AWS Security ChangesHomeSearch

AWS neptune documentation change

Service: neptune · 2026-03-13 · Documentation medium

File: neptune/latest/userguide/access-graph-gremlin-java.md

Summary

Added a new section 'IAM authentication' for Java clients and removed deprecated dependency comments and updated SSL/TLS configuration text.

Security assessment

The change adds IAM authentication documentation for Java clients, which is a security feature. It also updates SSL/TLS configuration text by removing references to deprecated methods. While SSL/TLS updates could relate to security, there is no evidence of a vulnerability being addressed; it's a documentation cleanup and feature addition.

Diff

diff --git a/neptune/latest/userguide/access-graph-gremlin-java.md b/neptune/latest/userguide/access-graph-gremlin-java.md
index 1298e423d..ac107ae13 100644
--- a//neptune/latest/userguide/access-graph-gremlin-java.md
+++ b//neptune/latest/userguide/access-graph-gremlin-java.md
@@ -5 +5 @@
-SSL/TLS configuration
+SSL/TLS configurationIAM authentication
@@ -84,7 +83,0 @@ When prompted, enter the number for Java 11.
-        <!-- https://mvnrepository.com/artifact/org.apache.tinkerpop/gremlin-groovy
-          (Not needed for TinkerPop version 3.5.2 and up)
-        <dependency>
-          <groupId>org.apache.tinkerpop</groupId>
-          <artifactId>gremlin-groovy</artifactId>
-          <version>3.7.2</version>
-        </dependency> -->
@@ -224 +217 @@ The following methods submit the query to the Neptune DB instance:
-Neptune requires SSL/TLS to be enabled by default. Typically, if the Java driver is configured with `enableSsl(true)`, it can connect to Neptune without having to set up a `trustStore()` or `keyStore()` with a local copy of a certificate. Earlier versions of TinkerPop encouraged use of `keyCertChainFile()` to configure a locally stored `.pem` file, but that has been deprecated and no longer available after 3.5.x. If you were using that setup with a public certificate, using `SFSRootCAG2.pem`, you can now remove the local copy.
+Neptune requires SSL/TLS to be enabled by default. Typically, if the Java driver is configured with `enableSsl(true)`, it can connect to Neptune without having to set up a `trustStore()` or `keyStore()` with a local copy of a certificate.
@@ -262,0 +256,4 @@ You can do the same thing in a configuration file if you want, as you might do w
+## IAM authentication
+
+Neptune supports [IAM authentication](./iam-auth-enable.html) to control access to your DB cluster. If you have IAM authentication enabled, you need to use Signature Version 4 signing to authenticate your requests. For detailed instructions and code examples for connecting from a Java client, see [Connecting to Amazon Neptune databases using IAM with Gremlin Java](./iam-auth-connecting-gremlin-java.html).
+