This page is not created by, affiliated with, or supported by Slack Technologies, Inc.
2021-12-09
Channels
- # adventofcode (132)
- # announcements (19)
- # babashka (7)
- # babashka-sci-dev (6)
- # beginners (46)
- # calva (25)
- # chlorine-clover (5)
- # cider (2)
- # clara (17)
- # clj-kondo (93)
- # clojure (2)
- # clojure-dev (4)
- # clojure-europe (12)
- # clojure-losangeles (3)
- # clojure-nl (7)
- # clojure-uk (4)
- # clojurescript (29)
- # conjure (6)
- # core-async (8)
- # cursive (16)
- # data-science (7)
- # datomic (1)
- # exercism (4)
- # figwheel-main (8)
- # fulcro (9)
- # graphql (2)
- # helix (1)
- # introduce-yourself (3)
- # jobs (3)
- # lsp (4)
- # malli (20)
- # minecraft (3)
- # nextjournal (62)
- # off-topic (16)
- # overtone (34)
- # pathom (5)
- # polylith (10)
- # portal (1)
- # re-frame (104)
- # reagent (29)
- # reitit (1)
- # remote-jobs (2)
- # rum (3)
- # shadow-cljs (22)
- # spacemacs (2)
- # sql (10)
- # tools-deps (17)
- # vim (13)
i've been working on some IAM policies to deny access to certain databases. something like this:
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "VisualEditor2",
"Effect": "Deny",
"Action": [
"s3:GetObject"
],
"Resource": "arn:aws:s3:::system-storage-bucket/system-name/datomic/access/dbs/db/my-restricted-db/*"
}
]
}
any tips for locking down access further? some thoughts and questions:
• do developers need write access to <s3://storage-bucket/vals/*> ?
• do developers need write access to other related services such as DynamoDB?
• is it possible to restrict access to particular compute and query groups via IAM policies?
thanks!