For now there is no such a thing, sadly. This is also why this feature request was issued a while ago.
For now you'll have to use a dedicated IAM role/user with the built-in Administrator and PowerUser policies (as per Access Control docs section).
Assigning just the Datomic Administrator Policy (
datomic-code-... permissions will result in the following error upon Push:
"Access Denied (Service: Amazon S3; Status Code: 403; Error Code: AccessDenied; Request ID: 2YP8M87C0385R93H; S3 Extended Request ID: +dHQtObBUaq/T7BH7lWKNALPOCNULLd1uYy0PkXoVCeQ9A8hmilVo3KpNhtnGSOxbXB/NhPzQCI=; Proxy: null)",
That said, you are forced to leak access keys with a full DB administrator control to all your system developers and CI/CD operators, which is not that "least privileged" as one would probably like. Or I may be missing something here...