Connecting to Amazon Neptune Using Curl and SPARQL With Signature Version 4 Signing

This post shows how to connect to Amazon Neptune using curl with Signature Version 4 authentication. For more information about AWS Identity and Access Management (IAM) in Amazon Neptune, see the Neptune IAM overview.

The Neptune engine version 1.2.0.0 added support for more granular access control in Neptune IAM policies than has been available previously. We use this to grant access to applications using IAM roles based on the principle of least privilege. The applications are typically deployed as Amazon Lambda functions or running as containerized workloads in Amazon EKS.

To be able to develop, test and debug SPARQL queries and HTTP requests, it is useful to be able to reproduce the HTTP requests from the command line using curl. See also these instructions to assume an IAM role using the AWS CLI.

Prerequisites

  • curl 7.86.0 or higher.
  • IAM credentials to sign the requests.

To connect to Neptune using curl with Signature Version 4 signing

Check you have the AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY and AWS_SESSION_TOKEN environment variables set.

echo -e "AWS_ACCESS_KEY_ID: ${AWS_ACCESS_KEY_ID}\nAWS_SECRET_ACCESS_KEY: ${AWS_SECRET_ACCESS_KEY}\nAWS_SESSION_TOKEN: ${AWS_SESSION_TOKEN}"

Enter the following command to get the status of your Neptune endpoint. Replace your-neptune-endpoint with the hostname or IP address of your Neptune DB instance. The default port is 8182.

curl https://your-neptune-endpoint:8182/status \
  --aws-sigv4 "aws:amz:eu-west-1:neptune-db" \
  --user "${AWS_ACCESS_KEY_ID}:${AWS_SECRET_ACCESS_KEY}" \
  --header "x-amz-security-token: ${AWS_SESSION_TOKEN}" \
  --no-progress-meter

Enter the following command to run a simple SPARQL query against your Neptune SPARQL endpoint.

curl https://your-neptune-endpoint:8182/sparql \
  --aws-sigv4 "aws:amz:eu-west-1:neptune-db" \
  --user "${AWS_ACCESS_KEY_ID}:${AWS_SECRET_ACCESS_KEY}" \
  --header "x-amz-security-token: ${AWS_SESSION_TOKEN}" \
  --header "Accept: application/sparql-results+json" \
  --header "Content-Type: application/sparql-query" \
  --data-binary "select * where { ?s ?p ?o } limit 10" \
  --no-progress-meter