Fork me on GitHub
Slack Archive

This page is not created by, affiliated with, or supported by Slack Technologies, Inc.

2021-12-09

Channels

#datomic
<
2021-12-09
>
joshkh08:12:28

i've been working on some IAM policies to deny access to certain databases. something like this: 

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "VisualEditor2",
            "Effect": "Deny",
            "Action": [
                "s3:GetObject"
            ],
            "Resource": "arn:aws:s3:::system-storage-bucket/system-name/datomic/access/dbs/db/my-restricted-db/*"
        }
    ]
}
any tips for locking down access further? some thoughts and questions: • do developers need write access to <s3://storage-bucket/vals/*> ? • do developers need write access to other related services such as DynamoDB? • is it possible to restrict access to particular compute and query groups via IAM policies? thanks!