is there a way of retrieving a set of entities grouped by a certain key?

I know I can use a custom aggr function

@mping Maybe with distinct ? https://docs.datomic.com/on-prem/query.html#aggregates-returning-collections

gonna give it a try

How are people handling middleware with Ions since routing happens at the API Gateway layer?

Nothing stops you from using ring middleware with ions. put the middleware around your app inside your call to apigw/ionize

@lanejo01 That's what I was thinking, but then aren't I wrapping each handler individually, even if they all share common middleware?

make 1 handler

do your routing in your app

Oh, so just a bare API Gateway proxy on "/", then everything the same as a usual Clojure webapp from there?

it can be, if you want to build it that way.

I havent done it that way so I may be wrong, but that is my understanding.

Well, I don't want to duplicate routing at two layers....

Delegating everything to the app feels like a misuse of API Gateway, but I'm just getting started with this entire stack. I'm basically here asking for best practices, or stories of pain so I can avoid. Maybe those haven't really congealed around Ions yet.

Have 'ionized' 3 apps at this point, run every thing through a single API GW for two of them, and the last we have two for a 'hard' separation of user and admin functions. I've been back and forth on it as well, but I'm leaning more towards using APIGW, more or less like ions use lambda, more of an AWS'ey way to 'lift' stuff into the clojure/datomic world as early as possible in a given flow, then just take it from there.

I'm definitely drawn to the "one APIGW entry proxying to one Ion handler per app" approach since then I can reuse the established Clojure webapp patterns and track all my routing/etc.. in code rather than a separate structure versioned in AWS. I've been second-guessing though since the core team's tutorials (eg https://docs.datomic.com/cloud/ions/ions-tutorial.html#webapp) guide towards "one Gateway entry and Ion handler per operation".

How can I grant a lambda ion read access to an S3 object?

Create a policy in IAM with read access to said S3 object, copy the arn for that policy, then do a parameter upgrade on your datomic cloud stack. At the bottom of the first ( I think) page there is a section that says effectively “attach the arn for the policy you want these nodes to have”. Paste the arn of the policy you created, complete the parameter upgrade, and that should do it.

(Just did this yesterday on the 4th project we have with ions)

That worked. Thanks! For reference: My basic misconception was that I added an inline policy to the Lambda execution role. But the Lambda function created on is just a thin layer for invoking the Clojure code inside the Datomic compute node.

(@stuarthalloway talks about this about 21 minutes into his intro video https://www.youtube.com/watch?v=3BRO-Xb32Ic)

Yeah, the docs are correct, however I believe that part is buried in “Operation > Access Control” no where near the rest of the ion tutorial. https://docs.datomic.com/cloud/operation/access-control.html#authorize-ions