The following provides instructions on how to log on to the Sage Scientific Compute workspace using your Synapse credentials, and how to use the products provided in the AWS Service Catalog to setup or modify EC2 instances and S3 buckets.
...
Access to Sage Scientific Compute workspace is organized by communities. Community membership is defined by a Synapse Team and managed by its community manager. Each community also has a defined entrypoint entry point URL, as shown below:
Community | Synapse Team | Service Catalog Entrypointentry point |
|---|---|---|
Sage Bionetworks | ||
AD Portal Users | ||
Accelerating Medicines Partnership - Alzheimer’s Disease (AMP-AD) Consortium | ||
Bill & Melinda Gates - Ki Team |
...
To begin, visit the appropriate entrypoint entry point URL for your community, listed above, and log in with your Synapse credentials. You will be prompted to allow access to some information from your Synapse profile.
...
Once logged in, you will see a list of “Products” you can provision. These fall into two categories, EC2 Instances (virtual machines) and S3 Buckets used for data storage. Not all products are available to all communities.
On the left is a navigation sidebar. If you do not see, it, look for a hamburger icon in the upper left, and click on it to expand the navigation sidebar. The options in the navigation bar are “Products” and “Provisioned Products”. After you provision a product selected from “Products”, you will be able to see your products under “Provisioned Products”.
...
EC2 Instance Products
We currently offer four three varieties of virtual machines, each preconfigured for a given purpose, described below.
...
Linux Docker
This product provides a basic EC2 instance , with choice of Linux distribution to install: Amazon Linux or Ubuntu.
...
with Docker installed.
Ubuntu Linux with Notebook Software
This product is an Ubuntu Linux EC2 instance with R Studio notebook software installed.
...
Windows
This product builds one Linux EC2 instance using an Ubuntu AMI with workflows software installed (cwltool, toil, synapseclient, docker).
EC2 Windows with Jumpcloud Integration
This product provides one EC2 instance with Microsoft Windows installedis a Microsoft Windows instance. This is available only to Sage employees.
Creating EC2 Products
To create an instance, select “Products List” from the navigation panel on the left. Next, select from the list one of the EC2 products described above. On the product page, click the orange “LAUNCH PRODUCT” button under the product description, then fill out the wizard as follows:
...
The AWS SSM allows direct access to private instances from your own computer terminal. To setup access with the AWS SSM we need to create a special Synapse personal access token (PAT) that will work with the Sage Service Catalog. This is special PAT that can only be created using this workflow, creating a PAT from the Synapse personal token manager web page will NOT work.
Request a Synapse PAT by visiting https://sc.sageit.org/personalaccesstoken , for Sage employees, or https://ad.strides.sc.sageit.org/personalaccesstoken for AMP-AD members. (You may need to login to Synapse.) If you have already created a PAT through this mechanism and are repeating the process you must first visit the token management page in Synapse and delete the existing one with the same name.
After logging into Synapse a file containing the PAT, which is a long character string (i.e. eyJ0eXAiOiJ...Z8t9Eg), is returned to you. Save the file to your local machine and note the location where you saved it to then close the browser session.
...
Run an application on the EC2 (i.e. docker run -p 80:80 httpd)
Code Block [ec2-user@ip-10-49-26-50 ~]$ docker run -p 80:80 httpd Unable to find image 'httpd:latest' locally latest: Pulling from library/httpd 33847f680f63: Pull complete d74938eee980: Pull complete 963cfdce5a0c: Pull complete 8d5a3cca778c: Pull complete e06a573b193b: Pull complete Digest: sha256:71a3a8e0572f18a6ce71b9bac7298d07e151e4a1b562d399779b86fef7cf580c Status: Downloaded newer image for httpd:latest AH00558: httpd: Could not reliably determine the server's fully qualified domain name, using 172.17.0.2. Set the 'ServerName' directive globally to suppress this message AH00558: httpd: Could not reliably determine the server's fully qualified domain name, using 172.17.0.2. Set the 'ServerName' directive globally to suppress this message [Thu Jul 22 23:54:12.106344 2021] [mpm_event:notice] [pid 1:tid 140706544895104] AH00489: Apache/2.4.48 (Unix) configured -- resuming normal operations [Thu Jul 22 23:54:12.107307 2021] [core:notice] [pid 1:tid 140706544895104] AH00094: Command line: 'httpd -D FOREGROUND'
To provide access to that app an SC user can use the port forwarding feature to gain access to the app by running the AWS SSM CLI command
Code Block aws ssm start-session --profile service-catalog \ --target i-0fd5c9ff0ef675ceb \ --document-name AWS-StartPortForwardingSession \ --parameters '{"portNumber":["80"],"localPortNumber":["9090"]}'Now you should be able to access that app on your local machine at
http://localhost:9090
...
Using the update action allows you to change parameters or update to a new version of the product. WARNING: changes to configuration parameters usually result in a recreation (“replacement”) of the instance, any data saved on the instance will be lost, and the nature of the update by Amazon is difficult to predict. We recommend that you save any important data to S3, provision a new instance and terminate the original.
Terminate
The terminate action deletes the instance permanently.
...
Please ask #sageit for help transferring ownership if that is deemed to be necessary rather than using this action. Otherwise, you may find that you cannot connect to your instance.
S3
Note: S3 storage products currently are available to Sage employees only.
S3 Products
To understand the cost of S3 buckets see https://aws.amazon.com/s3/pricing/ or use the AWS pricing calculator. Note that while data egress can be a substantial cost, our Service Catalog provisions buckets and EC2 instances in the same AWS region. Since AWS does not charge for egress to a location within a bucket’s region, accessing data from an instance in provisioned by our Service Catalog will avoid such costs.
...
The benefits of the Service Catalog are that it is self-service, meant to fulfill the most common needs for compute and storage, and that it creates resources in a PHI-safe environment. We encourage you to use it preferentially. However, it will not fulfill all needs. For custom development in a PHI-safe environment, the “scicomp” account remains the preference for Sage employees. For custom development that does not concern PHI, the “sandbox” account can be chosenused by Sage employees. For more information, see the Sage Bionetworks intranet article on computing. If you have any questions about which environment is most suitable, questions are welcome in the #sageit Slack channel!
...
The current product templates are meant to cover the most common use cases. Please file a Jira issue to You may request a new product if your use case is not covered. Sage employees can do this by filing a Jira issue. Others should contact their community manager.
What is a User ARN?
ARN stands for Amazon Resource Name, a unique identifier for a particular resource in AWS.
...