This page is not created by, affiliated with, or supported by Slack Technologies, Inc.
2018-10-25
Channels
- # 100-days-of-code (6)
- # announcements (4)
- # aws (2)
- # beginners (151)
- # boot (1)
- # calva (1)
- # cider (19)
- # clara (47)
- # cljdoc (9)
- # cljs-dev (25)
- # clojars (18)
- # clojure (151)
- # clojure-canada (1)
- # clojure-conj (1)
- # clojure-dev (17)
- # clojure-italy (42)
- # clojure-nl (34)
- # clojure-spec (67)
- # clojure-uk (125)
- # clojurescript (163)
- # core-async (106)
- # cursive (19)
- # data-science (11)
- # datomic (9)
- # duct (2)
- # figwheel (1)
- # figwheel-main (6)
- # fulcro (97)
- # graphql (9)
- # instaparse (4)
- # jobs (6)
- # jobs-discuss (21)
- # leiningen (62)
- # mount (23)
- # off-topic (16)
- # re-frame (15)
- # reagent (16)
- # reitit (5)
- # remote-jobs (1)
- # ring-swagger (9)
- # shadow-cljs (176)
- # tools-deps (102)
- # unrepl (3)
bump from yesterday - any clues regarding ion lambda access to SSM? i see ion/get-params
used in the datomic/ion-event-example
project. i ended up adding a full SSM policy to our [compute-group]-DatomicLambdaRole (the execution role for the lambda) with no luck. the lambda returns User: is not authorized to perform: ssm:GetParametersByPath on resource: ...
. any help is much appreciated. 🙂
I can maybe help. I’ve got a node.js lambda reading SSM parameters. here’s the IAM perms that were required
{ “PolicyName”: “root”, “PolicyDocument”: { “Version”: “2012-10-17”, “Statement”: [ { “Action”: [ “logs:CreateLogGroup”, “logs:CreateLogStream”, “logs:PutLogEvents” ], “Effect”: “Allow”, “Resource”: “*” }, { “Effect”: “Allow”, “Action”: [ “ssm:GetParameter”, “ssm:GetParameters” ], “Resource”: { “Fn::Join”: [ “”, [ “arn:aws:ssm:“, { “Ref”: “AWS::Region” }, “:”, { “Ref”: “AWS::AccountId” }, “:parameter/“, { “Ref”: “Application” }, “-*” ] ] } } ] } }
Josh, as mentioned here: https://docs.datomic.com/cloud/ions/ions-reference.html#parameters-example
there is a default datomic-shared
parameter store that is readable by allDatomic nodes
also see https://docs.datomic.com/cloud/operation/access-control.html#authorize-ions
@U0510KXTU For an additional anecdatapoint: we've currently handled this with full read access (we're using application-specific config outside of datomic-shared), but are looking to whittle it down from there.