Benchling Connect S3 Guide

Sahil
Sahil
  • Updated

Purpose

This guide outlines the steps required to install a Benchling S3 Gateway on your tenant. Our S3 Gateway is designed to support customers who use AWS S3 as their primary data source for instrument data.

Background

This gateway enables direct, cloud-to-cloud bi-directional file transfer, allowing you to import instrument data files from their S3 buckets into Benchling and export input files containing metadata stored in Benchling back to their S3. The steps below allow you to configure and connect to your S3 bucket.

S3 Gateway Configuration (On Benchling)

Aim: Associate your S3 Bucket with your Benchling Tenant.

Navigate to “Feature Settings” → under “AUTOMATION SCHEMAS” → “Instrument Gateways”.  

In the upper right corner, click the “Download”  dropdown button:

  1. Click the “Configure S3 gateway” option
  2. Once a the “Configure Cloud Gateway” modal appears, enter the following:
    • Enter a Gateway Name to identify it in Benchling
    • Enter your S3 Bucket Name
    • Click “Generate Policy”
  3. When you click the “Generate Policy” button, an S3 policy will be generated for you to configure in your S3 bucket, including IAM role & TenantId
    • See an example S3 policy output below
 
 
{ "Sid": "BenchlingConnect", "Effect": "Allow", "Principal": { "AWS": "arn:aws:iam::192140755079:role/instruments-dev-stable-usw2-s3-gateway" }, "Action": [ "s3:ListBucket", "s3:GetObject", "s3:PutObject" ], "Resource": [ "arn:aws:s3:::benchling-s3-demo-bucket", "arn:aws:s3:::benchling-s3-demo-bucket/*" ], "Condition": { "StringEquals": { "aws:PrincipalTag/TenantId": "ten_tgto1gn68x" } } }

Reference the image below for detailed instruction:

S3 Cloud Gateway Installation steps.png

Configure the Bucket Policy (On AWS)

  1. In the AWS Console through the S3 application, find your bucket.
  2. Once inside your bucket, click on the “Permissions” tab.
  3. Next, you can scroll down to the “Bucket policy” section.
  4. From here you will click the “Edit” button in the top right corner.
  5. Now, you will navigate back to the Policy you Generated from Benchling (open from the previous section).
    • Note: If you need to access your Policy again, navigate to your Instrument Gateways and follow these steps:
      • For your S3 Gateway click on the ellipsis icon located to the right under “Actions”
      • Next, click on “View bucket info”
      • Lastly, click on “Generate Policy"

Mar 12 2025 Screenshot.png

  1. Copy the Policy and Paste it into the AWS Bucket Policy
    • Important Note: Make sure your policy is wrapped inside of this Statement. An example is below.
{ "Statement": [ { "Sid": "BenchlingConnect", "Effect": "Allow", "Principal": { "AWS": "arn:aws:iam::192140755079:role/instruments-dev-stable-usw2-s3-gateway" }, "Action": [ "s3:ListBucket", "s3:GetObject", "s3:PutObject" ], "Resource": [ "arn:aws:s3:::benchling-s3-demo-bucket", "arn:aws:s3:::benchling-s3-demo-bucket/*" ], "Condition": { "StringEquals": { "aws:PrincipalTag/TenantId": "ten_tgto1gn68x" } } } ] }

 

Creating a Connection with Your S3 Gateway (On Benchling)

You can now create a Connection from the Instrument Gateway.

  1. Browse to the Connections application and choose Connections. At the top, click the [+] to create a new File Watcher Adapter connection.

Image Mar 22 2025.png

  1. The list of data connector(s) in the dropdown are managed via Adapter Allowlist.
  2. In the Create new [name of selected connection] pop-up, enter the name of your connection and select your S3 gateway

Image Mar 22 2025 (1).png

  1. Enter the following information, then click "Create":
    • File Extensions : List of file extensions to monitor.
      • For multiple extensions, use a comma-separated list, e.g. 'csv, txt, pdf'
    • Input Prefix : S3 bucket prefix to send to files from Benchling, without the leading /
      • e.g. MyInstrument/Imports
    • Output Prefix: S3 bucket prefix to monitor and retrieve files coming into Benchling  without the leading /
      • e.g. MyInstrument/Exports 

Image Mar 22 2025 (2).png

  1. After the Connection creation, it will take appx. 1 min for files to sync. You can see them in the Data tab in your ConnectionImage Mar 22 2025 (3).png

Archiving Your S3 Gateway (On Benchling)

  1. Navigate to “Feature Settings” → under “AUTOMATION SCHEMAS” → “Instrument Gateways”.  
  2. For your S3 Gateway click on the ellipsis icon located to the right under “Actions”.
  3. Click on “Archive Gateway”
    • Note: This will impact your existing Connections you have configured

Caveats & Known Limitations

  • Available for AWS S3: Only Amazon S3 is supported in this release. Other cloud storage providers, such as Azure Blob or Google Cloud Storage, are not supported at this time.
  • Prefix naming conventions matter: Certain characters (e.g., backslashes \) may cause issues. Follow naming guidelines to ensure compatibility.
  • Default S3 server-side encryption (SSE-S3)
    • The current release of the Benchling Connect S3 Cloud Gateway supports server-side encryption with Amazon S3 managed keys (SSE-S3).
    • Additional configuration on the Benchling side will be required for other types of server-side encryption using AWS Key Management Service, such as SSE-KMS or DSSE-KMS
 
 

Was this article helpful?

Have more questions? Submit a request