Appendix A - Registration Information
Registration Information |
|
|---|---|
This will be the email ID which will be verified by the system during registration. Ensure you have access to this e-mail ID during registration. |
|
First Name |
This will be the first name of the user. |
Last Name |
This will be the last name of the user. |
Phone number |
This will be the phone number of the user. |
Password |
This will be used for the login |
Create Organization |
|
Organization Name |
This will be used to fill the ‘Organization Name’ field in the form. |
Organization Description |
This is the description of the project. |
Account Details |
Choose the account ID from the list or create a new account from the “Add Accounts” button. |
Add Users |
Choose the users from the list or create a new user from the “Add users” button |
Provider Settings |
|
Will an Amazon Web Services account be configured for this email? |
|
Account Name |
This will be used to fill the ‘Account Name’ field in the form. |
AWS Access Key |
|
AWS Secret Key |
|
AWS Region for this account |
e.g. us-east-1 |
AWS Account Number |
|
Will connect to Jump Server? |
|
User Name |
|
Authentication type(Pem File) |
Upload Pem file for connect Jump server |
Authentication Type(Password) |
Password to Connect Jump server |
Appendix B - Standard Catalog Information
Standard Catalog Information |
||
|---|---|---|
Product Type |
Required Parameters |
Details |
Amazon EC2 Linux |
Description |
Amazon Elastic Compute Cloud (Amazon EC2) is a web service that provides resizable compute capacity in the cloud. |
Product Name |
Provide a name to help you easily identify this instance of the product. Only alphanumeric characters, dots, hyphens and underscores are allowed. Spaces and special characters are not allowed. |
|
Study Selection |
Select one or more studies to mount to your workspace (Maximum of 2) |
|
KeyPair |
Name of an existing EC2 KeyPair to enable SSH access to the instance. If no key pairs exist, please create one from the button next to the dropdown. Please contact your Administrator if you are unable to create one. |
|
AllowedSSH Location |
The IP address range that can be used to SSH to the EC2 instances |
|
LatestAmiId |
Please enter an AMI of the EC2 instance. |
|
Instance Type |
Choose the instance type for this instance. Eg: t2.small |
|
Expected time to provision |
5 minutes |
|
Amazon EC2 Windows |
Description |
Amazon Elastic Compute Cloud (Amazon EC2) is a web service that provides resizable compute capacity in the cloud. |
Product Name |
Provide a name to help you easily identify this instance of the product. Only alphanumeric characters, dots, hyphens and underscores are allowed. Spaces and special characters are not allowed |
|
Study Selection |
Select one or more studies to mount to your workspace (Maximum of 2) |
|
KeyPair |
Name of an existing EC2 KeyPair to enable SSH access to the instance. If no key pairs exist, please create one from the button next to the dropdown. Please contact your Administrator if you are unable to create one. |
|
AllowedSSHLocation |
The IP address range that can be used to SSH to the EC2 instances |
|
LatestAmiID |
Please enter an AMI of the EC2 instance |
|
Instance Type |
Choose the instance type for this instance. Eg: t2.small |
|
Expected time to provision |
5 minutes |
|
Amazon S3 |
Description |
Amazon Simple Storage Service (Amazon S3) is an object storage service that offers scalability, data availability, security and performance. |
Product Name |
Provide a name to help you easily identify this instance of the product. Only alphanumeric characters, dots, hyphens and underscores are allowed. Spaces and special characters are not allowed |
|
Expected time to provision |
2 minutes |
|
Amazon SageMaker |
Description |
Amazon SageMaker is a fully managed service that provides the ability to build, train and deploy ML models. |
Product Name |
Provide a name to help you easily identify this instance of the product. Only alphanumeric characters, dots, hyphens and underscores are allowed. Spaces and special characters are not allowed. |
|
Instance Type |
Select Instance type for the SageMaker Notebook. Eg: ml.t2.medium |
|
Expected time to provision |
15 minutes |
|
RStudio |
Description |
RStudio is an integrated development environment (IDE) for R. It includes a console, syntax-highlighting editor that supports direct code execution, as well as tools for plotting, history, debugging and workspace management. |
Product Name |
Provide a name to help you easily identify this instance of the product. Only alphanumeric characters, dots, hyphens and underscores are allowed. Spaces and special characters are not allowed. |
|
Study Selection |
Select one or more studies to mount to your workspace (Maximum of 2) |
|
Initial user |
User Name for Rstudio. Do not use ‘root’ and ‘ec2-user’. |
|
Initial Password |
Password for RStudio. Please keep this in your records as this will not be echoed in the CloudFormation Console |
|
KeyPair |
Name of an existing EC2 KeyPair to enable SSH access to the instance. If no key pairs exist, please create one from the button next to the dropdown. Please contact your Administrator if you are unable to create one. |
|
Instance Type |
Instance type for RStudio. Choose the instance type from the dropdown. Eg: The default is t2.micro. |
|
Expected time to provision |
10 Minutes |
|
Nextflow Advanced |
Product Name |
Provide a name to help you easily identify this instance of the product. Only alphanumeric characters, dots, hyphens and underscores are allowed. Spaces and special characters are not allowed Eg: MedicalResearch |
Study Selection |
Select one or more studies to mount to your workspace (Maximum of 2) |
|
Nextflow Configuration |
||
PipelineName |
Search and select the pipeline git repository URL. If not found please enter the custom pipeline URL. The repo should contain the nextflow.config file which specifies the name of the docker container image. |
|
PipelineContainer |
Public Docker container image of the pipeline to be executed. If you are using a custom pipeline, ensure that the custom container image is publicly available on Docker Hub. Eg: nextflow/rnaseq-nf:latest |
|
InputDataLocation |
An S3 bucket that holds input data for the Nextflow pipeline. The bucket name must respect the S3 bucket naming conventions (can contain lowercase letters, numbers, periods and hyphens). |
|
InputDataPattern |
The pattern to match samples to be processed as inputs to the pipeline. E.g. <data/ggal/*_{1,2}.fq>. It can also point to a CSV or tsv file that contains details of the files to be processed. |
|
OutputDataLocation |
The full path on the local disk where outputs of the pipeline should be stored. The default path above will enable you to view the outputs via the browser. The path should be accessible to the user ec2-user. Alternately, provide an S3 bucket for storing analysis results. The bucket name must respect the S3 bucket naming conventions (can contain lowercase letters, numbers, periods and hyphens). Eg: s3://<BucketName> |
|
Head Node Configuration |
||
InstanceType |
Head Node EC2 instance type Eg: t2.small |
|
HeadNodeEBSVolumeSize |
The initial size of the volume (in GBs) Head Node EBS will use for storage. Eg: 16 |
|
KeyPair |
Name of an existing EC2 KeyPair to enable SSH access to the Head Node. If no key pairs exist, please create one from the button next to the dropdown. Please contact your Administrator if you are unable to create one. |
|
AllowedSSHLocation |
The IP address range that can be used to SSH to the Head Node. |
|
Batch Configuration |
||
VPCId |
Choose VPC Id in the drop-down list. The VPC to create security groups and deploy AWS Batch to. |
|
WorkerNodeSubnetId |
Subnet you want your Batch Worker Node to launch in We recommend public subnets. |
|
ComputeEnvMinvCpus |
The minimum number of CPUs to be kept in running state for the Batch Worker Nodes. If you give a non-zero value, some worker nodes may stay in a running state always and you may incur higher costs. Eg: 0 |
|
ComputeEnvMaxvCpus |
The maximum number of CPUs for the default Batch Compute Environment Eg: 100 |
|
SpotBidPercentage |
The maximum percentage of On-Demand pricing you want to pay for Spot resources. You will always pay the lowest Spot market price and never more than your maximum percentage. Eg: 100 |
|
WorkerNodeInstanceType |
Specify the instance types to be used to carry out the computation. You can specify one or more family or instance types. The option ‘optimal’ chooses the best fit of M4, C4, and R4 instance types available in the region. Eg: Optimal |
|
WorkerNodeEBSVolumeSize |
The initial size of the volume (in GBs) Worker Node EBS will use for storage. Eg: 100 |
|
Expected time to provision |
10 Minutes |
|
Cromwell Advanced |
Product Name |
Provide a name to help you easily identify this instance of the product. Only alphanumeric characters, dots, hyphens and underscores are allowed. Spaces and special characters are not allowed Eg: MedicalResearch |
Study Selection |
Select one or more studies to mount to your workspace (Maximum of 2) |
|
Cromwell Configuration |
||
PipelineName |
Search and select the pipeline git repository URL. If not found please enter the custom pipeline URL. |
|
InputDataLocation |
An S3 bucket path that holds input data for the Cromwell pipeline. Eg: bucket-name/prefix |
|
OutputDataLocation |
An S3 bucket path that holds input data for the Cromwell pipeline. Eg: bucket-name/prefix |
|
Head Node Configuration |
||
InstanceType |
Head Node EC2 instance type Eg: t2.small |
|
HeadNodeEBSVolumeSize |
The initial size of the volume (in GBs) Head Node EBS will use for storage. Eg: 16 |
|
KeyPair |
Name of an existing EC2 KeyPair to enable SSH access to the Head Node. If no key pairs exist, please create one from the button next to the dropdown. Please contact your Administrator if you are unable to create one. |
|
AllowedSSHLocation |
The IP address range that can be used to SSH to the Head Node. |
|
Batch Configuration |
||
VPCId |
Choose VPC Id in the drop-down list. The VPC to create security groups and deploy AWS Batch to. NOTE: Must be the same VPC as the provided subnet IDs. |
|
WorkerNodeSubnetId |
Subnet you want your Batch Worker Node to launch in We recommend public subnets. |
|
ComputeEnvMinvCpus |
The minimum number of CPUs to be kept in running state for the Batch Worker Nodes. If you give a non-zero value, some worker nodes may stay in a running state always and you may incur higher costs. Eg: 0 |
|
ComputeEnvMaxvCpus |
The maximum number of CPUs for the default Batch Compute Environment Eg: 100 |
|
SpotBidPercentage |
The maximum percentage of On-Demand pricing you want to pay for Spot resources. You will always pay the lowest Spot market price and never more than your maximum percentage. Eg: 100 |
|
WorkerNodeInstanceType |
Specify the instance types to be used to carry out the computation. You can specify one or more family or instance types. The option ‘optimal’ chooses the best fit of M4, C4, and R4 instance types available in the region. Eg: Optimal |
|
WorkerNodeEBSVolumeSize |
The initial size of the volume (in GBs) Worker Node EBS will use for storage. Eg: 100 |
|
Expected time to provision |
10 Minutes |
|
Docker on Amazon EC2 Linux |
Description |
Amazon Elastic Compute Cloud (Amazon EC2) is a web service that provides secure, resizable compute capacity in the cloud. The RLCatalyst Research Gateway standard EC2 product is based on Amazon Linux 2, docker is installed and can be used for any general-purpose computer |
Product Name |
Provide a name to help you easily identify this instance of the product. Only alphanumeric characters, dots, hyphens and underscores are allowed. Spaces and special characters are not allowed. |
|
Study Selection |
Select one or more studies to mount to your workspace (Maximum of 2) |
|
KeyPair |
Name of an existing EC2 KeyPair to enable SSH access to the instance. If no key pairs exist, please create one from the button next to the dropdown. Please contact your Administrator if you are unable to create one. |
|
AllowedSSH Location |
The IP address range that can be used to SSH to the EC2 instances |
|
LatestAmiId |
Please enter an AMI of the EC2 instance. |
|
Instance Type |
Choose the instance type for this instance. Eg: t2.small |
|
Expected time to provision |
10 minutes |
|
MySQL |
Description |
MySQL is the world’s most popular open source database. With its proven performance, reliability and ease-of-use, MySQL has become the leading database choice for web-based applications, covering the entire range from personal projects and websites, via e-commerce and information services |
Product Name |
Provide a name to help you easily identify this instance of the product. Only alphanumeric characters, dots, hyphens and underscores are allowed. Spaces and special characters are not allowed. |
|
Study Selection |
Select one or more studies to mount to your workspace (Maximum of 2) |
|
ConnectFromPort |
Provide which Port has to be opened in the Security Group of the EC2 Instance to access MySQL Docker Container Eg: 3306 |
|
ConnectToPort |
Provide which Port has to be opened in the Security Group of the EC2 Instance to access MySQL Docker Container Eg: 3306 |
|
KeyPair |
Name of an existing EC2 KeyPair to enable SSH access to the instance. If no key pairs exist, please create one from the button next to the dropdown. Please contact your Administrator if you are unable to create one. |
|
AllowedSSH Location |
The IP address range that can be used to SSH to the EC2 instances |
|
LatestAmiId |
Please enter an AMI of the EC2 instance. |
|
Instance Type |
Choose the instance type for this instance. Eg: t2.small |
|
Expected time to provision |
10 minutes |
|
Ubuntu 20 04 on Amazon EC2 |
Description |
Use Ubuntu 20.04, on Amazon Elastic Compute Cloud (Amazon EC2). |
Product Name |
Provide a name to help you easily identify this instance of the product. Only alphanumeric characters, dots, hyphens and underscores are allowed. Spaces and special characters are not allowed. |
|
Study Selection |
Select one or more studies to mount to your workspace (Maximum of 2) |
|
KeyPair |
Name of an existing EC2 KeyPair to enable SSH access to the instance. If no key pairs exist, please create one from the button next to the dropdown. Please contact your Administrator if you are unable to create one. |
|
AllowedSSH Location |
The IP address range that can be used to SSH to the EC2 instances |
|
LatestAmiId |
Please enter an AMI of the EC2 instance. |
|
Instance Type |
Choose the instance type for this instance. Eg: t2.small |
|
Expected time to provision |
10 minutes |
|
PCluster |
Description |
PCluster Product of Research Gateway is easy to deploy High-Performance Computing based on AWS ParallelCluster 3.0 which supports AWS Batch and Slurm schedulers |
Product Name |
Provide a name to help you easily identify this instance of the product. Only alphanumeric characters, dots, hyphens and underscores are allowed. Spaces and special characters are not allowed. |
|
Instance Type |
Choose the instance type for this instance. Eg: t2.small |
|
SSHLocation |
The IP address range that can be used to SSH to the EC2 instances |
|
KeyPair |
Name of an existing EC2 KeyPair to enable SSH access to the instance. If no key pairs exist, please create one from the button next to the dropdown. Please contact your Administrator if you are unable to create one. |
|
CustomAMI |
Enter the AMI Id of a custom AMI if you wish to use a non-default AMI. e.g. ami-12345678. The AMI Id entered should exist in this project account and region. |
|
HeadNodeInstanceType |
Select Head Node EC2 instance type from the drop-down list |
|
VpcId |
Select The VPC to create security groups and deploy AWS Batch or slurm to from the drop-down list |
|
HeadNodeSubnetId |
Select the Subnet you want your Head Node to launch in from the drop-down list. You must select a public subnet |
|
FileSystemType |
Choose the fileSystem type EFS/FSxForLustre (provisioned earlier) that you want to mount on headnode leave it as NONE if don’t want to mount any filesystem. |
|
FileSystemId |
Enter the File System Id of the EFS/FSxForLustre file system which you want to use. e.g. fs-12345678. Leave this field to default if you do not want to use any file system |
|
Scheduler |
Select a Cluster scheduler from the drop-down list |
|
WorkerNodeInstanceType |
Select the instance types to be used to carry out the computation from the drop-down list |
|
WorkerNodeSubnetId |
Select the Subnet you want your Batch or slurm Worker Node to launch in from the drop-down list. We recommend public subnets. |
|
ComputeEnvMinvCpus |
Enter The minimum number of CPUs to be kept in running state for the Batch/slurm Worker Nodes. If you give a non-zero value, some worker nodes may stay in a running state always and you may incur higher cost. |
|
ComputeEnvMaxvCpus |
Enter The maximum number of CPUs for the default Batch or slurm Compute Environment |
|
ComputeEnvDesiredvCpus |
Enter The Desired number of CPUs for the default Batch Compute Environment |
|
SpotBidPercentage |
Enter The maximum percentage of On-Demand pricing you want to pay for Spot resources. You will always pay the lowest Spot market price and never more than your maximum percentage |
|
Integrated Genomics Viewer |
Description |
Integrative Genomics Viewer (IGV) is a lightweight visualization tool that enables intuitive real-time exploration of diverse and large-scale genomic datasets on standard desktop computers. |
Product Name |
Provide a name to help you easily identify this instance of the product. Only alphanumeric characters, dots, hyphens, and underscores are allowed. Spaces and special characters are not allowed. |
|
Study Selection |
Expand the section to select studies to mount to your workspace. Select one or more studies to mount to your workspace from the dropdown list (Maximum of 2) |
|
KeyPair |
Choose a Keypair in the dropdown list. Note: If Keypair is not available in the drop-down, click on the “ +” button. A Keypair creation form is opened. Fill the details in the form and click on the “Create Keypair” button. Now that Keypair is available in the list. Remember to save the private key file securely for future use. Do not share this file with others for the security of your account. |
|
AllowedIpAddress |
Please enter the IP address range that is allowed to Connect to the instance via SSH |
|
InstanceType |
Choose instance type in the drop-down list. E.g.: t3.medium |
Appendix C - Hosted Silo Model
Hosted Silo Model |
|||
|---|---|---|---|
Persona |
Admin |
Principal Investigator |
Researcher |
Features |
|||
Landing Page |
Yes |
Yes |
Yes |
Add AWS Account |
Yes |
Yes |
|
View AWS Account |
Yes |
Yes |
Yes |
Repair AWS Account |
Yes |
Yes |
|
Delete AWS Account |
Yes |
Yes |
|
Add Organization |
Yes |
||
Link AWS Account to Organization |
Yes |
||
Link Principal to Organization |
Yes |
||
Audit Trail |
Yes |
Yes |
|
Add new user through user form |
Yes |
Yes |
|
Add new user through Import Users via CSV |
Yes |
Yes |
|
Download CSV format |
Yes |
Yes |
|
View users in table view and list view |
Yes |
Yes |
|
Add products to O.U catalog |
Yes |
||
Update products in O.U |
Yes |
Yes |
|
View products in standard catalog |
Yes |
Yes |
|
Add products to a project |
Yes |
||
Update products to a project |
Yes |
||
View organization budget vs Actual |
Yes |
||
Add Project |
Yes |
||
View Project Details |
Yes |
||
Project actions |
Yes |
||
Link Researcher to Project |
Yes |
||
View Project Budget vs Actual |
Yes |
Yes |
Yes |
View Researcher budget vs Actual |
Yes |
Yes |
Yes |
View product-wise budget under researcher |
Yes |
Yes |
Yes |
View KeyPairs |
Yes |
Yes |
Yes |
New KeyPair Creation |
Yes |
Yes |
Yes |
View Studies |
Yes |
Yes |
Yes |
Perform actions on a particular study |
Yes |
Yes |
Yes |
View products in the catalog (Available products) |
Yes |
Yes |
|
View Provisioned Products (My Products) |
Yes |
Yes |
|
View All Provisioned Products (All Products) |
Yes |
||
Perform Actions on Provisioned Products |
Yes |
Yes |
|
Add Studies |
Yes |
||
Billing Accounts |
Yes |
Yes |
Yes |
Secure Research Environments |
Yes |
||
Add Internal Study |
Yes |
||
Add External Study |
Yes |
Appendix D - Audit Trail Events for Administrator
Audit Trail Events for Administrator |
||
|---|---|---|
Logical ID |
Status |
Status Reason |
AUTHENTICATION |
LOGIN_SUCCESSFUL |
You can see the login success information with the session ID. |
AUTHENTICATION |
LOGIN_FAILED |
You can see the reason for login failure. |
AUTHENTICATION |
LOGOUT_SUCCESSFUL |
You can see the logout success information with the session ID. |
DATA_SECURITY |
SHARE_S3 BUCKET_COMPLETED |
You can see the shared product information. |
DATA_SECURITY |
UNSHARE_S3 BUCKET_COMPLETED |
You can see the unshared product information. |
CATALOG |
ASSIGN_TO_PROJECT_STARTED |
You can see the assigned products to the related project information. |
CATALOG |
STACK_CREATION_STARTED |
You can see the assigned products to the related project information. |
CATALOG |
STACK_CREATION_FAILED |
You can see the assigned products failed information which is related to the project. |
CATALOG |
ASSIGN_TO_PROJECT_COMPLETED |
You can see the assigned products to the related project completion information. |
CATALOG |
ASSIGN_TO_PROJECT_FAILED |
You can see the assigned products failed information related to the project. |
CATALOG |
UPDATE_TO_PROJECT_STARTED |
You can see the updated products started information that is related to the project. |
CATALOG |
UPDATE_TO_PROJECT_COMPLETED |
You can see the updated products to the related project completion information. |
CATALOG |
UPDATE_TO_PROJECT_FAILED |
You can see the updated products to the related project failed information. |
CATALOG |
UPDATE_TO_OU_COMPLETED |
You can see the updated products to the related organizational unit updation information. |
CATALOG |
ASSIGN_TO_OU_COMPLETED |
You can see the assigned products to the related organizational unit completion information. |
CATALOG |
ROLLBACK_COMPLETE |
You can see the assigned products failed information related to the project. |
CATALOG |
SYNC_STARTED |
You can see the sync started information (i.e,which user started and related account name) |
CATALOG |
SYNC_COMPLETED |
You can see the sync completed information (i.e.which user started, related account name with products count information). |
CATALOG |
SYNC_FAILED |
You can see the sync failed information(i.e.,which user started, related account name and error information). |
CATALOG |
PRODUCT_DETAILS_SYNC_COMPLETED |
You can see the sync completed information (i.e.,which user started and related account name. It will show product count). |
KEY_PAIRS |
KEY_PAIRS_SYNC_STARTED |
You can view the details about KeyPairs sync (i.e.,which user started). |
KEY_PAIRS |
KEY_PAIRS_SYNC_COMPLETED |
You can see KeyPairs sync completed information (i.e.,which user started and related account name. It will show KeyPairs count in that region). |
KEY_PAIRS |
KEY_PAIRS_SYNC_FAILED |
You can see KeyPairs sync failed information with the error and it will show the solution to resolve the problem. |
VPC |
VPC_SYNC_STARTED |
You can view the details about VPC sync (i.e.,which user started). |
VPC |
VPC_SYNC_COMPLETED |
You can see VPC sync completed information (i.e.,which user started and related account name. It will show VPC count in that region). |
VPC |
VPC_SYNC_FAILED |
You can see VPC sync failed information with the error and it will show the solution to resolve the problem. |
SECURITY_GROUP |
SECURITY_GROUP_SYNC_STARTED |
You can view the details about security group sync (i.e.,which user started). |
SECURITY_GROUP |
SECURITY_GROUP_SYNC_COMPLETED |
You can see Security Groups sync completed information (i.e.,which user started and related account name. It will show security groups count in that region). |
SECURITY_GROUP |
SECURITY_GROUP_SYNC_FAILED |
You can see Security Groups sync failed information with the error and it will show the solution to resolve the problem. |
SUBNETS |
SUBNETS_SYNC_STARTED |
You can view the details about subnets sync (i.e.,which user started). |
SUBNETS |
SUBNETS_SYNC_COMPLETED |
You can see subnets sync completed information (i.e.,which user started and related account name. It will show subnets count in that region). |
SUBNETS |
SUBNETS_SYNC_FAILED |
You can see subnets sync failed information with the error and it will show the solution to resolve the problem. |
SETTINGS |
VERIFY_SETTING_SUCCESSFUL |
You can see the setting verification successful information with the account number and account name. |
SETTINGS |
VERIFY_SETTING_FAILED |
You can see the setting verification failed information with the account number. |
SETTINGS |
ADD_SETTING_SUCCESSFUL |
You can see the setting creation successful information with the account number. |
SETTINGS |
ADD_SETTING_FAILED |
You can see the setting addition failed information with an error. |
SETTINGS |
DELETE_SETTING_STARTED |
You can see the details about setting deletion started by which user. |
SETTINGS |
DELETE_SETTING_SUCCESS |
You can see the setting deletion success information. |
SETTINGS |
DELETE_SETTING_FAILED |
You can see setting deletion failed information |
SETTINGS |
SNS_TOPIC_SUBSCRIPTION_CREATION |
You can see the SNS topic subscription status information. |
SETTINGS |
SNS_TOPIC_CREATION |
You can see the SNS topic creation status information. |
SETTINGS |
REPAIR_SETTING_STARTED |
You can view the details about setting repair started by which user. |
SETTINGS |
REPAIR_SETTING_SUCCESSFUL |
You can see setting repair successful information. |
SETTINGS |
VERIFYING_POLICY_SUCCESSFUL |
You can see the policy verification successful information with the account number. |
SETTINGS |
DETACHING_POLICY_FAILED |
You can see policy deletion failed information with the account number |
SETTINGS |
DETACHING_POLICY_SUCCESSFUL |
You can see policy deletion successful information with the account number |
SETTINGS |
DELETING_POLICY_SUCCESSFUL |
You can see the policy deletion successful information. |
SETTINGS |
DELETING_POLICY_FAILED |
You can see the policy deletion failed information with an error. |
SETTINGS |
CREATING_POLICY_SUCCESSFUL |
You can see the policy creation successful information. |
SETTINGS |
ROLE_NOT_FOUND |
You can the role status with an error in the related account. |
SETTINGS |
ROLE_CREATION_SUCCESSFUL |
You can see the role creation successful information. |
SETTINGS |
ATTACH_POLICY_TO_ROLE_SUCCESSFUL |
You can see the status of the related policy attached to the role. |
SETTINGS |
NETWORK_CONFIGURATION |
You can see the network configuration status information with the related account name. |
SETTINGS |
ADDING_CROSS_ACCOUNT_SUCCESSFUL |
You can see details about whether the cross-account was added to the base account properly or not. |
SETTINGS |
REPAIR_SETTING_SUCCESSFUL |
You can see repair setting successful information with the account number. |
REGISTRATION |
ORGANIZATION_CREATED_SUCCESSFULLY |
You can see the organization creation successful information with username or email id. |
REGISTRATION |
ORGANIZATION_CREATED_FAILED |
You can see the organization creation failed information with username or email id. |
REGISTRATION |
REGISTRATION_INITIATED |
You can see the registration started information with username or email id. |
REGISTRATION |
REGISTRATION_SUCCESSFUL |
You can see the registration successful information with username or email id. |
REGISTRATION |
REGISTRATION_ERROR |
You can see the registration failed information with username or email id. |
REGISTRATION |
VERIFICATION_LINK_EXPIRED |
You can see the verification link information with username or email id. |
REGISTRATION |
CATALOG_ASSIGNMENT_SUCCESSFUL |
You can see the catalog assignment successful information with username or email id. |
REGISTRATION |
CATALOG_ASSIGNMENT_FAILED |
You can see the catalog assignment failed information with username or email id. |
ENABLE_SSL |
ENABLE_SSL_STARTED |
You can see SSL_Enable started information with username or email id. |
ENABLE_SSL |
ENABLE_SSL_COMPLETED |
You can see the SSL_Enable completion information with username or email id. |
ENABLE_SSL |
ENABLE_SSL_FAILED |
You can see the SSL_Enable failed information with reason. |
ENABLE_SSL |
CERTIFICATE_CREATE_STARTED |
You can see certification creation started information with username or email id. |
ENABLE_SSL |
CERTIFICATE_CREATE_COMPLETED |
You can see certification creation completion information with username or email id. |
ENABLE_SSL |
CERTIFICATE_CREATE_FAILED |
You can see certification creation failed information with reason. |
ENABLE_SSL |
ALB_CREATE_STARTED |
You can see ALB creation started information with username or email id. |
ENABLE_SSL |
ALB_CREATE_COMPLETED |
You can see ALB creation completion information with username or email id. |
ENABLE_SSL |
SG_CREATE_STARTED |
You can see the security group creation started information with username or email id. |
ENABLE_SSL |
SG_CREATE_COMPLETED |
You can see the security group creation completion information with username or email id. |
DISABLE_SSL |
DISABLE_SSL_STARTED |
You can see the SSL_Disable started information with username or email id. |
DISABLE_SSL |
DELETE_ALB_STARTED |
You can see the Application load balancer deletion started information |
DISABLE_SSL |
DELETE_ALB_COMPLETED |
You can see the Application load balancer deletion completed information |
DISABLE_SSL |
DELETE_SG_STARTED |
You can see the Security group deletion started information |
DISABLE_SSL |
DELETE_SG_COMPLETED |
You can see the Security group deletion started information |
DISABLE_SSL |
DISABLE_SSL_FAILED |
You can see the SSL_Disable completed information |
ENABLE_SSL |
LISTENER_CREATE_STARTED |
You can see the listener creation started information |
ENABLE_SSL |
LISTENER_CREATE_COMPLETED |
You can see the listener creation completed information |
PROJECT REPAIR |
REPAIR_STARTED |
You can see the repair started information |
PROJECT REPAIR |
REPAIRING_CATALOG |
You can see the repairing catalog information |
SETTINGS |
PROJECT_CLEANUP_STARTED |
You can see the project cleanup initiated information |
SETTINGS |
PROJECT_CLEANUP_COMPLETED |
You can see the project cleanup completed information |
SETTINGS |
DELETE_SETTING_STARTED |
You can see the setting deletion initiated information |
SETTINGS |
DELETE_SETTING_SUCCESS |
You can see the setting deletion success information |
PROJECT_STORAGE |
PROJECT_STORAGE_CREATION_STARTED |
You can see the project storage creation started information |
PROJECT_STORAGE |
PROJECT_STORAGE_CREATION_COMPLETED |
You can see the project storage creation completed information. |
PROJECT_STORAGE |
PROJECT_STORAGE_CREATION_FAILED |
You can see the project storage creation failed information with reason. |
PROJECT_STORAGE |
OUTPUT_UPDATE_STARTED |
You can see the output updation started information |
PROJECT_STORAGE |
OUTPUT_UPDATE_COMPLETED |
You can see the output updation completed information |
PROJECT_STORAGE |
SHARED_FOLDER_CREATION_STARTED |
You can see the shared folder creation started information. |
PROJECT_STORAGE |
SHARED_FOLDER_CREATION_COMPLETED |
You can see the shared folder creation completed information. |
PROJECT_STORAGE |
S3_CREATE_STARTED |
You can see the S3 bucket creation information |
PROJECT_STORAGE |
S3_TERMINATE_STARTED |
You can see the S3 terminate initiated information |
PROJECT_STORAGE |
S3_TERMINATE_COMPLETED |
You can see the S3 terminate completed information |
PROJECT_STORAGE |
S3_CREATE_COMPLETED |
You can see the S3 bucket creation completed information |
PROJECT_STORAGE |
PROJECT_STORAGE_REPAIR_STARTED |
You can see the project storage repair started information. |
PROJECT_STORAGE |
PROJECT_STORAGE_REPAIR_COMPLETED |
You can see the project storage repair completed information. |
PROJECT_STORAGE |
PROJECT_STORAGE_DELETE_STARTED |
You can see project storage deletion started information with username or email id. |
PROJECT_STORAGE |
PROJECT_STORAGE_DELETE_FAILED |
You can see project storage deletion failed information reason for failure. |
PROJECT_STORAGE |
PROJECT_STORAGE_DELETE_COMPLETED |
You can see project storage delete completion information with username or email id. |
BYOC(BRING YOUR OWN CATALOG) |
BYOC_STARTED |
You can see the BYOC sync initiated information |
BYOC(BRING YOUR OWN CATALOG) |
BYOC_COMPLETED |
You can see BYOC sync completed information. |
PROJECT REPAIR |
BUDGET_REPAIR_SUCCESSFUL |
You can see the budget repair success information |
PROJECT REPAIR |
REPAIRING_BUDGET_STARTED |
You can see the budget repair initiated information |
PROJECT REPAIR |
CATALOG_REPAIR_SUCCESSFUL |
You can see the catalog repair success information |
PROJECT REPAIR |
REPAIR_ACTION_COMPLETED_SUCCESSFULLY |
You can see the repair action completion status. |
PROJECT CREATE |
PROJECT_CREATION_FAILED |
You can see the project creation failed information with reason. |
PROJECT CREATE |
PROJECT_CREATION_COMPLETED |
You can see the project creation success information |
PROJECT CREATE |
PROJECT_CREATION_STARTED |
You can see the project creation started information with the project name and username or email |
COST_CONTROL |
PROJECT_RESUMED |
|
COST_CONTROL |
PROJECT_STOPPED |
|
COST_CONTROL |
PROJECT_PAUSED |
|
COST_CONTROL |
PROJECT_AUTO_STOPPED |
|
PROJECT_UPDATE |
CREATING_SSM_PARAMETER_SUCCESSFUL |
You can see SSM parameter creation success information. |
PROJECT_UPDATE |
SHARING_AMI_SUCCESSFUL |
You can see the shared AMI with ID success information for RStudio and Nextflow-Advanced products. |
COST_CONTROL |
EOD_REPORT_GENERATED |
You can see the EOD report generated success information with the username. |
COST_CONTROL |
EOD_REPORT_SENT_SUCCESSFULLY |
You can see the EOD report sent success information with the username. |
COST_CONTROL |
EOD_REPORT_FAILURE |
You can see the EOD report sent failed information with username |
COST_CONTROL |
PI_EOD_REPORT_GENERATED |
You can see the PI EOD report generated success information with the username. |
COST_CONTROL |
PI_EOD_REPORT_SENT_SUCCESSFULLY |
You can see the PI EOD report sent success information with the username. |
COST_CONTROL |
PI_EOD_REPORT_FAILURE |
You can see the PI report sent failed information with the username. |
ARCHIVE_PROJECT |
PROJECT_CLEANUP_STARTED |
You can see project clean-up initiated information with triggered user name |
ARCHIVE_PROJECT |
PROJECT_CLEANUP_COMPLETED |
You can see project clean-up completed information with triggered user name |
ARCHIVE_PROJECT |
PROJECT_BUDGET_CLEANUP_COMPLETED |
You can see project budget clean-up completed information with the triggered user name |
ARCHIVE_PROJECT |
PRODUCT_STACK_CLEANUP_COMPLETED |
You can see product stack clean-up completed information with triggered user name |
PROJECT |
PROJECT_BUDGET_CHANGED |
You can see project budget changes success information with triggered user name and the total budget |
PROJECT |
PROJECT_UPDATE_USER |
You can see assigned researchers project update success information with count |
PROJECT |
PROJECT_NAME_UPDATED |
You can see updated Project name along with the older name and username or email |
USER |
USER_CREATION_COMPLETE |
You can see new user creation success information with triggered new user name |
USER |
USER_CREATION_FAILED |
You can see new user creation failed information with a new user name and reason |
PROVISIONED_PRODUCT_ACTION |
PROVISIONING_STARTED |
You can see product provision start information with product name, product id and project name |
PROVISIONED_PRODUCT_ACTION |
PROVISIONING_COMPLETE |
You can see product provision completion information with product name, product id and project name |
PROVISIONED_PRODUCT_ACTION |
PROVISIONING_FAILED |
You can see product provision failed information with product name, product id and project name |
PROVISIONED_PRODUCT_ACTION |
TERMINATION_STARTED |
You can see product termination start information with product name, product id and project name |
PROVISIONED_PRODUCT_ACTION |
TERMINATION_COMPLETE |
You can see product termination completion information with product name, product id and project name |
EGRESS_STORE |
TRE_EGRESS_SUBMITTED |
You can see status for egress request submitted with username and project name |
EGRESS_STORE |
EGRESS_STORE_PREFIX_CREATION_COMPLETED |
You can see egress store prefix creation completed information with username and product name |
INGRESS_STORAGE |
INGRESS_STORAGE_CREATION_STARTED |
You can see ingress store creation start information with username and account name |
INGRESS_STORAGE |
INGRESS_STORAGE_FOLDER_CREATION_COMPLETED |
You can see ingress store folder creation completion information for user with username and account name |
INGRESS_STORAGE |
INGRESS_STORAGE_CREATION_COMPLETED |
You can see ingress store creation completion information with username and account name |
INGRESS_STORAGE |
INGRESS_STORAGE_REQUEST_CREATED |
You can see ingress store request creation information with requestid and username |
INGRESS_STORAGE |
INGRESS_STORAGE_REQUEST_APPROVED |
You can see ingress store request approved information with requestid and username |
INGRESS_STORAGE |
INGRESS_STORAGE_DELETE_STARTED |
You can see Ingress Project storage termination started information with username and account name |
INGRESS_STORAGE |
INGRESS_STORAGE_DELETE_COMPLETED |
You can see Ingress Project storage termination completion information with username and account name |
EXTERNALSTUDY |
ADD_STUDY_STARTED |
You can see External study registration with study name, study account name, account number and region |
EXTERNALSTUDY |
ADD_STUDY_SUCCESSFUL |
You can see External study registration success with study name, study account name, account number and region |
EXTERNALSTUDY |
DELETE_STUDY_STARTED |
You can see External study deletion with study name, study account name, account number and region |
EXTERNALSTUDY |
DELETE_STUDY_SUCCESSFUL |
You can see External study deletion success with study name, study account name, account number and region |
Appendix F - Audit Trail Events for Principal Investigator
Audit Trail Events for Principal Investigator |
||
|---|---|---|
Logical ID |
Status |
Status Reason |
AUTHENTICATION |
LOGIN_SUCCESSFUL |
You can see the login success information with the session ID. |
AUTHENTICATION |
LOGIN_FAILED |
You can see the reason for login failure. |
AUTHENTICATION |
LOGOUT_SUCCESSFUL |
You can see the logout success information with the session ID. |
DATA_SECURITY |
SHARE_S3 BUCKET_COMPLETED |
You can see the shared product information. |
DATA_SECURITY |
UNSHARE_S3 BUCKET_COMPLETED |
You can see the unshared product information. |
CATALOG |
ASSIGN_TO_PROJECT_STARTED |
You can see the assigned products to the related project information. |
CATALOG |
STACK_CREATION_STARTED |
You can see the assigned product to the related project information. |
CATALOG |
STACK_CREATION_FAILED |
You can see the assigned product failed information which is related to the project. |
CATALOG |
ASSIGN_TO_PROJECT_COMPLETED |
You can see the assigned products to the related project completion information. |
CATALOG |
ASSIGN_TO_PROJECT_FAILED |
You can see the assigned product failed information related to the project. |
CATALOG |
UPDATE_TO_PROJECT_STARTED |
You can see the updated products started information that is related to the project. |
CATALOG |
UPDATE_TO_PROJECT_COMPLETED |
You can see the updated products to the related project completion information. |
CATALOG |
UPDATE_TO_PROJECT_FAILED |
You can see the updated products to the related project failed information. |
CATALOG |
UPDATE_TO_OU_COMPLETED |
You can see the updated products to the related organizational unit updation information. |
CATALOG |
ASSIGN_TO_OU_COMPLETED |
You can see the assigned products to the related organizational unit completion information. |
CATALOG |
ROLLBACK_COMPLETE |
You can see the assigned products failed information related to the project. |
CATALOG |
SYNC_STARTED |
You can see the sync started information (i.e, which user started and related account name) |
CATALOG |
SYNC_COMPLETED |
You can see the sync completed information (i.e.. which user started, related account name with products count information). |
CATALOG |
SYNC_FAILED |
You can see the sync failed information(i.e., which user started, related account name and error information). |
CATALOG |
PRODUCT_DETAILS_SYNC_COMPLETED |
You can see the sync completed information (i.e., which user started and related account name. It will show product count). |
KEY_PAIRS |
KEY_PAIRS_SYNC_STARTED |
You can view the details about KeyPairs sync (i.e., which user started). |
KEY_PAIRS |
KEY_PAIRS_SYNC_COMPLETED |
You can see KeyPairs sync completed information (i.e., which user started and related account name. It will show KeyPairs count in that region). |
KEY_PAIRS |
KEY_PAIRS_SYNC_FAILED |
You can see KeyPairs sync failed information with the error and it will show the solution to resolve the problem. |
VPC |
VPC_SYNC_STARTED |
You can view the details about VPC sync (i.e., which user started). |
VPC |
VPC_SYNC_COMPLETED |
You can see VPC sync completed information (i.e., which user started and related account name. It will show VPC count in that region). |
VPC |
VPC_SYNC_FAILED |
You can see VPC sync failed information with the error and it will show the solution to resolve the problem. |
SECURITY_GROUP |
SECURITY_GROUP_SYNC_STARTED |
You can view the details about security group sync (i.e., which user started). |
SECURITY_GROUP |
SECURITY_GROUP_SYNC_COMPLETED |
You can see Security Groups sync completed information (i.e., which user started and related account name. It will show security groups count in that region). |
SECURITY_GROUP |
SECURITY_GROUP_SYNC_FAILED |
You can see Security Groups sync failed information with the error and it will show the solution to resolve the problem. |
SUBNETS |
SUBNETS_SYNC_STARTED |
You can view the details about subnets sync (i.e., which user started). |
SUBNETS |
SUBNETS_SYNC_COMPLETED |
You can see subnets sync completed information (i.e., which user started and related account name. It will show subnets count in that region). |
SUBNETS |
SUBNETS_SYNC_FAILED |
You can see ubnets sync failed information with the error and it will show the solution to resolve the problem. |
SETTINGS |
VERIFY_SETTING_SUCCESSFUL |
You can see the setting verification successful information with the account number and account name. |
SETTINGS |
VERIFY_SETTING_FAILED |
You can see the setting verification failed information with the account number. |
SETTINGS |
ADD_SETTING_SUCCESSFUL |
You can see the setting creation successful information with the account number. |
SETTINGS |
ADD_SETTING_FAILED |
You can see the setting addition failed information with an error. |
SETTINGS |
DELETE_SETTING_STARTED |
You can see the details about setting deletion started by which user. |
SETTINGS |
DELETE_SETTING_SUCCESS |
You can see the setting deletion success information. |
SETTINGS |
DELETE_SETTING_FAILED |
You can see setting deletion failed information |
SETTINGS |
SNS_TOPIC_SUBSCRIPTION_CREATION |
You can see the SNS topic subscription status information. |
SETTINGS |
SNS_TOPIC_CREATION |
You can see the SNS topic creation status information. |
SETTINGS |
REPAIR_SETTING_STARTED |
You can view the details about setting repair started by which user. |
SETTINGS |
REPAIR_SETTING_SUCCESSFUL |
You can see setting repair successful information. |
SETTINGS |
VERIFYING_POLICY_SUCCESSFUL |
You can see the policy verification successful information with the account number. |
SETTINGS |
DETACHING_POLICY_FAILED |
You can see policy deletion failed information with the account number |
SETTINGS |
DETACHING_POLICY_SUCCESSFUL |
You can see policy deletion successful information with the account number |
SETTINGS |
DELETING_POLICY_SUCCESSFUL |
You can see the policy deletion successful information. |
SETTINGS |
DELETING_POLICY_FAILED |
You can see the policy deletion failed information with an error. |
SETTINGS |
CREATING_POLICY_SUCCESSFUL |
You can see the policy creation successful information. |
SETTINGS |
ROLE_NOT_FOUND |
You can the role status with an error in the related account. |
SETTINGS |
ROLE_CREATION_SUCCESSFUL |
You can see the role creation successful information. |
SETTINGS |
ATTACH_POLICY_TO_ROLE_SUCCESSFUL |
You can see the status of the related policy attached to the role. |
SETTINGS |
NETWORK_CONFIGURATION |
You can see the network configuration status information with the related account name. |
SETTINGS |
ADDING_CROSS_ACCOUNT_SUCCESSFUL |
You can see details about whether cross-account were added to the base account properly or not. |
SETTINGS |
REPAIR_SETTING_SUCCESSFUL |
You can see repair setting successful information with the account number. |
REGISTRATION |
ORGANIZATION_CREATED_SUCCESSFULLY |
You can see the organization creation successful information with username or email id. |
REGISTRATION |
ORGANIZATION_CREATED_FAILED |
You can see the organization creation failed information with username or email id. |
REGISTRATION |
REGISTRATION_INITIATED |
You can see the registration started information with username or email id. |
REGISTRATION |
REGISTRATION_SUCCESSFUL |
You can see the registration successful information with username or email id. |
REGISTRATION |
REGISTRATION_ERROR |
You can see the registration failed information with username or email id. |
REGISTRATION |
VERIFICATION_LINK_EXPIRED |
You can see the verification link information with username or email id. |
REGISTRATION |
CATALOG_ASSIGNMENT_SUCCESSFUL |
You can see the catalog assignment successful information with username or email id. |
REGISTRATION |
CATALOG_ASSIGNMENT_FAILED |
You can see the catalog assignment failed information with username or email id. |
ENABLE_SSL |
ENABLE_SSL_STARTED |
You can see SSL_Enable started information with username or email id. |
ENABLE_SSL |
ENABLE_SSL_COMPLETED |
You can see the SSL_Enable completion information with username or email id. |
ENABLE_SSL |
ENABLE_SSL_FAILED |
You can see the SSL_Enable failed information with reason. |
ENABLE_SSL |
CERTIFICATE_CREATE_STARTED |
You can see certification creation started information with username or email id. |
ENABLE_SSL |
CERTIFICATE_CREATE_COMPLETED |
You can see certification creation completion information with username or email id. |
ENABLE_SSL |
CERTIFICATE_CREATE_FAILED |
You can see certification creation failed information with reason. |
ENABLE_SSL |
ALB_CREATE_STARTED |
You can see ALB creation started information with username or email id. |
ENABLE_SSL |
ALB_CREATE_COMPLETED |
You can see ALB creation completion information with username or email id. |
ENABLE_SSL |
SG_CREATE_STARTED |
You can see the security group creation started information with username or email id. |
ENABLE_SSL |
SG_CREATE_COMPLETED |
You can see the security group creation completion information with username or email id. |
DISABLE_SSL |
DISABLE_SSL_STARTED |
You can see the SSL_Disable started information with username or email id. |
DISABLE_SSL |
DELETE_ALB_STARTED |
You can see the Application load balancer deletion started information |
DISABLE_SSL |
DELETE_ALB_COMPLETED |
You can see the Application load balancer deletion completed information |
DISABLE_SSL |
DELETE_SG_STARTED |
You can see the Security group deletion started information |
DISABLE_SSL |
DELETE_SG_COMPLETED |
You can see the Security group deletion started information |
DISABLE_SSL |
DISABLE_SSL_FAILED |
You can see the SSL_Disable completed information |
ENABLE_SSL |
LISTENER_CREATE_STARTED |
You can see the listener creation started information |
ENABLE_SSL |
LISTENER_CREATE_COMPLETED |
You can see the listener creation completed information |
PROJECT REPAIR |
REPAIR_STARTED |
You can see the repair started information |
PROJECT REPAIR |
REPAIRING_CATALOG |
You can see the repairing catalog information |
SETTINGS |
PROJECT_CLEANUP_STARTED |
You can see the project cleanup initiated information |
SETTINGS |
PROJECT_CLEANUP_COMPLETED |
You can see the project cleanup completed information |
SETTINGS |
DELETE_SETTING_STARTED |
You can see the setting deletion initiated information |
SETTINGS |
DELETE_SETTING_SUCCESS |
You can see the setting deletion success information |
PROJECT_STORAGE |
PROJECT_STORAGE_CREATION_STARTED |
You can see the project storage creation started information |
PROJECT_STORAGE |
PROJECT_STORAGE_CREATION_COMPLETED |
You can see the project storage creation completed information. |
PROJECT_STORAGE |
PROJECT_STORAGE_CREATION_FAILED |
You can see the project storage creation failed information with reason. |
PROJECT_STORAGE |
OUTPUT_UPDATE_STARTED |
You can see the output updation started information |
PROJECT_STORAGE |
OUTPUT_UPDATE_COMPLETED |
You can see the output updation completed information |
PROJECT_STORAGE |
SHARED_FOLDER_CREATION_STARTED |
You can see the shared folder creation started information. |
PROJECT_STORAGE |
SHARED_FOLDER_CREATION_COMPLETED |
You can see the shared folder creation completed information. |
PROJECT_STORAGE |
S3_CREATE_STARTED |
You can see the S3 bucket creation information |
PROJECT_STORAGE |
S3_TERMINATE_STARTED |
You can see the S3 terminate initiated information |
PROJECT_STORAGE |
S3_TERMINATE_COMPLETED |
You can see the S3 terminate completed information |
PROJECT_STORAGE |
S3_CREATE_COMPLETED |
You can see the S3 bucket creation completed information |
PROJECT_STORAGE |
PROJECT_STORAGE_REPAIR_STARTED |
You can see the project storage repair started information. |
PROJECT_STORAGE |
PROJECT_STORAGE_REPAIR_COMPLETED |
You can see the project storage repair completed information. |
PROJECT_STORAGE |
PROJECT_STORAGE_DELETE_STARTED |
You can see project storage deletion started information with username or email id. |
PROJECT_STORAGE |
PROJECT_STORAGE_DELETE_FAILED |
You can see project storage deletion failed information reason for failure. |
PROJECT_STORAGE |
PROJECT_STORAGE_DELETE_COMPLETED |
You can see project storage delete completion information with username or email id. |
BYOC(BRING YOUR OWN CATALOG) |
BYOC_STARTED |
You can see the BYOC sync initiated information |
BYOC(BRING YOUR OWN CATALOG) |
BYOC_COMPLETED |
You can see BYOC sync completed information. |
PROJECT REPAIR |
BUDGET_REPAIR_SUCCESSFUL |
You can see the budget repair success information |
PROJECT REPAIR |
REPAIRING_BUDGET_STARTED |
You can see the budget repair initiated information |
PROJECT REPAIR |
CATALOG_REPAIR_SUCCESSFUL |
You can see the catalog repair success information |
PROJECT REPAIR |
REPAIR_ACTION_COMPLETED_SUCCESSFULLY |
You can see the repair action completion status. |
PROJECT CREATE |
PROJECT_CREATION_FAILED |
You can see the project creation failed information with reason. |
PROJECT CREATE |
PROJECT_CREATION_COMPLETED |
You can see the project creation success information |
PROJECT CREATE |
PROJECT_CREATION_STARTED |
You can see the project creation started information with the project name and username or email |
COST_CONTROL |
PROJECT_RESUMED |
|
COST_CONTROL |
PROJECT_STOPPED |
|
COST_CONTROL |
PROJECT_PAUSED |
|
COST_CONTROL |
PROJECT_AUTO_STOPPED |
|
PROJECT_UPDATE |
CREATING_SSM_PARAMETER_SUCCESSFUL |
You can see SSM parameter creation success information. |
PROJECT_UPDATE |
SHARING_AMI_SUCCESSFUL |
You can see the shared AMI with ID success information for RStudio and Nextflow-Advanced products. |
COST_CONTROL |
EOD_REPORT_GENERATED |
You can see the EOD report generated success information with the username. |
COST_CONTROL |
EOD_REPORT_SENT_SUCCESSFULLY |
You can see the EOD report sent success information with the username. |
COST_CONTROL |
EOD_REPORT_FAILURE |
You can see the EOD report sent failed information with username |
COST_CONTROL |
PI_EOD_REPORT_GENERATED |
You can see the PI EOD report generated success information with the username. |
COST_CONTROL |
PI_EOD_REPORT_SENT_SUCCESSFULLY |
You can see the PI EOD report sent success information with the username. |
COST_CONTROL |
PI_EOD_REPORT_FAILURE |
You can see the PI report sent failed information with the username. |
ARCHIVE_PROJECT |
PROJECT_CLEANUP_STARTED |
You can see project clean-up initiated information with triggered user name |
ARCHIVE_PROJECT |
PROJECT_CLEANUP_COMPLETED |
You can see project clean-up completed information with triggered user name |
ARCHIVE_PROJECT |
PROJECT_BUDGET_CLEANUP_COMPLETED |
You can see project budget clean-up completed information with the triggered user name |
ARCHIVE_PROJECT |
PRODUCT_STACK_CLEANUP_COMPLETED |
You can see product stack clean-up completed information with triggered user name |
PROJECT |
PROJECT_BUDGET_CHANGED |
You can see project budget changes success information with triggered user name and the total budget |
PROJECT |
PROJECT_UPDATE_USER |
You can see assigned researchers project update success information with count |
PROJECT |
PROJECT_NAME_UPDATED |
You can see updated Project name along with the older name and username or email |
USER |
USER_CREATION_COMPLETE |
You can see new user creation success information with triggered new user name |
USER |
USER_CREATION_FAILED |
You can see new user creation failed information with a new user name and reason |
PROVISIONED_PRODUCT_ACTION |
PROVISIONING_STARTED |
You can see product provision start information with product name, product id and project name |
PROVISIONED_PRODUCT_ACTION |
PROVISIONING_COMPLETE |
You can see product provision completion information with product name, product id and project name |
PROVISIONED_PRODUCT_ACTION |
PROVISIONING_FAILED |
You can see product provision failed information with product name, product id and project name |
PROVISIONED_PRODUCT_ACTION |
TERMINATION_STARTED |
You can see product termination start information with product name, product id and project name |
PROVISIONED_PRODUCT_ACTION |
TERMINATION_COMPLETE |
You can see product termination completion information with product name, product id and project name |
EGRESS_STORE |
TRE_EGRESS_SUBMITTED |
You can see status for egress request submitted with username and prokject name |
EGRESS_STORE |
EGRESS_STORE_PREFIX_CREATION_COMPLETED |
You can see egress store prefix creation completed information with username and product name |
INGRESS_STORAGE |
INGRESS_STORAGE_CREATION_STARTED |
You can see ingress store creation start information with username and account name |
INGRESS_STORAGE |
INGRESS_STORAGE_FOLDER_CREATION_COMPLETED |
You can see ingress store folder creation completion information for user with username and account name |
INGRESS_STORAGE |
INGRESS_STORAGE_CREATION_COMPLETED |
You can see ingress store creation completion information with username and account name |
INGRESS_STORAGE |
INGRESS_STORAGE_REQUEST_CREATED |
You can see ingress store request creation information with requestid and username |
INGRESS_STORAGE |
INGRESS_STORAGE_REQUEST_APPROVED |
You can see ingress store request approved information with requestid and username |
INGRESS_STORAGE |
INGRESS_STORAGE_DELETE_STARTED |
You can see Ingress Project storage termination started information with username and account name |
INGRESS_STORAGE |
INGRESS_STORAGE_DELETE_COMPLETED |
You can see Ingress Project storage termination completion information with username and account name |
EXTERNALSTUDY |
ADD_STUDY_STARTED |
You can see External study registration with study name, study account name, account number and region |
EXTERNALSTUDY |
ADD_STUDY_SUCCESSFUL |
You can see External study registration success with study name, study account name, account number and region |
EXTERNALSTUDY |
DELETE_STUDY_STARTED |
You can see External study deletion with study name, study account name, account number and region |
EXTERNALSTUDY |
DELETE_STUDY_SUCCESSFUL |
You can see External study deletion success with study name, study account name, account number and region |
Appendix G - Release Notes
v1.21.0
Enhancements:
External Study:
Users can create both a project account and a study account within the same AWS account.
Users from different organizations can register the same AWS account, designating it solely as a study account.
Users can create a shared study account, and individuals from the same organization should be able to utilize that shared study account.
If a user has data admin privileges, they can create an external study with a project to which they do not have access.
Enable the repair option for a study account when the account status is in error.
When a user onboards an external study or deletes an external study, validate that the study account stack, role, and policy are available in the study account database entry. If available, check if they exist in the corresponding AWS account. If they are not present, throw an error message and update the study account status to error.
Users are not allowed to create an external study with the same bucket name and prefix within the same organization.
When a user clicks on the ‘Register Study’ button, it is essential to validate the chosen bucket region.
Edit external study. This allows users to reuse the studies they create by assigning new projects to the same study. A classic use-case is when a professor wants to use a dataset for a semester project by his students. Each semester the project and students would change but the dataset created as a study would remain the same.
Users should be able to create an external study without choosing any project.
The Windows Desktop for Secure Research product allows you to connect via your browser to an EC2 Windows-based desktop machine in the cloud with a modern GUI interface. Data cannot be copied out of the system via clipboard or file-download. All data is encrypted in transit and at rest. A secure research windows based environment intended to allow researchers to access sensitive data under a higher level of control and data protection.
Secure Research: Users will be able to update Network details and Egress store details from the 3 dot contextual menu available in project accounts screen for the particular secure account, provided they meet the preset requirements in their Organizational Unit (OU) and upon login.
Project Landing page: list the projects of the logged in PI user at first.
Bug-fixes:
UI Inconsistency fixes
v1.20.0
Features:
External Study: Support to add your external studies and link them to projects. A new study type called external study has been introduced. This allows you to bring in any existing bucket in any other account apart from the Project account as a study even if the bucket was not provisioned via the Research Gateway interface (e.g., you can bring in existing data). External buckets can be linked to projects and mounted to workspaces in the project just like Project Storage.
Azure AD (Active Directory) Integration with Research Gateway.
Bug-fixes:
Internal study: If the study is created with root as a prefix, we can see behavior proper but if it is created with a specific prefix, we can see one empty file at the top after doing explore
Project Landing page: On load more button click, duplicate projects are shown.
Product-details page: On the refresh button click, send an event to the notification sink to get the latest product status.
Enterprise fix: If a user is a part of one OU (Organization Unit) has 1 project and has internal and external studies linked to it later, he is removed from that OU and added to new, Old OU Internal and External Studies should not be visible
On Org Card if one Org is attached to a single or multiple accounts the account id is not visible
In the project creation form if we click on the cost control enabled checkbox it deselects the project storage check and vice versa
v1.19.0
Features:
Ingress Gateway Project. This is a new project type that can be created against an account enabled for Secure Research Environments. This project is meant for researchers to be provided a storage area where they can upload files that they want to bring into a secure project. An Ingress Storage s3 product will be automatically created as part of project creation. The researchers can upload files via the UI and then submit an ingress request. After approval, these files are made available in the IngressStore folder that is mounted to their workspaces.
New additions to the catalog: JupyterLab and VS Code products. JupyterLab is a popular open-source software package that provides a highly extensible notebook authoring and editing environment. It offers advanced features and customization options compared to the Jupyter Notebook. VS Code is a lightweight yet powerful open-source code editor on Linux. It provides built-in support for JavaScript, TypeScript, and Node.js, along with an extensive range of extensions for various languages and runtimes like C++, C#, Java, Python, PHP, Go, and .NET.
Integration with Egress application. With this integration, researchers will have an EgressStore folder automatically mounted to their workspaces. They can copy files that they want to extract from the SRE into this folder and submit an Egress Request. The request must be approved via the Egress Application and can be downloaded by the Information Governance lead after approvals.
Secure Research: Users will be able to add Secure Research Environment accounts and Secure Research Projects from the ‘Add Accounts’ and ‘Add Projects’ screens, provided they meet the preset requirements in their Organizational Unit (OU) and upon login.
Keypairs: Keypairs will be fetched based on the ProjectID.
Name Modification: Users will now encounter the term ‘Secure Research Environment’ instead of ‘Trusted Research Environment.’
RStudio product: The Authentication screen will be removed from the product.
Add project Screen: If all the required input parameters are not set, users will receive an error toaster message. For example, if a user tries to create a Secure Research Project or Data Library Project after creating a Secure Research Environment account without meeting all requirements, they will be restricted and see an error toaster message on the ‘Add Project’ screen.
Secure Research Linux product: Users should be able to view the ‘Instance Type’ action on the Product Details page for the Secure Research Linux product. Additionally, Load Balancers will be created during the Secure Research Project creation.
A confirmation dialog box will be displayed for the ‘stop’ action in the PCluster Product.
Enhanced Nice DCV product: Users can now view the ‘Instance Type’ action on the Product Details page for the Nice DCV product.
IGV-Viewer product: VPC and Subnet will no longer appear as input parameters in the product launch form.
Keyboard Accessibility fixes.
Security fixes.
Bug-fixes:
Internal Studies: When a user attempts to assign or create two studies with the same name for the same project, they shall receive an error toaster message.
Users can delink an account even if the account is linked to an internal study.
Assign product to project: If the stack is created twice during the assign action on the catalog page, duplicate products were being assigned to the project and were visible in the available products tab.
Events page: Users were unable to see the respective project name under the ‘project creation started’ event.
Project status: The ‘Active’ status for a project will now be updated after the completion of all steps.
Researcher login: If a user is assigned to an OU without a project, they should see an appropriate message on the Budgets screen.
When a user creates and deletes a project with an ALB (Application Load Balancer) simultaneously, it should not cause conflicts during the creation and deletion of the ALB.
Screen refresh count: The screen refresh count will be minimized during multiple project creation.
Storage creation issue: If a user unchecks the ‘Project Storage’ checkbox, selects an account in the project creation form, and clicks on the ‘Create Project’ action, the project will still be created with storage.
SAML Login: After successful authentication, users will be redirected to the home page without any issues.
v1.18.0
Features
Secure Research Linux Desktop. This product operates in a custom-created VPC with no internet access. It is accessed through a browser via a secure NICE DCV-based connection which provides access to a MATE desktop environment. It allows for Trusted Research environments to be created which are isolated from external access. The Secure Research Linux Desktop comes with a Chrome browser, docker engine, and miniconda pre-installed on the machine.
Encrypted S3 buckets. The S3 product in the standard catalog now allows for data to be encrypted using either an AWS-managed key or a customer-managed KMS key. This enables data at rest to be encrypted to meet security and regulatory needs.
Public studies can be mounted to workspaces. The studies available from the Registry of Open Data on AWS (RODA), can now be assigned to projects from the study details page. Once assigned to a project, the study appears in the Study Selection pane in the launch form for a researcher to select during the creation of a workspace. The selected study is then mounted to the workspace and can be used.
Internal studies can be created in read-write mode. This allows the PI to create studies that can be updated by researchers generating new data or when they want to share outputs with other researchers using the same study.
Internal studies can be deleted.
Project labels are editable. This feature has been a long-standing customer request. The name of a project can now be edited and changed to suit the customer’s needs.
Support for SPAC in PCluster product. The user now has the option to install SPAC during the provisioning of a PCluster workspace. This provides an easy method to install other software like GROMACS or Open FOAM used in High-Performance Computing.
Subscription Renewal Date is enforced. Users can no longer log in beyond the subscription renewal date.
New IGV Viewer product in the catalog. IGV Viewer is an important open-source tool in genomics analysis and this was a demand from some of the customers who want to perform genomics analysis.
Updated NICE DCV standard catalog item. The NICE DCV product in the standard catalog has been updated with a newer version of the NICE DCV server. The workspace now comes with Chrome browser, docker engine, and miniconda pre-installed and the User interface uses the MATE desktop environment.
Keyboard accessibility improvements
Security improvements
Bug-fixes
Admin: My Organizations: Organization Name Alignment issue.
In the login screen after entering a username and password and clicking on enter it is viewing the password, instead of logging in.
Create appropriate audit message and status for “delete setting” and “project storage terminate”.
Navigating from the Product launch form to the Create study section, if there is no Internal Study for the user, gives an error.
Error in updateBudgetForAccount.
Error in terminateProvisionedProduct - Provisioned product not found.
When the EBS product terminates it gets the following error “This bucket is shared with other researchers, please check with them and disconnect any Sagemaker notebooks connected to it before terminating.” However, there is no Sagemaker product in the project.
Error handling in login with an appropriate message. And add a logger during reset-password with the user name.
Added audit events for PROJECT_CREATION_STARTED and PROJECT_CREATION_COMPLETED.
In the PCluster product switch the Parameter Names based on the Scheduler type.
During project creation, if the S3 templates bucket is inaccessible, the user should see an error on the project events page.
On the Study s3 explore page, the “Actions” drop-down button should not be visible if the user selected one or more than one folder. Also, it should handle duplicate folder prefixes.
Project creation throws an error that the S3 bucket quota is reached even when the project storage requirement has been unchecked.
In the Catalog page, if the stack creation fails, the existing product check mark should not be shown.
During Project Sync, Keypairs should be Inserted only if they have a valid project tag.
When a project is deleted, all the keypairs for that project in the Research Gateway database should be deleted.
In the Catalog page, if we click “Assign product to project” twice, the stack is created twice. So duplicate products getting created.
During Project Creation, if multiple copies are created, Project Storage creation fails because of duplicate namespace values passed to the different stacks.
In the internal study, when I try to link compute resources and check assigned projects in study details, the same project name appears three times. It happens the same with unlinking as well.
In the Catalog page, show all existing tags in the dropdown.
Users with the Researcher role shall only be able to view studies that are assigned to the projects they are a part of.
Store created_on and updated_on in accounts collection. Add column “Last Updated” in the billing accounts table
If an Internal Study has no project assigned, we have to be able to delete it.
Upgrade Mongoose to 6.10.1
EC2-NICE-DCV: NiICE DCV-based products should be accessible through a one-time-usable URL.
Prevent users who are not assigned to any organization from performing any actions.
Notifications should be handled gracefully during post-provisioning when public IP is not found.
v1.17.0
Enhancements
Support for mounting Internal Studies to Sagemaker instances. Users can now use the “Study selection” section of the Launch form, to select studies that should be mounted to Sagemaker instances. The studies, so selected, will appear under the $HOME/studies folder.
New Billing Accounts screen - All accounts added to an organization will now be visible in the Billing Accounts screen to help the user track their overall spend in the AWS account. This screen shows the current AWS billing for that account (total across all regions including consumption from Research Gateway and externally). This screen also shows the forecast for the current month.
Bulk user tag updates. Importing users via CSV now can update tags for existing users. Tags have to follow the same constraints (maximum of 32 characters, maximum of 5 tags) and are updated in an all or none manner.
Bug-fixes
Archived projects that had crossed the budget thresholds were reappearing as Stopped projects when Cost Control feature is on.
The user edit function was not creating audit trail events.
Keypairs created in one project were appearing in another project if the associated account had more than one project linked to it.
A user who is not assigned to any organization was getting the incorrect message on logging in.
The search function in the catalog should show all products - assigned or unassigned.
v1.16.0
Enhancements
Attach secondary EBS volumes created via the project catalog to EC2 Linux-based instances i.e., EC2 Linux, RStudio, Chenlab, Cromwell Advanced etc.
Amazon EBS volumes can now be created via the Available Products catalog.
PCluster product now offers the user the choice to mount a secondary EBS volume to the head node
Admin and Principal Investigators can edit user Information like the First name, Last name, Organizational Unit (editable only if a user was previously not assigned to any Organizational unit) and tags.
Bug-fixes
Admin: Budget Screen: able to see archived projects in the organization also budget assigned is divided among archived projects as well. This is inconsistent with the view that PI has.
Alignment issue fixes in the Project creation screen Add User form, My Projects, Product Details page, Study Details Page.
UI inconsistency fixes in the My Products tab, Project Details page breadcrumb, and Project Details page Events tab.
Admin: User: after switching to table view and searching for a particular user pagination action is not working.
The Add User form breaks when the user clicks on the Add User button from the Create Project and Create Organizations screen.
On the study screen users are not able to search in the tag fields.
Admin: User management: Unable to sort by User Roles.
SSH Window: User Name should be shown in white color while typing
Admin login: Users Screen: some user cards are showing empty in card and table view
User Screen: Reset filter issue fix.
Audit trail page: Select a value filter: items in the drop down should be sorted in alphabetical order.
Users Screen: Sort by filter: AESC and DESC both show the same behavior
Researcher login: My products tab: when we select any filter (All/Research/IT Application) in the Available Products tab and enter My Products tab same filter selection is reflected instead of All/Active/Terminated filters.
Studies: Search action: Space is not allowed in between words.
Keyboard Accessibility fixes for the My Projects page and Budget KPI cards of the Project Details page.
When the User role is selected as Admin, the Organizational Unit field will be disabled in the Add User form.
Research Gateway now uses distroless container images as the base images for Research Gateway software to reduce the attack surface created by unnecessary software components included in the image.
Budgets: product provisioned time should be shown based on logged in user’s time zone
Security fixes.
v1.15.0
Enhancements
Principal Investigators will now see all the products launched by all the project team members in the All Products tab. They will also be able to perform Stop and Terminate actions on the products using the 3-dotted icon which is available at the right side of the table.
Products that are in Creating, Transitioning and Terminating State will not show any actions in the All Products tab.
Products that are in a stopped state will show only the Terminate action.
Project Storage will not show any actions as it cannot be terminated independently of the project.
EFS or FSx file systems will only show the Terminate action.
PCluster Enhancement. Users will now be given the choice to connect either an EFS or FSx file- system (provisioned earlier) to the PCluster.
End of Day (EOD) Report for Principal Investigators. EOD Reports will be sent with the subject “Research Cost Tracking Daily Report”. It will show the following tables.
Account table: This table lists all the accounts in use in your tenant. Each account will show the month-to-date consumption and the forecast value.
Projects summary table: This table shows each project’s summary including month-to-date consumption and cumulative consumption (since inception).
Project Details table: This table shows all the Active products per project and the month-to-date and cumulative cost per project. It also shows a single line item for the cumulative month-to-date and cumulative cost of Terminated products.
For each provisioned product User will now be able to see Created on Parameter in the Product Details Tab which will indicate the Product Creation Date.
Audit Trail: Filter values should be sorted in Alphabetical order. This will help users to find the expected values more easily.
Bug-fixes
Amazon SageMaker: product launch failed. Note: User will need to manually sync their project once for the product template to get updated in their account.
Notificationsink: When sending an email of the failed product fails, the error message talks about the email failure instead of the actual error
The date range picker on the Costs tab now allows to select only valid dates based on the lifespan of the product.
Choosing an Organizational Unit should be disabled when the role is chosen as Admin while creating a user.
My Products tab: The budget value for the product card is showing two decimal values but when the search is performed in my products tab it is not working as expected
When a role gets removed from the AWS console and we still have a setting in RG DB, new settings addition fails by throwing a malformed policy error
Product daily cost missing for certain days
Even if the Status key value “DELETE_IN_PROGRESS” or “AVAILABLE” is set, the isDeleted flag is set to true.
User Creation: If B2C mode is set to true and the user is PI, then only create the default organization.
All audit events should be tagged with the organization ID.
v1.14.0
Enhancements
Select User-Created Studies to Mount. Users now can choose up to 5 studies that will be mounted to the workspaces being created. With this feature, the “Bring Your Own Bucket “ (BYOB) feature is now complete. This powerful feature allows users to create their studies, assign them to specific projects, choose which studies to mount while creating workspaces, and finally use the mounted studies to read the data from their workspaces.
Current Month Cost in Daily EOD Report. Users are always sensitive to cost in the AWS cloud environment. To help them be aware of the costs, we have created an End of Day report for the principal investigator, which will give them the current month’s direct costs as well as the AWS current month-to-date billing. This is expected to help users keep better track of their project budgets.
Budget Screen Enhancements. Budget screens will also show the current month’s direct costs in line with the feature above.
Edit User-Created Studies. This allows users to reuse the studies they create by assigning new projects to the same study. A classic use-case is when a professor wants to use a dataset for a semester project by his students. Each semester the project and students would change but the dataset created as a study would remain the same.
Export Project Budget Details. This feature is being done for a Singapore-based university using the Research Gateway product. They wanted the details of the budget consumption to be exported in a form that can be used for analysis using Excel or other tools.
Bug-fixes
Organization Id to be added to all Audit Trail events to allow filtering by OU.
Project sync was not working when more than 200 products existed in the Service Catalog.
Invalid URL typed by user should show error message.
KMS ARN field should be validated in the Add/Edit Internaly Study screen.
Updates to the project catalog should be restricted when one update is in progress.
The Product Cost Trends chart should show dates in ascending order.
S3 Explore: Copy to clipboard action getting duplicated.
SSH action links should be accessible only to owners.
Security fixes. This includes some technology refreshes in major third-party technologies used like MongoDB, npm packages, node.js etc. The chief among these is an upgrade to MongoDB v4.0.0 which also allows us to upgrade to Node.js v18. Database passwords are now stored using AWS Secret Manager service, providing an additional layer of security, in line with AWS recommended best practices.
v1.13.2
Enhancements
Amazon EFS added to the standard catalog. You can now provision a high-performance NFS-based based file-system (Amazon EFS) for computational needs that need high-performance shared storage.
Project storage creation is made optional during project creation.
The project catalog automatically picks up new attributes like tags during daily sync when there is an update.
New audit trail events for product provisioning success and failure.
ImageBuilder pipeline support for PCluster AMI creation in Enterprise Mode.
Optimization of Service Catalog API calls to reduce costs. Catalog sync now only happens when manually initiated from Project Sync action.
Users will now receive email notification of provisioning completion (success or failure) on their verified email IDs.
Bug-fixes for existing issues
User Management: The user should be added to the DB only after cognito signup is successful
User ID should be case insensitive.
notificationsink: Product Provisioning events should only be sent to the PI and Researchers
notificationsink: product events not getting updated when the isDeleted flag is set to true
Users Screen: Add User: Error toaster message changes.
Security vulnerability for the Passport-Cognito package in the Node Js Server Side Code
Security fixes related to OWASP Top 10 vulnerabilities.
v1.13.0
We are excited to release v1.13.0 of the Research Gateway. This release has some exciting new features and some bug-fixes as well.
Enhancements
PCluster enhancements. The cluster head-node by default has NICE DCV installed which allows you to connect to the head-node via a GUI interface. This is especially useful to visualize the results of the jobs that you run on the cluster (e.g. using Paraview to view the results of OpenFOAM jobs). The URL to the NICE DCV server on the head-node will be secured using SSL if you choose that option while adding your AWS account as a setting in Research Gateway. The pcluster head node also updates the latest security patches during provisioning so that you do not have to worry about open vulnerabilities. PCluster provisioning now also provides control over Hyperthreading and ElasticFabricAdapter support based on the instance types chosen for the compute nodes.
Support to add your own external studies and link them to projects. A new study type called external study has been introduced. This allows you to bring in any existing bucket in your project account as a study even if the bucket was not provisioned via the Research Gateway interface (e.g. you can bring in existing data). External buckets can be linked to projects and are auto-mounted to all workspaces in the project just like ProjectStorage.
ProjectStorage can be deleted while archiving a project. You will now be prompted for deletion of the project storage when you archive a project. Select the checkbox if you want to delete the projectstorage bucket along with all of its contents.
Daily cost trends for each product (workspace) are now available in the Cost tab (new feature). See the daily cost for the workspace from the date of creation to current date in both chart and table form. Select the date range you want to view the information for (the default is seven days).
NICE DCV standalone workspace also supports secure connections using SSL (if the project has opted for SSL).
Security fixes - Many of the third-party packages used have been updated to address vulnerabilities found during security scans so that users can rest assured that their data and workspaces are secure.
Bug-fixes for existing issues
If a user has active products in which they are the “owner” of the share provisioned product, PI should not be allowed to remove them from the project.
Page refresh in Studies: Explore: The folder was causing loader issues.
Connect URL button showing for stopped workspaces of type NICE DCV.
Change the Icon for the FSx product.
Subnet ID mismatch when multiple subnets are required in the CFT input.
In the Users Screen: The download CSV format action is not working.
Studies: Public Study: Explore: Folder: Page Refresh is showing the Create new button.
Studies Page: explore action: Folder: showing no data available: once click on refresh action which is available in the UI it will show content.
For workspaces that connect to DCV, the button should read “Remote Desktop” rather than “Connect DCV”.
PI Login: Archive project: Delete project storage S3 bucket.
Subnet ID mismatch when multiple subnets are required in the CFT input.
UI changes required in Public studies.
s3:Explore:Upload: create an audit trail event for failure.
PCluster: Latest AMI causing the stack to fail if there is a fileSystemId as an input parameter when the scheduler is aws batch
Appendix H - FAQs - Frequently Asked Questions
How can I access help or reach out for support?
Answer: You can use the Chat widget or you can send an email to rlcloudsupport@relevancelab.com to create a support case.
Which AWS regions are supported by RG?
Answer: RG is currently supported in us-east-1, us-east-2, us-west-1, us-west-2, ca-central-1, eu-central-1, eu-west-1, eu-west-2, ap-northeast-1, ap-southeast-1, ap-southeast-2, ap-northeast-2, sa-east-1.
how can I login into Research Gateway as Admin?
Answer: Please visit the following link to login to Research Gateway as Admin: “ add proper link”, Login with the proper username and password.
If the user is unable to login into the research gateway with a password what are the ways to resolve it?
Answer: Below are the ways to resolve the login issue
Check if you are using the correct password.
Check if you are using the correct case for the password.
Check if your browser is storing your password.
Clear your browser cache and cookies.
Try logging in from a different browser.
Contact Research Gateway support for help.
You can reset your password by clicking on the Forgot Password link on the login page.
How can the user reset the password?
Answer: The user can reset his password by clicking on the Forgot Password link on the login page. Users can add their email address in the input field and click on the “Send Reset Link” button. The user will be sent an email with a link to reset his password.
What are the special characters that can be included in a password?
Answer: The password must contain at least one lowercase letter, one uppercase letter, one number, and one special character. The special characters are:= + - ^ $ * . [ ] { } ( ) ? ! @ # % & / , > < ‘ : ; | _ ~
What is the password policy in the research gateway?
Answer: The password policy for Research Gateway is 8 characters minimum and 16 characters maximum, 1 lowercase letter, 1 uppercase letter, 1 number, and 1 special character.
My First Name or Last Name is incorrect. How can I correct it?
Answer: Please contact rlcloudsupport@relevancelab.com.
I received a verification link when I registered for Research Gateway (or when my Principal Investigator invited me). However, when I click on the link, I get an error that says the link has expired.
Answer: The link expires in 24 hours for security reasons. You can ask your PI to “Resend the verification link” from the user management screen. If you are still facing an issue, you can send an email to rlcloudsupport@relevancelab.com.
I am from the Ap-Notheast-1 region; shall I add an account in that region in RG?
Answer: No, we can Add Accounts in specific regions only, by customer request, A New region will be added to the Research Gateway
How can I sign up for a new account?
Answer: In a browser window, open the Research Gateway URL (https://research.rlcatalyst.com/login).
Click on the “Sign up for new account” link which is below the sign-in button.
A registration form will be opened.
Fill in the proper detail
Click on the “Sign Up“ button. If the provided details are valid, you will receive a verification link on the registered email address to reset the password. On clicking the link in the email, you will be led to the change password screen.
The password needs to confirm with the password policy.
If the password change is successful you will be navigated to the verification successful page. Through the “Click here to login button” you will be navigated to the Research Gateway login screen.
Once logged in to your account, you will land on the Welcome page in Research Gateway.
How can I sign in with Google into the portal?
Answer: Please click on the Google sign-in button on the login page.
How many researchers can I add at a time on Research Gateway?
Answer: You can add 20 researchers at a time to Research Gateway
What are the project states in Research Gateway?
Answer: A Project can be in one of the following states: Active, Paused, Stopped, Failed
What are the actions the user can perform on the project?
Answer: Once the project is active, the user can perform Pause/Resume/Stop/Archive/Add Budget actions on a project.
How to add a budget to the project?
Answer: The “Add Budget” action will provide Principal Investigators with a way to add more budget to the project. Clicking on the “Add Budget” button will bring up a dialog box where you can add any whole number greater than 0.
I added an AWS account and created a project in Research Gateway. However, the cost always shows zero even though I have provisioned workspaces.
Answer: This indicates that you have not approved the cost_allocation tags in your payee account. Research Gateway tags all resources with certain tags so that we can track the costs. However, AWS requires that cost allocation tags be first approved in the payee account. Your account may be a payee account (in which case you might be able to follow the instructions in the link yourself). More often than not, there is a master account that IT controls which is the payee account. The consumption accounts are child accounts of that master account. In this latter case, the cost allocation tags need to be approved by the payee (master account). Note that products created before the tags are approved will not be tracked for cost. See the procedure for Cost allocation tags activation.
Will the user get any email on budget alert?
Answer: Yes, the User will get an email alert if your budget is going to be exceeded.
Why am I not seeing any costs getting updated in my project?
Answer: For Research Gateway to pull the cost information from your AWS account, you need to approve the cost allocation tags in your payer account. Check if you have done that.
What are the user roles supported in Research Gateway?
Answer: Research Gateway supports the following roles:
Administrator. Can create OUs, add accounts, create users, assign users and catalog items to OUs.
Principal Investigators. PIs are associated with one OU and within that OU they can create users, add accounts, create projects, assign users and catalog items to projects.
Researchers are associated with a single OU and can create and use resources within the projects that they are a member of.
What is the difference between a Principal Investigator role and a researcher role?
Answer: Principal Investigators are the main point of contact for the project. They are responsible for managing the project and its resources. Researchers are the users who will be using the resources in the project. They can create and manage resources, but they cannot manage the project itself.
Can there be more than one Principal Investigator in a project?
Answer: Yes, there can be more than one Principal Investigator in a project.
As an Administrator user what actions can I perform?
Answer: As an Administrator, you can create OUs, add accounts, create users, assign users and catalog items to OUs.
As Principal investigator what actions can I perform?
Answer: Principal Investigators are associated with one OU and within that OU they can create users, add accounts, create projects, assign users and catalog items to projects. Principal Investigators can create users, add accounts, create projects, assign users and catalog items to projects, provision resources from the project, and manage budgets.
As a researcher user what actions i can perform?
Answer: Researchers are associated with a single OU and can create and use resources within the projects that they are a member of.
Can you name some of the products in Research Gateway?
Answer: Below is the list of products in Research Gateway:
Amazon EC2 Linux
Amazon EC2 Windows
Amazon S3
Amazon Sagemaker
RStudio
Nextflow Advanced
Cromwell Advanced
Docker on Amazon EC2 Linux
My SQL
Ubuntu 20 04 on Amazon EC2
PCluster
FSx For Lustre
NICE DCV on Amazon EC2 Linux
Amazon EFS
Amazon EBS
Secure Research Linux Desktop
Integrated Genomics Viewer
JupyterLab
VS Code
What are the different provisioned product status?
Answer: The provisioned product status can be: Active, Failed, Creating, terminating, terminated or stopped
I provisioned a product but received an error “You have requested more vCPU capacity than your current vCPU limit of N allows for the instance bucket that the specified instance type belongs to.”
Answer: It looks like you have hit an AWS Service Quota limit. Please contact your Principal Investigator or IT Administrator who manages your AWS account and ask them to create a support case with AWS for a service quota limit increment.
I provisioned a product but it is stuck in “Transitioning”. How can I connect to the system?
Answer: This should occur very rarely. Please contact rlcloudsupport@relevancelab.com.
In the in-browser SSH window in Research Gateway, how do I paste commands from the clipboard?
Answer: Use the browser menu to paste from the clipboard.
I have just received an email from AWS for the request to authorize email addresses to be used with Amazon SES and Amazon Pinpoint in the region US East (N. Virginia). Can I check this is triggered by you and not a phishing email?
Answer: This is to verify your email address so that Research Gateway can send you a daily End-Of-Day report if any instances are left running. The report will act as a reminder to turn off the system. So we would recommend to go ahead and verify your email through that link sent out via AWS.
The costs that are shown in Research Gateway are less than what I am seeing in my AWS console.
Answer: The costs shown in Research Gateway are the direct costs (costs that can be ascribed to the products created by PI or Researchers in the project). Directs costs may take up to 24 hours to show under the direct costs. To avoid higher API costs, we only update the costs once a day at 12:00 AM UTC time. There are a few shared products like the project-storage and the ALB that is created for SSL connections. That cost is not shown as part of the direct costs. There will also be some costs which are shared costs (e.g. Data Transfer, API calls etc.) which will be on your bill but not shown in the direct costs.
I have started a rstudio machine and installed something. The machine was stopped now, why is that the case?
Answer: RStudio machines have an idle detection script that will stop the machine after 15 minutes of inactivity. The Idle timeout is actually based on the Rstudio interface and not the SSH session. You can however modify the timeout period by editing the below mentioned file in your instance /usr/local/bin/check-idle : Ln. No - 12 (MAX_IDLE_MINUTES = 15). You can specify your timeout period in minutes or set it to 0 to disable the feature.
how the user can connect to their workspaces using an external SSH client?
Answer: For Linux product, you have to do
ssh -i </path/to/pem/file> <user-name>@<ip-address>
In this user-name is ec2-user for Amazon Linux 2 workspaces and ubuntu for Ubuntu workspaces and rstudio for RStudio workspaces.
To get the public-ip-address: 1. Click on the Project card 2. Click on the My Products tab 3. Click on any Product card(Nextflow Advanced , Rstudio etc) 4. Click on the Outputs tab 5. Scrolling down in the Outputs tab will show you the InstanceIPAddress domain where you will get the public-ip-address.
If you are connecting from a Windows box you can use an SSH client like PuTTY.
Click on the project on the “My Projects” page.
Navigate to the “My Products” tab
Click on your instance in the My Products view.
In the product details page, you will find the SSH/RDP button in the Connect pane on the right side. Click on the button to launch the SSH Launcher window in a separate tab of your browser.
Enter a username, select the authentication type from the list, upload the Pem file and click on submit. The SSH window should open.
If you are unable to connect, check your current IP address against the “AllowedSSHLocation” parameter provided at provisioning time.
I terminated all my provisioned products; does that consume any indirect costs for AWS after that?
Answer: To stop cost consumption for AWS you should delete the Account from the settings.
Can I share my research study data with researchers under the project?
Answer: Yes
When launched products fail, how can I get those logs to debug as a researcher?
Answer: You can get the logs from the CloudWatch logs.
Can resources provisioned by one researcher be shared with another user in the project?
Answer: Yes, resources provisioned by one researcher can be shared with another user in the project.
How can a user share a resource in the project?
Answer: A user can share a resource by clicking on the share button on the product details page. A resource can only be shared with the entire project. Once shared, a resource cannot be unshared and will be visible to all project members.
What are actions a user can take for a product?
Answer: The actions a user can take depend on the product. Common actions for active products include stop, share, Terminate, reboot, SShrdp, Remote desktop, Open link, etc also if we have any Secondary EBS product launched in the same availability zone as applicable products then we can also perform Attach and Detach Volume action. For failed products, we have terminate action, for stopped products we have start, terminate instance type actions etc.