Vertex AI controls for generative AI use cases

This list constraint defines the permitted access modes for Vertex AI Workbench notebooks and instances. The allow or deny list can specify multiple users using service-account mode or single-user access using single-user mode.

The ainotebooks.disableFileDownloads boolean constraint prevents you from creating Vertex AI Workbench instances with the file download option enabled. By default, you can enable the file download option on any Vertex AI Workbench instance.

The ainotebooks.disableRootAccess boolean constraint prevents you from creating Vertex AI Workbench user-managed notebooks and instances with root access enabled. By default, Vertex AI Workbench user-managed notebooks and instances can have root access enabled.

The ainotebooks.disableTerminal boolean constraint prevents you from creating Vertex AI Workbench instances with the terminal enabled. By default, you can enable the terminal on Vertex AI Workbench instances.

The ainotebooks.environmentOptions list constraint defines the VM and container image options that you can select when creating Vertex AI Workbench notebooks and instances. You must explicitly specify the options that you want to allow or deny.

The expected format for VM instances is: ainotebooks-vm/PROJECT_ID/IMAGE_TYPE/CONSTRAINED_VALUE . Replace IMAGE_TYPE with image-family or image-name

For example:

ainotebooks-vm/deeplearning-platform-release/image-family/pytorch-1-4-cpu ainotebooks-vm/deeplearning-platform-release/image-name/pytorch-latest-cpu-20200615

The expected format for container images is: ainotebooks-container/CONTAINER_REPOSITORY:TAG

For example:

ainotebooks-container/gcr.io/deeplearning-platform-release/tf-gpu.1-15:latest ainotebooks-container/gcr.io/deeplearning-platform-release/tf-gpu.1-15:m48

The ainotebooks.requireAutoUpgradeSchedule boolean constraint prevents you from creating Vertex AI Workbench user-managed notebooks and instances without an automatic upgrade schedule.

To define a cron schedule for the automatic upgrades, use the notebook-upgrade-schedule metadata flag. For example:

-- metadata=notebook-upgrade-schedule="00 19 * * MON"

This boolean constraint restricts access from public IP addresses to Vertex AI Workbench notebooks and instances. By default, public IP addresses can access Vertex AI Workbench notebooks and instances.

The ainotebooks.restrictVpcNetworks list constraint defines the VPC networks that a user can select when creating Vertex AI Workbench instances. By default, a Vertex AI Workbench instance can be created in any VPC network.

Use one of the following formats to define an allowed or denied list of networks:

• under:organizations/ORGANIZATION_ID
• under:folders/FOLDER_ID
• under:projects/PROJECT_ID
• projects/PROJECT_ID/global/networks/NETWORK_NAME