A common use case for us is code that needs to talk to both the Internet and Datomic Cloud. In addition, we want to use a bastion server for local dev in some environments.
I looked at VPC peering, but that was clunky, difficult to test, hard to Cloudformation-tize, and it never quite worked. Also, who wants another VPC?
VPC Endpoints don’t work with the Solo deploy, and again, who wants another VPC?
So I set myself on modifying the Datomic Cloud VPC with a NAT via Cloudformation to enable communication to Datomic, the Internet, and a working bastion instance. This yaml file is as close I could get to an automated deploy that puts all the bits in the right spot to work.
Edit: I should add, the newest Datomic Cloud adds VPC endpoints to the subnet routes, and I am not aware of any provided ways to recreate those endpoint routes new subnets I considered adding.
There are a few cons to my efforts:
I modify the default subnets, which I’m sure will cause maintenance complications with new Datomic Cloud versions.
There is still a manual UI step to modify the route.
I have to manually identify the subnet the bastion server is in and modify the yml file parameters accordingly so the right subnet gets updated.
Has anyone found a better way to enable your code to talk to both Datomic Cloud and the Internet? Do you have working examples?
Do other folks have this use case and want Datomic to add a NAT to Datomic Cloud’s deploy?