I have a non IAM neptune cluster configured , I am using Management API to fetch the cluster details i want to know if the instance is IAM enabled or disabled. I am using below code to get amazon neptune instance.
AmazonNeptune neptuneClient= AmazonNeptuneClientBuilder.standard().withRegion("region-name").build();
DescribeDBClustersRequest describeDBClustersRequest = new DescribeDBClustersRequest()
.withDBClusterIdentifier("cluster - endpoint");
DescribeDBClustersResult describeDBClustersResult = neptuneClient
.describeDBClusters(describeDBClustersRequest);
for (DBCluster cluster : describeDBClustersResult.getDBClusters()) {
boolean iamEnabled = cluster.getIAMDatabaseAuthenticationEnabled();
System.out.println("IAM authentication enabled for cluster '" + clusterIdentifier + "': " + iamEnabled);
}
As its non IAM i am not passing credentials ,but its giving exception for AWS credentials as below -
com.amazonaws.SdkClientException: Unable to load AWS credentials from any provider in the chain: [EnvironmentVariableCredentialsProvider: Unable to load AWS credentials from environment variables (AWS_ACCESS_KEY_ID (or AWS_ACCESS_KEY) and AWS_SECRET_KEY (or AWS_SECRET_ACCESS_KEY)), SystemPropertiesCredentialsProvider: Unable to load AWS credentials from Java system properties (aws.accessKeyId and aws.secretKey), WebIdentityTokenCredentialsProvider: To use assume role profiles the aws-java-sdk-sts module must be on the class path., com.amazonaws.auth.profile.ProfileCredentialsProvider@7c22d4f: profile file cannot be null, com.amazonaws.auth.EC2ContainerCredentialsProviderWrapper@664a9613: Failed to connect to service endpoint: ] at com.amazonaws.auth.AWSCredentialsProviderChain.getCredentials(AWSCredentialsProviderChain.java:136) at com.amazonaws.http.AmazonHttpClient$RequestExecutor.getCredentialsFromContext(AmazonHttpClient.java:1257)
Understandably, a bit confusing, as Neptune has both a control plane (where management APIs are used) and a data plane (where queries, bulk load tasks, and any other data-related API calls are made).
Control plane APIs are all under the neptune set of APIs (https://docs.aws.amazon.com/neptune/latest/userguide/api.html). Data plane actions call under the neptunedata set of APIs (https://docs.aws.amazon.com/neptune/latest/userguide/data-api.html).
The enablement of IAM Auth on a cluster only affects data plane APIs. Control plane functions will always require IAM, as this is needed to create the security boundaries around your AWS account.
What you're attempting to do (describeDbClusters) is a control plane action. It will require IAM credentials. Otherwise, anyone could query your account to see what Neptune clusters you are running.