Connecting a Storage Account

When a storage account is connected, Workbench indexes the directories and identifies the samples and files. The following sections detail how to set up storage accounts for different providers.

General Setup

Log in to your Workbench account
Click on Data from the left navigation panel
Click the Connect Data button
Continue onto the the section that corresponds to the cloud you are configuring

AWS S3

The following guide outlines the key concepts and minimal configuration needed to establish a secure connection between Instruments and your AWS S3 resources.

Connect AWS S3

Select Amazon AWS as the provider.
Enter your Access Key ID and Secret Access Key.
Specify the Bucket URI and Region.
Click Save to connect the storage account.

Required Permissions

To use AWS S3 with Workbench, the following are required:

s3:ListBucket: To list objects within the bucket.
s3:GetObject: To read object contents.

Generating an Access Key

Log in to the AWS Management Console.
Navigate to IAM (Identity and Access Management).
Select Users and choose the user for whom you want to create an access key.
Go to the Security Credentials tab and click Create Access Key.
Copy the Access Key ID and Secret Access Key to use in Workbench.

For more details, refer to the AWS Documentation.

The service account is now ready to list and read objects from the specified bucket.

Azure Storage Account

The following guide outlines the key concepts and minimal configuration needed to establish a secure connection between Instruments and your Azure resources.

Using OAuth2

Select Microsoft Azure as the provider.
Choose OAuth 2.0 as the authentication method.
Enter your Tenant ID, Client ID, and Client Secret.
Provide the Storage Account Name and Container Name.
Click Save.

Required Permissions

To use Azure Storage with Workbench, the following permissions are required:

Storage Blob Data Reader: To list and read blob data within the storage account.

Creating a Service Principal

Log in to the Azure Portal.
Navigate to Azure Active Directory > App Registrations > New Registration.
Provide a name for the application and click Register.
Go to the Manage > Certificates & Secrets tab and create a Client Secret.
Navigate to your Storage Account and open the Access Control (IAM) tab.
Click Add Role Assignment, select Storage Blob Data Reader, and assign it to the newly created service principal.

For detailed steps, refer to the Azure Documentation.

Using SAS Token

Select Microsoft Azure as the provider.
Choose Shared Access Signature as the authentication method.
Enter the SAS URL.
Specify the Storage Account Name and Storage Container Name.
Click Save.

Generating a SAS Token for a Container

Log in to the Azure Portal.
Navigate to your Storage Account > Storage Browser and go to Blob Containers section.
Locate the desired blob container in the table.
In the last column of the table, click on the ellipsis "..." to open the context menu.
Click on the Shared Access Signature option.
Specify the permissions required (e.g., Read and List).
Set the Start and Expiry time for the token.
Click Generate SAS Token and URL.
Copy the generated SAS Token URL.

Note: SAS tokens can expire. Ensure the token's validity matches the intended usage period

Using Access Key

Select Microsoft Azure as the provider.
Choose Access Key as the authentication method.
Enter the Access Key.
Specify the Storage Account Name and Storage Container Name.
Click Save.

Retrieving the Storage Account Access Key

Follow these steps to retrieve the access key for your Azure Storage Account:

Log in to the Azure Portal.
Navigate to your Storage Account.
Under Security + Networking, select Access keys.
Copy the Key1 or Key2 under the Key section.
Use the copied key as the Access Key in Workbench.

For additional details, visit the Azure Storage Account Key Documentation.

The service account is now ready to list and read objects from the specified bucket.

Google Cloud Storage

Steps to Connect GCS

Select Google Cloud as the provider.
Upload your Service Account JSON.
Enter the Project ID and Bucket URI.
Click Save to connect the storage account.

Creating a Service Account, Key, and Assigning Permissions

Log in to the Google Cloud Console.
Navigate to IAM & Admin > Service Accounts.
Click Create Service Account.
Enter a name and description for the service account, then click Create and Continue.
Assign the Storage Object Viewer role to the service account to grant permissions for listing and reading objects.
Click Done to finish creating the service account.
Select the newly created service account from the list and navigate to the Keys tab.
Click Add Key > Create New Key.
Choose the JSON format and click Create.
Save the downloaded JSON key securely for use in Workbench.

Assigning Permissions to Buckets

Navigate to the Cloud Storage section in the Google Cloud Console.
Select the bucket you want the service account to access.
Go to the Permissions tab and click Grant Access.
Enter the service account email in the New Principals field.
Assign the Storage Object Viewer role to the service account.
Save the changes.

The service account is now ready to list and read objects from the specified bucket.

PreviousGetting Started with Instruments NextUsing Sample Data in a Workflow

Last updated 18 days ago

Was this helpful?

Connecting a Storage Account

When a storage account is connected, Workbench indexes the directories and identifies the samples and files. The following sections detail how to set up storage accounts for different providers.

General Setup

Log in to your Workbench account
Click on Data from the left navigation panel
Click the Connect Data button
Continue onto the the section that corresponds to the cloud you are configuring

AWS S3

The following guide outlines the key concepts and minimal configuration needed to establish a secure connection between Instruments and your AWS S3 resources.

Connect AWS S3

Select Amazon AWS as the provider.
Enter your Access Key ID and Secret Access Key.
Specify the Bucket URI and Region.
Click Save to connect the storage account.

Required Permissions

To use AWS S3 with Workbench, the following are required:

s3:ListBucket: To list objects within the bucket.
s3:GetObject: To read object contents.

Generating an Access Key

Log in to the AWS Management Console.
Navigate to IAM (Identity and Access Management).
Select Users and choose the user for whom you want to create an access key.
Go to the Security Credentials tab and click Create Access Key.
Copy the Access Key ID and Secret Access Key to use in Workbench.

For more details, refer to the AWS Documentation.

The service account is now ready to list and read objects from the specified bucket.

Azure Storage Account

The following guide outlines the key concepts and minimal configuration needed to establish a secure connection between Instruments and your Azure resources.

Using OAuth2

Select Microsoft Azure as the provider.
Choose OAuth 2.0 as the authentication method.
Enter your Tenant ID, Client ID, and Client Secret.
Provide the Storage Account Name and Container Name.
Click Save.

Required Permissions

To use Azure Storage with Workbench, the following permissions are required:

Storage Blob Data Reader: To list and read blob data within the storage account.

Creating a Service Principal

Log in to the Azure Portal.
Navigate to Azure Active Directory > App Registrations > New Registration.
Provide a name for the application and click Register.
Go to the Manage > Certificates & Secrets tab and create a Client Secret.
Navigate to your Storage Account and open the Access Control (IAM) tab.
Click Add Role Assignment, select Storage Blob Data Reader, and assign it to the newly created service principal.

For detailed steps, refer to the Azure Documentation.

Using SAS Token

Select Microsoft Azure as the provider.
Choose Shared Access Signature as the authentication method.
Enter the SAS URL.
Specify the Storage Account Name and Storage Container Name.
Click Save.

Generating a SAS Token for a Container

Log in to the Azure Portal.
Navigate to your Storage Account > Storage Browser and go to Blob Containers section.
Locate the desired blob container in the table.
In the last column of the table, click on the ellipsis "..." to open the context menu.
Click on the Shared Access Signature option.
Specify the permissions required (e.g., Read and List).
Set the Start and Expiry time for the token.
Click Generate SAS Token and URL.
Copy the generated SAS Token URL.

Note: SAS tokens can expire. Ensure the token's validity matches the intended usage period

Using Access Key

Select Microsoft Azure as the provider.
Choose Access Key as the authentication method.
Enter the Access Key.
Specify the Storage Account Name and Storage Container Name.
Click Save.

Retrieving the Storage Account Access Key

Follow these steps to retrieve the access key for your Azure Storage Account:

Log in to the Azure Portal.
Navigate to your Storage Account.
Under Security + Networking, select Access keys.
Copy the Key1 or Key2 under the Key section.
Use the copied key as the Access Key in Workbench.

For additional details, visit the Azure Storage Account Key Documentation.

The service account is now ready to list and read objects from the specified bucket.

Google Cloud Storage

Steps to Connect GCS

Select Google Cloud as the provider.
Upload your Service Account JSON.
Enter the Project ID and Bucket URI.
Click Save to connect the storage account.

Creating a Service Account, Key, and Assigning Permissions

Log in to the Google Cloud Console.
Navigate to IAM & Admin > Service Accounts.
Click Create Service Account.
Enter a name and description for the service account, then click Create and Continue.
Assign the Storage Object Viewer role to the service account to grant permissions for listing and reading objects.
Click Done to finish creating the service account.
Select the newly created service account from the list and navigate to the Keys tab.
Click Add Key > Create New Key.
Choose the JSON format and click Create.
Save the downloaded JSON key securely for use in Workbench.

Assigning Permissions to Buckets

Navigate to the Cloud Storage section in the Google Cloud Console.
Select the bucket you want the service account to access.
Go to the Permissions tab and click Grant Access.
Enter the service account email in the New Principals field.
Assign the Storage Object Viewer role to the service account.
Save the changes.

The service account is now ready to list and read objects from the specified bucket.

PreviousGetting Started with Instruments NextUsing Sample Data in a Workflow

Last updated 18 days ago

Was this helpful?