Read on for step-by-step instructions on harnessing Terra's back-end infrastructure to access external buckets, Google Cloud virtual machines (VMs), machine-learning tools, and more. Use human-friendly IDs (Terra-managed groups) instead of strings of random variables to represent users.
If you are looking for a conceptual explanation of best practices for accessing external resources, see Overview: Accessing external Google Cloud resources.
1. Set up a human-friendly group (four steps)
Groups for individual access
Always use Terra groups for accessing external resources, even for one user! A Terra group with a logical name is much easier to manage than a random string of numbers and letters.
Groups for team access
Managed groups are the best way to share resources (workspaces and billing as well as external resources) e.g., with everyone in a lab. Create a Terra user group with a human-friendly name that includes team members/collaborators who need access to Google Cloud (i.e., granting access to external buckets).
Step-by-step instructions
1.1. Go to your Groups page (Main menu --> Groups from the top left of any page in Terra)
1.2. In the Create a New Group card, click on the blue + icon.
1.3. Enter a name for your group of one and click the Create Group button.
Example: individual group name j_doe_at_someplace_org
1.4. For team groups, add individuals (Terra user IDs) in the collaborator group as members by first clicking on the group name, then clicking on Add User.
Example team group: my_lab_at_someplace_org
2. Grant permissions to the Terra Group
Before you start: Only resource owners or admins can grant access. If what you see on the console does not look like the screenshots, it is most likely because you do not have the right permissions for the Google bucket or other resources.
What to do
Ask the resource owner or admin to use this step-by-step guide to grant permission to your Terra group.
Step-by-step instructions
2.1. From the Google Cloud console, select the resource to be shared (i.e., a particular bucket in https://console.cloud.google.com/storage/browser).
2.2. Go to Permissions.
2.3. View by Members and select the Add icon.
2.4. Add the full name of your individual or team group (i.e., j_doe_at_someplace_org@firecloud.org
or my_lab_at_someplace_org
) as a New Member.
2.5. Select the resource type(left column) and the appropriate roles (right column) from the menu.
"Storage Object Viewer" allows you to read from the bucket "Storage Object Creator" allows you to write to the bucket |
What to expect
You will see your Terra group and role in the Members tab.