问题描述
非常感谢您的事先帮助
我正在尝试按照。设置似乎很好,我可以使用Neptune Notebook安装程序检查状态。状态消息为:
I'm trying to setup my AWS Neptune environment by following the instruction at https://docs.aws.amazon.com/neptune/latest/userguide/get-started.html . The setup seems to be fine, and I could check the status by using the Neptune Notebook install. The status message as:
{
"status": "healthy",
"startTime": "Tue May 12 04:24:52 UTC 2020",
"dbEngineVersion": "1.0.2.2.R2",
"role": "writer",
"gremlin": {
"version": "tinkerpop-3.4.3"
},
"sparql": {
"version": "sparql-1.1"
},
"labMode": {
"ObjectIndex": "disabled",
"ReadWriteConflictDetection": "enabled"
}
}
但是我无法通过EC2客户端实例中的Gremlin控制台连接到它,但出现403禁止错误:
However I can't connect to it via my Gremlin console in EC2 client instance, I'm getting the 403 forbidden error as below:
\,,,/
(o o)
-----oOOo-(3)-oOOo-----
plugin activated: tinkerpop.server
plugin activated: tinkerpop.utilities
plugin activated: tinkerpop.tinkergraph
gremlin> :remote connect tinkerpop.server conf/neptune-remote.yaml
WARN org.apache.tinkerpop.gremlin.driver.Cluster - Using deprecated SSL trustCertChainFile support
ERROR org.apache.tinkerpop.gremlin.driver.Handler$GremlinResponseHandler - Could not process the response
io.netty.handler.codec.http.websocketx.WebSocketHandshakeException: Invalid handshake response getStatus: 403 Forbidden
at io.netty.handler.codec.http.websocketx.WebSocketClientHandshaker13.verify(WebSocketClientHandshaker13.java:226)
at io.netty.handler.codec.http.websocketx.WebSocketClientHandshaker.finishHandshake(WebSocketClientHandshaker.java:276)
at org.apache.tinkerpop.gremlin.driver.handler.WebSocketClientHandler.channelRead0(WebSocketClientHandler.java:69)
at io.netty.channel.SimpleChannelInboundHandler.channelRead(SimpleChannelInboundHandler.java:105)
at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:374)
at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:360)
我分配给EC2实例的IAM角色具有以下策略
The IAM role that I assigned to the EC2 instance has the following policy
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"neptune-db:*"
],
"Resource": [
"arn:aws:neptune-db:ap-southeast-2:<my aws account number>:*/*"
]
}
]
}
我的neptune-remote.yaml文件如下:
My neptune-remote.yaml file as below:
hosts: [<my neptune cluster name>.cluster-<cluster id>.ap-southeast-2.neptune.amazonaws.com]
port: 8182
connectionPool: { enableSsl: true, trustCertChainFile: "SFSRootCAG2.pem"}
serializer: { className: org.apache.tinkerpop.gremlin.driver.ser.GryoMessageSerializerV3d0, config: { serializeResultToString: true }}
为了调试此问题,我试图使用apache-tinkerpop-gremlin-console版本3.4.1、3.4.3& 3.4.6。所有人都有相同的错误响应
In order to debug this issue, I have tried to use apache-tinkerpop-gremlin-console version 3.4.1, 3.4.3 & 3.4.6. All have same error response
我还尝试如下所示成功地远程登录到主机端口,因此这不是SG或连接问题:
I have also tried to successfully telnet to above host port as below, so it wasn't a SG or connection issue:
$ telnet <my neptune cluster name>.cluster-<cluster id>.ap-southeast-2.neptune.amazonaws.com 8182
Trying 172.30.1.200...
Connected to xxxxx-xxxxxxxx.cluster-xxxxxx.ap-southeast-2.neptune.amazonaws.com.
Escape character is '^]'.
我在这方面苦苦挣扎了一段时间,任何帮助/提示都将不胜感激
I have struggle on this for a while, any help/hint will be much appreciated
谢谢!
推荐答案
根据中的评论添加答案
如果为Amazon Neptune集群启用了IAM身份验证,则所有查询请求都必须使用SIG V4进行签名。有关更多信息,请参见[1]。
If IAM authentication is enabled for the Amazon Neptune cluster all query requests must be signed using SIG V4. See [1] for more information.
[1] https://docs.aws.amazon.com/neptune/latest/userguide/iam-auth-connecting-gremlin-console.html
这篇关于Gremlin到AWS Neptune的403禁止的错误的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!