Region policy

Understanding and setting up region policies in Verily Workbench
Tags:
Categories:

Purpose: This document explains the purpose of a region policy in Verily Workbench and how to apply one to a workspace or data collection.

Introduction

What is a region policy?

A region policy is a type of policy that limits which regions may be used to create cloud resources and environments. For example, if you used data from a collection that had a region policy, your cloud environment and analysis outputs must be kept within the regions specified by the policy. When a region policy is applied to a workspace outside of the prescribed regions, the default resource region must be updated in order to comply with the policy requirements. You don’t need to migrate data that was in the workspace before the policy was applied, and references to data aren’t affected.

See Apply a region policy for more details.

You can apply a region policy to data collections

What is a default resource region?

The default resource region is selected when you create a new workspace or data collection. Verily Workbench will automatically keep cloud resources and environments created in the workspace within this region to help prevent unexpected egress fees.

It’s possible to create resources in regions outside of the default resource region via the Workbench CLI, as long as there isn’t a conflicting region policy constraint applied.

What restrictions does a region policy enforce?

If a region policy is applied to a data collection, users can only create resources in the selected region(s). For example, any analysis outputs must be kept within the specified region(s).

Getting started

Apply a region policy

When you’re creating a new data collection, you’ll be asked if you want to add a region policy in the Set policies step. Select Limit creating resources to within selected regions and then click on the Region dropdown to select the region(s) you’d like to add to the policy. Proceed to the following setup steps to create your new data collection.

Screenshot of Set policies dialog that asks if the user wants to add a region policy.
Select regions where researchers can create resources for a data collection.

Once your data collection has been created, you can confirm the region policy has been applied by clicking the “active” link next to Policies. A dialog will open showing the supported regions in the policy.

Screenshot of Policies dialog that shows the region policy in place for a data collection.
View the region policy applied to your data collection.

Edit the default resource region on an existing workspace or data collection

Click the Edit button in the upper right corner of your workspace or data collection in the Workbench UI.

In the Edit dialog, click on the Default resource region dropdown to select a different region. Note that this change will only apply to newly created resources and environments. Existing resources will not move to the new region. Click Update to save your changes.

Screenshot of Edit data collection dialog that shows the default resource region dropdown.
Update the default resource region for your data collection.

Expected behavior

All subsequent versions of a data collection with a region policy applied will also inherit the region policy.

You can’t remove a region policy once it’s been applied to a data collection.

Last Modified: 21 October 2024