Fork me on GitHub

Does anyone know if we can set Transactor properties (like license-key, protocol, alt-host, etc) using environment variables? If so, what is the naming convention for those variables? I tried the Java approach (`DATOMIC_LICENSE_KEY`, for instance) but it doesn’t seem to work…


@t.augusto those are not configurable as envars - that would be a good suggestion for a feature that I’d encourage you to log at our feature request portal (“suggest features” link in the top nav of


you can supply them as java properties on the command line though IIRC? (e.g: java -Ddatomic.licenseKey=...)


possibly; i can’t recall which ones that will work for


tlima: we just use a script that injects env vars into a properties template using sed


I’d probably use the same approach as @matthavener ^ since if you’re deploying anywhere with VMs, you’ll need to dynamically populate host and alt-host anyway


if you look at the scripts in here, its pretty similar


Yeah, we use ansible’s templating to setup our on-prem stuff


Is there a new version of Cloud? Just noticed there’s a field to set a map of inputs for ion/get-env


Ion Question: Is there any mechanism for conveyance of permissions from Lambda to the proxied code?


@ghadi I asked this previously, I think the asg has to be given permissions.


thanks @dominicm ... I wonder if there is a Better Way


@ghadi within the constraints of aws it's hard to think of a better way it could be done without ending up in heavy lambda territory


Has anyone measured the point at which datomic transactor does not scale well? The context here is that I am about to recommend using it for a transactional system containing around 1 billion entities. I’m expecting throughput of about 1 million transactions on those entities per day.


In general no @ghadi. AWS permissions get applied only to the ‘aws thing’ in question. Giving a lambda perms to say read an S3 bucket, won’t in the case of ions, have anything to do with the EC2 instances where your actual ion code is running. You really just want to add whatever permissions your ions are going to need to the role associated with the EC2 instances, since lambdas are just ‘glue’ for ions


yeah I want to convey STS temporary credentials through to the compute cluster


Well, hmm… I mean, if you have the token, I guess you could include it in the payload, then when you’re calling AWS Service X, via the api you’d have to manually setup the credential provider


i don't have the token, I want to acquire it during execution of the lambda


Kinda like how Netflix BLESS works.


Strongly authenticate the lambda execution itself


Gotcha, I think the problem is that for ions, the actual lambda code is basically opaque. Your first opportunity to actually do your assumeRole’ing, etc would be the entry point into the clojure/datomic function. But you’d like to have that happen prior


Take a look at SSM parameters, that seems to be the best way to do env vars in the Ion world


I believe SSM parameters are static


I'll clarify my use-case a bit more, but it's per-request credentials


Ah ok, in that case I don't have experience to share.


@okocim @curtosis beware of valid false values in cond->

👍 4