Neptune | This software is provided under the following license

Adding this as an answer in case others find your question.

The Role that gives Neptune access to S3 needs to be added to Neptune either using the web console or via the CLI. Then when the curl command is issued Neptune will find the Role.

The reason why you're getting undefinded when requiring the prefix from your main.js is that you're never exporting a value.

If you'd want to get your prefix by using require you have to do this:

When using SSH tunnel for accessing Neptune using localhost, one need to explicitly pass Neptune endpoint as host header for signing the request. Consider below example for awscurl:

Transit Gateway would be a fine production approach here. VPC Peering between the two VPCs would also work well for production systems. There is also a reference architecture for using a Network Load Balancer or Application Load Balancer. If you have issues, you want to make sure your security groups and routing tables are configured correctly. Sending an HTTPS request to the Status endpoint is the easiest way to test your connectivity to Neptune.

Currently the Gremlin language does not have a step that can return the length of a string. This is something that may be added to Gremlin in a future version, possibly in the 3.6 release. You can of course do it using closures (in-line code) but many hosted TinkerPop graph stores, including Amazon Neptune, do not allow arbitrary code blocks to be run as part of Gremlin queries. At this moment in time this will need to be handled application side when using Neptune, or as you suggest, using a nameLength property. This is an area where the TinkerPop community recognizes some additional steps are needed and does plan to prioritize this work.

You just need to change from onclick="Calculate" (); to onclick="Calculate();"

Using the air routes data set, here is one way you can achieve what you are looking for.

The or will filter out all airports not in either Texas or Georgia. After that the choose step returns a constant indicating which or path was taken. You can of course do something more interesting that return a constant value in your query.

You've got some very valid points in there, so let me go through them in detail by providing some context.

By default, it seems that Amazon Neptune uses anonymous authentication..

This is intentional for a reason. The query languages that Neptune support right now are Gremlin and SPARQL, both of which are built on top of HTTP/HTTPS without any sort of auth (Basic Auth is supported in Gremlin, but that is not something that clients use in production anyways. I'd need at least some form of message digest auth to call it secure, but unfortunately, the language spec does not include this). As these languages are open, there are a lot of open source client code that exist out there that assume that they are dealing with an unauthenticated endpoint. As a result, purely from an adoption point of view, Neptune chose to keep its request layer to be unauthenticated by default. If you explore other DB engines within AWS (say Aurora MySQL), the backing DB engine does support auth as its default posture.

This does not mean that it is the right thing to do, so I'll let someone from the Gremlin/SPARQL community comment on whether the spec should enforce authentication as the default posture or not.

It appears that the only default security options for Amazon Neptune are network-level VPC Security Groups.

SG's provide the network ACLs, and we do support TLS 1.2 by default (as of the newest engine versions), so that tightens up your client -> db connection as well.

The service claims to be "highly secure." In my opinion, a service that does not support application-level authentication by default, is not "highly secure."

In addition to the details called out above, the "highly secure" aspect of Neptune is not limited just to client -> db connection. Your data is replicated 6 way and stored in 3 AZs. This involves a lot of communication, not just from the DB, but within the backing storage nodes as well. All these communications are guarded by industry standard security protocols. Encryption at rest for the distributed store is a totally interesting case study on its own. Same standards apply to operator access to the machines, auditing, data safety which snapshotting and restoring etc etc. In short, I do agree that the default posture should be SigV4 (or some open standard) auth enabled, I do want to make sure that you do get some clarity on why we do claim to be a highly secure DB, much like any other product that AWS provides.

Is there a way to enable authentication without using the complicated IAM integrated authentication?

SigV4 is the standard that most AWS services do support. I do agree that it would have been a lot easier if there were an SDK that customers could directly use. We did vend out SigV4 plugins for some of the clients (especially Java and Python) and it actually has a pretty good uptake. Do try it out and share feedback on which areas in the integration seemed to be painful, and we'd be more than happy to take a look.

EDIT 1: The OP discussion here was around security between client and the database, so the security practices in the opaque backing data store that I've quoted above isn't really relevant. In other words, the discussion here is entirely around the data plane API of Neptune and whether we could be secure by default, rather than an opt in.

Your addV() query needs a Terminal Step such as next() or iterate(). Otherwise, you get the bytecode representation of the query returned. http://www.kelvinlawrence.net/book/PracticalGremlin.html#var