Service Workbench on AWS is a cloud solution that enables IT teams to provide secure, repeatable, and federated control of access to data, tooling, and compute power that researchers need.
As described in the TREEHOOSE TRE architecture, one TRE Project AWS account (e.g. TRE Project 1 Prod) will host only one SWB instance.
For a SWB instance (web application), a TRE admin should create only one SWB Project which will represent the TRE project whose boundaries are defined by the AWS account (e.g. TRE Project 1 Prod) where all project related resources are deployed.
To create the SWB project required to perform any tasks in SWB (create workspaces, register data studies, etc.), follow the instructions from the official SWB user guide, pages 17-18.
To learn about the predefined user roles available in SWB, follow the guidance from the official SWB user guide, page 16.
Follow the instructions below to create Cognito users who can authenticate to the SWB website.
Apply these steps only to accounts that are part of the TRE Projects Prod OU.
Log in to the AWS Management Console using your TRE Project 1 Prod account and Admin privileges.
In Cognito (default IdP):
- Go to Service: AWS Cognito
- Select Manage User Pools
- Select the User Pool for SWB called e.g. treprod-pj1-userPool (based on the SWB config file provided during deployment Step 2C)
- Use button Create user to create a SWB user
In SWB:
- Log in to SWB using the root account (based on the SWB config file provided during deployment Step 2C)
- Go to menu option Users
- For each user previously created in Cognito use buttons Detail -> Activate User to activate them to allow login
- For each user previously created in Cognito use buttons Detail -> Edit to select a suitable User Role for them
While SWB does support other identity providers, only Cognito is in scope for the TREEHOOSE TRE solution at this time. To learn more about SWB IdP support, check the official SWB configuration guide.
To add users to the SWB project, follow the instructions from the official SWB user guide, page 18 - section Adding a User to a Project.
An admin in SWB can register data studies and assign permissions to those studies. A researcher can then attach the read-only data studies to a compute workspace to perform their research activities.
To learn how to register external data studies, follow the instructions from the official SWB user guide, pages 26-28.
To learn how to set permissions for data studies, follow the instructions from the official SWB user guide, page 25.
For known issues with registered data studies in SWB, please refer to the troubleshooting guidance, section External Data Studies.
An admin in SWB can define workspace types and configurations. A researcher can then use those configurations to create compute workspaces to perform research activities.
To learn about workspaces, follow the instructions from the official SWB user guide, pages 11-14.
For more SWB guidance, please consult the official SWB user guide or ask questions in the project's Issues page on GitHub.