Amazon Neptune
User Guide (API Version 2017-11-29)

Creating a New Neptune DB Cluster Using AWS CloudFormation or Manually

This section shows you how to use an AWS CloudFormation template to set up Amazon Neptune and create required resources quickly, without having to do everything by hand. This is the easiest way to get started with Neptune. The AWS CloudFormation template performs much of the setup for you, including creating an Amazon Elastic Compute Cloud (Amazon EC2) instance.


The AWS CloudFormation stack that is created by this template creates multiple resources, including resources in Neptune, Amazon EC2, Amazon Virtual Private Cloud (Amazon VPC), and AWS Identity and Access Management (IAM).

Some of these resources are not free-tier resources. For pricing information, see Amazon Neptune pricing and Amazon EC2 pricing. To stop any charges, you can delete the stack when you are finished with it.

This AWS CloudFormation stack is intended as a basis for a tutorial about Neptune. We recommend that you use stricter AWS Identity and Access Management (IAM) policies and security for your production environment if you use this template. For information about securing resources, see Amazon VPC Security and Amazon EC2 Network and Security.

You can also use an AWS CloudFormation template to create a Lambda function to use with Neptune (see Using AWS CloudFormation to Create a Lambda Function to Use in Neptune ).

For information about creating an Amazon Neptune cluster manually using the AWS Management Console, see Launching a Neptune DB Cluster Using the Console.

For information about managing clusters and instances in Neptune, see Using the Console to Manage Amazon Neptune.

For general information about Neptune, see Overview of Amazon Neptune Features.

Prerequisites for Using AWS CloudFormation to Set Up Neptune

Before you create an Amazon Neptune cluster, you need to have the following:

  • The required IAM permissions.

  • A key pair.

IAM Permissions

The following permissions allow you to create resources for the AWS CloudFormation stack:

AWS Managed Policies

  • AWSCloudFormationReadOnlyAccess

  • NeptuneFullAccess

Additional IAM Permissions

The following policy outlines the additional permissions that are required to create and delete this CloudFormation stack.

{ "Version": "2012-10-17", "Statement": [{ "Effect": "Allow", "Action": [ "iam:GetSSHPublicKey", "iam:ListSSHPublicKeys", "iam:CreateRole", "iam:CreatePolicy", "iam:PutRolePolicy", "iam:CreateInstanceProfile", "iam:AddRoleToInstanceProfile", "iam:GetAccountSummary", "iam:ListAccountAliases", "iam:PassRole", "iam:GetRole", "cloudformation:*Stack", "ec2:DescribeKeyPairs", "ec2:*Vpc", "ec2:DescribeInternetGateways", "ec2:*InternetGateway", "ec2:createTags", "ec2:*VpcAttribute", "ec2:DescribeRouteTables", "ec2:*RouteTable", "ec2:*Subnet", "ec2:*SecurityGroup", "ec2:AuthorizeSecurityGroupIngress", "ec2:DescribeVpcEndpoints", "ec2:*VpcEndpoint", "ec2:*SubnetAttribute", "ec2:*Route", "ec2:*Instances", "iam:DeleteRole", "iam:RemoveRoleFromInstanceProfile", "iam:DeleteRolePolicy", "iam:DeleteInstanceProfile", "ec2:DeleteVpcEndpoints" ], "Resource": "*" } ] }


The following permissions are only required to delete a stack: iam:DeleteRole, iam:RemoveRoleFromInstanceProfile, iam:DeleteRolePolicy, iam:DeleteInstanceProfile, and ec2:DeleteVpcEndpoints.

Also note that ec2:*Vpc grants ec2:DeleteVpc permissions.

EC2 Key Pair

You must have a key pair (and the PEM file) available in the Region that you create the AWS CloudFormation stack in. If you need to create a key pair, see Creating a Key Pair Using Amazon EC2 for instructions on creating the pair and downloading the PEM file.

Using an AWS CloudFormation Stack to Create a Neptune DB Cluster

You can use an AWS CloudFormation template to set up a Neptune DB Cluster.

  1. To launch the AWS CloudFormation stack on the AWS CloudFormation console, choose one of the Launch Stack buttons in the following table.

    Region View View in Designer Launch
    US East (N. Virginia) View View in Designer
    US East (Ohio) View View in Designer
    US West (Oregon) View View in Designer
    Canada (Central) View View in Designer
    EU (Stockholm) View View in Designer
    EU (Ireland) View View in Designer
    EU (London) View View in Designer
    EU (Frankfurt) View View in Designer
    Middle East (Bahrain) View View in Designer
    Asia Pacific (Tokyo) View View in Designer
    Asia Pacific (Seoul) View View in Designer
    Asia Pacific (Singapore) View View in Designer
    Asia Pacific (Sydney) View View in Designer
    Asia Pacific (Mumbai) View View in Designer
    AWS GovCloud (US-West) View View in Designer
    AWS GovCloud (US-East) View View in Designer
  2. On the Select Template page, choose Next.

  3. On the Specify Details page, choose a key pair for the EC2SSHKeyPairName.

    This key pair is required to access the EC2 instance. Ensure that you have the PEM file for the key pair that you choose.

  4. Choose Next.

  5. On the Options page, choose Next.

  6. On the Review page, select the first check box to acknowledge that AWS CloudFormation will create IAM resources. Select the second check box to acknowledge CAPABILITY_AUTO_EXPAND for the new stack.


    CAPABILITY_AUTO_EXPAND explicitly acknowledges that macros will be expanded when creating the stack, without prior review. Users often create a change set from a processed template so that the changes made by macros can be reviewed before actually creating the stack. For more information, see the AWS CloudFormation CreateStack API.

    Then choose Create.