This page is not created by, affiliated with, or supported by Slack Technologies, Inc.
2023-02-13
Channels
- # announcements (12)
- # babashka (88)
- # beginners (60)
- # biff (10)
- # calva (56)
- # clerk (9)
- # clj-kondo (5)
- # clojure (70)
- # clojure-austin (3)
- # clojure-conj (2)
- # clojure-dev (69)
- # clojure-europe (53)
- # clojure-nl (1)
- # clojure-norway (28)
- # clojure-uk (1)
- # clojurescript (27)
- # copenhagen-clojurians (3)
- # cursive (10)
- # datascript (1)
- # datomic (10)
- # fulcro (3)
- # funcool (1)
- # garden (7)
- # helix (5)
- # holy-lambda (5)
- # hyperfiddle (39)
- # introduce-yourself (6)
- # jobs-discuss (15)
- # lsp (3)
- # malli (5)
- # membrane (19)
- # missionary (1)
- # nrepl (6)
- # off-topic (44)
- # pathom (17)
- # pomegranate (3)
- # react (7)
- # releases (1)
- # shadow-cljs (39)
- # tools-deps (16)
- # xtdb (28)
Hi,
I've just torn down my nested Datomic Cloud Stack and created a split stack,
following the instructions in https://docs.datomic.com/cloud/operation/split-stacks.html
I find the my Http Direct ions no longer have permission to access
ssm:GetParametersByPath
I can see that the new datomic-compute stack has created Roles for
• ComputeLambdaExecutionRole
• DatomicLambdaRole
• StatesExecutionRole
Which of those gets applied to datomic ions httpdirect executions ?
so I can fix up the role permissioning
Is there a recommended way to configure custom IAM policies so that they will survive a datomic upgrade?
I guess I try adding the policy to each one in turn and see when it works....
I can make it work by adding all the datomic roles and I can take out the roles one by one and then it still works when I have taken out all the roles
guess I will need to redeploy to break it again
ah its the > foobar-compute-eu-west-2 role that requires the policy
well, that works for me, so I will stop looking perhaps there are other roles that I could attach the policy to that would also work?
Hi Ben, doing it the documented way with https://docs.datomic.com/cloud/operation/access-control.html#authorize-ions makes for easy configuration. This way, no need to ever modify any role defined by Cognitect.