I'm trying to access Neptune cluster status endpoint from an SSH tunnel. I can hit it without issue on my bastion host, but when doing via ssh tunnel, I get:
https://localhost:8182/status
{"detailedMessage":"Bad request.","requestId":"random-request-id-appears-here","code":"BadRequestException"}
How can I do this? It seems like I need something with sigv4. I was hoping to see the response work after hitting this in my browser.
I've also tried awscurl after setting my env variables, I get:
raise SSLError(e, request=request)
requests.exceptions.SSLError: HTTPSConnectionPool(host='localhost', port=8182): Max retries exceeded with url: /status (Caused by SSLError(SSLCertVerificationError("hostname 'localhost' doesn't match either of '*.id.us-east-2.neptune.amazonaws.com', '*.id.us-east-2.neptune.amazonaws.com', '*.cluster-custom-id.us-east-2.neptune.amazonaws.com', '*.cluster-ro-id.us-east-2.neptune.amazonaws.com'")))
When using SSH tunnel for accessing Neptune using localhost, one need to explicitly pass Neptune endpoint as host header for signing the request. Consider below example for awscurl:
Without the explicit host header, request would be signed using "localhost" with an invalid signature.