The following provides instructions on how to log on to the Sage Scientific Compute workspace using your Synapse credentials, and how to use the products provided in the AWS Service Catalog to setup or modify EC2 instances and S3 buckets.Table of Contents
| Table of Contents |
|---|
Gaining Access
Access to the Sage Scientific Compute workspace is provided by the research community manager. Currently there are two communities, (1) Sage Bionetworks and (2) the organized by communities. Community membership is defined by a Synapse Team and managed by its community manager. Each community also has a defined entrypoint URL, as shown below:
Community | Synapse Team | Service Catalog Entrypoint |
|---|---|---|
Sage Bionetworks | ||
AD Portal Users | ||
Accelerating Medicines Partnership - Alzheimer’s Disease (AMP-AD) |
...
Consortium | ||
Bill & Melinda Gates - Ki Team |
For Sage Bionetworks employees, access is granted during employee on boarding. In the latter caseFor other groups, the community manager will add your Synapse account to the list of allowed users for the compute workspace.
Login
To begin, visit https://sc.sageit.org if you are a Sage employee or https://ad.strides.sc.sageit.org if you are in the AMP-AD community enter the entrypoint URL in your browser and log in with your Synapse credentials. You will be prompted to allow access to some information from your Synapse profile. This information will allow login, provide you access to the right resources, and tag anything you provision with your nameidentity.
Note: Service Catalog products, discussed below, are owned by the Synapse account under which you log in. Once created, products will appear in the console only when logged in to that account, which will have sole ability to update or remove the product. Products like S3 buckets may have a life cycle beyond the project participation of any single person. To support such a case you may create and use a so-called service account in Synapse (i.e., an account meant for automation that may outlive one person’s commitment to a project). If so, then to meet regulatory requirements the credentials for the service account must place in a secure store whose access is limited and can be reviewed. /wiki/spaces/IT/pages/1200816129.
...
The AWS SSM allows direct access to private instances from your own computer terminal. To setup access with the AWS SSM we need to create a special Synapse personal access token (PAT) that will work with the Sage Service Catalog. This is special PAT that can only be created using this workflow, creating a PAT from the Synapse personal token manager web page will NOT work.
Request a Synapse PAT by visiting https://sc.sageit.org/personalaccesstoken , for Sage employees, or https://ad.strides.sc.sageit.org/personalaccesstoken for AMP-AD members. (You may need to login to Synapse.) If you have already created a PAT through this mechanism and are repeating the process you must first visit the token management page in Synapse and delete the existing one with the same name.
After logging into Synapse a file containing the PAT, which is a long character string (i.e. eyJ0eXAiOiJ...Z8t9Eg), is returned to you. Save the file to your local machine and note the location where you saved it to then close the browser session.
...
Run an application on the EC2 (i.e. docker run -p 80:80 httpd)
Code Block [ec2-user@ip-10-49-26-50 ~]$ docker run -p 80:80 httpd Unable to find image 'httpd:latest' locally latest: Pulling from library/httpd 33847f680f63: Pull complete d74938eee980: Pull complete 963cfdce5a0c: Pull complete 8d5a3cca778c: Pull complete e06a573b193b: Pull complete Digest: sha256:71a3a8e0572f18a6ce71b9bac7298d07e151e4a1b562d399779b86fef7cf580c Status: Downloaded newer image for httpd:latest AH00558: httpd: Could not reliably determine the server's fully qualified domain name, using 172.17.0.2. Set the 'ServerName' directive globally to suppress this message AH00558: httpd: Could not reliably determine the server's fully qualified domain name, using 172.17.0.2. Set the 'ServerName' directive globally to suppress this message [Thu Jul 22 23:54:12.106344 2021] [mpm_event:notice] [pid 1:tid 140706544895104] AH00489: Apache/2.4.48 (Unix) configured -- resuming normal operations [Thu Jul 22 23:54:12.107307 2021] [core:notice] [pid 1:tid 140706544895104] AH00094: Command line: 'httpd -D FOREGROUND'
To provide access to that app an SC user can use the port forwarding feature to gain access to the app by running the AWS SSM CLI command
Code Block aws ssm start-session --profile service-catalog \ --target i-0fd5c9ff0ef675ceb \ --document-name AWS-StartPortForwardingSession \ --parameters '{"portNumber":["80"],"localPortNumber":["9090"]}'Now you should be able to access that app on your local machine at
http://localhost:9090
...
Using the update action allows you to change parameters or update to a new version of the product. WARNING: changes to configuration parameters usually result in a recreation (“replacement”) of the instance, any data saved on the instance will be lost, and the nature of the update by Amazon is difficult to predict. We recommend that you save any important data to S3, provision a new instance and terminate the original.
Terminate
The terminate action deletes the instance permanently.
...