We want to run our on-prem system in AWS eu-north-1. We use an old version of datomic on prem, 0.9.5544, (sorry!) which cannot use the ddb-protocol to connect to this region because the argument validator doesn’t have that region in it’s set of valid regions for DDB.
We were instructed to use the ddb-local storage protocol and point it to the dynamodb endpoint in eu-north-1. A promising workaround indeed. However, when we tested with an url formatted as
datomic:ddb-local://dynamodb.eu-central-1.amazonaws.com:443/{dynamodb-table}/{db-name}
(AWS credentials given either through local ~/.aws/credentials-file or via role based privileges on EC2. We outruled that this was the problem) the transactor started but could not really read from the table and failed after approx 10 seconds.
And all log levels is set to DEBUG or TRACE.
The local properties file looks like:
protocol=ddb-local
host=127.0.0.1
port=4334
license-key=
aws-dynamodb-table=
aws-dynamodb-override-endpoint:443=dynamodb.eu-north-1.amazonaws.com
aws-transactor-role=prod-1-transactor
aws-peer-role=prod-1-ecs-instance-role
memory-index-threshold=32m
memory-index-max=256m
object-cache-max=128m
log-dir=ddblocallog
The log file is a bit big to include here but evidently the ddb-local client tries to connect to the given endpoint via HTTP (not HTTPS)
https://gist.github.com/claj/2add3f937b80ef92c05c002f20b28fe0#file-redacted-log-log-L975
2020-04-06 18:51:33.972 DEBUG default org.apache.http.wire - http-outgoing-7 << "<head><title>400 The plain HTTP request was sent to HTTPS port</title></head>[\r][\n]"
Is there a way to instruct the ddb-local to use HTTPS in our old version? Otherwise this workaround is not a viable option to use for us.
I understand that our old version simply cannot grasp that there are new DDB-regions since it was released before this region was opened, but is this nowadays overly restricted argument validation fixed in later versions of Datomic?
I also want to make you aware that the suggested workaround simply wont work the way I guess (someone of) you expected it too and suggested to us at Clojurians or wherever it was. It’s ok that it doesn’t work but I don’t want to waste others time trying this out.
(Currently we run the system in a supported region instead.)