Comments (7)
I asked the user to do some testing, and interestingly the following worked as expected:
$ aws s3 ls s3://scpca-references/homo_sapiens/ensembl-104/salmon_index/Homo_sapiens.GRCh38.104.spliced_intron.txome --no-sign-request
PRE Homo_sapiens.GRCh38.104.spliced_intron.txome/
However, this did not:
$ aws s3 ls s3://scpca-references/homo_sapiens/ensembl-104/salmon_index/Homo_sapiens.GRCh38.104.spliced_intron.txome
An error occurred (AccessDenied) when calling the ListObjectsV2 operation: Access Denied
In other words, a completely anonymous request was able to get a listing, but when sending credentials, access was denied. This does not look like a bad credentials issue, as I think those get a different issue.
I tried adding list permissions to the Authenticated users group (anyone with an AWS account)
as well, but that doesn't seem to have made any difference (it was a shot in the dark).
(Side note: I also checked (on my own) that adding --recursive
to a request with --no-sign-request
worked, which is what will be needed later.)
If anyone with more AWS experience can have a look and maybe provide some thoughts, that would be appreciated. Tagging @arkid15r and @davidsmejia to start.
from scpca-nf.
From the issue description the process seems to be working as intended. As (I assume) the user isn't a part of our AWS account the authenticated requests don't work. And the publicly accessible bucket content should be available with the --no-sign-request
option.
Adding the Authenticated users group (anyone with an AWS account)
could be an alternative (needs to be tested with/without the Everyone (public access)
ACL enabled).
from scpca-nf.
Correct, the user is not part of our AWS account, but I had assumed (perhaps incorrectly) that allow everyone access would include authenticated users.
But just in case I did add the Authenticated users group (anyone with an AWS account)
option, and I tested it with a profile of my own (outside ALSF) and it seemed to work as expected (I could list the bucket+prefix). So I am still confused as to why this user is getting AccessDenied
from scpca-nf.
I wonder if it is possible to pass to nextflow an option to use a NULL AWS profile somehow? Somehow the profile being used is blocking access, but we would not want to override AWS profiles by default...
from scpca-nf.
Nextflow has a setting that we might be able to use for anonymous S3 access:
aws.client.anonymous = true
I have asked for testing of this, and we will see if it works
from scpca-nf.
Nextflow has a setting that we might be able to use for anonymous S3 access:
aws.client.anonymous = true
I have asked for testing of this, and we will see if it works
This was tested successfully! Updating issue to reflect that this should be added to the example config file.
from scpca-nf.
closed by #206
from scpca-nf.
Related Issues (20)
- Include instructions for specifying `merge_run_ids` when merging projects in external instructions
- Skip creation of merged objects HOT 1
- Fix column name typos HOT 4
- Future idea: Create merged objects for projects with multiplexed libraries containing all non-multiplexed single-cell libraries
- Prepare for scpca-nf release v0.7.3
- Make sure CellAssign is skipped for any objects with just 1 cell HOT 1
- [BUG] Age in sample_metadata is inconsistently typed HOT 3
- Discussion: Rename AnnData objects with .h5ad extension HOT 6
- [BUG] Account for grabbing estimated demux cell counts for libraries with no genetic demultiplexing HOT 1
- `project_celltype_metafile` parameter is missing from scpca-nf schema
- Test workflow with Bioc3.19 images HOT 1
- Use more specialized docker images for processes HOT 2
- Prepare for scpca-nf release `v0.8.1`
- Consider using nf-schema plugin to validate inputs
- Use new smaller images in processes HOT 1
- Test use of smaller Docker images in workflow HOT 1
- Re-order bulk metadata to match order for overall sample metadata HOT 1
- Add sample metadata table to QC and cell type reports HOT 5
- Output bulk data to a `bulk` folder rather than individual files within project directory HOT 1
- Prepare for scpca-nf release `v0.8.2` HOT 4
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from scpca-nf.