This page is not created by, affiliated with, or supported by Slack Technologies, Inc.
2020-01-22
Channels
- # announcements (5)
- # aws (38)
- # aws-lambda (21)
- # babashka (45)
- # beginners (87)
- # boot (1)
- # calva (32)
- # cider (23)
- # clara (7)
- # clj-kondo (41)
- # cljs-dev (29)
- # clojure (145)
- # clojure-europe (6)
- # clojure-italy (12)
- # clojure-nl (4)
- # clojure-spec (39)
- # clojure-uk (45)
- # clojurescript (171)
- # copenhagen-clojurians (4)
- # cursive (14)
- # datomic (48)
- # docker (6)
- # figwheel-main (2)
- # fulcro (54)
- # jackdaw (1)
- # jobs (1)
- # kaocha (3)
- # leiningen (7)
- # luminus (6)
- # malli (2)
- # off-topic (51)
- # pathom (8)
- # quil (20)
- # re-frame (14)
- # reagent (1)
- # reitit (2)
- # remote-jobs (1)
- # shadow-cljs (39)
- # tools-deps (1)
- # vim (12)
- # xtdb (5)
hey ty for ur reply, i did that (see 3. box) but than i got a SQLException
(d/create-database "datomic:")
=> Execution error (SQLException) at java.sql.DriverManager/getDriver (DriverManager.java:298).
No suitable driver
(d/create-database "datomic:sql://?jdbc:")
Execution error (SQLException) at java.sql.DriverManager/getDriver (DriverManager.java:298).
No suitable driver
but i was able to start the console this way
bin/console -p 8088 datomic "datomic:sql://?jdbc:"
yeah ,you need to add a dependency to the driver itself, I guess? Doesn't seem like Datomic provides one
:thinking_face: could u point out how i would do that? I'm kinda lost here :face_with_rolling_eyes:
add the dependency in project.clj, if you use leiningen. For example: [org.postgresql/postgresql "42.2.6"]
I'd like to check my understanding on datomic security (on-prem, AWS, DDB). Any machine can read + write to the datomic database if: ⢠A peer/client has the datomic-pro library ⢠The URI to your database is known ⢠An IAM instance role controls whether the application has permission to read/write to DDB.
My concern is: what's to stop anybody with datomic-pro who knows the URI of a datomic DB writing to it (When it's on-perm/AWS/DDB)?
just like any DB I would assume - firewall it. The URI of most DBs contain username/password etc
With DDB there is no host and port tho (AFAICT). so you can't for example use EC2 security-groups to control inbound access.
I'm definitely not an expert on DDB and AWS, but it seems odd to me that all DDBs are accessible to the public internet?
you can use DDB endpoints to restrict access to clients within a VPC. It's not "open" per-say, you need to grant IAM privileges (via roles) to read and write from DDB. And the transactor process is given those when it is set up. What I'm failing to remember/see is the problem of securing peer access - that is, if the DB URI is known, how to prevent access from any arbitrary datomic-pro client/peer.
Depending on whether your peers are aws instances or not, you should use IAM instance roles and or profiles/environment credentials
Thanks @U05120CBV - this is true of the transactor processes I've deployed (they are controlled by IAM roles). What I'm seeing is that a process in an environment with no AWS creds set can still connect to the transactor and transact datoms without needing any AWS environemnt variables set. We now have peers that run as ElasticBeanStalk apps (that use IAM roles), but also command line applications that use datomic-pro directly to talk to the database. It's the latter case (or just using a repl with datomic pro library) that I'm struggling with to see how to secure access.
to set the record straight, my creds were set in my ~/.aws directory and I hadn't realised the datomic-pro peer library uses those. so a red herring.
FYI, despite that previewâs text eu-north-1 was not added as AWS lacks the ability currently to support Cloud in that region. It was a late scratch from the release and weâre hoping to add it as soon as AWS is able to support Cloud in that region.
FYI when I click on the production compute template. It actually returns a storage template
@U050CQFT1 Sorry! I believe Iâve corrected the link.
The link itself seems to indicate production compute template https://s3.amazonaws.com/datomic-cloud-1/cft/589-8846/datomic-production-compute-589-8846.json
But the json has "Description": "Creates storage resources needed to run Datomic."
at least for me
> âAWSTemplateFormatVersionâ: â2010-09-09", > âDescriptionâ: âCreates compute resources needed to run Datomic.â,
Thanks for the d/with bugfix -- really appreciate it :)
does transact-async not work with an in mem database?
it should work
yeah it does, turned out to be a bug somewhere else that threw me off