Everything That Goes Wrong With That Setup (And How I Debugged It) A developer debugging a Gemini on Vertex AI deployment encountered six distinct bugs, each initially appearing as a 401 Unauthorized error. The issues ranged from a PM2 configuration typo causing a 502 Bad Gateway to the Google Cloud client library incorrectly querying the AWS Instance Metadata Service, which returned a generic XHTML 401 page. The developer systematically ruled out each problem by isolating the root cause, such as verifying environment variables with `pm2 env 0` and testing IMDS directly. In Part 1 https://dev.to/prathamchauhan/setting-up-gemini-on-vertex-ai-for-production-a-no-nonsense-walkthrough-22hp , I walked through setting up Gemini via Vertex AI, from project setup through a keyless EC2 deployment with Workload Identity Federation WIF . If a few of those terms went by fast, quick recap: a service account is a non-human identity your app logs in as, an IAM role is a labeled bundle of permissions, and WIF is the system that lets AWS vouch for your server's identity to Google without any password changing hands. This post is the part nobody puts in the official docs: every single thing that went wrong when I actually did this, in the order I hit it, and what each error really meant. Six distinct bugs, stacked on top of each other. Almost every one of them initially looked like a variation of the same "401 Unauthorized" error, and figuring out that they were six different problems, not one stubborn one, was most of the battle. Before I'd even gotten to testing auth, the site returned a 502 Bad Gateway. Easy mistake to make here: jumping straight to "something's wrong with my Vertex AI setup." A 502 just means the web server in front of your app commonly nginx sent a request to your app and got no answer back at all. It tells you nothing about why, only that your app isn't there to ask. pm2 list pm2 logs