Challenge 4: Agent Runtime

Challenge 4: Agent Runtime

Previous Challenge Next Challenge

Introduction

Running agents locally with personal user credentials is great for prototyping, but enterprise-grade business applications require a secure, reliable, and scalable hosting environment.

In this challenge, you will move your agent off your local machine and deploy it to Google Cloud’s Agent Runtime (part of the Gemini Enterprise Agent Platform). You will configure a dedicated Agent Identity, a managed principal, and grant it the precise, minimum IAM permissions required to access BigQuery. This ensures your agent runs securely under its own cloud identity without exposing personal user credentials.

Description

Deploy your agent to Agent Runtime, using the ADK CLI. Make sure that the Agent Runtime uses Agent Identity.

Grant the required permissions to the identity of the Agent so that it can read data from and run jobs on BigQuery, and can use the BigQuery MCP tools.

Once the agent on Agent Runtime can successfully answer questions that require accessing BigQuery, commit and push your changes.

Success Criteria

• Ask the agent on Agent Runtime: How many customers do we have in total?. This should run a query on the customers table and return 1000.
• All the changes are committed and pushed to the Git repository.

Tips

• Agent Runtime used to be called Agent Engine, some ADK CLI options still use that terminology
• If you need to redeploy your agent, provide the --agent_engine_id option so that it replaces your deployment (and doesn’t create a new agent with a new identity)
• You can use the Playground section in Agent Runtime interface to have a similar experience as locally testing through ADK web UI.
• Easiest option to configure the Agent Identity is to through the agent config file .agent_engine_config.json.

Learning Resources

• Deploying with ADK CLI
• Creating an Agent with Agent Identity

Previous Challenge Next Challenge