Connecting to your Amazon Neptune database using Amazon Identity and Access Management authentication
Amazon Neptune resources that have IAM DB authentication enabled require all HTTP requests to be signed using Amazon Signature Version 4. For general information about signing requests with Amazon Signature Version 4, see Signing Amazon API requests.
Amazon Signature Version 4 is the process to add authentication information to Amazon requests. For security, most requests to Amazon must be signed with an access key, which consists of an access key ID and secret access key.
Note
If you are using temporary credentials, they expire after a specified interval, including the session token.
You must update your session token when you request new credentials. For more information, see Using Temporary Security Credentials to Request Access to Amazon Resources.
Important
Accessing Neptune with IAM-based authentication requires that you create HTTP requests and sign the requests yourself.
How Signature Version 4 Works
-
You create a canonical request.
-
You use the canonical request and some other information to create a string-to-sign.
-
You use your Amazon secret access key to derive a signing key, and then use that signing key and the string-to-sign to create a signature.
-
You add the resulting signature to the HTTP request in a header or as a query string parameter.
When Neptune receives the request, it performs the same steps that you did to calculate the signature. Neptune then compares the calculated signature to the one you sent with the request. If the signatures match, the request is processed. If the signatures don't match, the request is denied.
For general information about signing requests with Amazon Signature Version 4, see Signature
Version 4 Signing Process
The following sections contain examples that show how to send signed requests to the Gremlin and SPARQL endpoints of a Neptune DB instance with IAM authentication enabled.
Topics
- Prerequisites for connecting Amazon Neptune databases using IAM authentication
- Connecting to Amazon Neptune databases using IAM authentication from the command line
- Connecting to Amazon Neptune databases using IAM authentication with Gremlin console
- Connecting to Amazon Neptune databases using IAM with Gremlin Java
- Connecting to Amazon Neptune databases using IAM authentication with Java and SPARQL
- Connecting to Amazon Neptune databases using IAM authentication with SPARQL and Node.js
- Connecting to Amazon Neptune databases using IAM authentication with Python