1 of 100

Illumina Connected Analytics

Introduction

Illumina® Connected Analytics is a cloud-based software platform intended to be used to manage, analyze, and interpret large volumes of multi-omics data in a secure, scalable, and flexible environment. The versatility of the system allows the platform to be used for a broad range of applications.

Get Started gives an overview of how to access and configure ICA with Network settings providing access prerequisites.

New

To see what is new in the latest version, use the software release notes and the document revision history.

Home

The home section provides an overview of the main ICA sections such as (the main work location), (asset packages), , (to capture additional information), and images (containerised applications) and how to configure (your own) .

Project

Projects are your primary work locations which contain your and . Here you will create and use them for . You configure who can access your project by means of the settings. The results can be processed with the help of , or . Projects can be considered as a binder for your work and information.

Command-Line Interface

This section contains information on how to , , , and the command line interface, as alternative for the ICA GUI.

Sequencer Integration

Information and tutorials on .

Tutorials

There is a set of step-by-step Tutorials

Reference

In the Reference section, you can find more information on the , , ,

For an overview of the available subscription tiers and functionality, please refer to on the Illumina website.

Get Started

About the Platform

When using the applications provided on the platform for diagnostic purposes, it is the responsibility of the user to determine regulatory requirements and to validate for intended use, as appropriate.

The platform is hosted in regions listed below.

Region Name

Region Identifier

Australia

The platform hosts a suite of RESTful HTTP-based application programming interfaces (APIs) to perform operations on data and analysis resources. A web application user-interface is hosted alongside the API to deliver an interactive visualization of the resources and enables additional functionality beyond automated analysis and data transfer. Storage and compute costs are presented via usage information in the account console, and a variety of compute resource options are specifiable for applications to fine tune efficiency.

Our systems are synchronized using a Cloud Time Sync Service to ensure accurate timekeeping and consistent log timestamps.

Getting Started

The user documentation provides material for learning the basics of interacting with the platform including examples and tutorials. Start with the documentation to learn more.

Getting Help

Use the search bar on the top right to navigate through the help docs and find specific topics of interest.

If you have any questions, contact Illumina Technical Support by phone or email:

Illumina Technical Support | [email protected] | 1-800-809-4566

For customers outside the United States, Illumina regional Technical Support contact information can be found at www.illumina.com/company/contact-us.html.

To see the current ICA version you are logged in to, click your username found on the top right of the screen and then select About.

Other Illumina Products

To view a list of the products to which you have access, select the 9 dots symbol at the top right of ICA. This will list your products. If you have multiple regional applications for the same product, the region of each is shown between brackets.

The More Tools category presents the following options

My Illumina Dashboard to monitor instruments, streamline purchases and keep track of upcoming activities.
Link to the Support Center for additional information and help.
Link to the order management from where you can keep track of your current and past orders.

Release Notes

In the section of the documentation, posts are made for new versions of deployments of the core platform components.

Get Started

Software Registration

If you are a new user, please consult the Illumina Connected Software Registration Guide for detailed guidance on setting up an account and registering a subscription.

Tenant Setup

The platform requires a provisioned tenant in the () system with access to the Illumina Connected Analytics (ICA) application. Once a tenant has been provisioned, a tenant administrator will be assigned. The tenant administrator has permission to manage account access including add users, create workgroups, and add additional tenant administrators.

Each tenant is assigned a domain name used to login to the platform. The domain name is used in the login URL to navigate to the appropriate login page in a web browser. The login URL is https://<domain_name>.login.illumina.com with <domain_name> replaced by the actual domain name.

New user accounts can be created

For more details on identity and access management, please see the help.

If you have intrusion detection systems active on your infrastructure, be aware that activities performed by ICA on your behalf (such as accessing ) might trigger suspicious activity alerts. Please review the alerts and rules with your vendor to set up appropriate policies on your detection system.

by the tenant administrator by logging in to their domain and navigating to Illumina Account Management under their profile at the top right
or by the user by accessing https://platform.login.illumina.com and selecting the option Don't have an account.

Once the account has been added to the domain, the tenant administrator may assign registered users to which bundle users with permission to use the ICA application. Registered users can be made workgroup administrators by tenant administrators or existing workgroup administrators.

API Keys

If you want to use the (CLI) or the (API), you can use an as credentials when logging in. API Keys operate similar to a user name and password combination and must be kept secure and rotated on a regular basis (preferably yearly). `

When keys are compromised or no longer in use, they must be revoked. This is done through the by navigating to the User menu item on the left and selecting "API Keys", followed by selecting the key and using the trash icon next to it.

Generate an API Key

API Keys are limited to 10 per user and are managed through the product dashboard after logging in through the . See for more information.

{% hint style="warning" %} For security reasons, do not use accounts with administrator level access to generate API keys. Create a specific CLI user with basic permissions instead. This will minimize the possible impact of compromised keys. {% endhint %}

{% hint style="warning" %} Once the API key generation window is closed, the key contents will not be accessible through the domain login page, so be sure to store it securely for future reference. {% endhint %}

Access via Web UI

The web application provides a visual user interface (UI) for navigating resources in the platform, managing projects, and extended features beyond the API. To access the web application, navigate to the .

On the left, you have the navigation bar (1) which will auto-collapse on smaller screens. To collapse it, use the double arrow symbol (2). When collapsed, use the >> symbol to expand it.
The central part (3) of the display is the item on which you are performing your actions and the breadcrumb menu (4) to return to the projects overview or a previous level. You can also use your browser's back button to return to the level from which you came.

Access via the CLI

The command-line interface offers a developer-oriented experience for interacting with the APIs to manage resources and launch analysis workflows. Find instructions for using the command-line interface including download links for your operating system in the .

Access via the API

The HTTP-based application programming interfaces (APIs) are listed in the section of the documentation. The reference documentation provides the ability to call APIs from the browser page and shows detailed information about the API schemas. HTTP client tooling such as Postman or cURL can be used to make direct calls to the API outside of the browser.

{% hint style="info" %} When accessing the API using the API Reference page or through REST client tools, the Authorization header must be provided with the value set to Bearer <token> where <token> is replaced with a valid JSON Web Token (JWT). For generating a JWT, see . {% endhint %}

Object Identifiers

The object data models for resources that are created in the platform include a unique id field for identifying the resource. These fixed machine-readable IDs are used for accessing and modifying the resource through the API or CLI, even if the resource name changes.

JSON Web Token (JWT)

Accessing the platform APIs requires authorizing calls using JSON Web Tokens (JWT). A JWT is a standardized trusted claim containing authentication context. This is a primary security mechanism to protect against unauthorized cross-account data access.

A JWT is generated by providing user credentials (API Key or username/password) to the token creation endpoint. Token creation can be performed using the API directly or the CLI.

Home

Event Log

The event log shows an overview of system events with options to search and filter. For every entry, it lists the following:

Event date and time
Category (error, warn or info)
Code
Description
Tenant

Up to 200,000 results will be be returned. If your desired records are outside the range of the returned records, please refine the filters or use the search function at the top right.

Export is restricted to the amount of entries shown per page. You can use the selector at the bottom to set this to up to 1000 entries per page.

Storage

A storage configuration provides ICA with information to connect to an external cloud storage provider, such as AWS S3. The storage configuration validates that the information provided is correct, and then continuously monitors the integration.

Refer to the following pages for instructions to setup supported external cloud storage providers:

Project

Non-Indexed Folders

Non-indexed folders () are designed for optimal performance in situations where no file actions are needed. They serve as fast storage in situations like temporary analysis file storage where you don't need access or searches via the GUI to individual files or subfolders within the folder. Think of a non-indexed folder as a data container. You can access the container which contains all the data, but you can not access the individual data files within the container from the GUI. As non-indexed folders contain data, they count towards your total project storage.

You can see the size of a non-indexed folder as part of the data details screen (projects > your_project > data > your_non-indexed_data > data details tab) and in the data view (projects > your_project > data).

There can be a noticeable delay before the size of a non-indexed folder is updated after changes because of how the data is handled.

Data Integrity

You can verify the integrity of the data by comparing the hash which is usually (with some exceptions) an MD5 (Message Digest Algorithm 5) checksum. This is a common cryptographic hash function that generates a fixed-size, 128-bit hash value from any input data. This hash value is unique to the content of the data, meaning even a slight change in the data will result in a significantly different MD5 checksum. AWS S3 calculates this checksum when data is uploaded and stores it in the ETag (Entity tag).

For files smaller than 16 MB, you can directly retrieve the MD5 checksum using our API endpoints. Make an API GET call to the https://ica.illumina.com/ica/rest/api/projects/{projectId}/data/{dataId} endpoint specifying the data Id you want to check and the corresponding project ID. The response you receive will be in JSON format, containing various file metadata. Within the JSON response, look for the objectETag field. This value is the MD5 checksum for the file you have queried. You can compare this checksum with the one you compute locally to ensure file integrity.

This ETag does not change and can be used as a file integrity check even when that file is archived, unarchived and/or copied to another location. Changes to the metadata have no impact on the ETag

For larger files, the process is different due to computation limitations. In these cases, we recommend using a dedicated pipeline on our platform to explicitly calculate the MD5 checksum. Below you can find both a main.nf file and the corresponding XML for a possible Nextflow pipeline to calculate the MD5 checksum for FASTQ files.

Storage Cost Managment

Since there is a storage cost associated with the data in your projects, it is good practice to regularly check how much cost is being generated by your projects and evaluate which data can be removed from cloud storage. The instructions provided here will help you quickly determine which data is generating the highest storage costs.

Monitoring Storage Cost

To see how much storage costs are currently being generated for your tenant, you can look at the usage explorer at https://platform.illumina.com/usage/ or from within ICA, navigate to the 9-dot symbol () in the top right next to your name and choose the usage explorer from the menu.

From the usage explorer overview screen, you can see below the graphical representation which projects are incurring the highest storage costs.

Project Files in ICA

When you have determined which projects are incurring the largest storage costs, you can find out which files within that project are taking up the most space. To find the largest files in your project,

Go to Projects > your_project > Data and switch to list view with the () icon left above your files.
Use the column icon () top right to add the size column to your view. You can drag the size column to the desired position in your list view or use the move left and use right options which appear when you select the three vertical dots.
Select Sort descending to show the largest files first.

Once you have the list sorted like this, you can evaluate if those large files are still needed, if the can be sent to (manage > archive) or if they can be deleted (manage > delete).

Samples

You can use samples to group information related to a sample, including input files, output files, and analyses. You can consider samples as creating a binder to collect related information. When you then link that sample to another project, you bring over the empty binder, but not the files contained in it. In that project, you can then add your own data to it.

You can search for samples (excluding their metadata) with the Search button at the top right.

Add New Sample

To add a new sample, do as follows.

Select Projects > your_project > Samples.
To add a new sample, select + Create, and then enter a unique name and description for the sample.
To add files to the sample, see

Your sample is added to the Samples page. To view information on the sample, select the sample name in the overview.

Add Files to Samples

You can add files to a sample after creating the sample. Any files that are not currently linked to a sample are listed on the Unlinked Files tab.

To add an unlinked file to a sample, do as follows.

Go to Projects > your_project > Samples > Unlinked files tab.
Select a file or files, and then select one of the following options:
- Create sample — Create a new sample that includes the selected files.

Alternatively, you can add unlinked files from the sample details.

Going to Projects > your_project > Samples > your_sample.
Select your sample to open the details.
Go to the Data tab and select link.

Data can only be linked to a single sample, so once you have linked data to a sample, it will no longer appear in the list of data to choose form.

Unlink Files from Samples

To remove files from samples,

Go to Projects > your_project > Samples > your_sample > Data
Select the files you want to remove.
Select Unlink.

If your selection contains both unlinkable samples and non-unlinkable samples (for example linked via a linked bundle), then this will be indicated in the confirmation dialog and only the unlinkable samples will be unlinked.

Link Samples to Project

A Sample can be linked to a project from a separate project to make it available in read-only capacity.

Navigate to the Samples view in the Project
Click the Link button
Select the Sample(s) to link to the project

Data linked to Samples is not automatically linked to the project. The data must be linked separately from the Data view. Samples also must be available in a complete state in order to be linked.

Delete Samples

If you want to remove a sample, select it and use the delete option from the top navigation row. You will be presented a choice of how to handle the data in the sample.

Unlink all data without deleting it.
Delete input data and unlink other data.
Delete all data.

Activity

The Activity view (Projects > your_project > Activity) shows the status and history of long-running activities including Data Transfers, Base Jobs, Base Activity, Bench Activity and Batch Jobs.

Data Transfers

The Data Transfers tab shows the status of data uploads and downloads. You can sort, search and filter on various criteria and export the information. Show ongoing transfers (top right) allows you to filter out the completed and failed transfers to focus on current activity.

Transfers with a yellow background indicate that rules have been modified in ways that prevent planned files from being uploaded. Please verify your service connectors to resolve this.

Flow

Flow provides tooling for building and running secondary analysis pipelines. The platform supports analysis workflows constructed using Common Workflow Language (CWL) and Nextflow. Each step of an analysis pipeline executes a containerized application using inputs passed into the pipeline or output from previous steps.

You can configure the following components in Illumina Connected Analytics Flow:

Reference Data — Reference Data for Graphical CWL flows. See .
Pipelines — One or more tools configured to process input data and generate output files. See

Reference Data

Reference Data are reference genome sets which you use to help look for deviations and to compare your data against.

Creating Reference Data

Reference data properties are located at the main navigation level and consist of the following free text fields.

CWL

ICA supports running pipelines defined using Common Workflow Language (CWL).

Compute Type

To specify a compute type for a CWL CommandLineTool, either define the ram and number of cores or use the resource type and size. The ICA Compute Type will automatically be determined based on CWL ResourceRequirement coresMin/coresMax (CPU) and ramMin/ramMax (Memory) values using a "best fit" strategy to meet the minimum specified requirements (See the Compute Types table to see to what the resources are mapped).

For example, take the following ResourceRequirements:

This will result in a best fit of standard-large ICA Compute Type request for the task.

If the specified requirements can not be met by any of the presets, the task will be rejected and failed.

See the example below to use the ResourceRequirement in the cwl workflow with the Predefined

FPGA requirements can not be set by means of CWL ResourceRequirements.
The Machine Profile Resource in the graphical editor will override whatever is set for requirements in the ResourceRequirement.

Standard vs Economy

For each compute type, you can choose between the

Standard - (Default) or
Economy - tiers.

You can set economy mode with the "tier" parameter

Considerations

If no Docker image is specified, Ubuntu will be used as default. Both : and / can be used as separator.

CWL Overrides

ICA supports overriding workflow requirements at load time using Command Line Interface (CLI) with JSON input. Please refer to for more details on the CWL overrides feature.

In ICA you can provide the "override" recipes as a part of the input JSON. The following example uses CWL overrides to change the environment variable requirement at load time.

Snowflake

User

Every Base user has 1 snowflake username: ICA_U_<id>

User/Project-Bundle

Bench

ICA provides a tool called Bench for interactive data analysis. This is a sandboxed workspace which runs a docker image with access to the data and pipelines within a project. This workspace runs on the Amazon S3 system and comes with associated processing and provisioning costs. It is therefore best practice to not keep your Bench instances running indefinitely, but stopping them when not in use.

Access

Having access to Bench depends on the following conditions:

Bench needs to be included in your ICA subscription.
The project owner needs to enable Bench for their project.
Individual users of that project need to be given access to Bench.

Enabling Bench for your project

After creating a project, go to Projects > your_project > Bench > Workspaces page and click the Enable button. The entitlements you have determine the available resources for your Bench workspaces. If you have multiple entitlements, all the resources of your individual entitlements are taken into account. Once bench is enabled, users with matching have access to the Bench module in that project.

If you do not see the Enable button for Bench, then either your tenant subscription does not include Bench or the tenant to which you belong is not the one where the project was created. Users from other tenants can create workspaces in Bench once Bench is enabled, but they cannot enable the Bench module itself.

Setting user level access.

Once Bench has been enabled for your project, the combination of roles and teams settings determines if a user can access Bench.

Tenant administrators and project owners are always able to access Bench and perform all actions.
The teams settings page at Projects > your_project > Project Settings > Team determines the role for the user/workgroup.
- No Access means you have no access to the Bench workspace for that project.

Sun Grid Engine (SGE) on ICA Bench

Running Jobs in a Bench SGE Cluster

Once a cluster is started, the cluster manager can be accessed from the workspace node.

Job resources

Spark on ICA Bench

Running a Spark application in a Bench Spark Cluster

Running a pyspark application

The JupyterLab environment is by default configured with 3 additional kernels

PySpark –

JupyterLab

Bench workspaces require setting a Docker image to use as the image for the workspace. Illumina Connected Analytics (ICA) provides a default Docker image with JupyterLab installed.

JupyterLab supports Jupyter Notebook documents (.ipynb). Notebook documents consist of a sequence of cells which may contain executable code, markdown, headers, and raw text.

The JupyterLab Docker image contains the following environment variables:

Variable

Set to

ICA_URL

https://ica.illumina.com/ica (ICA server URL)

~~ICA_PROJECT~~ (Obsolete)

To export data from your workspace to your local machine, it is best practice to move the data in your workspace to the /data/project/ folder so that it becomes available in your project under projects > your_project > Data.

ICA Python Library

Included in the default JupyterLab Docker image is a python library with APIs to perform actions in ICA, such as add data, launch pipelines, and operate on Base tables. The python library is generated from the using .

The ICA Python library API documentation can be found in folder /etc/ica/data/ica_v2_api_docs within the JupyterLab Docker image.

See the for examples on using the ICA Python library.

FUSE Driver

Bench Workspaces use a FUSE driver to mount project data directly into a workspace file system. There are both read and write capabilities with some limitations on write capabilities that are enforced by the underlying AWS S3 storage.

As a user, you are allowed to do the following actions from Bench (when having the correct user permissions compared to the workspace permissions) or through the CLI:

Copy project data
Delete project data

Cohorts

Introduction to Cohorts

ICA Cohorts is a cohort analysis tool integrated with Illumina Connected Analytics (ICA). ICA Cohorts combines subject- and sample-level metadata, such as phenotypes, diseases, demographics, and biometrics, with molecular data stored in ICA to perform tertiary analyses on selected subsets of individuals.

Prepare Metadata Sheets

In ICA Cohorts, metadata describe any subjects and samples imported into the system in terms of attributes, including:

subject:
- demographics such as age, sex, ancestry;

Precomputed GWAS and PheWAS

The GWAS and PheWAS tabs in ICA Cohorts allow you to visualize precomputed analysis results for phenotypes/diseases and genes, respectively. Note that these do not reflect the subjects that are part of the cohort that you created.

ICA Cohorts currently hosts GWAS and PheWAS analysis results for approximately 150 quantitative phenotypes (such as "LDL direct" and "sitting height") and about 700 diseases.

Visualize Results from Precomputed Genome-Wide Association Studies (GWAS)

Oncology Walk-through

This walk-through is intended to represent a typical workflow when building and studying a cohort of oncology cases.

Create a Cancer Cohort and View Subject Details

Click Create Cohort button.

Details

The project details page contains the properties of the project, such as the location, owner, storage and linked bundles. This is also the place where you add assets in the form of linked .

The project details are configured during project creation and may be updated by the project owner, entities with the project Adminstrator role, and tenant administrators.

Adding Linked Bundle Assets

Connectivity

The platform provides Connectors to facilitate automation for operations on data (ie, upload, download, linking).

Service connectors sync data between your local computer or server and the project's cloud-based data storage.
Project connectors link data between individual projects.

Command-Line Interface

Installation

Download links for the CLI can be found at the Release History.

Both the CLI and the service connector require x86 architecture. For ARM-based architecture on Mac or Windows, you need to keep x86 emulation enabled. Linux does not support x86 emulation.

After the file is downloaded, place the CLI in a folder that is included in your $PATH environment variable list of paths, typically /usr/local/bin. Open the Terminal application, navigate to the folder where the downloaded CLI file is located (usually your Downloads folder), and run the following command to copy the CLI file to the appropriate folder. If you do not have write access to your /usr/local/bin folder, then you may use sudo (which requires a password) prior to the cp command. For example:

If you do not have sudo access on your system, contact your administrator for installation. Alternately, you may place the file in an alternate location and update your $PATH to include this location (see the documentation for your shell to determine how to update this environment variable).

You will also need to make the file executable so that the CLI can run:

You will likely want to place the CLI in a folder that is included in your $PATH environment variable list of paths. In Windows, you typically want to save your applications in the C:\Program Files

Authentication

The ICA CLI uses an Illumina API Key to authenticate. An Illumina API Key can be acquired through the product dashboard after logging into a domain. See API Keys for instructions to create an Illumina API Key.

Authenticate using icav2 config set command. The CLI will prompt for an x-api-key value. Input the API Key generated from the product dashboard here. See the example below (replace EXAMPLE_API_KEY with the actual API Key).

icav2 config set
Creating /Users/johngenome/.icav2/config.yaml
Initialize configuration settings [default]
server-url [ica.illumina.com]: 
x-api-key : EXAMPLE_API_KEY
output-format (allowed values table,yaml,json defaults to table) : 
colormode (allowed values none,dark,light defaults to none) :

The CLI will save the API Key to the config file as an encrypted value.

If you want to overwrite existing environment values, use the command icav2 config set. To remove an existing configuration/session file, use the command icav2 config reset.\

Check the server and confirm you are authenticated using icav2 config get

If during these steps or in the future you need to reset the authentication, you can do so using the command: icav2 config reset

Data Transfer

The ICA CLI can be used for uploading, downloading and viewing information about data stored within ICA projects. If not already authenticated, please see the section. Once the CLI has been authenticated with your account, use the command below to list all projects:

icav2`` projects list

The first column of the output (in default table format) will show the ID. This is the project-id and will be used in the examples below.

Config Settings

The ICA CLI accepts configuration settings from multiple places, such as environment variables, configuration file, or passed in as command line arguments. When configuration settings are retrieved, the following precedence is used to determine which setting to apply:

Command line options - Passed in with the command such as --access-token
Environment variables - Stored in system environment variables such as ICAV2_ACCESS_TOKEN

Output Format

The CLI supports outputs in table, JSON, and YAML formats. The format is set using the output-format configuration setting through a command line option, environment variable, or configuration file.

Dates are output as UTC times when using JSON/YAML output format and local times when using table format.

To set the output format, use the following setting:

--output-format <string>

json - Outputs in JSON format
yaml - Outputs in YAML format
table - Outputs in tabular format

Sequencer Integration

Cloud Analysis Auto-launch

Please see the for all content related to Cloud Analysis Auto-Launch:

Tutorials

Mount projectdata using CLI

icav2 allows project data to be mounted on a local system. This feature is currently available on Linux and Mac systems only. Although not supported, users have successfully used Windows Subsystem for Linux (WSL) on Windows to use icav2 projectdata mount command. Please refer to the WSL documentation for installing WSL.

Prerequisites

icav2 (>=2.3.0) and in the local system.
- For MAC refer to .

Mount projectdata

Identify the project id by running the following command:

Provide the project id under "ID" column above to the mount command to mount the project data for the project.

Check the content of the mount.

icav2 utilizes the FUSE driver to mount project data, providing both read and write capabilities. However, there are some limitations on the write capabilities that are enforced by the underlying AWS S3 storage. For more information, please refer to .

WARNING Do NOT use the CP -f command to copy or move data to a mounted location. This will result in data loss as data on the destination location will be deleted.

Unmount project data

You can unmount the project data using the 'unmount' command.

Tables

All tables created within Base are gathered on the Projects > your_project > Base > Tables page. New tables can be created and existing tables can be updated or deleted here.

Create a new Table

To create a new table, click Projects > your_project > Base > Tables > +Create. Tables can be created from scratch or from a template that was previously saved. Views on data from Illumina hardware and processes are selected with the option Import from catalogue.

If you make a mistake in the order of columns when creating your table, then as long as you have not saved your table, you can switch to Edit definition to change the column order. The text editor can swap or move columns whereas the built-in editor can only delete columns or add columns to the end of the sequence. When editing in text mode, it is best practice to copy the content of the text editor to a notepad before you make changes because a corrupted syntax will result in the text being wiped or reverted when switching between text and non-text mode.

Once a table is saved it is no longer possible to edit the schema, only new fields can be added. The workaround is switching to text mode, copying the schema of the table to which you want to make modifications and paste it into a new empty table where the necessary changes can be made before saving.

Once created, do not try to modify your table column layout via the Query module as even though you can execute ALTER TABLE commands, the definitions and syntax of the table will go out of sync resulting in processing issues.

Be careful when naming tables when you want to use them in . Table names have to be unique per bundle, so no two tables with the same name can be part of the same bundle.

Empty Table

To create a table from scratch, complete the fields listed below and click the Save button. Once saved, a job will be created to create the table. To view table creation progress, navigate to the Activity page.

Table information

The table name is a required field and must be unique. The first character of the table must be a letter followed by letters, numbers or underscores. The description is optional.

References

Including or excluding references can be done by checking or un-checking the Include reference checkbox. These reference fields are not shown on the table creation page, but are added to the schema definition, which is visible after creating the table (Projects > your_project > Base > Tables > your_table > Schema definition). By including references, additional columns will be added to the which can contain references to the data on the platform:

data_reference: reference to the data element in the Illumina platform from which the record originates
data_name: original name of the data element in the Illumina platform from which the record originates
sample_reference: reference to the sample in the Illumina platform from which the record originates

Schema

In an empty table, you can create a schema by adding a field with the +Add button for each column of the table and defining it. At any time during the creation process, it is possible to switch to the edit definition mode and back. The definition mode shows the JSON code, whereas the original view shows the fields in a table.

Each field requires:

a unique name (*1) with optional description.
a type
- String – collection of characters

(*1) Do not use reserved Snowflake keywords such as left, right, sample, select, table,... (https://docs.snowflake.com/en/sql-reference/reserved-keywords) for your schema name as this will lead to SQL compilation errors.

(*2) Float values will be exported differently depending on the output format. For example JSON will use scientific notation so verify that your consecutive processing methods support this.

(*3) Defining the precision when creating tables with SQL is not supported as this will result in rounding issues.

From template

Users can create their own template by making a table which is turned into a template at Projects > your_project > Base > Tables > your_table > Manage (top right) > Save as template.

If a template is created and available/active, it is possible to create a new table based on this template. The table information and references follow the rules of the empty table but in this case the schema will be pre-filled. It is possible to still edit the schema that is based on the template.

Table information

Table status

The status of a table can be found at Projects > your_project > Base > Tables. The possible statuses are:

Available: Ready to be used, both with or without data
Pending: The system is still processing the table, there is probably a process running to fill the table with data
Deleted: The table is deleted functionally; it still exists and can be shown in the list again by clicking the Show deleted tables/views button

Additional Considerations

Tables created from empty data or from a template are available faster.
When copying a table with data, it can remain in a Pending for longer periods of time.
Clicking on the page's refresh button will update the list.

Table details

For any available table, the following details are shown:

Table information: Name, description, status, number of records and data size.

The data size of tables with the same layout and content may vary slightly, depending on when and how the data was written by Snowflake.

Definition: An overview of the table schema, also available in text. Fields can be added to the schema but not deleted. Tip for deleting fields: copy the schema as text and paste in a new empty table where the schema is still editable.
Preview: A preview of the table for the 50 first rows (when data is uploaded into the table). Select show details to see record details.
Source Data: the files that are currently uploaded into the table. You can see the Load Status of the files which can be Prepare Started

Table actions

From within the details of a table it is possible to perform the following actions from the Manage menu (top right) of the table:

Edit: Add fields to the table and change the table description.
Copy: Create a copy from this table in the same or a different project. In order to copy to another project, data sharing of the original project should be enabled in the details of this project. The user also has to have access to both original and target project.
Export as file: Export this table as a CSV or JSON file. The exported file can be found in a project where the user has the access to download it.

Manually importing data to your Table

To manually add data to your table, go to Projects > your_project > Base > Tables > your_table > Manage (top right) > Add Data

Data selection

The data selection screen will show options to select the structure as CSV (comma-separated), TSV (tab-separated) or JSON (JavaScript Object Notation) and the location of your source data. In the first step, you select the data format and the files containing the data.

Data format (required): Select the format of the data which you want to import.
Write preference: Define if data can be written to the table only when the table is empty, if the data should be appended to the table or if the table should be overwritten.
Delimiter: Which delimiter is used in the delimiter separated file. If the required delimiter is not comma, tab or pipe, select custom and define the custom delimiter.

Most of the advanced options are legacy functions and should not be used. The only exceptions are

Encoding: Select if the encoding is UTF-8 (any Unicode character) or ISO-8859-1 (first 256 Unicode characters).
Ignore unknown values: This applies to CSV-formatted files. You can use this function to handle optional fields without separators, provided that the missing fields are located at the end of the row. Otherwise, the parser can not detect the missing separator and will shift fields to the left, resulting in errors.
- If headers are used: The columns that have matching fields are loaded, those that have no matching fields are loaded with NULL and remaining fields are discarded.

Data import progress

To see the status of your data import, go to Projects > your_project > Activity > Base Jobs where you will see a job of type Prepare Data which will have succeeded or failed. If it has failed, you can see the error message and details by double-clicking the base job. You can then take corrective actions if the input mismatched with the table design and try to run the import again (with a new copy of the file as each input file can only be used once)

If you need to cancel the import, you can do so while it is scheduled by navigating to the Base Jobs inventory and selecting the job followed by Abort.

List of table data sources

To see which data has been used to populate your table go to Projects > your_project > Base > Tables > your_table > Source Data. This will list all the source data files, including those that failed to be imported. You can not use these files anymore to import again to prevent double entries. The load status will remain empty while the data is being processed and be set to load succeeded or failed after loading completes.

How to load array data in Base

Base Table schema definitions do not include an array type, but arrays can be ingested using either the Repeated mode for arrays containing a single type (ie, String), or the Variant type.

Parsing nested JSON data

If you have a nested JSON structure, you can import it into individual fields of your table.

For example, if your JSON nested structure looks like the above and you want to get it imported into a table with a, b and c having integers as values, you need to create a matching table. This can be done either or via the sql command CREATE OR REPLACE TABLE json_data ( a INTEGER, b INTEGER, c INTEGER);

Format your JSON data to have single lines per structure.

Finally, create a to import your data or perform a .

The resulting table will look like this:

Cohort Analysis

From the Cohorts menu in the left hand navigation, select a cohort created in Create Cohort to begin a cohort analysis.

Query Details

The query details can be accessed by clicking the triangle next to Show Query Details. The query details displays the selections used to create a cohort. The selections can be edited by clicking the pencil icon in the top right.

Charts

Charts will be open by default. If not, click Show Charts.
Use the gear icon in the top-right to change viewable chart settings.
There are four charts available to view summary counts of attributes within a cohort as histogram plots.

Single Subject Timeline View:

Display time-stamped events and observations for a single subject on a timeline.The timeline view is visible to only those subjects which have time-series data.
Below attributes are displayed in timeline view: • Diagnosed and Self-Reported Diseases: • Start and end dates • Progression vs. remission • Medication and Other Treatments: • Prescribed and self-medicated • Start date, end date, and dosage at every time point
The timeline utilizes age (at diagnosis, at event, at measurement) as the x-axis and attribute name as the y-axis. If the birthdate is not recorded for a subject, the user can now switch to Date to visualize data.

Measurement Section: A summary of measurements (without values) is displayed under the section titled "Measurements and Laboratory Values Available." Users can click a link to access the Timeline View for detailed results.

Drug Section: The "Drug Name" section lists drug names without repeating the header "Drug Name" for each entry.

Subjects

By Default, the Subjects tab is displayed.
The Subjects tab with a list of all subjects matching your criteria is displayed below Charts with a link to each Subject by ID and other high-level information. By clicking a subject ID, you will be brought to the data collected at the Subject level.

To Exclude specific subjects from subsequent analysis, such as marker frequencies or gene-level aggregated views, you can uncheck the box at the beginning of each row in the subject list. You will then be prompted to save any exclusion(s).

You can Export the list of subjects either to your ICA Project's data folder or to your local disk as a TSV file for subsequent use. Any export will omit subjects that you excluded after you saved those changes. For more information, see at the bottom of this page.

Remove a Subject

Specific subjects can be removed from a Cohort.
Select the Subjects tab.
Subjects in the Cohort, by default are checked.

Structural variant aggregation: Marker Frequency analysis

For each individual cohort, display a table of all observed SVs that overlap with a given gene.

Marker Frequency

Click the Marker Frequency tab, then click the Gene Expression tab.
Down-regulated genes are displayed in blue and Up-regulated genes are displayed in red.
A frequency in the Cohort is displayed and the Matching number/Total is also displayed in the chart.

Genes

You are brought to the Gene tab under the Gene Summary sub-tab.
Select a Gene by typing the gene name into the Search Genes text box.
A Gene Summary

Correlation

For every correlation, subjects contained in each count can be viewed by selecting the count on the bubble or the count on the X-axis and Y-axis.

Clinical vs. Clinical Attribute Comparison – Bubble Plot

Click the Correlation Tab.
In X-axis category, select Clinical.
In X-axis Attribute

Molecular vs. Molecular Attribute Comparison – Bubble Plot

To see a breakdown of Somatic Mutations vs. RNA Expression levels perform the following steps:

Note this comparison is for a Cancer case.

Click the Correlation Tab.
In X-axis category, select Somatic.
In X-axis Attribute

Clinical vs. Molecular Attribute Comparison – Bubble Plot

Note this comparison is for a Cancer case.

Click the Correlation Tab.
In X-axis category, select Somatic.
In X-axis Attribute

Molecular Breakdown

Click the Molecular Breakdown Tab.
In Enter a clinical Attribute, and select a clinical attribute.
In Enter a gene, select a gene by typing a gene name.

Note: for each of the aforementioned bubble plots, you can view the list of subjects by following the link under each subject count associated with an individual bubble or axis label. This will take you to the list of subjects view, see above.

CNV

If there is Copy Number Variant data in the cohort:

Click the CNV tab.
A graph will show CNV a Sample Percentage on the Y-axis and Chromosomes on the X-axis.
Any value above Zero is a copy number gain, and any value below Zero is a copy number loss.

Subject Export for Analysis in ICA Bench

ICA allows for integrated analysis in a computation workspace. You can export your cohorts definitions and, in combination with molecular data in your ICA Project Data, perform, for example, a GWAS analysis.

Confirm the VCF data for your analysis is in ICA Project Data.
From within your ICA Project, Start a Bench Workspace -- See for more details.
Navigate back to ICA Cohorts.

Analyses

An Analysis is the execution of a pipeline.

Starting Analyses

You can start an analysis from both the dedicated analysis screen or from the actual pipeline.

From Analyses

Navigate to Projects > Your_Project > Flow > Analyses.
Select Start.
Select a single Pipeline.

From Pipelines or Pipeline details

Navigate to Projects > <Your_Project> > Flow > Pipelines
Select the pipeline you want to run or open the pipeline details of the pipeline which you want to run.
Select Start Analysis.

Aborting Analyses

You can abort a running analysis from either the analysis overview (Projects > your_project > Flow > Analyses > your_analysis > Manage > Abort) or from the analysis details (Projects > your_project > Flow > Analyses > your_analysis > Details tab > Abort).

Rerunning Analyses

Once an analysis has been executed, you can rerun it with the same settings or choose to modify the parameters when rerunning. Modifying the parameters is possible on a per-analysis basis. When selecting multiple analyses at once, they will be executed with the original parameters. Draft pipelines are subject to updates and thus can result in a different outcome when rerunning. ICA will display a warning message to inform you of this when you try to rerun an analysis based on a draft pipeline.

When rerunning an analysis, the user reference will be the original user reference (up to 231 characters), followed by _rerun_yyyy-MM-dd_HHmmss.

When there is an XML configuration change on a a pipeline for which you want to rerun an analysis, ICA will display a warning and not fill out the parameters as it cannot guarantee their validity for the new XML. You will need to provide the input data and settings again to rerun the analysis.

Some restrictions apply when trying to rerun an analysis.

Analyses

Rerun

Rerun with modified parameters

To rerun one or more analyses with te same settings:

Navigate to Projects > Your_Project > Flow > Analyses.
In the overview screen, select one or more analyses.
Select Manage > Rerun. The analyses will now be executed with the same parameters as their original run.

To rerun a single analysis with modified parameters:

Navigate to Projects > Your_Project > Flow > Analyses.
In the overview screen, open the details of the analysis you want to rerun by clicking on the analysis user reference.
Select Rerun. (at the top right)

Lifecycle

Status

Description

Final State

When an analysis is started, the availability of resources may impact the start time of the pipeline or specific steps after execution has started. Analyses are subject to delay when the system is under high load and the availability of resources is limited.

During analysis start, ICA runs a verification on the input files to see if they are available. When it encounters files that have not completed their upload or transfer, it will report "Data found for parameter [parameter_name], but status is Partial instead of Available". Wait for the file to be available and restart the analysis.

When the underlying storage provider runs out of storage resources, the Status field of the Analysis details will indicate this. There is no need to abort or rerun the analysis.

Analysis steps logs

During the execution of an analysis, logs are produced for each process involved in the analysis lifecyle. In the analysis details view, the Steps tab is used to view the steps in near real time as they're produced in the running processes. A grid layout is used for analyses with more than 50 steps, a tiled view for analyses with 50 steps or less, though you can choose to also use the grid layout for those by means of the tile/grid button on the top right of the analysis log tab. The steps tab also shows which resources were used as compute type in the different main analysis steps. (For child steps, these are displayed on the parent step)

There are system processes involved in the lifeycle for all analyses (ie. downloading inputs, uploading outputs, etc.) and there are processes which are pipeline-specific, such as processes which execute the pipeline steps. The below table describes the system processes. You can choose to display or hide these system processes with the Show technical steps

Process

Description

Additional log entries will show for the processes which execute the steps defined in the pipeline.

Each process shows as a distinct entry in the steps view with a Queue Date, Start Date, and End Date.

Timestamp

Description

The time between the Start Date and the End Date is used to calculate the duration. The time of the duration is used to calculate the usage-based cost for the analysis. Because this is an active calculation, sorting on this field is not supported.

Each log entry in the Steps view contains a checkbox to view the stdout and stderr log files for the process. Clicking a checkbox adds the log as a tab to the log viewer where the log text is displayed and made available for download.

Analysis Cost

To see the price of an analysis in iCredits, look at Projects > your_project > Flow > Analyses > your_analysis > Details tab. The pricing section will show you the entitlement bundle, storage detail and price in iCredits once the analysis has succeeded, failed or been aborted.

Log Files

By default, the stdout and stderr files are located in the ica_logs subfolder within the analysis. This location can be changed by selecting a different in the current project at the start of the analysis. Do not use a folder which already contains log files as these will be overwritten. To set the log file location, you can also use the CreateAnalysisLogs section of the Create Analysis .

If you delete these files, no log information will be available on the analysis details > Steps tab.

You can access the log files from the analysis details (projects > your_project > flow > analysis > your_analysis > details tab)

Log Streaming

Logs can also be streamed using websocket client tooling. The API to retrieve analysis step details returns websocket URLs for each step to stream the logs from stdout/stderr during the step's execution. Upon completion, the websocket URL is no longer available.

Analysis Output Mappings

Currently, only FOLDER type output mappings are supported

By default, analysis outputs are directed to a new folder within the project where the analysis is launched. Analysis output mappings may be specified to redirect outputs to user-specified locations consisting of project and path. An output mapping consists of:

the source path on the local disk of the analysis execution environment, relative to the working folder.
the data type, either FILE or FOLDER
the target project ID to direct outputs to; analysis launcher must have contributor access to the project.

If the output folder already exists, any existing contents with the same filenames as those output from the pipeline will be overwritten by the new analysis

Example

In this example, 2 analysis output mappings are specified. The analysis writes data during execution in the working directory at paths out/test and out/test2. The data contained in these folders are directed to project with ID 4d350d0f-88d8-4640-886d-5b8a23de7d81 and at paths /output-testing-01/ and /output-testing-02/ respectively, relative to the root of the project data.

The following demonstrates the construction of the request body to start an analysis with the output mappings described above:

You can jump from the Analysis Details to the individual files and folders by opening the output files tab on the detail view (Projects > your_project > Flow > Analyses > your_analysis > Output files tab > your_output_file) and selecting Open in data.

The Output files section of the analyses will always show the generated outputs, even when they have since been deleted from storage. This is done so you can always see which files were generated during the analysis. In this case it will no longer be possible to navigate to the actual output files.

analysis output

logs output

Notes

Hyperlinking

If you want to share a link to an analysis, you can copy and paste the URL from your browser when you have the analysis open. The syntax of the analysis link will be <hostURL>/ica/link/project/<projectUUID>/analysis/<analysisUUID>. Likewise, workflow sessions will use the syntax <hostURL>/ica/link/project/<projectUUID>/workflowSession/<workflowsessionUUID>. To prevent third parties from accessing data via the link when it is shared or forwarded, ICA will verify the access rights of every user when they open the link.

Restrictions

Input for analysis is limited to a total of 50,000 files (including multiple copies of the same file). Concurrency limits on analyses prevent resource hogging which could result in resource starvation for other tenants. Additional analyses will be queued and scheduled when currently running analyses complete and free up positions. The theoretical limit is 20, but this can be less in practice, depending on a number of external factors.

Troubleshooting

When your analysis fails, open the analysis details view (Projects > your_project> Flow > Analyses > your_analysis) and select display failed steps. This will give you the steps view filtered on those steps that had non-0 exit codes. If there is only one failed step which has logfiles, the stderr of that step will be displayed.

For pipeline developers: add automatic retrying to the individual steps that fail with error 55 / 56 (provided these steps are idempotent) See for retries.

Exit code 55 indicates analysis failure on economy instances due to an external event such as spot termination. You can retry the analysis.
Exit code 56 indicates analysis failure due to pod disruption and deletion by Kubernetes' Pod Garbage Collector (PodGC) because the node it was running on no longer exists. You can retry the anlaysis.

API Beginner Guide

API Basics

Any operation from the ICA graphical user interface can also be performed with the API.

The following are some basic examples on how to use the API. These examples are based on using Python as programming language. For other languages, please see their native documentation on API usage.

Prerequisites

An installed copy of Python. (https://www.python.org/)
The package installer for python (pip) (https://pip.pypa.io/)
Having the python requests library installed (pip install requests)

Authenticating

One of the easiest authentication methods is by means of API keys. To generate an API key, refer to the section. This key is then used in your Python code to authenticate the API calls. It is best practice to regularly update your API keys.

API keys are valid for a single user, so any information you request is for that user to which the key belongs. For this reason, it is best practice to create a dedicated API user so you can manage the access rights for the API by managing those user rights.

API Reference

There is a dedicated where you can enter your API key and try out the different API commands and get an overview of the available parameters.

Converting curl to Python

The examples on the page use curl (Client URL) while Python uses Python requests. There are a number of online tools to automatically convert from curl to python.

To get the curl command,

Look up the endpoint you want to use on the API reference page.
Select Try it out.
Enter the necessary parameters.

Never paste your API authentication key into online tools when performing curl conversion as this poses a significant security risk.

In the most basic form, the curl command

curl my.curlcommand.com

becomes

You will see the following options in the curl commands on the page.

-H means header.

-X means the string is passed "as is" without interpretation.

becomes

Simple API Examples

Request a list of event codes

This is a straightforward request without parameters which can be used to to verify your connection.

The API call is

response = requests.get('https://ica.illumina.com/ica/rest/api/eventcodes', headers={'X-API-Key': '<your_generated_API_key>'})

In this example, the API key is part of your API call, which means you must update all API calls when the key changes. A better practice is to put this API key in the headers so it is easier to maintain. The full code then becomes

Pretty-printing the result

The list of application codes was returned as a single line, which makes it difficult to read, so let's pretty-print the result.

Retrieving a list of projects

Now that we are able to retrieve information with the API, we can use it for a more practical request like retrieving a list of projects. This API request can also take parameters.

Retrieve all projects

First, we pass the request without parameters to retrieve all projects.

Single parameter

The easiest way to pass a parameter is by appending it to the API request. The following API request will list the projects with a filter on CAT as user tag.

response = requests.get('https://ica.illumina.com/ica/rest/api/projects?userTags=CAT', headers=headers)

Multiple parameters

If you only want entries that have both the tags CAT and WOLF, you would append them like this:

response = requests.get('https://ica.illumina.com/ica/rest/api/projects?userTags=CAT&userTags=WOLF', headers=headers)

Copying Data

To copy data, you need to know:

Your generated API key.
The dataId of the files and folders which you want to copy (their syntax is fil.hexadecimal_identifier and fol.hexadecimal_identifier). You can select a file or folder in the GUI and select it to see the Id (Projects > your_project > Data > your_file > Data details > Id) or you can use the /api/projects/{projectId}/data endpoint.
The destination project to which you want to copy the data.

The full code will then be as follows:

Combined API Example - Running a Pipeline

Now that we have done individual API requests, we can combine them and use the output of one request as input for the next request. When you want to run a pipeline, you need a number of input parameters. In order to obtain these parameters, you need to make a number of API calls first and use the returned results as part of your request to run the pipeline. In the examples below, we will build up the requests one by one so you can run them individually first to see how they work. These examples only follow the happy path to keep them as simple as possible. If you program them for a full project, remember to add error handling. You can also use the GUI to get all the parameters or write them down after performing the individual API calls in this section. Then, you can build your final API call with those values fixed.

Initialization

This block must be added at the beginning of your code

Look for a project in the list of Projects

Previously, we already requested a list of all projects, now we add a search parameter to look for a project called MyProject. (Replace MyProject with the name of the project you want to look for).

Now that we have found our project by name, we need to get the unique project id, which we will use in the combined requests. To get the id, we add the following line to the end of the code above.

Syntax ['items'][0]['id'] means we look for the items list, 0 means we take the first entry (as we presume our filter was accurate enough to only return the correct result and we don't have duplicate project names) and id means we take the data from the id field. Similarly, you can build other expressions to give you the data you want to see, such as ['items'][0]['urn'] to get the urn or ['items'][0]['tags']['userTags'] to get the list of user tags.

Once we have the identifier we need, we add it to a variable which we will call Project_Identifier in our examples.

Retrieve the Pipelines of your Project

Once we have the identifier of our project, we can fill it out in the request to list the pipelines which are part of our project.

This will give us all the available pipelines for that project. As we will only want to run a single pipeline, we can search for our pipeline, which in this example will be the basic_pipeline. Unfortunately, this API call has no direct search parameter, so when we get the list of pipelines, we will look for the id and store that in a variable which we will call Pipeline_Identifier in our examples as follows:

Find which parameters the Pipeline needs.

Once we know the project identifier and the pipeline identifier, we can create an API request to retrieve the list of input parameters which are needed for the pipeline. We will consider a simple pipeline which only needs a file as input. If your pipeline has more input parameters, you will need to set those as well.

Find the Storage Size to use for the analysis.

Here we will look for the id of the extra small storage size. This is done with the 0 in the My_API_Data['items'][0]['id']

Find the files to use as input for your pipeline.

Now we will look for a file "testExample" which we want to use as input and store the file id.

Start the Pipeline.

Finally, we can run the analysis with parameters filled out.

Complete code example

Connect AWS S3 Bucket

You can use your own S3 bucket with Illumina Connected Analytics (ICA) for data storage. This section describes how to configure your AWS account to allow ICA to connect to an S3 bucket.

These instructions utilize the AWS CLI. Follow the AWS CLI documentation for instructions to download and install.

When configuring a new project in ICA to use a preconfigured S3 bucket, create a folder on your S3 bucket in the AWS console. This folder will be connected to ICA as a prefix.

Failure to create a folder will result in the root folder of your S3 bucket being assigned which will block your S3 bucket from being used for other ICA projects with the error "Conflict while updating file/folder. Please try again later."

Because of how and does not send events for S3 folders, the following restrictions must be taken into account for ICA project data stored in S3.

When creating an empty folder in S3, it will not be visible in ICA.

Prerequisites

The AWS S3 bucket must exist in the same AWS region as the ICA project. Refer to the table below for a mapping of ICA project regions to AWS regions:

ICA Project Region

AWS Region

(*) BSSH is not currently deployed on the South Korea instance, resulting in limited functionality in this region with regard to sequencer integration.

You can use unversioned, versioned and suspended buckets as own S3 storage.

If you connect buckets with object versioning, the data in ICA will be automatically synced with the data in objectstore. When an object is deleted without specifying a particular version, a Delete marker is created on the objectstore to indicate that the object has been deleted. ICA will reflect the object state by deleting the record from the database. No further action on your side is needed to sync.

You can enable SSE using an Amazon S3-managed key (SSE-S3). Instructions for using KMS-managed (SSE-KMS) keys are found .

Configuration

1 - Configure Bucket CORS Permission

ICA requires cross-origin resource sharing (CORS) permissions to write to the S3 bucket for uploads via the browser. Refer to (expand the "Using the S3 console" section) documentation for instructions on enabling CORS via the AWS Management Console.

In the cross-origin resource sharing (CORS) section, enter the following content.

2 - Create Data Access Permission - AWS IAM Policy

ICA requires specific permissions to access data in an AWS S3 bucket. These permissions are contained in an AWS IAM Policy.

Permissions

Refer to the documentation for instructions on creating an AWS IAM Policy via the AWS Management Console. Use the following configuration during the process:

paste the JSON policy document below. Note the example below provides access to all objects prefixes in the bucket.

Replace YOUR_BUCKET_NAME with the name of the S3 bucket you created for ICA. Replace YOUR_FOLDER_NAME with the name of the folder in your S3 bucket.

On Versioned OR Suspended buckets, paste the JSON policy document below. Note the example below provides access to all objects prefixes in the bucket.

(Optional) Set policy name to "illumina-ica-admin-policy"

To create the IAM Policy via the AWS CLI, create a local file named illumina-ica-admin-policy.json containing the policy content above and run the following command. Be sure the path to the policy document (--policy-document) leads to the path where you saved the file:

3 - Create AWS IAM User

An AWS IAM User is needed to create an Access Key for ICA to connect to the AWS S3 Bucket. The policy will be attached to the IAM user to grant the user the necessary permissions.

Refer to the documentation for instructions on creating an AWS IAM User via the AWS Management Console. Use the following configuration during the process:

(optional) Set user name to "illumina_ica_admin"
Select the Programmatic access option for the type of access
Select Attach existing policies directly when setting the permissions, and choose the policy created in

To create the IAM user and attach the policy via the AWS CLI, enter the following command (AWS IAM users are global resources and do not require a region to be specified). This command creates an IAM user illumina_ica_admin, retrieves your AWS account number, and then attaches the policy to the user.

4. -Create AWS Access Key

If the Access Key information was retrieved during the , skip this step.

Refer to the AWS documentation for instructions on creating an AWS Access Key via the AWS Console. See the "To create, modify, or delete another IAM user's access keys (console)" sub-section.

Use the command below to create the Access Key for the illumina_ica_admin IAM user. Note the SecretAccessKey is sensitive and should be stored securely. The access key is only displayed when this command is executed and cannot be recovered. A new access key must be created if it is lost.

The AccessKeyId and SecretAccessKey values will be provided to ICA in the next step.

5 - S3 Bucket Policy

Connecting your S3 bucket to ICA does not require any additional bucket policies.

What if you need a bucket policy for use cases beyond ICA?

The bucket policy must then support the essential permissions needed by ICA without inadvertently restricting its functionality.

Be sure to replace the following fields:

6 - Block Public Access to S3 bucket (optional)

By default, public access to the S3 bucket is allowed. For increased security, it is advised to block public access with the following command:

To block public access to S3 buckets on account level, you can use the AWS Console on the website.

7 - Create ICA Storage Credential

To connect your S3 account to ICA, you need to add a storage credential in ICA containing the Access Key ID and Access Key created in the previous step. From the ICA home screen, navigate to System Settings > Credentials > Create > Storage Credential to create a new storage credential.

Provide a name for the storage credentials, ensure the type is set to "AWS user" and provide the Access Key ID and Secret Access Key.

With the secret credentials created, a storage configuration can be created using the secret credential. Refer to the instructions to for details.

The key prefix is mandatory in your storage credentials if you created a folder as recommended in step 2 .

8 - Enabling Cross Account Access for Copy and Move Operations

ICA uses AssumeRole to copy and move objects from a bucket in an AWS account to another bucket in another AWS account. To allow cross account access to a bucket, the following policy statements must be added in the S3 bucket policy:

Be sure to replace the following fields:

ASSUME_ROLE_ARN: Replace this field with the ARN of the cross account role you want to give permission to. Refer to the table below to determine which region-specific Role ARN should be used.

The ARN of the cross account role you want to give permission to is specified in the Principal. Refer to the table below to determine which region-specific Role ARN should be used.

Region

Role ARN

Troubleshooting

Common Issues

The following are common issues encountered when connecting an AWS S3 bucket through a storage configuration

Error Type

Error Message

Description/Fix

Conflicting bucket notifications

This error occurs when an existing bucket notification's event information overlaps with the notifications ICA is trying to add. only allows overlapping events with non-overlapping prefix. Depending on the conflicts on the notifications, the error can be presented in any of the following:

Volume Configuration cannot be provisioned: storage container is already set up for customer's own notification
Invalid parameters for volume configuration: found conflicting storage container notifications with overlapping prefixes
Failed to update bucket policy: Configurations overlap. Configurations on the same bucket cannot share a common event type

Solution:

In the Amazon S3 Console, review your current S3 bucket's notification configuration and look for prefixes that overlap with your Storage Configuration's key prefix
Delete the existing notification that overlaps with your Storage Configuration's key prefix
ICA will perform a series of steps in the background to re-verify the connection to your bucket.

GetTemporaryUploadCredentialsAsync failure

This error can occur when recreating a recently deleted storage configuration. To fix the issue, you have to delete the bucket notifications:

In the select the bucket for which you need to delete the notifications from the list.
Choose properties
Navigate to the Event Notifications section and choose the check box for the event notifications with name gds:objectcreated, gds:objectremoved and gds:objectrestore and click Delete.

If you do not want to wait 15 minutes, you can revalidate the current storage configuration for an immediate update on the System Settings > Storage > Manage > Validate.

Pipelines

A Pipeline is a series of Tools with connected inputs and outputs configured to execute in a specific order.

Linking Existing Pipelines

Linking a pipeline (Projects > your_project > Flow > Pipelines > Link) adds that pipeline to your project. This is not as a copy, but as the actual pipeline, so any changes to the pipeline are atomatically propagated to and from any project which has this pipeline linked.

You can link a pipeline if it is not already linked to your project and it is from your tenant or available in your bundle or activation code.

Activation codes are tokens which allow you to run your analyses and are used for accounting and allocating the appropriate resources. ICA will automatically determine the best matching activation code, but this can be overwritten if needed.

If you unlink a pipeline it removes the pipline from your project, but it remains part of the list of pipelines of your tenant, so it can be linked to other projects later on.

There is no way to permanently delete a pipeline.

Create a Pipeline

Pipelines are created and stored within projects.

Navigate to Projects > your_project > Flow > Pipelines > +Create.
Select Nextflow (XML / JSON / ) , CWL Graphical or CWL code (XML / JSON / ) to create a new Pipeline.
Configure pipeline settings in the pipeline property tabs.

Pipelines use the latest tool definition when the pipeline was last saved. Tool changes do not automatically propagate to the pipeline. In order to update the pipeline with the latest tool changes, edit the pipeline definition by removing the tool and re-adding it back to the pipeline.

Individual Pipeline files are limited to 20 Megabytes. If you need to add more than this, split your content over multiple files.

Pipeline Statuses

For pipeline authors sharing and distributing their pipelines, the draft, released, deprecated, and archived statuses provide a structured framework for managing pipeline availability, user communication, and transition planning. To change the pipeline status, select it at Projects > your_project > Pipelines > your_pipeline > change status.

You can edit pipelines while they are in Draft status. Once they move away from draft, pipelines can no longer be edited. Pipelines can be cloned (top right in the details view) to create a new editable version.

Pipeline Properties

The following sections describe the properties that can be configured in each tab of the pipeline editor.

Depending on how you design the pipeline, the displayed tabs differ between the graphical and code definitions. For CWL you have a choice on how to define the pipeline, Nextflow is always defined in code mode.

Any additional source files related to your pipeline will be displayed here in alphabetical order.

See the following pages for language-specific details for defining pipelines:

Details

The details tab provides options for configuring basic information about the pipeline.

Field

Entry

The following information becomes visible when viewing the pipeline details.

Field

Entry

The clone action will be shown in the pipeline details at the top-right. Cloning a pipeline allows you to create modifications without impacting the original pipeline. When cloning a pipeline, you become the owner of the cloned pipeline. When you clone a pipeline, you must give it a unique name because no duplicate names are allowed within all projects of the tenant. So the name must be unique per tenant. It is possible that you see the same pipeline name twice when a pipeline linked from another tenant is cloned with that same name in your tenant. The name is then still unique per tenant, but you will see them both in your tenant.

When you clone a Nextflow pipeline, a verification of the configured Nextflow version is done to prevent the use of deprecated versions.

Documentation

The Documentation tab provides is the place where you explain how your pipeline works to users. The description appears in the tool repository but is excluded from exported CWL definitions. If no documentation has been provided, this tab will be empty.

Definition (Graphical)

When using graphical mode for the pipeline definition, the Definition tab provides options for configuring the pipeline using a visualization panel and a list of component menus.

Description

In graphical mode, you can drag and drop inputs into the visualization panel to connect them to the tools. Make sure to connect the input icons to the tool before editing the input details in the component menu. Required tool inputs are indicated by a yellow connector.

Safari is not supported as browser for graphical editing.

When creating a graphical CWL pipeline, do not use spaces in the input field names, use underscores instead. The API performs normalization of input names when running the analysis to prevent issues with special characters (such as accented letters) by replacing them with their more common (unaccented) counterpart. Part of this normalization includes replacing spaces in names with underscores. This normalization is applied to file input name, reference file input name, step id and step parameters.

You will encounter the error ICA_API_004 "No value found for required input parameter" when trying to run an API analysis on a graphical pipeline that has been designed with spaces in input parameters.

XML Configuration / JSON Inputform Files (Code)

This page is used to specify all relevant information about the pipeline parameters.

There is a limit of 200 reports per report pattern which will be shown when you have multiple reports matching your regular expression.

Compute Resources

Compute Nodes

For each process defined by the workflow, ICA will launch a compute node to execute the process.

For each compute type, the standard (default - AWS on-demand) or economy (AWS spot instance) tiers can be selected.
When selecting an fpga instance type for running analyses on ICA, it is recommended to use the medium size. While the large size offers slight performance benefits, these do not proportionately justify the associated cost increase for most use cases.
When no type is specified, the default type of compute node is

You can see which resources were used in the different analysis steps at Projects > your_project > Flow > Analyses > your_analysis > Steps tab. (For child steps, these are displayed on the parent step)

By default, compute nodes have no scratch space. This is an advanced setting and should only be used when absolutely necessary as it will incur additional costs and may offer only limited performance benefits because it is not local to the compute node.

For simplicity and better integration, consider using shared storage available at /ces. It is what is provided in the Small/Medium/Large+ compute types. This shared storage is used when writing files with relative paths.

Scratch space notes

If you do require scratch space via a Nextflow pod annotation or a CWL resource requirement, the path is /scratch.

For Nextflow pod annotation: 'volumes.illumina.com/scratchSize', value: '1TiB' will reserve 1 TiB.

Compute Types

Daemon sets and system processes consume approximately 1 CPU and 2 GB Memory from the base values shown in the table. Consumption will vary based on the activity of the pod.

¹ DRAGEN pipelines running on fpga2 compute type will incur a DRAGEN license cost of 0.10 iCredits per gigabase of data processed, with additional discounts as shown below.

80 or less gigabase per sample - no discount - 0.10 iCredits per gigabase

The DRAGEN_Map_Align pipeline running on fpga2 has the standard DRAGEN license cost of 0.10 iCredits per Gbase processed, with but replaces the standard volume discounts with the discounts shown below.

10 or less gigabase per sample - no discount - 0.10 iCredits per gigabase

(2) The compute type himem-xlarge has low availability.

FPGA1 instances were decommissioned on Nov 1st 2025. Please migrate to F2 for improved capacity and performance with up to 40% reduced turnaround time for analysis.

(3) The transfer size selected is based on the selected storage size for compute type and used during upload and download system tasks.

Nextflow/CWL Files (Code)

Syntax highlighting is determined by the file type, but you can select alternative syntax highlighting with the drop-down selection list. The following formats are supported:

DIFF (.diff)
GROOVY (.groovy .nf)
JAVASCRIPT (.js .javascript)
JSON (.json)

If the file type is not recognized, it will default to text display. This can result in the application interpreting binary files as text when trying to display the contents.

Main.nf (Nextflow code)

The Nextflow project main script.

Nextflow.config (Nextflow code)

The Nextflow configuration settings.

Workflow.cwl (CWL code)

The Common Workflow Language main script.

Adding Files

Multiple files can be added by selecting the +Create option at the bottom of the screen to make pipelines more modular and manageable.

Metadata Model

See

Report

Here patterns for detecting report files in the analysis output can be defined. On opening an analysis result window of this pipeline, an additional tab will display these report files. The goal is to provide a pipeline-specific user-friendly representation of the analysis result.

To add a report select the + symbol on the left side. Provide your report with a unique name, a regular expression matching the report and optionally, select the format of the report. This must be the source format of the report data generated during the analysis.

There is a limit of 20 reports per report pattern which will be shown when you have multiple reports matching your regular expression.

Start a New Analysis

Use the following instructions to start a new analysis for a single pipeline.

Select Projects > your_project > Flow > Pipelines.
Select the pipeline or pipeline details of the pipeline you want to run.
Select Start Analysis.

Analysis Settings

The Start Analysis screen provides the configuration options for the analysis.

Field

Entry

¹ When using the API, you can to be outside of the current project.

Aborting Analyses

View Analysis Results

You can view analysis results on the Analyses page or in the output folder on the Data page.

Select a project, and then select the Flow > Analyses page.
Select an analysis.
From the output files tab, expand the list if needed and select an output file.

Illumina Connected Analytics

Introduction

hashtagNew

hashtagHome

hashtagProject

hashtagCommand-Line Interface

hashtagSequencer Integration

hashtagTutorials

hashtagReference

Get Started

About the Platform

hashtagGetting Started

hashtagGetting Help

hashtagOther Illumina Products

hashtagRelease Notes

Get Started

hashtagSoftware Registration

hashtagTenant Setup

hashtagAPI Keys

hashtagGenerate an API Key

hashtagAccess via Web UI

hashtagAccess via the CLI

hashtagAccess via the API

hashtagObject Identifiers

hashtagJSON Web Token (JWT)

Home

Event Log

Storage

hashtag

Project

Non-Indexed Folders

Data Integrity

Storage Cost Managment

hashtagMonitoring Storage Cost

hashtagProject Files in ICA

Samples

hashtagAdd New Sample

hashtagAdd Files to Samples

hashtagUnlink Files from Samples

hashtagLink Samples to Project

hashtagDelete Samples

Activity

hashtagData Transfers

Flow

Reference Data

hashtagCreating Reference Data

CWL

hashtagCompute Type

hashtagStandard vs Economy

hashtagConsiderations

hashtagCWL Overrides

Snowflake

hashtagUser

hashtagUser/Project-Bundle

Bench

hashtagAccess

hashtagEnabling Bench for your project

hashtagSetting user level access.

Sun Grid Engine (SGE) on ICA Bench

hashtagRunning Jobs in a Bench SGE Cluster

hashtagJob resources

Spark on ICA Bench

hashtagRunning a pyspark application

JupyterLab

hashtagICA Python Library

FUSE Driver

Cohorts

hashtagIntroduction to Cohorts

hashtag

Prepare Metadata Sheets

Precomputed GWAS and PheWAS

hashtagVisualize Results from Precomputed Genome-Wide Association Studies (GWAS)

Oncology Walk-through

hashtagCreate a Cancer Cohort and View Subject Details

Details

hashtagAdding Linked Bundle Assets

Connectivity

Command-Line Interface

Installation

Authentication

New

Home

Project

Command-Line Interface

Sequencer Integration

Tutorials

Reference

Getting Started

Getting Help

Other Illumina Products

Release Notes

Software Registration

Tenant Setup

API Keys

Generate an API Key

Access via Web UI

Access via the CLI

Access via the API

Object Identifiers

JSON Web Token (JWT)

Monitoring Storage Cost

Project Files in ICA

Add New Sample

Add Files to Samples

Unlink Files from Samples

Link Samples to Project

Delete Samples

Data Transfers

Creating Reference Data

Compute Type

Standard vs Economy

Considerations

CWL Overrides

User

User/Project-Bundle

Access

Enabling Bench for your project

Setting user level access.

Running Jobs in a Bench SGE Cluster

Job resources

Running a pyspark application

ICA Python Library

Introduction to Cohorts

Visualize Results from Precomputed Genome-Wide Association Studies (GWAS)

Create a Cancer Cohort and View Subject Details

Adding Linked Bundle Assets

Mount projectdata using CLI

Prerequisites

Mount projectdata

Unmount project data

Getting Started

Getting Help

Other Illumina Products

Release Notes

New

Home

Project

Command-Line Interface

Sequencer Integration

Tutorials

Reference

Software Registration

Tenant Setup

API Keys

Generate an API Key

Access via Web UI

Access via the CLI

Access via the API

Object Identifiers

JSON Web Token (JWT)

Running Jobs in a Bench SGE Cluster

Job resources

User

User/Project-Bundle

Visualize Results from Precomputed Genome-Wide Association Studies (GWAS)

Introduction to Cohorts

Roles

Project viewer role

Project contributor role

Warehouses