Connecting to your Amazon Neptune database using AWS Identity and Access Management authentication
Amazon Neptune resources that have IAM DB authentication enabled require all HTTP requests to be signed using AWS Signature Version 4. For general information about signing requests with AWS Signature Version 4, see Signing AWS API requests.
AWS Signature Version 4 is the process to add authentication information to AWS requests. For security, most requests to AWS must be signed with an access key, which consists of an access key ID and secret access key.
Note
If you are using temporary credentials, they expire after a specified interval, including the session token.
You must update your session token when you request new credentials. For more information, see Using Temporary Security Credentials to Request Access to AWS Resources.
Important
Accessing Neptune with IAM-based authentication requires that you create HTTP requests and sign the requests yourself.
How Signature Version 4 Works
-
You create a canonical request.
-
You use the canonical request and some other information to create a string-to-sign.
-
You use your AWS secret access key to derive a signing key, and then use that signing key and the string-to-sign to create a signature.
-
You add the resulting signature to the HTTP request in a header or as a query string parameter.
When Neptune receives the request, it performs the same steps that you did to calculate the signature. Neptune then compares the calculated signature to the one you sent with the request. If the signatures match, the request is processed. If the signatures don't match, the request is denied.
For general information about signing requests with AWS Signature Version 4, see Signature Version 4 Signing Process in the AWS General Reference.
The following sections contain examples that show how to send signed requests to the Gremlin and SPARQL endpoints of a Neptune DB instance with IAM authentication enabled.
Topics
- Prerequisites for connecting Amazon Neptune databases using IAM authentication
- Connecting to Amazon Neptune databases using IAM authentication from the command line
- Connecting to Amazon Neptune databases using IAM authentication with Gremlin console
- Connecting to Amazon Neptune databases using IAM with Gremlin Java
- Connecting to Amazon Neptune databases using IAM authentication with Java and SPARQL
- Connecting to Amazon Neptune databases using IAM authentication with SPARQL and Node.js
- Connecting to Amazon Neptune databases using IAM authentication with Python
