Top / Amazon Web Service / AWS Amazon Neptune / Cluster

AWS Amazon Neptune Cluster

This page shows how to write Terraform and CloudFormation for Amazon Neptune Cluster and write them securely.

terraform-logo

Review your .tf file for AWS best practices

Shisho Cloud, our free checker to make sure your Terraform configuration follows best practices, is available (beta).

aws_neptune_cluster (Terraform)

The Cluster in Amazon Neptune can be configured in Terraform with the resource name aws_neptune_cluster. The following sections describe 5 examples of how to use the resource and its parameters.

Example Usage from GitHub

test_neptune_cluster.tf#L1
resource "aws_neptune_cluster" "neptune_noncompliant_wrong" {
  enable_cloudwatch_logs_exports = []  # Noncompliant {{Make sure that disabling logging is safe here.}}
  #                                ^^
}

# Noncompliant@+1 {{Omitting enable_cloudwatch_logs_exports makes logs incomplete. Make sure it is safe here.}}
encryption.tf#L10
resource "aws_neptune_cluster" "storage_encrypted_set_to_true" {
  storage_encrypted = true
  kms_key_arn       = "arn:aws:kms:us-west-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab"
}

# WARN: Encryption is enabled without KMS
encryption.tf#L10
resource "aws_neptune_cluster" "storage_encrypted_set_to_true" {
  storage_encrypted = true
  kms_key_arn       = "arn:aws:kms:us-west-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab"
}

# WARN: Encryption is enabled without KMS
neptune_cluster_test.tf#L12
resource "aws_neptune_cluster" "fiveDaysRetenPeriod" {
  cluster_identifier                  = "neptune-cluster-demo"
  engine                              = "neptune"
  backup_retention_period             = 5
  preferred_backup_window             = "07:00-09:00"
  skip_final_snapshot                 = true
positive.tf#L1
resource "aws_neptune_cluster" "positive1" {
  cluster_identifier                  = "neptune-cluster-demo"
  engine                              = "neptune"
  backup_retention_period             = 5
  preferred_backup_window             = "07:00-09:00"
  skip_final_snapshot                 = true

Review your Terraform file for AWS best practices

Shisho Cloud, our free checker to make sure your Terraform configuration follows best practices, is available (beta).

Parameters

>> from Terraform Registry

Explanation in Terraform Registry

Provides an Neptune Cluster Resource. A Cluster Resource defines attributes that are applied to the entire cluster of Neptune Cluster Instances. Changes to a Neptune Cluster can occur when you manually change a parameter, such as backup_retention_period, and are reflected in the next maintenance window. Because of this, Terraform may report a difference in its planning phase because a modification has not yet taken place. You can use the apply_immediately flag to instruct the service to apply the change immediately (see documentation below).

>> from Terraform Registry

AWS::Neptune::DBCluster (CloudFormation)

The DBCluster in Neptune can be configured in CloudFormation with the resource name AWS::Neptune::DBCluster. The following sections describe 10 examples of how to use the resource and its parameters.

Example Usage from GitHub

neptune-template.yml#L7
    Type: AWS::Neptune::DBClusterParameterGroup
    Properties:
      Name: {{dbName}}
      Description: {{description}}
      Family: {{parameterGroupFamily}}
      Parameters:
NeptuneClusterLogging-FAILED.yml#L4
    Type: "AWS::Neptune::DBCluster"
    Properties:
      DBClusterIdentifier: DBClusterIdentifier
  NeptuneDBClusterEmpty:
    Type: "AWS::Neptune::DBCluster"
    Properties:
NeptuneClusterLogging-FAILED.yml#L4
    Type: "AWS::Neptune::DBCluster"
    Properties:
      DBClusterIdentifier: DBClusterIdentifier
  NeptuneDBClusterEmpty:
    Type: "AWS::Neptune::DBCluster"
    Properties:
NeptuneClusterLogging-FAILED.yml#L4
    Type: "AWS::Neptune::DBCluster"
    Properties:
      DBClusterIdentifier: DBClusterIdentifier
  NeptuneDBClusterEmpty:
    Type: "AWS::Neptune::DBCluster"
    Properties:
NeptuneClusterLogging-FAILED.yml#L4
    Type: "AWS::Neptune::DBCluster"
    Properties:
      DBClusterIdentifier: DBClusterIdentifier
  NeptuneDBClusterEmpty:
    Type: "AWS::Neptune::DBCluster"
    Properties:
negative2.json#L6
      "Type": "AWS::Neptune::DBCluster",
      "Properties": {
        "IamAuthEnabled": true,
        "StorageEncrypted": true
      }
    }
positive2.json#L6
      "Type": "AWS::Neptune::DBCluster",
      "Properties": {
        "IamAuthEnabled": false,
        "StorageEncrypted": true
      }
    },
ENeptuneDBClusterStorageEncrypted.json#L6
      "Type": "AWS::Neptune::DBCluster",
      "Properties": {
        "StorageEncrypted": false
      }
    },
    "ENeptuneDBClusterStorageEncryptedSecondary": {
deploy.json#L5
      "Type" : "AWS::Neptune::DBCluster",
      "Properties" : {
          "DBClusterIdentifier" : "String",
          "EnableCloudwatchLogsExports" : [],
          "KmsKeyId" : "String",
          "Port" : 10000,
deploy.json#L5
      "Type" : "AWS::Neptune::DBCluster",
      "Properties" : {
          "DBClusterIdentifier" : "String",
          "EnableCloudwatchLogsExports" : [],
          "KmsKeyId" : "String",
          "Port" : 10000,

Parameters

>> from AWS CloudFormation Documentation

Explanation in CloudFormation Registry

The AWS::Neptune::DBCluster resource creates an Amazon Neptune DB cluster. Neptune is a fully managed graph database.

Note Currently, you can create this resource only in AWS Regions in which Amazon Neptune is supported.

If no DeletionPolicy is set for AWS::Neptune::DBCluster resources, the default deletion behavior is that the entire volume will be deleted without a snapshot. To retain a backup of the volume, the DeletionPolicy should be set to Snapshot. For more information about how AWS CloudFormation deletes resources, see DeletionPolicy Attribute.

You can use AWS::Neptune::DBCluster.DeletionProtection to help guard against unintended deletion of your DB cluster.

>> from AWS CloudFormation Documentation

The Other Related AWS Amazon Neptune Resources

Frequently asked questions

What is AWS Amazon Neptune Cluster?

AWS Amazon Neptune Cluster is a resource for Amazon Neptune of Amazon Web Service. Settings can be wrote in Terraform and CloudFormation.

Where can I find the example code for the AWS Amazon Neptune Cluster?

For Terraform, the SonarSource/sonar-iac, stelligent/config-lint and ffsclyh/config-lint source code examples are useful. See the Terraform Example section for further details.

For CloudFormation, the byu-oit/handel, SnidermanIndustries/checkov-fork and sprathod369/iac-example source code examples are useful. See the CloudFormation Example section for further details.

security-icon

Automate config file reviews on your commits

Fix issues in your infrastructure as code with auto-generated patches.

Table of Contents