1

Has anyone successfully connected to an Amazon Neptune cluster with IAM authentication turned on? I am currently using trying to submit gremlin via bytecode which can only be sent via websocket. I have been unsuccessful connecting to the neptune cluster though because all examples of this are using HTTP. Has anyone successfully done this? I could use some guidance.

The-Big-K
  • 2,672
  • 16
  • 35
Austin Malpede
  • 115
  • 2
  • 8

1 Answers1

3

The docs have a section[1] about using sigV4 with Gremlin Java, which essentially uses the Java GLV (websockets). You can find an example here:

https://github.com/aws/amazon-neptune-gremlin-java-sigv4/blob/master/src/main/java/com/amazon/neptune/gremlin/driver/example/NeptuneGremlinSigV4Example.java#L73

A websocket connection is established by doing a Connection: Upgrade using HTTP. For IAM Auth, this handshake request (over HTTP) is signed, and hence its very similar to the regular auth over HTTP use case.

Hope this helps.

[1] https://docs.aws.amazon.com/neptune/latest/userguide/iam-auth-connecting-gremlin-java.html

The-Big-K
  • 2,672
  • 16
  • 35
  • hi karthik, I have successfully connected via gremlin console. I modified the AwsSigV4ClientHandshaker class to display all of the header information when connecting to my neptune instance. Here is the header information that is part of the initial handshake: https://pastebin.com/jAXnZtbx Out off all of these headers which are mandatory? I have x-amz-date, authorization, and connection=upgrade being set. Any others i need? – Austin Malpede Oct 27 '18 at 15:30
  • Looked at the snippet and it looks good. All those headers are required as far as I can tell. Was there anything specific you were trying to do? Are your requests working now? – The-Big-K Oct 27 '18 at 16:05
  • Do you think I need sec-websocket-key, sec-websocket-origin, and sec-websocket-version? – Austin Malpede Oct 29 '18 at 13:43
  • 2
    @AustinMalpede Those headers are part of the web socket protocol and I don't think you would need to remove them ever. Lets take a step back here, as I'm a bit unclear on what your question is. The OP was about how to use IAM Auth with websockets in general, and in comments you say that you got it to work with Gremlin console. I'm trying to understand why you are trying to remove headers now. Could you elaborate? Are you trying to find the minimal set of headers required to make this work? If yes, why so? I have not used the JS auth code before, so I may not be able to help out with that – The-Big-K Oct 29 '18 at 16:57