Help with persistent 403 Forbidden error in Vertex AI from Cloud Functions (Gen2)

Google Cloud Serverless Applications
1

I’m working on an automation project and I’ve run into a 403 Forbidden error that I haven’t been able to solve. I would appreciate any ideas or suggestions.

1. Project Goal The goal is to automate lead qualification. The workflow is: a prospect fills out a Google Form, and the system uses the Gemini AI to generate an analysis and a sales strategy.

2. Environments and Connection Flow We aimed to connect Google Workspace and Google Cloud Platform (GCP). The data flow is: Google Form → Google Sheet → Apps Script (UrlFetchApp) → Cloud Function trigger (HTTP) → Pub/Sub → Cloud Function processor (Pub/Sub Trigger) → Vertex AI API.

3. Development Details

  • Functions: Two Cloud Functions (Gen2) were programmed in Node.js 20.

  • AI Library: The official @google-cloud/vertexai library was used.

  • Identity: The functions run using the default Compute Engine service account.

  • Enabled APIs: aiplatform.googleapis.com, cloudfunctions.googleapis.com, pubsub.googleapis.com, secretmanager.googleapis.com, eventarc.googleapis.com, and cloudbuild.googleapis.com were enabled.

  • Assigned Permissions: The service account was granted the “Secret Manager Secret Accessor” and “Vertex AI Service Agent” roles at the project level.

4. The Specific Error The chain works until the final step. The processor function receives the data, but when calling the Vertex AI API with the gemini-1.5-pro-latest model, it fails with the error:

ClientError: [VertexAI.ClientError]: got status: 403 Forbidden

5. Additional Tests Performed (Without Success)

  • The error persists even when changing to other models (e.g., gemini-1.0-pro).

  • The error persists when deploying the entire architecture in a different region (us-east1).

  • Key point: The entire process was replicated from scratch in a brand new GCP project, with a new Google account and a new billing account, and the exact same 403 error was received.

Given this context, has anyone experienced a similar 403 Forbidden error with Vertex AI that is not related to standard IAM roles? Is there another layer of permissions or configuration that we might be overlooking?

Thanks in advance.