User Access

This page describes how to authorize users to access Datomic.

Throughout this page, the following metavariables are used. Replace them with your specific values when issuing commands.

  • Region is the AWS region your Datomic System is in
  • SystemName is your Datomic system name

Allow Inbound Bastion Traffic

When you created the Primary Compute Resources, you had an option to Start bastion?. If you accepted the default choice of Yes, the stack started a bastion instance inside the VPC and configured the instance's security group to allow traffic from this instance to the primary compute instances. To allow developers to access the bastion from outside the VPC, you must add an inbound rule to the bastion security group.

NOTE Bastion instances are secured by a keypair that is accessible to Datomic administrators. If you want to restrict access by IP also, enter a specific IP address or range of addresses for Source in the instructions below.

  1. Navigate to the Security Groups section of the AWS EC2 Management Console
  2. Click on the bastion security group for your Datomic Cloud system, named <system-name>-bastion.
  3. Click the Inbound tab in the Security Group details at the bottom of the console.
  4. Click Edit to display the Edit inbound rules dialog box.
  5. Add an entry with the following parameters:
    • Type: SSH
    • Protocol: TCP
    • Port Range: 22
    • Source: Anywhere
  6. Accept the defaults for the other entries, and click Save

See Managing the Bastion for more details on the bastion instance.

Authorize a Group

Note: You only need to Authorize a group to add access for others, if you are not adding access for other users and have already setup your Datomic system, you can continue to the next section, Get Started.

Datomic automatically creates an Administrator Policy named datomic-admin-$(SystemName)-$(Region), which you can view by searching for "datomic-admin" under IAM Policies.

You first must have created a group, then add the Administrator policy to a Group of your choice:

  1. Select a Group in the AWS Console.
  2. Click the "Add Permissions" button, then choose "Attach existing policies directly" and select the Datomic Administrator Policy.
  3. Click the "Next: Review" button, then click the "Add permissions" button.

Now any current or future member of the Group can access Datomic.

Next: Now you are ready to Get Started and use Datomic.