Google Cloud Releases genai-factory: Enterprise-Grade Generative AI Infrastructure Deployment Blueprint

Google Cloud Platform's genai-factory is an open-source Terraform Infrastructure as Code (IaC) solution designed to help enterprises quickly and securely deploy generative AI applications. This project provides a complete deployment blueprint covering various scenarios such as Agent Engine, Cloud Run, RAG systems, and NL2SQL, adhering to the principle of least privilege and security best practices to address the pain points of enterprises building compliant AI infrastructure from scratch. The project is maintained by the official GCP team and open-sourced on GitHub.

With the rapid development of generative AI technology, enterprises' demand for integrating LLMs and intelligent agents into business processes is growing. However, building secure, scalable, and compliant AI infrastructure from scratch faces many challenges (such as network configuration, permission management, service orchestration, data security, etc.). genai-factory was created to address this pain point—it is a collection of open-source infrastructure blueprints using Terraform as the IaC tool, providing security-hardened deployment solutions, adhering to the principle of least privilege, and avoiding default service accounts and over-authorization.

Infrastructure as Code Best Practices

genai-factory is built on Terraform, leveraging GCP Terraform resource providers and Cloud Foundation Fabric modules to deliver advantages such as repeatability (consistent deployment across multiple environments), version control (infrastructure changes managed like code), automation (integration with CI/CD), and auditability (traceable changes).

Security-First Design

• No default service accounts: Each service uses a specially created account
• Principle of least privilege: Fine-grained IAM roles to avoid over-authorization
• Network isolation: Achieved via VPC and Private Google Access (PGA)
• Security proxy: Secure Web Proxy (SWP) controls outbound traffic

genai-factory provides multiple pre-configured templates covering common generative AI scenarios:

1. Agent Engine: Deploy instances in a private VPC to securely access internal resources, supporting ADK proxy and multi-agent collaboration via A2A protocol.
2. Single-service Cloud Run: Simplified deployment path, supporting ADK proxy, A2A proxy, self-hosted Gemma3 (L4 GPU), and MCP server.
3. NL2SQL: A proxy on Cloud Run converts natural language to SQL and retrieves data from BigQuery, eliminating the need for users to directly handle SQL or database information.
4. RAG System: Three variants (Cloud Run + Cloud SQL/AlloyDB/Vertex AI Vector Search), integrating BigQuery as the data source.
5. AI Application Search: Build enterprise-grade search based on Vertex AI Search, supporting public website content crawling and indexing.
6. Gemini Enterprise Integration: Agent Studio (connecting unstructured data), Dialogflow CX (reading CSV/JSON data from GCS).

Two-Stage Deployment Model

1. 0-projects stage: Create projects, service accounts, enable APIs, grant IAM roles, and generate YAML templates that can be executed by the platform team; skip this step if projects already exist.
2. 1-apps stage: Deploy core resources and AI applications. It creates a VPC/subnet by default, but you can also configure to use an existing network (example HCL code: networking_config = { create = false, vpc_id = "your-vpc-id", subnet = { name = "your-subnet-id" } }).

Integration with Cloud Foundation Fabric

genai-factory is part of the Cloud Foundation Fabric ecosystem and deeply integrated with the Fabric FAST project factory (v55.4.0+), bringing advantages such as unified project management, consistent IAM model, shared network components, and standardized monitoring logs.

Target Users

• Platform engineering teams: Provide standardized AI infrastructure templates
• AI engineering teams: Quickly launch compliant generative AI projects
• Enterprise architects: Evaluate and plan AI infrastructure solutions
• Compliance and security teams: Review the security and compliance of AI deployments

Core Values

1. Shorten time-to-market: From weeks of setup to hours of deployment
2. Reduce security risks: Built-in security best practices to avoid configuration errors
3. Improve consistency: Same code definition across multiple environments to eliminate configuration drift
4. Simplify operations: Changes are traceable, rollbackable, and auditable
5. Flexible and scalable: Modular design supports custom extensions

Quick Start

Follow the standard Terraform workflow: Clone the repository → Enter the target factory directory (e.g., cloud-run-single) → Copy and modify the example variable file → Execute terraform init and terraform apply to complete the deployment.

Community Contributions

The GCP team welcomes community contributions. The project follows open-source contribution processes (code review, CI/CD checks, etc.), and detailed guidelines can be found in CONTRIBUTING.md.

genai-factory represents the evolution direction of cloud-native AI infrastructure: from manual configuration to code definition, from siloed efforts to standardized templates, and from security as an afterthought to security built into design. For enterprises planning or launching generative AI projects, it is a solution worth evaluating.

In the future, genai-factory will continue to add new scenario templates (such as multimodal AI, agent orchestration, complex RAG architectures, etc.). Enterprises are advised to keep an eye on updates to stay at the cutting edge of technology and ensure production safety.