AWS Amazon Neptune Cluster

This page shows how to write Terraform and CloudFormation for Amazon Neptune Cluster and write them securely.

aws_neptune_cluster (Terraform)

The Cluster in Amazon Neptune can be configured in Terraform with the resource name aws_neptune_cluster. The following sections describe 5 examples of how to use the resource and its parameters.

Example Usage from GitHub

test_neptune_cluster.tf#L1
resource "aws_neptune_cluster" "neptune_noncompliant_wrong" {
  enable_cloudwatch_logs_exports = []  # Noncompliant {{Make sure that disabling logging is safe here.}}
  #                                ^^
}

# Noncompliant@+1 {{Omitting enable_cloudwatch_logs_exports makes logs incomplete. Make sure it is safe here.}}
encryption.tf#L10
resource "aws_neptune_cluster" "storage_encrypted_set_to_true" {
  storage_encrypted = true
  kms_key_arn       = "arn:aws:kms:us-west-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab"
}

# WARN: Encryption is enabled without KMS
encryption.tf#L10
resource "aws_neptune_cluster" "storage_encrypted_set_to_true" {
  storage_encrypted = true
  kms_key_arn       = "arn:aws:kms:us-west-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab"
}

# WARN: Encryption is enabled without KMS
neptune_cluster_test.tf#L12
resource "aws_neptune_cluster" "fiveDaysRetenPeriod" {
  cluster_identifier                  = "neptune-cluster-demo"
  engine                              = "neptune"
  backup_retention_period             = 5
  preferred_backup_window             = "07:00-09:00"
  skip_final_snapshot                 = true
positive.tf#L1
resource "aws_neptune_cluster" "positive1" {
  cluster_identifier                  = "neptune-cluster-demo"
  engine                              = "neptune"
  backup_retention_period             = 5
  preferred_backup_window             = "07:00-09:00"
  skip_final_snapshot                 = true

Review your Terraform file for AWS best practices

Shisho Cloud, our free checker to make sure your Terraform configuration follows best practices, is available (beta).

Parameters

Explanation in Terraform Registry

Provides an Neptune Cluster Resource. A Cluster Resource defines attributes that are applied to the entire cluster of Neptune Cluster Instances. Changes to a Neptune Cluster can occur when you manually change a parameter, such as backup_retention_period, and are reflected in the next maintenance window. Because of this, Terraform may report a difference in its planning phase because a modification has not yet taken place. You can use the apply_immediately flag to instruct the service to apply the change immediately (see documentation below).

AWS::Neptune::DBCluster (CloudFormation)

The DBCluster in Neptune can be configured in CloudFormation with the resource name AWS::Neptune::DBCluster. The following sections describe 10 examples of how to use the resource and its parameters.

Example Usage from GitHub

neptune-template.yml#L7
    Type: AWS::Neptune::DBClusterParameterGroup
    Properties:
      Name: {{dbName}}
      Description: {{description}}
      Family: {{parameterGroupFamily}}
      Parameters:
NeptuneClusterLogging-FAILED.yml#L4
    Type: "AWS::Neptune::DBCluster"
    Properties:
      DBClusterIdentifier: DBClusterIdentifier
  NeptuneDBClusterEmpty:
    Type: "AWS::Neptune::DBCluster"
    Properties:
NeptuneClusterLogging-FAILED.yml#L4
    Type: "AWS::Neptune::DBCluster"
    Properties:
      DBClusterIdentifier: DBClusterIdentifier
  NeptuneDBClusterEmpty:
    Type: "AWS::Neptune::DBCluster"
    Properties:
NeptuneClusterLogging-FAILED.yml#L4
    Type: "AWS::Neptune::DBCluster"
    Properties:
      DBClusterIdentifier: DBClusterIdentifier
  NeptuneDBClusterEmpty:
    Type: "AWS::Neptune::DBCluster"
    Properties:
NeptuneClusterLogging-FAILED.yml#L4
    Type: "AWS::Neptune::DBCluster"
    Properties:
      DBClusterIdentifier: DBClusterIdentifier
  NeptuneDBClusterEmpty:
    Type: "AWS::Neptune::DBCluster"
    Properties:
ENeptuneDBClusterStorageEncrypted.json#L6
      "Type": "AWS::Neptune::DBCluster",
      "Properties": {
        "StorageEncrypted": false
      }
    },
    "ENeptuneDBClusterStorageEncryptedSecondary": {
positive2.json#L6
      "Type": "AWS::Neptune::DBCluster",
      "Properties": {
        "IamAuthEnabled": false,
        "StorageEncrypted": true
      }
    },
negative2.json#L6
      "Type": "AWS::Neptune::DBCluster",
      "Properties": {
        "IamAuthEnabled": true,
        "StorageEncrypted": true
      }
    }
deploy.json#L5
      "Type" : "AWS::Neptune::DBCluster",
      "Properties" : {
          "DBClusterIdentifier" : "String",
          "EnableCloudwatchLogsExports" : [],
          "KmsKeyId" : "String",
          "Port" : 10000,
deploy.json#L5
      "Type" : "AWS::Neptune::DBCluster",
      "Properties" : {
          "DBClusterIdentifier" : "String",
          "EnableCloudwatchLogsExports" : [],
          "KmsKeyId" : "String",
          "Port" : 10000,

Parameters

Explanation in CloudFormation Registry

The AWS::Neptune::DBCluster resource creates an Amazon Neptune DB cluster. Neptune is a fully managed graph database.

Note Currently, you can create this resource only in AWS Regions in which Amazon Neptune is supported.

If no DeletionPolicy is set for AWS::Neptune::DBCluster resources, the default deletion behavior is that the entire volume will be deleted without a snapshot. To retain a backup of the volume, the DeletionPolicy should be set to Snapshot. For more information about how AWS CloudFormation deletes resources, see DeletionPolicy Attribute.

You can use AWS::Neptune::DBCluster.DeletionProtection to help guard against unintended deletion of your DB cluster.

Frequently asked questions

What is AWS Amazon Neptune Cluster?

AWS Amazon Neptune Cluster is a resource for Amazon Neptune of Amazon Web Service. Settings can be wrote in Terraform and CloudFormation.

Where can I find the example code for the AWS Amazon Neptune Cluster?

For Terraform, the SonarSource/sonar-iac, stelligent/config-lint and ffsclyh/config-lint source code examples are useful. See the Terraform Example section for further details.

For CloudFormation, the byu-oit/handel, bridgecrewio/checkov and sprathod369/iac-example source code examples are useful. See the CloudFormation Example section for further details.