Skip to content

View and Modify External Storage Providers

Introduction

External storage providers must be configured for a Flywheel site in order to use the Export feature. 

Compatible storage providers include:

  • Amazon S3,
  • Azure Blob Storage,
  • Google Cloud Storage, or
  • File System (e.g., NFS drive) mounted into the Flywheel infrastructure.

Instruction Steps

View the list of external storage providers

  1. Sign in to Flywheel as a Site Admin.
  2. Click Interfaces in the left menu under the ADMIN section.
  3. Click the External Storage tab.

mceclip0.png

View details of storage providers

  1. Click on the pencil icon for the external storage you are interested in
  2. View and optionally modify the dialog box with storage details
    • Label: The name of the storage provider within flywheel.
    • Provider: The type of storage provider (S3, Azure, GCP, File Store)
    • Bucket: The storage Bucket
    • Prefix: A prefix used in the storage bucket
    • Permissions: Level of access for this bucket.  Can be Site, a Group, or a Project. mceclip6.png
  3. Click Save and Test to save the new settings and start a connection test.  If the test is successful, Flywheel was able to connect to the bucket.

Use Connector's Pre-configured Credentials (Amazon S3 only)

For Amazon S3 storages, Flywheel offers a unique way of authenticating to cloud storage (S3) buckets that uses AWS IAM Roles instead of Access Keys.

Benefits

Using IAM roles improves overall security and reduces maintenance burden by eliminating the need for the person configuring a new External Storage registration within Flywheel to know, secure, or share secret credentials.

Instead of using user-provided keys, the Flywheel site itself is able to negotiate with AWS directly to obtain the access tokens required for authorizing interactions with the cloud storage bucket.

To put it another way, when using IAM Roles, the process of getting the Flywheel services the proper credentials for accessing the cloud storage bucket is handled entirely in the backend — no sensitive information needs to be provided through the frontend at all.

To use this method, contact Flywheel Support to request the AWS IAM role ARN used by the Flywheel system when interacting with S3. Then, configure access policies in AWS to grant the shared IAM role access to the S3 bucket.

Unix Users and Groups (File System only)

For File System storages, configuration options are available for specifying the Unix-style User (UID) and Groups (GID) necessary to interact with the file system. The Flywheel system switches itself to assume to these UID and GID values when interacting with file-system storages.

  • User ID (UID): Unix user who will own the files after they are written during an Export. Only numerical values are accepted. Defaults to 1000 (root) if not specified.
  • Group ID (GID): Unix group who will own the files after they are written during an Export. Only numerical values are accepted. Defaults to 1000 (root) if not specified.
  • Supplemental Groups (GIDs): Additional groups which may be required to grant sufficient permissions to interact with the files or directories on the file system. This value is entirely optional and has no affect on the ownership of files after they are written during an Export. Defaults to nothing if not specified.

Troubleshooting

An unsuccessful test is likely due to one of the following reasons:

  • The modified bucket does not exist
  • The Provider was changed without changing the access keys
  • The access keys are no longer valid