Configure Access

The following two tasks configure a Datomic system for user access. These tasks need only be performed once, by an AWS administrator.

Allow Inbound Traffic to the Access Gateway

Datomic runs in a private VPC. To allow access from outside the Datomic VPC (e.g. for developers), you must add an inbound rule to the access gateway security group.

NOTE Access gateway instances are secured by a keypair that is accessible to Datomic administrators. If you want to further restrict access by IP also, you can enter a specific IP address or range of addresses for Source in the instructions below.

  1. Navigate to the Security Groups section of the AWS EC2 Management Console
  2. Click on the access gateway security group for your Datomic Cloud system, named <system-name>-bastion.
  3. Click the Inbound tab in the Security Group details at the bottom of the console.
  4. Click Edit Inbound Rules to display the Edit inbound rules dialog box.
  5. Add an entry with the following parameters:
    • Type: SSH
    • Protocol: TCP
    • Port Range: 22
    • Source: Select `Anywhere` from the source dropdown.
  6. Accept the defaults for the other entries, and click Save Rules

Authorize Datomic Users

To authorize Datomic users, an AWS administrator should add the Datomic Administrator policy to an IAM group. Users in that group will then have full access to Datomic.

The Datomic Administrator Policy is named datomic-admin-$(SystemName)-$(Region), which you can view by searching for "datomic-admin" under IAM Policies.

To add the Datomic Administrator Policy to a group:

  1. Select (or create) a Group in the AWS Console.
  2. Click the "Add Permissions" button, then choose "Attach existing policies directly" and select the Datomic Administrator Policy.
  3. Click the "Next: Review" button, then click the "Add permissions" button.

After this step, any IAM user or role in the Group get connected and use Datomic.