Cluster.Builder builder = Cluster.build();
builder.addContactPoint(clusterEndpoint);
builder.port(portValue);
builder.enableSsl(true);
builder.handshakeInterceptor(r -> {
try {
BasicAWSCredentials basicAWSCredentials = new BasicAWSCredentials(accessKeyId, secretAccessKey);
AWSStaticCredentialsProvider awsStaticCredentialsProvider = new AWSStaticCredentialsProvider(
basicAWSCredentials);
NeptuneNettyHttpSigV4Signer sigV4Signer = new NeptuneNettyHttpSigV4Signer(
connectionInfoBean.getAwsRegion(), awsStaticCredentialsProvider);
sigV4Signer.signRequest(r);
} catch (NeptuneSigV4SignerException e) {
throw new RuntimeException("Exception occurred while signing the request", e);
}
return r;
});
}
GraphTraversalSource traversal= AnonymousTraversalSource.traversal().withRemote(DriverRemoteConnection.using(cluster);
I have a non IAM neptune cluster configured. I am using above code to connect the cluster. In this I am using sigV4Signer to sign the request, and able to connect the cluster and get a traversal and perform operation on gremlin traversal.
As its non IAM cluster, we should not sign the request. It is expected that the cluster connection should fail as IAM credentials are used for a IAM disabled cluster endpoint.
If a Neptune cluster has IAM authentication disabled (meaning "no authentication") than the signature headers included with any request are ignored.
If you want to deny access, by default, you need to enable IAM authentication.