Connecting and Signing with Amazon Signature Version 4 - Amazon Neptune
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China.

Connecting and Signing with Amazon Signature Version 4

Amazon Neptune resources that have IAM DB authentication enabled require all HTTP requests to be signed using Amazon Signature Version 4. For general information about signing requests with Amazon Signature Version 4, see Signature Version 4 Signing Process.

Amazon Signature Version 4 is the process to add authentication information to Amazon requests. For security, most requests to Amazon must be signed with an access key, which consists of an access key ID and secret access key.

Note

If you are using temporary credentials, they expire after a specified interval, including the session token.

You must update your session token when you request new credentials. For more information, see Using Temporary Security Credentials to Request Access to Amazon Resources.

Important

Accessing Neptune with IAM-based authentication requires that you create HTTP requests and sign the requests yourself.

How Signature Version 4 Works

  1. You create a canonical request.

  2. You use the canonical request and some other information to create a string-to-sign.

  3. You use your Amazon secret access key to derive a signing key, and then use that signing key and the string-to-sign to create a signature.

  4. You add the resulting signature to the HTTP request in a header or as a query string parameter.

When Neptune receives the request, it performs the same steps that you did to calculate the signature. Neptune then compares the calculated signature to the one you sent with the request. If the signatures match, the request is processed. If the signatures don't match, the request is denied.

For general information about signing requests with Amazon Signature Version 4, see Signature Version 4 Signing Process in the Amazon General Reference.

The following sections contain examples that show how to send signed requests to the Gremlin and SPARQL endpoints of a Neptune DB instance with IAM authentication enabled.