Cloud Authentication and Licensing
Authentication is required for users that run DRAGEN on the cloud, with the Bring-Your-Own-License (BYOL) model, outside of integrated Illumina cloud products. A valid license is required to enable authentication and usage quotas.
License Server
DRAGEN cloud runs access the DRAGEN License Server to validate the credentials and licenses against the intended run. BYOL users must provide credentials and must allow access to the license server URL. The following command line option can be used to pass the credentials to DRAGEN: --lic-server=http://<user>:<pass>@license.edicogenome.com
Instance Identity
DRAGEN cloud runs access the instance identity document via the Instance Metadata Service as part of the authentication. It uses the IPv4 local address. If access to the local address is not allowed, the authentication will fail. Alternately if the user does not want to allow applications to access this service, the user may save the instance identity document(s) and point DRAGEN to use them instead. The method for providing instance identity documents to DRAGEN is described below.
| • | Save the instance identity document(s) as files from the user's instance, and provide them as inputs to DRAGEN with each run |
| • | The instance identity documents only need to be saved once per AWS account and region, and can be re-used subsequently |
Examples for saving instance identity document(s):
AWS
curl -v -H Metadata:true --noproxy "*" "http://169.254.169.254/latest/dynamic/instance-identity/pkcs7" -o /opt/instance-identity/pkcs7
curl -v -H Metadata:true --noproxy "*" "http://169.254.169.254/latest/dynamic/instance-identity/document" -o /opt/instance-identity/document
cp /opt/instance-identity/pkcs7 /opt/instance-identity/signature
There should be 3 files in this folder, respectively named pkcs7, signature and document. Run DRAGEN using the --lic-instance-id-location ${instance_identity} command option.
Azure
curl -v -H Metadata:true --noproxy "*" "http://169.254.169.254/metadata/instance?api-version=2020-09-01" -o /opt/instance-identity/instance
curl -v -H Metadata:true --noproxy "*" "http://169.254.169.254/metadata/attested/document?api-version=2020-09-01" -o /opt/instance-identity/document
There should be 2 files in this folder, respectively named instance and document. Run DRAGEN using the --lic-instance-id-location ${instance_identity} command option.
