Monday, November 25, 2013

Using IAM Roles with Datomic on AWS

With today's Datomic release, you can use IAM roles to manage permissions when running in AWS.

Motivation

Datomic's AWS support has been designed according to the principle of least privilege.  When running in AWS, a Datomic transactor or peer needs only the minimum permissions necessary to communicate with various AWS services.  These permissions are documented in Setting Up Storage Services.

But you still need some way to install these minimal permissions on ephemeral virtual hardware. Early versions of AWS left this problem to the developer.  Solutions were tedious and ad hoc, but more important they were risky.  Leaving every application developer the task of passing credentials around is a recipe for credentials lying around in a hundred different places (or even checked into source code repositories.)

IAM roles provide a generic solution to this problem.  From the FAQ: "An IAM role allows you to delegate access, with defined permissions, to trusted entities without having to share long term access keys (emphasis added).  From a developer perspective, IAM roles get credentials out of your application code.

Implementation

Starting with version 0.9.4314, Datomic supports IAM roles as the default mechanism for conveying credentials in AWS.  What does this mean for developers?
  1. If you are configuring Datomic for the first time, the setup instructions will secure peers and transactors using IAM roles. 
  2. If you have an existing Datomic installation and want to upgrade to roles, Migrating to IAM Roles will walk you through the process.
  3. Using explicit credentials in transactor properties and in connection URIs is deprecated, but will continue to work.  Your existing deployments will not break.
IAM roles make your application both easier to manage and more secure.  Use them.

Friday, November 8, 2013

Datomic Pro Starter Edition

We are happy to announce today the release of Datomic Pro Starter Edition, enabling the use of Datomic for small production deployments at no cost.

Datomic Pro Starter Edition features most benefits of Datomic Pro:
  • Support for all storages
  • A perpetual license with 12 months of updates included
  • Support for the full Datomic programming model
  • Datomic Console included with download
Datomic Pro Starter Edition features community support, and does not include:
  • High Availability transactor support
  • Integrated memcached
  • Running more than 3 processes (2 peers + transactor)
To get started, register and download Datomic Pro Starter Edition

Datomic Pro Starter Edition lets your team build a fully operational system and deploy to production with no additional steps or costs.