Getting Started Accessing Your Neptune Graph - Amazon Neptune

Getting Started Accessing Your Neptune Graph

Once you have created a Neptune DB cluster, the next step is to set up a connection to it.

Connecting to a Neptune DB Cluster from Amazon Elastic Compute Cloud

After creating an instance in Amazon Elastic Compute Cloud (Amazon EC2), you can log into that instance using SSH and connect to a Amazon Neptune DB cluster. For information about connecting to an EC2 instance using SSH, see Connect to Your Linux Instance in the Amazon EC2 User Guide for Linux Instances.

If you are using a Linux or macOS command line to connect to the EC2 instance, you can paste the SSH command from the SSHAccess item in the Outputs section of the AWS CloudFormation stack. You must have the PEM file in the current directory and the PEM file permissions must be set to 400 (chmod 400 keypair.pem).

In order for the Amazon EC2 instance to connect to your Neptune endpoint on, for example, port 8182, you will need to set up a security group to do that. If your Amazon EC2 instance is using a security group named, for example, ec2-sg1, you need to create another Amazon EC2 security group (let's say db-sg1) that has inbound rules for port 8182 and has ec2-sg1 as its source. Then, add db-sg1 to your Neptune cluster to allow the connection.

Setting Up curl to Communicate with Your Neptune Endpoint

As illustrated in many of the examples in this documentation, the curl command line tool is a handy option for communicating with your Neptune endpoint. For information about the tool, see the curl man page, and the book Everything curl.

To connect using HTTPS (as we recommend and as Neptune requires in most Regions), curl needs access to appropriate certificates. To learn how to obtain these certificates and how to format them properly into a certificate authority (CA) certificate store that curl can use, see SSL Certificate Verification in the curl documentation.

You can then specify the location of this CA certificate store using the CURL_CA_BUNDLE environment variable. On Windows, curl automatically looks for it in a file named curl-ca-bundle.crt. It looks first in the same directory as curl.exe and then elsewhere on the path. For more information, see SSL Certificate Verification.

As long as curl can locate the appropriate certificates, it handles HTTPS connections just like HTTP connections, without extra parameters. Examples in this documentation are based on that scenario.

Using a Query Language to Access Graph Data in Your Neptune DB Cluster

Once you are connected, you can use one of the two graph query languages supported by Neptune to access your new graph: Gremlin and SPARQL.


You can store Gremlin and SPARQL data on the same cluster. However, they are separated on the cluster, and any data that is loaded or stored with one query language cannot be queried by the other.

You might want to use IAM authentication to connect to Gremlin or SPARQL. For more information about this option, see Connecting to Neptune Using IAM Authentication.