Connecting to Neptune Using Java and Gremlin with Signature Version 4 Signing
Using TinkerPop 3.4.11 or higher to connect to Neptune with Sig4 signing
Here is an example of how to connect to Neptune using the Gremlin Java API with
Sig4 signing when using TinkerPop 3.4.11 or higher (it assumes general knowledge about
using Maven). First, define the dependencies as part of the pom.xml
file:
<dependency> <groupId>com.amazonaws</groupId> <artifactId>amazon-neptune-sigv4-signer</artifactId> <version>2.4.0</version> </dependency>
Then, use code like the following:
import com.amazonaws.auth.DefaultAWSCredentialsProviderChain; import com.amazonaws.neptune.auth.NeptuneNettyHttpSigV4Signer; import com.amazonaws.neptune.auth.NeptuneSigV4SignerException;
...
System.setProperty("aws.accessKeyId","your-access-key
"); System.setProperty("aws.secretKey","your-secret-key
");...
Cluster = Cluster.build((your cluster name)
) .enableSsl(true) .handshakeInterceptor( r -> { try { NeptuneNettyHttpSigV4Signer sigV4Signer = new NeptuneNettyHttpSigV4Signer("(your region)
", new DefaultAWSCredentialsProviderChain()); sigV4Signer.signRequest(r); } catch (NeptuneSigV4SignerException e) { throw new RuntimeException("Exception occurred while signing the request", e); } return r; } ).create(); try { Client client = cluster.connect(); client.submit("g.V().has('code','IAD')").all().get(); } catch (Exception e) { throw new RuntimeException("Exception occurred while connecting to cluster", e); }
Note
If you are upgrading from 3.4.11
, remove references to the
amazon-neptune-gremlin-java-sigv4
library. It is no longer necessary
when using handshakeInterceptor()
as shown in the example above.
Do not attempt to use the handshakeInterceptor()
in conjunction with
the channelizer (SigV4WebSocketChannelizer.class
), because it will
produce errors.
Using a version of TinkerPop earlier than 3.4.11 to connect to Neptune with Sig4 signing
TinkerPop versions prior to 3.4.11
did not have support for the
handshakeInterceptor()
configuration shown in the previous section and
therefore must rely on the amazon-neptune-gremlin-java-sigv4
package.
This is a Neptune library that contains the SigV4WebSocketChannelizer
class, which replaces the standard TinkerPop Channelizer with one that can automatically
inject a SigV4 signature. Where possible, ugrade to TinkerPop 3.4.11 or higher, because
the amazon-neptune-gremlin-java-sigv4
library is deprecated.
Here is an example of how to connect to Neptune using the Gremlin Java API with Sig4 signing when using TinkerPop versions prior to 3.4.11 (it assumes general knowledge about how to use Maven).
First, define the dependencies as part of the pom.xml
file:
<dependency> <groupId>com.amazonaws</groupId> <artifactId>amazon-neptune-gremlin-java-sigv4</artifactId> <version>2.4.0</version> </dependency>
The dependency above will include the Gremlin driver version
3.4.10
. Although it is possible to use newer Gremlin driver versions
(up through 3.4.13
), an upgrade of the driver past 3.4.10 should
include a change to use the handshakeInterceptor()
model described
above.
The gremlin-driver
Cluster object should then be configured as
follows in the Java code:
import org.apache.tinkerpop.gremlin.driver.SigV4WebSocketChannelizer;
...
Cluster cluster = Cluster.build(your cluster
) .enableSsl(true) .channelizer(SigV4WebSocketChannelizer.class) .create(); Client client = cluster.connect(); client.submit("g.V().has('code','IAD')").all().get();