STAC

SpatioTemporal Asset Catalogs (STAC) use a common language to describe geospatial information, so it can more easily be worked with, indexed, and discovered.

Connecting a STAC source

Felt can connect to both static STAC catalogs and dynamic STAC APIs:

  • Click on the Library () in the toolbar

  • Click + New Source

  • Select STAC

  • Enter Connection Details

    1. Source Name: name of the source in Felt

    2. URL: the URL of your STAC source.

    3. Set authentication if necessary (see next section)

  • Click Connect

  • Once connected you will see a catalog of your data with previews for your new source

  • From here you can add any of these layers to your spatial dashboards!

Authentication

If your STAC is private, you may configure credentials for both the STAC API itself or the assets linked in the STAC Items. For example, you may have a public STAC API (no authentication needed) that points to private assets in AWS S3 or Google Cloud Storage, which require appropriate permission to access.

AWS Assume Role

If your assets are hosted in Amazon's Simle Storage Service (better known as S3), you will need to allow Felt to assume an IAM role on your account:

  • Create a policy that allows listing and reading objects in the S3 buckets where your assets are located. It should be able to perform the following actions:

    • s3:GetObject

    • s3:GetObjectVersion

    • s3:ListBucket

    • s3:GetBucketLocation

  • Create an IAM role and attach the aforementioned policy to it.

  • Create a Trust Relationship for said role that allows Felt to access your assets. Make sure to include all the principals listed below:

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Principal": {
                "AWS": [
                    "arn:aws:iam::949302143999:root",
                    "arn:aws:iam::452667257775:root",
                    "arn:aws:iam::375127086520:root",
                    "arn:aws:iam::033636008376:root"
                ]
            },
            "Action": "sts:AssumeRole"
        }
    ]
}

Azure Storage Connection String

For objects hosted in Azure Storage, provide a connection string to grant Felt access to your Azure storage account.

We recommend creating a dedicated Shared Access Signature (SAS) with only Read and List permissions. Shared Access Signatures may be created at both the storage account level and the individual container level.

Creating an account-level SAS
  • In Azure Portal, navigate to Storage Accounts and click on the desired account.

  • In the left-hand sidebar, open the Security + networking dropdown and click on Shared access signature.

  • Create a new SAS with access to all services and resources, and limit permissions to only Read and List.

  • Click on Generate SAS and connection string and copy the Connection string to paste into Felt.

Creating a container-level SAS
  • In Azure Portal, navigate to Storage Accounts and click on the desired account.

  • In the left-hand sidebar click on Storage browser, then click on Blob containers.

  • Identify the desired container and click on the three dots () at the far right of its row, then click on Generate SAS.

  • Create a new SAS with access to all services and resources, and limit permissions to only Read and List.

  • Click on Generate SAS and connection string and copy the Connection string to paste into Felt.

Custom Headers

Specify key/value pairs of custom headers to be added in each request. For example, if your STAC requires Bearer Authentication:

  • Header name: Authorization

  • Value: Bearer {YOUR_AUTH_TOKEN}

GCP Service Account JSON

To access objects stored in Google Cloud Storage, upload a JSON key file for Service Account with access to the Storage Object Viewer role in the buckets of your choice.

Last updated

Was this helpful?