search

shutterstock / gremlin-aws-sigv4

Extension for Apache's TinkerPop3 Gremlin JS driver compatible with IAM Database Authentication for Neptune
MIT License
29 stars 16 forks source link

Signature is not valid for temporary credentials #4

Closed mearns closed 4 years ago

mearns commented 5 years ago

Expected behavior

When using gremlin-aws-sigv4 with temporary credentials (e.g., in a lambda), I expect to be able to provide the session token and have it included in the signed request so that I can authenticate correctly.

Actual behavior

The session token is not considered by gremlin-aws-sigv4 and therefore authenticated requests are not possible using temporary credentials.

Steps to reproduce the behavior

  1. Create a Neptune DB with IAM authentication enabled.
  2. Create a lambda with an execution role allowing access to the database.
  3. Use gremlin-aws-sigv4 to make a request to the database,
  4. Note that you get a 403 Not Authorized error response from the database.
mearns commented 5 years ago

I believe I have a simple fix for this, I'm working on it in my fork and would love to have it reviewed and released.