Storages
Hub supports IAM delegated access integration for our cloud users.
Last updated
Hub supports IAM delegated access integration for our cloud users.
Last updated
Ango Hub supports connecting your cloud data storage through IAM User and IAM Delegated access.
With IAM User and IAM Delegated Access, you can securely host your unlabeled assets in your cloud storage provider, while being able to view them and label them on Hub, giving Hub the minimal access necessary to work with them.
Amazon S3
Google Cloud Platform
Microsoft Azure
Images
Video
Text
Audio
DICOM
You will need to set up an IAM role in your cloud provider's dashboard, and allow Ango Hub to take upon the IAM role. You will then define the policies determining what the Hub IAM account will be able to access and do. This way, Hub can access your stored data securely and only within the bounds of what you allow.
This is the preferred way to connect cloud data to Hub because of its adaptability. You can set policies allowing Hub access granularly. For example, you can allow access to all buckets, only one bucket, or only one asset in one bucket. You can set up multiple IAM storages for different projects with different permissions, and so on.
In addition to IAM User (e.g. creating a new IAM user for Ango Hub), Ango Hub allows you to connect your S3 storage with IAM delegation. Read more about it here.
Ango Hub will only access your data when it is necessary to display it within Hub, for example, during labeling.
To display an asset, Hub requests a temporary signed URL from the Ango backend. The backend will assume the role you have configured and generate a signed URL for the asset. The backend then passes that URL to the frontend, which then displays the asset using that temporary, expiring, signed URL.
Hub will occasionally also need asset metadata, such as image dimensions, video length, etc. To do so, Hub will generate a temporary, expiring, signed URL the same way, download the asset, extract the metadata it needs (also known as processing), then instantly delete it.
All asset processing is done in Germany-based data centers.
No, annotations are stored in Ango's own storage even when the asset comes from an IAM storage. The only exception to this is if Hub was installed on-premises.
No. Ango Hub does not cache assets coming from IAM delegated access connections.
Yes. Remove the "GetObject" permission from your permission policy for the role, and all live signed URLs will become invalid.