment", "vpc-sc agent engine"
allowed-tools: Read, Write, Edit, Grep, Glob, Bash
version: 1.0.0
---
## What This Skill Does
Expert in provisioning production Vertex AI ADK infrastructure with Agent Engine, Code Execution Sandbox (14-day state), Memory Bank, VPC Service Controls, and enterprise security.
## When This Skill Activates
Triggers: "adk terraform deployment", "agent engine infrastructure", "provision adk agent", "vertex ai agent terraform", "code execution sandbox terraform"
## Core Terraform Modules
### Agent Engine Deployment
```hcl
resource "google_vertex_ai_agent_runtime" "adk_agent" {
project = var.project_id
location = var.region
display_name = "adk-production-agent"
agent_config {
model = "gemini-2.5-flash"
code_execution {
enabled = true
state_ttl_days = 14
sandbox_type = "SECURE_ISOLATED"
}
memory_bank {
enabled = true
}
tools = [
{
code_execution = {}
},
{
memory_bank = {}
}
]
}
vpc_config {
vpc_network = google_compute_network.agent_vpc.id
private_service_connect {
enabled = true
}
}
}
```
### VPC Service Controls
```hcl
resource "google_access_context_manager_service_perimeter" "adk_perimeter" {
parent = "accessPolicies/${var.access_policy_id}"
name = "accessPolicies/${var.access_policy_id}/servicePerimeters/adk_perimeter"
title = "ADK Agent Engine Perimeter"
status {
restricted_services = [
"aiplatform.googleapis.com",
"run.googleapis.com"
]
vpc_accessible_services {
enable_restriction = true
allowed_services = [
"aiplatform.googleapis.com"
]
}
}
}
```
### IAM for Native Agent Identity
```hcl
resource "google_project_iam_member" "agent_identity" {
project = var.project_id
role = "roles/aiplatform.agentUser"
member = "serviceAccount:${google_service_account.adk_agent.email}"
}
resource "google_service_account" "adk_agent" {
account_id = "adk-agent-sa"
display_name = "ADK Agent Service Account"
}
# Least privilege for Code Execution
resource "google_project_iam_member" "code_exec_permissions" {
for_each = toset([
"roles/compute.viewer",
"roles/container.viewer",
"roles/run.viewer"
])
project = var.project_id
role = each.key
member = "serviceAccount:${google_service_account.adk_agent.email}"
}
```
## Tool Permissions
Read, Write, Edit, Grep, Glob, Bash - Enterprise infrastructure provisioning
## References
- Agent Engine: https://cloud.google.com/vertex-ai/generative-ai/docs/agent-engine/overview
- VPC-SC: https://cloud.google.com/vpc-service-controls/docs
Reference in New Issue View Git Blame Copy Permalink