AWS Security ChangesHomeSearch

AWS neptune documentation change

Service: neptune · 2025-03-19 · Documentation low

File: neptune/latest/userguide/iam-auth-connecting-gremlin-java.md

Summary

Downgraded Neptune SigV4 Signer library version from 3.1.0 to 2.4.0 and updated credentials provider example to use AWS SDK v1 syntax

Security assessment

While the changes involve authentication mechanisms, there is no explicit evidence in the diff of addressing a security vulnerability. The modifications appear to adjust code examples rather than remediate or document security issues.

Diff

diff --git a/neptune/latest/userguide/iam-auth-connecting-gremlin-java.md b/neptune/latest/userguide/iam-auth-connecting-gremlin-java.md
index 8b7d50fe1..8559d48d2 100644
--- a/neptune/latest/userguide/iam-auth-connecting-gremlin-java.md
+++ b/neptune/latest/userguide/iam-auth-connecting-gremlin-java.md
@@ -11 +11 @@ Using TinkerPop 3.4.11 or higherBefore TinkerPop 3.4.11
-Here is an example of how to connect to Neptune using the Gremlin Java API with Sig4 signing when using TinkerPop 3.4.11 or higher (it assumes general knowledge about using Maven). This example uses the [ Amazon Neptune SigV4 Signer](https://github.com/aws/amazon-neptune-sigv4-signer) library to assist in request signing. First, define the dependencies as part of the `pom.xml` file:
+Here is an example of how to connect to Neptune using the Gremlin Java API with Sig4 signing when using TinkerPop 3.4.11 or higher (it assumes general knowledge about using Maven). First, define the dependencies as part of the `pom.xml` file:
@@ -21 +21 @@ The following examples have been updated to include the use of requestIntercepto
-      <version>3.1.0</version>
+      <version>2.4.0</version>
@@ -24 +24 @@ The following examples have been updated to include the use of requestIntercepto
-The Amazon Neptune SigV4 Signer supports use of both versions 1.x and 2.x of the AWS Java SDK. The following example uses 2.x where the `DefaultCredentialsProvider` is a `software.amazon.awssdk.auth.credentials.AwsCredentialsProvider` instance, but you could equally use the 1.x form with any `com.amazonaws.auth.AWSCredentialsProvider`. If you are upgrading from 1.x to 2.x, you can read more about the changes between 1.x and 2.x in the [Credentials provider changes](https://docs.aws.amazon.com/sdk-for-java/latest/developer-guide/migration-client-credentials.html) of the AWS SDK for Java 2.x documentation. 
+Then, use code like the following:
@@ -44 +44 @@ The Amazon Neptune SigV4 Signer supports use of both versions 1.x and 2.x of the
-                            new NeptuneNettyHttpSigV4Signer("(your region)", DefaultCredentialsProvider.create());
+                            new NeptuneNettyHttpSigV4Signer("(your region)", new DefaultAWSCredentialsProviderChain());