Connecting a Storage Account
Last updated
Was this helpful?
Last updated
Was this helpful?
When a storage account is connected, Workbench indexes the directories and identifies the samples and files. The following sections detail how to set up storage accounts for different providers.
Log in to your
Click on Data from the left navigation panel
Click the Connect Data button
Continue onto the the section that corresponds to the cloud you are configuring
The following guide outlines the key concepts and minimal configuration needed to establish a secure connection between Instruments and your AWS S3 resources.
Select Amazon AWS as the provider.
Enter your Access Key ID and Secret Access Key.
Specify the Bucket URI and Region.
Click Save to connect the storage account.
To use AWS S3 with Workbench, the following are required:
s3:ListBucket: To list objects within the bucket.
s3:GetObject: To read object contents.
Navigate to IAM (Identity and Access Management).
Select Users and choose the user for whom you want to create an access key.
Go to the Security Credentials tab and click Create Access Key.
Copy the Access Key ID and Secret Access Key to use in Workbench.
The service account is now ready to list and read objects from the specified bucket.
The following guide outlines the key concepts and minimal configuration needed to establish a secure connection between Instruments and your Azure resources.
Select Microsoft Azure as the provider.
Choose OAuth 2.0 as the authentication method.
Enter your Tenant ID, Client ID, and Client Secret.
Provide the Storage Account Name and Container Name.
Click Save.
To use Azure Storage with Workbench, the following permissions are required:
Storage Blob Data Reader: To list and read blob data within the storage account.
Navigate to Azure Active Directory > App Registrations > New Registration.
Provide a name for the application and click Register.
Go to the Manage > Certificates & Secrets tab and create a Client Secret.
Navigate to your Storage Account and open the Access Control (IAM) tab.
Click Add Role Assignment, select Storage Blob Data Reader, and assign it to the newly created service principal.
Select Microsoft Azure as the provider.
Choose Shared Access Signature as the authentication method.
Enter the SAS URL.
Specify the Storage Account Name and Storage Container Name.
Click Save.
Navigate to your Storage Account > Storage Browser and go to Blob Containers section.
Locate the desired blob container in the table.
In the last column of the table, click on the ellipsis "..." to open the context menu.
Click on the Shared Access Signature option.
Specify the permissions required (e.g., Read and List).
Set the Start and Expiry time for the token.
Click Generate SAS Token and URL.
Copy the generated SAS Token URL.
Select Microsoft Azure as the provider.
Choose Access Key as the authentication method.
Enter the Access Key.
Specify the Storage Account Name and Storage Container Name.
Click Save.
Follow these steps to retrieve the access key for your Azure Storage Account:
Navigate to your Storage Account.
Under Security + Networking, select Access keys.
Copy the Key1 or Key2 under the Key section.
Use the copied key as the Access Key in Workbench.
The service account is now ready to list and read objects from the specified bucket.
Select Google Cloud as the provider.
Upload your Service Account JSON.
Enter the Project ID and Bucket URI.
Click Save to connect the storage account.
To properly connect Google Cloud Storage with Workbench, the service account needs the following permissions:
storage.buckets.list - To list buckets
storage.objects.get - To read object contents
storage.objects.list - To list objects within buckets
serviceusage.services.use - To use GCP services
The easiest approach is to assign two built-in roles to your service account:
Storage Admin (roles/storage.admin) - Provides full control of storage resources
Service Usage Consumer (roles/serviceusage.serviceUsageConsumer) - Allows service usage
Navigate to IAM & Admin > Service Accounts.
Click Create Service Account.
Enter a name and description for the service account, then click Create and Continue.
Add the Storage Admin role to grant storage permissions.
Add the Service Usage Consumer role.
Click Done to finish creating the service account.
Select the newly created service account from the list and navigate to the Keys tab.
Click Add Key > Create New Key.
Choose the JSON format and click Create.
Save the downloaded JSON key securely for use in Workbench.
If you prefer more granular control, you can create a custom role with only the required permissions:
Navigate to IAM & Admin > Roles.
Click Create Role.
Enter a name and description for the role.
Click Add Permissions and add these exact permissions:
storage.buckets.list
storage.objects.get
storage.objects.list
serviceusage.services.use
Click Create to create the custom role.
Go back to IAM & Admin > Service Accounts.
Create a new service account or select an existing one.
Assign your newly created custom role to this service account.
Generate and download a JSON key as described above.
If you want to limit access to a specific bucket only:
Navigate to the Cloud Storage section in the Google Cloud Console.
Select the bucket you want the service account to access.
Go to the Permissions tab and click Grant Access.
Enter the service account email in the New Principals field.
Assign only the Storage Admin role (or your custom role) to the service account at the bucket level.
Note: You do not need to add the Service Usage Consumer role at the bucket level.
Click Save to apply the permissions.
The service account is now ready to list and read objects from the specified bucket.
Log in to the .
For more details, refer to the .
Log in to the .
For detailed steps, refer to the .
Log in to the .
Log in to the .
For additional details, visit the .
Log in to the .