AWS Amazon Neptune Cluster
This page shows how to write Terraform and CloudFormation for Amazon Neptune Cluster and write them securely.
aws_neptune_cluster (Terraform)
The Cluster in Amazon Neptune can be configured in Terraform with the resource name aws_neptune_cluster
. The following sections describe 5 examples of how to use the resource and its parameters.
Example Usage from GitHub
resource "aws_neptune_cluster" "neptune_noncompliant_wrong" {
enable_cloudwatch_logs_exports = [] # Noncompliant {{Make sure that disabling logging is safe here.}}
# ^^
}
# Noncompliant@+1 {{Omitting enable_cloudwatch_logs_exports makes logs incomplete. Make sure it is safe here.}}
resource "aws_neptune_cluster" "storage_encrypted_set_to_true" {
storage_encrypted = true
kms_key_arn = "arn:aws:kms:us-west-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab"
}
# WARN: Encryption is enabled without KMS
resource "aws_neptune_cluster" "storage_encrypted_set_to_true" {
storage_encrypted = true
kms_key_arn = "arn:aws:kms:us-west-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab"
}
# WARN: Encryption is enabled without KMS
resource "aws_neptune_cluster" "fiveDaysRetenPeriod" {
cluster_identifier = "neptune-cluster-demo"
engine = "neptune"
backup_retention_period = 5
preferred_backup_window = "07:00-09:00"
skip_final_snapshot = true
resource "aws_neptune_cluster" "positive1" {
cluster_identifier = "neptune-cluster-demo"
engine = "neptune"
backup_retention_period = 5
preferred_backup_window = "07:00-09:00"
skip_final_snapshot = true
Parameters
-
apply_immediately
optional computed - bool -
arn
optional computed - string -
availability_zones
optional computed - set of string -
backup_retention_period
optional - number -
cluster_identifier
optional computed - string -
cluster_identifier_prefix
optional computed - string -
cluster_members
optional computed - set of string -
cluster_resource_id
optional computed - string -
deletion_protection
optional - bool -
enable_cloudwatch_logs_exports
optional - set of string -
endpoint
optional computed - string -
engine
optional - string -
engine_version
optional computed - string -
final_snapshot_identifier
optional - string -
hosted_zone_id
optional computed - string -
iam_database_authentication_enabled
optional - bool -
iam_roles
optional - set of string -
id
optional computed - string -
kms_key_arn
optional computed - string -
neptune_cluster_parameter_group_name
optional - string -
neptune_subnet_group_name
optional computed - string -
port
optional - number -
preferred_backup_window
optional computed - string -
preferred_maintenance_window
optional computed - string -
reader_endpoint
optional computed - string -
replication_source_identifier
optional - string -
skip_final_snapshot
optional - bool -
snapshot_identifier
optional - string -
storage_encrypted
optional - bool -
tags
optional - map from string to string -
vpc_security_group_ids
optional computed - set of string -
timeouts
single block
Explanation in Terraform Registry
Provides an Neptune Cluster Resource. A Cluster Resource defines attributes that are applied to the entire cluster of Neptune Cluster Instances. Changes to a Neptune Cluster can occur when you manually change a parameter, such as
backup_retention_period
, and are reflected in the next maintenance window. Because of this, Terraform may report a difference in its planning phase because a modification has not yet taken place. You can use theapply_immediately
flag to instruct the service to apply the change immediately (see documentation below).
AWS::Neptune::DBCluster (CloudFormation)
The DBCluster in Neptune can be configured in CloudFormation with the resource name AWS::Neptune::DBCluster
. The following sections describe 10 examples of how to use the resource and its parameters.
Example Usage from GitHub
Type: AWS::Neptune::DBClusterParameterGroup
Properties:
Name: {{dbName}}
Description: {{description}}
Family: {{parameterGroupFamily}}
Parameters:
Type: "AWS::Neptune::DBCluster"
Properties:
DBClusterIdentifier: DBClusterIdentifier
NeptuneDBClusterEmpty:
Type: "AWS::Neptune::DBCluster"
Properties:
Type: "AWS::Neptune::DBCluster"
Properties:
DBClusterIdentifier: DBClusterIdentifier
NeptuneDBClusterEmpty:
Type: "AWS::Neptune::DBCluster"
Properties:
Type: "AWS::Neptune::DBCluster"
Properties:
DBClusterIdentifier: DBClusterIdentifier
NeptuneDBClusterEmpty:
Type: "AWS::Neptune::DBCluster"
Properties:
Type: "AWS::Neptune::DBCluster"
Properties:
DBClusterIdentifier: DBClusterIdentifier
NeptuneDBClusterEmpty:
Type: "AWS::Neptune::DBCluster"
Properties:
"Type": "AWS::Neptune::DBCluster",
"Properties": {
"IamAuthEnabled": true,
"StorageEncrypted": true
}
}
"Type": "AWS::Neptune::DBCluster",
"Properties": {
"IamAuthEnabled": false,
"StorageEncrypted": true
}
},
"Type": "AWS::Neptune::DBCluster",
"Properties": {
"StorageEncrypted": false
}
},
"ENeptuneDBClusterStorageEncryptedSecondary": {
"Type" : "AWS::Neptune::DBCluster",
"Properties" : {
"DBClusterIdentifier" : "String",
"EnableCloudwatchLogsExports" : [],
"KmsKeyId" : "String",
"Port" : 10000,
"Type" : "AWS::Neptune::DBCluster",
"Properties" : {
"DBClusterIdentifier" : "String",
"EnableCloudwatchLogsExports" : [],
"KmsKeyId" : "String",
"Port" : 10000,
Parameters
-
StorageEncrypted
optional - Boolean -
RestoreToTime
optional - String -
EngineVersion
optional - String -
KmsKeyId
optional - String -
AssociatedRoles
optional - List of DBClusterRole -
AvailabilityZones
optional - List -
SnapshotIdentifier
optional - String -
Port
optional - Integer -
DBClusterIdentifier
optional - String -
PreferredMaintenanceWindow
optional - String -
IamAuthEnabled
optional - Boolean -
DBSubnetGroupName
optional - String -
DeletionProtection
optional - Boolean -
PreferredBackupWindow
optional - String -
UseLatestRestorableTime
optional - Boolean -
VpcSecurityGroupIds
optional - List -
SourceDBClusterIdentifier
optional - String -
DBClusterParameterGroupName
optional - String -
BackupRetentionPeriod
optional - Integer -
RestoreType
optional - String -
Tags
optional - List of Tag -
EnableCloudwatchLogsExports
optional - List
Explanation in CloudFormation Registry
The
AWS::Neptune::DBCluster
resource creates an Amazon Neptune DB cluster. Neptune is a fully managed graph database.Note Currently, you can create this resource only in AWS Regions in which Amazon Neptune is supported.
If no
DeletionPolicy
is set forAWS::Neptune::DBCluster
resources, the default deletion behavior is that the entire volume will be deleted without a snapshot. To retain a backup of the volume, theDeletionPolicy
should be set toSnapshot
. For more information about how AWS CloudFormation deletes resources, see DeletionPolicy Attribute.You can use
AWS::Neptune::DBCluster.DeletionProtection
to help guard against unintended deletion of your DB cluster.
Frequently asked questions
What is AWS Amazon Neptune Cluster?
AWS Amazon Neptune Cluster is a resource for Amazon Neptune of Amazon Web Service. Settings can be wrote in Terraform and CloudFormation.
Where can I find the example code for the AWS Amazon Neptune Cluster?
For Terraform, the SonarSource/sonar-iac, stelligent/config-lint and ffsclyh/config-lint source code examples are useful. See the Terraform Example section for further details.
For CloudFormation, the byu-oit/handel, SnidermanIndustries/checkov-fork and sprathod369/iac-example source code examples are useful. See the CloudFormation Example section for further details.