堆栈内存溢出
  简体   繁体   English

Gremlin 到 AWS Neptune 的 403 禁止错误

[英]403 Forbidden error for Gremlin to AWS Neptune

 原文  2020-05-13 07:01:25       amazon-web-services/ amazon-iam/ gremlin/ gremlin-server/ amazon-neptune

问题描述

Thanks a lot for your help in advance非常感谢您提前提供的帮助

I'm trying to setup my AWS Neptune environment by following the instruction at https://docs.aws.amazon.com/neptune/latest/userguide/get-started.html .我正在尝试按照https://docs.aws.amazon.com/neptune/latest/userguide/get-started.html的说明设置我的 AWS Neptune 环境。 The setup seems to be fine, and I could check the status by using the Neptune Notebook install.设置似乎很好,我可以使用 Neptune Notebook 安装来检查状态。 The status message as:状态消息为:

{
  "status": "healthy",
  "startTime": "Tue May 12 04:24:52 UTC 2020",
  "dbEngineVersion": "1.0.2.2.R2",
  "role": "writer",
  "gremlin": {
    "version": "tinkerpop-3.4.3"
  },
  "sparql": {
    "version": "sparql-1.1"
  },
  "labMode": {
    "ObjectIndex": "disabled",
    "ReadWriteConflictDetection": "enabled"
  }
}

However I can't connect to it via my Gremlin console in EC2 client instance, I'm getting the 403 forbidden error as below:但是我无法通过 EC2 客户端实例中的 Gremlin 控制台连接到它,我收到 403 禁止错误,如下所示:


         \,,,/
         (o o)
-----oOOo-(3)-oOOo-----
plugin activated: tinkerpop.server
plugin activated: tinkerpop.utilities
plugin activated: tinkerpop.tinkergraph
gremlin> :remote connect tinkerpop.server conf/neptune-remote.yaml
WARN  org.apache.tinkerpop.gremlin.driver.Cluster  - Using deprecated SSL trustCertChainFile support
ERROR org.apache.tinkerpop.gremlin.driver.Handler$GremlinResponseHandler  - Could not process the response
io.netty.handler.codec.http.websocketx.WebSocketHandshakeException: Invalid handshake response getStatus: 403 Forbidden
    at io.netty.handler.codec.http.websocketx.WebSocketClientHandshaker13.verify(WebSocketClientHandshaker13.java:226)
    at io.netty.handler.codec.http.websocketx.WebSocketClientHandshaker.finishHandshake(WebSocketClientHandshaker.java:276)
    at org.apache.tinkerpop.gremlin.driver.handler.WebSocketClientHandler.channelRead0(WebSocketClientHandler.java:69)
    at io.netty.channel.SimpleChannelInboundHandler.channelRead(SimpleChannelInboundHandler.java:105)
    at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:374)
    at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:360)

The IAM role that I assigned to the EC2 instance has the following policy我分配给 EC2 实例的 IAM 角色具有以下策略

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": [
                "neptune-db:*"
            ],
            "Resource": [
                "arn:aws:neptune-db:ap-southeast-2:<my aws account number>:*/*"
            ]
        }
    ]
}

My neptune-remote.yaml file as below:我的 neptune-remote.yaml 文件如下:

hosts: [<my neptune cluster name>.cluster-<cluster id>.ap-southeast-2.neptune.amazonaws.com]
port: 8182
connectionPool: { enableSsl: true, trustCertChainFile: "SFSRootCAG2.pem"}
serializer: { className: org.apache.tinkerpop.gremlin.driver.ser.GryoMessageSerializerV3d0, config: { serializeResultToString: true }}

In order to debug this issue, I have tried to use apache-tinkerpop-gremlin-console version 3.4.1, 3.4.3 & 3.4.6.为了调试这个问题,我尝试使用 apache-tinkerpop-gremlin-console 版本 3.4.1、3.4.3 和 3.4.6。 All have same error response都有相同的错误响应

I have also tried to successfully telnet to above host port as below, so it wasn't a SG or connection issue:我还尝试成功通过 telnet 到上面的主机端口,如下所示,所以这不是 SG 或连接问题:

$ telnet <my neptune cluster name>.cluster-<cluster id>.ap-southeast-2.neptune.amazonaws.com 8182
Trying 172.30.1.200...
Connected to xxxxx-xxxxxxxx.cluster-xxxxxx.ap-southeast-2.neptune.amazonaws.com.
Escape character is '^]'.

I have struggle on this for a while, any help/hint will be much appreciated我在这方面挣扎了一段时间,任何帮助/提示将不胜感激

thanks!谢谢!

1 个解决方案

解决方案1
 3 已采纳  2020-05-15 02:13:17

Adding an answer based on the comments in case others find this also.如果其他人也发现此问题,请根据评论添加答案。

If IAM authentication is enabled for the Amazon Neptune cluster all query requests must be signed using SIG V4.如果为 Amazon Neptune 集群启用了 IAM 身份验证,则必须使用 SIG V4 对所有查询请求进行签名。 See [1] for more information.有关详细信息,请参阅 [1]。

[1] https://docs.aws.amazon.com/neptune/latest/userguide/iam-auth-connecting-gremlin-console.html [1] https://docs.aws.amazon.com/neptune/latest/userguide/iam-auth-connecting-gremlin-console.html

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 Gremlin查询(AWS Neptune)中的减法 - Subtraction in a Gremlin Query (AWS Neptune) 使用Gremlin GraphFactory连接到AWS Neptune - Connecting to AWS Neptune with Gremlin GraphFactory AWS Neptune上的Gremlin OLAP查询 - Gremlin OLAP queries on AWS Neptune Python/AWS Neptune 收到“tornado.httpclient.HTTPError: HTTP 403: Forbidden” - Python/AWS Neptune getting “tornado.httpclient.HTTPError: HTTP 403: Forbidden” 如何在 AWS Lambda 中访问 Neptune DB (Gremlin)? - How to access Neptune DB (Gremlin) in AWS Lambda? 利用 AWS Neptune Gremlin 客户端库 - Leveraging AWS Neptune Gremlin Client Library Gremlin 查询以计算边数 - MemoryLimitExceededException AWS Neptune - Gremlin Query to count Edges - MemoryLimitExceededException AWS Neptune AWS Config API 返回 403:禁止错误 - AWS Config API returning 403: Forbidden Error 使用 Gremlin 的 AWS Neptune 查询:如何解决错误“10.01 秒后任务超时”? - AWS Neptune queries using Gremlin: How to solve error "Task timed out after 10.01 seconds"? 403 禁止从 AWS - 403 forbidden from AWS
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM