cloud-run-agent-architect
cloud-run-agent-architect
This skill helps you provision secure, reproducible infrastructure on Google Cloud for your AI agents using Terraform. It follows the "least-privilege" principle and handles Secret Manager integration.
Usage
Ask Antigravity to:
- "Generate Terraform files for my Cloud Run agent"
- "Create a secure service account for my agent"
- "Add my Reddit and Google Docs secrets to Terraform"
Infrastructure Pattern
The generated infrastructure includes:
- Cloud Run Service: Configured with automated secret injection and VPC egress if needed.
- Dedicated Service Account: Granted specific roles like
roles/aiplatform.userandroles/secretmanager.secretAccessor. - Secret Manager: Provisioned for sensitive API keys (e.g.,
REDDIT_CLIENT_ID,DK_API_KEY). - Artifact Registry: A private repository to host the agent's container images.
Terraform Template
Refer to the included resources/main.tf and resources/variables.tf for the standard implementation.
Key IAM Roles
roles/aiplatform.user: To call Vertex AI models.roles/logging.logWriter: To export agent traces.roles/storage.objectAdmin: If the agent saves artifacts (e.g., images to GCS).roles/secretmanager.secretAccessor: To read secrets at runtime.
More from googlecloudplatform/devrel-demos
go-test-expert
Expert in Go testing patterns, table-driven tests, httptest, benchmarking, and fuzzing. Activates for "test", "fail", "benchmark", "debug", "fuzz".
35latest-software-version
>
34go-project-setup
>
26video-description
Generates optimized descriptions for video platforms from transcripts and supplementary material. Use when the user asks for a video description or provides a transcript for video preparation.
17agent-containerizer
Generates a standard Dockerfile that includes both Python and Node.js environments for AI agents.
4gcp-agent-shadow-deployer
Implements the "Dark Canary" pattern for Cloud Run, allowing agents to be evaluated in production without serving user traffic.
4