Create a dedicated service account to access Mainframe Assessment Tool. For more
information, seeCreate service accounts.
Make sure that you have sufficient quota in the region where you plan to
create the Mainframe Assessment Tool VM. All zones in all theGenerative AI on Vertex AI regionsare supported. The required quotas per base model are listed in the
following table:
Request Type
Base Model
Quota (QPM)
Generate content requests per minute per project per base model per minute per region per base model
To ensure that the dedicated
service account that you created has the necessary
permissions to give the Mainframe Assessment Tool components the required access to the Vertex AI API and other services,
ask your administrator to grant the dedicated
service account that you created the
following IAM roles:
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Hard to understand","hardToUnderstand","thumb-down"],["Incorrect information or sample code","incorrectInformationOrSampleCode","thumb-down"],["Missing the information/samples I need","missingTheInformationSamplesINeed","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2025-09-04 UTC."],[],[],null,["# Configure your Google Cloud project for Mainframe Assessment Tool\n\nThis page describes the process to set up and configure your Google Cloud\nproject to work with Mainframe Assessment Tool.\n\nBefore you begin\n----------------\n\n1. In the Google Cloud console, on the project selector page, select or\n [create a Google Cloud project](/resource-manager/docs/creating-managing-projects).\n\n | **Note:** If you don't plan to keep the resources that you create in this procedure, create a project instead of selecting an existing project. After you finish these steps, you can delete the project, removing all resources associated with the project.\n\n [Go to project selector](https://console.cloud.google.com/projectselector2/home/dashboard)\n2. Make sure that billing is enabled for your Google Cloud project. For more\n information, see [Verify the billing status of your projects](/billing/docs/how-to/verify-billing-enabled).\n\n3. Create a dedicated service account to access Mainframe Assessment Tool. For more\n information, see [Create service accounts](/iam/docs/service-accounts-create).\n\n4. Make sure that you have sufficient quota in the region where you plan to\n create the Mainframe Assessment Tool VM. All zones in all the\n [Generative AI on Vertex AI regions](/vertex-ai/generative-ai/docs/learn/locations#available-regions)\n are supported. The required quotas per base model are listed in the\n following table:\n\n To adjust quotas, use the Google Cloud console. For more information, see\n [Request a quota adjustment](/docs/quotas/help/request_increase).\n\nEnable APIs\n-----------\n\n1. Enable the Compute Engine API.\n\n [Enable Compute Engine API](https://console.cloud.google.com/apis/api/compute.googleapis.com/overview)\n2. Enable the Vertex AI API.\n\n [Enable Vertex AI API](https://console.cloud.google.com/apis/api/aiplatform.googleapis.com/overview)\n\nConfigure firewall rules\n------------------------\n\nTo enable secure access to the Mainframe Assessment Tool VM through IAP,\ncreate the following firewall rules:\n\n1. Create a firewall rule to allow\n ingress traffic on TCP port `4000` by\n [using IAP for TCP forwarding](/iap/docs/using-tcp-forwarding):\n\n gcloud compute firewall-rules create allow-ingress-from-iap \\\n --direction=INGRESS \\\n --action=allow \\\n --rules=tcp:4000\\\n --source-ranges=35.235.240.0/20\n\n2. Create a firewall rule to deny all other ingress traffic to your\n Mainframe Assessment Tool VM:\n\n gcloud compute firewall-rules create deny-all-other-ingress \\\n --direction=ingress \\\n --action=deny \\\n --rules=all \\\n --source-ranges=0.0.0.0/0 \\\n --network=your-network-name \\\n --priority=65535\n\nAssign IAM roles and permissions\n--------------------------------\n\n\nTo ensure that the dedicated\nservice account that you created has the necessary\npermissions to give the Mainframe Assessment Tool components the required access to the Vertex AI API and other services,\n\nask your administrator to grant the dedicated\nservice account that you created the\nfollowing IAM roles:\n\n| **Important:** You must grant these roles to the dedicated service account that you created, *not* to your user account. Failure to grant the roles to the correct principal might result in permission errors.\n\n- [Vertex AI User](/iam/docs/roles-permissions/aiplatform#aiplatform.user) (`roles/aiplatform.user`)\n- Cloud Logging: [Cloud Logging Writer](/iam/docs/roles-permissions/logging#logging.logWriter) (`roles/logging.logWriter`)\n\n\nWhat's next\n-----------\n\n- Learn how to [Set up and access Mainframe Assessment Tool](/mainframe-assessment-tool/docs/create-vm)."]]
