This page is not created by, affiliated with, or supported by Slack Technologies, Inc.
2020-06-13
Channels
- # babashka (5)
- # beginners (52)
- # biff (11)
- # brompton (5)
- # calva (2)
- # cider (7)
- # clojure (80)
- # clojure-europe (3)
- # clojure-finland (1)
- # clojure-nl (3)
- # clojure-norway (1)
- # clojure-uk (3)
- # clojurescript (15)
- # conjure (4)
- # core-async (9)
- # cursive (3)
- # datahike (38)
- # datascript (1)
- # datomic (7)
- # duct (9)
- # emacs (4)
- # fulcro (11)
- # graalvm (21)
- # honeysql (5)
- # lambdaisland (1)
- # leiningen (1)
- # news-and-articles (1)
- # off-topic (8)
- # react (42)
- # reagent (6)
- # reitit (11)
- # shadow-cljs (62)
- # specter (1)
- # spire (2)
- # sql (1)
- # tools-deps (12)
- # vim (5)
I see the perms listed here for admins: https://docs.datomic.com/cloud/operation/access-control.html#org98dd40a
Are there perms listed anywhere for just the client application? I tried:
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"s3:GetObject"
],
"Resource": [
"arn:aws:s3::REDACTED/*"
]
}
]
}
And I'm getting:
{:what :uncaught-exception, :exception #error {
:cause Forbidden to read keyfile at . Make sure that your endpoint is correct, and that your ambient AWS credentials allow you to GetObject on the keyfile.
:data {:cognitect.anomalies/category :cognitect.anomalies/forbidden, :cognitect.anomalies/message Forbidden to read keyfile at . Make sure that your endpoint is correct, and that your ambient AWS credentials allow you to GetObject on the keyfile.}
If I try to pull the same creds from a pod running in my EKS cluster using the awscli, it works.
https://docs.aws.amazon.com/eks/latest/userguide/iam-roles-for-service-accounts-minimum-sdk.html anyone know which version of the AWS SDK cognitect is using?
Looks like Update to version 1.11.479 of the AWS SDK for Java.
which is below the min version to support
The aws api is not using an sdk at all, it talks through the rest api