Add CMEK to vertexai IndexEndpoint (#15214) (#1122)

modular-magician · web-flow · commit b9b48784f669 · 2025-09-25T15:09:50.000-07:00
[upstream:464f2796fb780a74235c6904d20f16c08316dd2d]

Signed-off-by: Modular Magician &lt;magic-modules@google.com&gt;
diff --git a/vertex_ai_index_endpoint_test/main.tf b/vertex_ai_index_endpoint_test/main.tf
@@ -1,3 +1,13 @@
+resource "google_project_service_identity" "vertexai_sa" {
+  service = "aiplatform.googleapis.com"
+}
+
+resource "google_kms_crypto_key_iam_member" "vertexai_encrypterdecrypter" {
+  crypto_key_id = "kms-name-${local.name_suffix}"
+  role          = "roles/cloudkms.cryptoKeyEncrypterDecrypter"
+  member        =  google_project_service_identity.vertexai_sa.member
+}
+
 resource "google_vertex_ai_index_endpoint" "index_endpoint" {
   display_name = "sample-endpoint"
   description  = "A sample vertex endpoint"
@@ -6,6 +16,14 @@ resource "google_vertex_ai_index_endpoint" "index_endpoint" {
     label-one = "value-one"
   }
   network      = "projects/${data.google_project.project.number}/global/networks/${data.google_compute_network.vertex_network.name}"
+
+  encryption_spec {
+    kms_key_name = "kms-name-${local.name_suffix}"
+  }
+
+  depends_on = [
+    google_kms_crypto_key_iam_member.vertexai_encrypterdecrypter,
+  ]
 }
 
 data "google_compute_network" "vertex_network" {
