GithubHelp home page GithubHelp logo

aws / amazon-neptune-gremlin-dotnet-sigv4 Goto Github PK

View Code? Open in Web Editor NEW
7.0 19.0 6.0 19 KB

A custom library for Amazon Neptune that enables AWS Signature Version 4 signing by extending the Apache TinkerPop Gremlin .NET client.

License: Apache License 2.0

C# 100.00%
amazon-neptune aws-neptune

amazon-neptune-gremlin-dotnet-sigv4's Introduction

Amazon Neptune Gremlin .NET SigV4

This project provides a custom library that extends the Apache TinkerPop Gremlin.NET client to enable AWS IAM Signature Version 4 signing for establishing authenticated connections to Amazon Neptune.

For example usage refer to: NeptuneGremlinNETSigV4Example.cs. This example shows how to leverage this library for establishing an authenticated connection to Neptune.

For general information on how to connect to Amazon Neptune using Gremlin and best practices, refer to the documentation.

Usage

A snippet of the code from NeptuneGremlinNETSigV4Example.cs:

var neptune_host = "neptune-endpoint"; // ex: mycluster.cluster.us-east-1.neptune.amazonaws.com
var neptune_port = 8182;

var gremlinServer = new GremlinServer(neptune_host, neptune_port);
var gremlinClient = new GremlinClient(gremlinServer, 
    webSocketConfiguration: new SigV4RequestSigner().signRequest(neptune_host, neptune_port));
var remoteConnection = new DriverRemoteConnection(gremlinClient);
var g = Traversal().WithRemote(remoteConnection);

The GremlinClient library accepts both a GremlinServer object as well as a webSocketConfiguration object that contains a custom configuration set for establishing the WebSocket connection to Amazon Neptune. The SigV4RequestSigner library fetchs IAM credentials using the FallbackCredentialsFactory API (which works similarly to the Java Default Credential Provider Chain), performs the proper Signature Version 4 signing of an http request, and creates the proper WebSocket configuration based on this signed http request. One can then pass this webSocketConfiguration to the GremlinClient to create the connection to Neptune.

Using within Amazon EC2

To use this library in an application hosted on EC2, be sure to assign a role to the EC2 instance with the proper permissions to access Amazon Neptune. This library will fetch the IAM role credentials from the EC2 metadata store. If an IAM role is not assigned to the instance, the library will look for the AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, and SESSION_TOKEN environment variables or look for an AWS CLI credentials file at ~/.aws/credentials.

Using within AWS Lambda

To use this library in an application hosted in a Lambda function, be sure to assign a role to the EC2 instance with the proper permissions to access Amazon Neptune. Upon invocation, the Lambda function will import the IAM role's credentials into the following environment variables: AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, and AWS_SESSION_TOKEN. This library will use those environment variables to import the credentials and perform the request signing.

Security

See CONTRIBUTING for more information.

License

This project is licensed under the Apache-2.0 License.

amazon-neptune-gremlin-dotnet-sigv4's People

Contributors

amazon-auto avatar joywa avatar

Stargazers

 avatar  avatar  avatar  avatar  avatar  avatar  avatar

Watchers

 avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar

amazon-neptune-gremlin-dotnet-sigv4's Issues

Session token is missing from signed request headers

The session token is missing from the call to Sign(), which causes authentication to fail when using temporary IAM credentials (e.g. using SSO to get temporary credentials).

var signedrequest = this.Sign(request, "neptune-db", _region);
return new Action<ClientWebSocketOptions>(options => {
options.SetRequestHeader("host", neptune_endpoint);
options.SetRequestHeader("x-amz-date", signedrequest.Headers.GetValues("x-amz-date").FirstOrDefault());
options.SetRequestHeader("Authorization", signedrequest.Headers.GetValues("Authorization").FirstOrDefault());
});

Since Sign() does set the session token if one is provided, the fix should be straightforward:

var signedrequest = this.Sign(request, "neptune-db", _region, _token);
return new Action<ClientWebSocketOptions>(options => {
    options.SetRequestHeader("host", neptune_endpoint);
    options.SetRequestHeader("x-amz-date", signedrequest.Headers.GetValues("x-amz-date").FirstOrDefault());
    options.SetRequestHeader("x-amz-security-token", signedrequest.Headers.GetValues("x-amz-security-token").FirstOrDefault());
    options.SetRequestHeader("Authorization", signedrequest.Headers.GetValues("Authorization").FirstOrDefault());

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.