3D Multi Sensor Fusion - User Documentation
  • Introduction
  • Account Activation
  • QuickServe Platform
  • Project Setup
    • Create Recipe
      • 1. Basic Details
      • 2. Classes
      • 3. Attributes
      • 4. Associations
      • 5. Publish Recipe
    • Create Taskflow
      • 1. Taskflow Details
      • 2. Taskflow Preview & Edit
      • 3. Publish Taskflow
    • Build Jobs
      • 1. Job Details
      • 2. Data Import
      • 3. Data Upload Status
      • 4. Launch Task
    • Batch Export
    • Reports
    • Pre-process Data
    • Storages
  • Annotation Tool
    • Tool Layout
    • Steps to Label
    • Drawing Tools
      • Cuboid
      • Polyline 3D
      • Polygon 3D
      • Brush Sphere
      • Rectangle
      • Polyline 2D
      • Polygon 2D
    • Key Features
      • Progress Bar
      • Keyframe Interpolation
      • Raycaster and Frustum
      • Focus Mode
      • Merged Point Cloud
      • Isolate
      • Outlier
      • Ground and Ceiling Mover
      • Project Points on Image
      • Task Level Attribute Propagation
      • Relationship
      • Intensity Filter and Picker
      • Image Settings Lock
      • Unify Dimension
      • Auto-Grounding for Cuboids and Polylines
    • Tool Shortcuts
  • Audit Tool
  • Visualization Tool
  • API Documentation
    • API Documentaion
Powered by GitBook
On this page
  • Customer Access to iMerit Owned Dedicated Bucket
  • IAM Cross Account Access
  1. Project Setup

Storages

Customer Access to iMerit Owned Dedicated Bucket

By default, iMerit provides Cross-account IAM roles for programmatic access to upload customer data into a predesignated S3 bucket.

These steps are for a customer trying to upload data.

  1. Create an IAM role or user in the customer AWS account (role_1).

  2. Give the role_1 download permission (GetObject) and upload (PutObject) objects to and from the predefined S3 bucket.

{ 
  "Version": "2012-10-17",
  "Statement": [
    {
     "Effect": "Allow",
     "Action": [
       "s3:GetObject",
       "s3:PutObject"
      ],
     "Resource": "arn:aws:s3:::<to be communicated by iMerit team>"
    }
  ]
}

IAM Cross Account Access

The following steps apply when the customer prefers to retain the data within their own infrastructure.

  1. Create four S3 buckets with default settings. The bucket names can be chosen as per your internal naming conventions.

    • {CUSTOMERNAME}-content.tasking.imerit-prod.io

    • {CUSTOMERNAME}-tasking-app-prod-delivery-bucket

    • {CUSTOMERNAME}-tasking-app-prod-import-bucket

    • {CUSTOMERNAME}-pct-content.tasking.imerit-prod.io

  2. Apply the appropriate CORS (Cross-Origin Resource Sharing) configuration to each of the below mentioned buckets:

    • {CUSTOMERNAME}-content.tasking.imerit-prod.io and

    • {CUSTOMERNAME}-pct-content.tasking.imerit-prod.io

Bucket CORS Policy
[
    {
        "AllowedHeaders": [
            "*"
        ],
        "AllowedMethods": [
            "GET",
            "HEAD"
        ],
        "AllowedOrigins": [
            "https://tools.tasking.imerit-prod.io"
        ]
    }
]

  2. Set up an IAM role with the necessary assume role policy and permissions, as outlined in the code snippet provided below.:

Assume Role Policy
{
    "Version": "2012-10-17",
        "Statement": [
            {

                "Effect": "Allow",
                "Action": "sts:AssumeRole",
                "Principal": {
                    "AWS": [
                        "arn:aws:iam::797913408994:role/import-manager-prod",
                        "arn:aws:iam::797913408994:role/pointcloud-converter-prod",
                        "arn:aws:iam::797913408994:role/metafile-generator-prod",
                        "arn:aws:iam::797913408994:role/pointcloud-deliverables-prod",
                        "arn:aws:iam::797913408994:role/tv2-delivery-adapter-prod",
                        "arn:aws:iam::797913408994:role/template-output-generator-prod",
                        "arn:aws:iam::797913408994:role/delivery-manager-prod",
                        "arn:aws:iam::797913408994:role/delivery-manager-api-prod",
                        "arn:aws:iam::797913408994:role/tv2-delegator-api-prod",
                        "arn:aws:iam::797913408994:role/job-builder-prod",
                        "arn:aws:iam::797913408994:role/tv2-delegator-prod"
                    ]
                },
                "Condition": {
                    "StringEquals": {
                        "sts:ExternalId": "imerit-prod"
                    }
                }
            }]
}
Permissions
{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "CustomerBucketAccess",
            "Effect": "Allow",
            "Action": [
                "s3:PutObject",
                "s3:GetObject",
                "s3:ListBucket"
            ],
            "Resource": [
                "arn:aws:s3:::{CUSTOMERNAME}-content.tasking.imerit-prod.io",
                "arn:aws:s3:::{CUSTOMERNAME}-tasking-app-prod-delivery-bucket",
                "arn:aws:s3:::{CUSTOMERNAME}-tasking-app-prod-import-bucket",
                "arn:aws:s3:::{CUSTOMERNAME}-pct-content.tasking.imerit-prod.io",
                "arn:aws:s3:::{CUSTOMERNAME}-content.tasking.imerit-prod.io/*",
                "arn:aws:s3:::{CUSTOMERNAME}-tasking-app-prod-delivery-bucket/*",
                "arn:aws:s3:::{CUSTOMERNAME}-tasking-app-prod-import-bucket/*",
                "arn:aws:s3:::{CUSTOMERNAME}-pct-content.tasking.imerit-prod.io/*"
            ]
        }
    ]
}

  1. After the above steps are completed and a role is generated, share this role ARN with iMerit so that the iMerit application can assume that role.

PreviousPre-process DataNextAnnotation Tool

Last updated 18 days ago

Upload the to s3://{CUSTOMERNAME}-tasking-app-prod-import-bucket/quickserve_uploads/

pre-processed data