# STAC

<figure><img src="/files/lmN7bI5UP6UQCy8JihvO" alt="" width="563"><figcaption></figcaption></figure>

[SpatioTemporal Asset Catalogs](https://stacspec.org/en) (STAC) use a common language to describe geospatial information, so it can more easily be worked with, indexed, and discovered.

{% hint style="success" %}
This feature is only available to customers on the [Enterprise plan](https://felt.com/pricing). To upgrade, [contact sales](https://felt.com/sales).
{% endhint %}

## Connecting a STAC source

Felt can connect to both static STAC catalogs and dynamic STAC APIs:

* Open **New data source** — from the workspace homepage, click **+** next to **Data sources**. Or from a map, click ![](/files/qv8POfyKJ00VfTgugMR2) in the toolbar and choose **+ New data source**.
* Select **STAC**
* Enter Connection Details
  1. **`Source Name`**: name of the source in Felt
  2. **`URL`**: the URL of your STAC source.
  3. Set authentication if necessary (see next section)
* Click **`Connect`**
* Once connected you will see a catalog of your data with previews for your new source
* From here you can add any of these layers to your spatial dashboards!

## Authentication

If your STAC is private, you may configure credentials for both the STAC API itself or the assets linked in the [STAC Items](https://github.com/radiantearth/stac-spec/blob/master/item-spec/item-spec.md). For example, you may have a public STAC API (no authentication needed) that points to private assets in AWS S3 or Google Cloud Storage, which require appropriate permission to access.

<figure><img src="/files/AHoJlMhkVqWz8hvdPu7k" alt=""><figcaption></figcaption></figure>

### AWS Assume Role

If your assets are hosted in Amazon's Simle Storage Service (better known as **S3**), you will need to allow Felt to [assume an IAM role](https://docs.aws.amazon.com/STS/latest/APIReference/API_AssumeRole.html) on your account:

* Create a [policy](https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html) that allows listing and reading objects in the S3 buckets where your assets are located. It should be able to perform the following actions:
  * `s3:GetObject`
  * `s3:GetObjectVersion`
  * `s3:ListBucket`
  * `s3:GetBucketLocation`
* Create [an IAM role](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles.html) and attach the aforementioned policy to it.
* Create a Trust Relationship for said role that allows Felt to access your assets. Make sure to include all the principals listed below:

```json
{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Principal": {
                "AWS": [
                    "arn:aws:iam::949302143999:root",
                    "arn:aws:iam::452667257775:root",
                    "arn:aws:iam::375127086520:root",
                    "arn:aws:iam::033636008376:root"
                ]
            },
            "Action": "sts:AssumeRole"
        }
    ]
}
```

### Azure Storage Connection String

For objects hosted in Azure Storage, provide a [connection string](https://learn.microsoft.com/en-us/azure/storage/common/storage-configure-connection-string#create-a-connection-string-using-a-shared-access-signature) to grant Felt access to your Azure storage account.

We recommend creating a dedicated [Shared Access Signature (SAS)](https://learn.microsoft.com/en-us/azure/storage/common/storage-sas-overview) with only **`Read`** and **`List`** permissions. Shared Access Signatures may be created at both the storage account level and the individual container level.

<details>

<summary>Creating an account-level SAS</summary>

* In Azure Portal, navigate to **`Storage Accounts`** and click on the desired account.
* In the left-hand sidebar, open the **`Security + networking`** dropdown and click on **`Shared access signature`**.
* Create a new SAS with access to all services and resources, and limit permissions to only **`Read`** and **`List`**.
* Click on **`Generate SAS and connection string`** and copy the **`Connection string`** to paste into Felt.

</details>

<details>

<summary>Creating a container-level SAS</summary>

* In Azure Portal, navigate to **`Storage Accounts`** and click on the desired account.
* In the left-hand sidebar click on **`Storage browser`**, then click on **`Blob containers`**.
* Identify the desired container and click on the three dots (**`…`**) at the far right of its row, then click on **`Generate SAS`**.
* Create a new SAS with access to all services and resources, and limit permissions to only **`Read`** and **`List`**.
* Click on **`Generate SAS and connection string`** and copy the **`Connection string`** to paste into Felt.

</details>

### Custom Headers

Specify key/value pairs of custom headers to be added in each request. For example, if your STAC requires[ Bearer Authentication](https://swagger.io/docs/specification/v3_0/authentication/bearer-authentication/):

* Header name: `Authorization`
* Value: `Bearer {YOUR_AUTH_TOKEN}`

### GCP Service Account JSON

To access objects stored in Google Cloud Storage, upload a JSON key file for [Service Account](https://cloud.google.com/iam/docs/service-account-overview) with access to the `Storage Object Viewer` role in the buckets of your choice.


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://help.felt.com/data-sources/raster-infrastructure/stac.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.