Gremlin- | Gremlin : A C Interpreter for the Gremlin language

Are you using TinkerGraph? Is yes, the IDs are stored as long internally.

Please try g.E(18L)

You've got some very valid points in there, so let me go through them in detail by providing some context.

By default, it seems that Amazon Neptune uses anonymous authentication..

This is intentional for a reason. The query languages that Neptune support right now are Gremlin and SPARQL, both of which are built on top of HTTP/HTTPS without any sort of auth (Basic Auth is supported in Gremlin, but that is not something that clients use in production anyways. I'd need at least some form of message digest auth to call it secure, but unfortunately, the language spec does not include this). As these languages are open, there are a lot of open source client code that exist out there that assume that they are dealing with an unauthenticated endpoint. As a result, purely from an adoption point of view, Neptune chose to keep its request layer to be unauthenticated by default. If you explore other DB engines within AWS (say Aurora MySQL), the backing DB engine does support auth as its default posture.

This does not mean that it is the right thing to do, so I'll let someone from the Gremlin/SPARQL community comment on whether the spec should enforce authentication as the default posture or not.

It appears that the only default security options for Amazon Neptune are network-level VPC Security Groups.

SG's provide the network ACLs, and we do support TLS 1.2 by default (as of the newest engine versions), so that tightens up your client -> db connection as well.

The service claims to be "highly secure." In my opinion, a service that does not support application-level authentication by default, is not "highly secure."

In addition to the details called out above, the "highly secure" aspect of Neptune is not limited just to client -> db connection. Your data is replicated 6 way and stored in 3 AZs. This involves a lot of communication, not just from the DB, but within the backing storage nodes as well. All these communications are guarded by industry standard security protocols. Encryption at rest for the distributed store is a totally interesting case study on its own. Same standards apply to operator access to the machines, auditing, data safety which snapshotting and restoring etc etc. In short, I do agree that the default posture should be SigV4 (or some open standard) auth enabled, I do want to make sure that you do get some clarity on why we do claim to be a highly secure DB, much like any other product that AWS provides.

Is there a way to enable authentication without using the complicated IAM integrated authentication?

SigV4 is the standard that most AWS services do support. I do agree that it would have been a lot easier if there were an SDK that customers could directly use. We did vend out SigV4 plugins for some of the clients (especially Java and Python) and it actually has a pretty good uptake. Do try it out and share feedback on which areas in the integration seemed to be painful, and we'd be more than happy to take a look.

EDIT 1: The OP discussion here was around security between client and the database, so the security practices in the opaque backing data store that I've quoted above isn't really relevant. In other words, the discussion here is entirely around the data plane API of Neptune and whether we could be secure by default, rather than an opt in.

Your addV() query needs a Terminal Step such as next() or iterate(). Otherwise, you get the bytecode representation of the query returned. http://www.kelvinlawrence.net/book/PracticalGremlin.html#var

It's nothing special. You can find the code online and see there is a class with that name in the package that is being imported.

I assume that you are using TinkerGraph if you are using the default gremlin-server.yaml. That file configured one TinkerGraph at:

I believe that some of the fixes that allow the IORegistry to hook the GraphBinary serializer have not yet been released although I do see the work on the main JanusGraph branch. [1] I was having the same problem you reported but was able to get things working using the GraphSONMessageSerialializerV3d0 serializer.

[1] https://github.com/JanusGraph/janusgraph/commit/1cb4b6e849e3f9c2802722fe7f84c760cd471429

This setup code works for me:

The identifier __ has no special meaning in Python, aside from not being imported by default when using from module import * like all identifiers of the form _*. See the Python documentation on Reserved Identifiers.

Each Neptune instance that you connect to has a pool of worker threads. That pool will be two times the number of vCPU on the instance. If you send the queries in a single threaded fashion you are only taking advantage of one worker thread. You can substantially increase the throughput rates by dividing the work across multiple tasks in your application. I often use the multithreading library but even using basic Python threads will likely help as these are IO bound tasks and so the threads will likely yield. I have added millions of vertices and edges using Python in this way. Without doing something like this you are not taking full advantage of the available resources on the instance. If you have the work already divided up into batches of 50, you can spread those batches across multiple threads. Matching up the number of client threads/tasks with two times the number of vCPU on the Neptune instance is a good place to start.

Ideally the threads will touch different parts of the graph to avoid concurrently trying to modify the same vertices and edges from concurrent threads.

This line