Ion deploy fails due to Access Denied


Following the ion tutorial.

On first deploy, when doing {:op :deploy-status} I get:

{:deploy-status "FAILED", :code-deploy-status "FAILED"}

Looking in AWS CodeDeploy, it states ‘Most recent event’ is DownloadBundle, and when I click on View Events:

What role might be missing for the ‘Access Denied’ error at this stage?


Hi @Andre, you’ll want to confirm you have sourced the same AWS credentials required to connect to your Datomic Cloud system. Please check that you can connect via proxy/repl as described in tutorial:

I am going to pull all the required permissions. But I wanted to ask, can you run as administrator?


Yes I can connect with repl via socks proxy fine, create db, do transactions and queries.

I’ll try as Administrator tomorrow (late here in UK :grinning:).


Same issue when using Administrator.

A couple of things that might be of interest:

  • I originally a different system, (never got as far as code deploy, just wanted to see what is involved in get Datomic Cloud system running). I deleted that one, and started over - trying to deploy to new system
  • I have not gone through the ‘first upgrade’ process - is this essential and maybe the cause for this? I am only running Solo typology.


I started fresh, with a brand new AWS account, and everything works fine when I follow the tutorial.

I successfully deployed using both the ‘root’ AWS account, and an IAM account with AdministratorAccess and datomic-admin-xxxx-eu-west-1 roles attached.

So unfortunately I still don’t know what was wrong with previous setup, but I’m very happy that I can now proceed.


Hi Andre,

I’m glad you got the issue resolved.

The problem you encountered suggests that somehow the Datomic instance in your system was missing a permission required to read the Ion package from S3.

Is it possible that you were running an older version of Datomic Cloud (from before the release of Ions)?