Securing your data in Amazon Neptune

There are multiple ways for you to secure your Amazon Neptune clusters.

Using IAM policies to restrict access to a Neptune DB cluster

To control who can perform Neptune management actions on Neptune DB clusters and DB instances, use AWS Identity and Access Management (IAM).

When you use an IAM account to access the Neptune console, you must first sign in to the AWS Management Console using your IAM account before opening the Neptune console at https://console.aws.amazon.com/neptune/home.

When you connect to AWS using IAM credentials, your IAM account must have IAM policies that grant the permissions required to perform Neptune management operations. For more information, see Using different kinds of IAM policies for controlling access to Neptune.

Using VPC security groups to restrict access to a Neptune DB cluster

Neptune DB clusters must be created in an Amazon Virtual Private Cloud (Amazon VPC). To control which devices and EC2 instances can open connections to the endpoint and port of the DB instance for Neptune DB clusters in a VPC, you use a VPC security group. For more information about VPCs, see Create a security group using the VPC console.

Using IAM authentication to restrict access to a Neptune DB cluster

If you enable AWS Identity and Access Management (IAM) authentication in a Neptune DB cluster, anyone accessing the DB cluster must first be authenticated. See Overview of AWS Identity and Access Management (IAM) in Amazon Neptune for information about setting up IAM authentication.

For information about using temporary credentials to authenticate, including examples for the AWS CLI, AWS Lambda, and Amazon EC2, see IAM Authentication Using Temporary Credentials.

The following links provide additional information about connecting to Neptune using IAM authentication with the individual query languages:

Using Gremlin with IAM authentication

• Connecting to Neptune Using the Gremlin Console with Signature Version 4 Signing

• Connecting to Neptune Using Java and Gremlin with Signature Version 4 Signing

• Example: Connecting to Neptune Using Python with Signature Version 4 Signing

  Note

  This example applies to both Gremlin and SPARQL.

Using openCypher with IAM authentication

• Connecting to Neptune Using the Gremlin Console with Signature Version 4 Signing

• Connecting to Neptune Using Java and Gremlin with Signature Version 4 Signing

• Example: Connecting to Neptune Using Python with Signature Version 4 Signing

  Note

  This example applies to both Gremlin and SPARQL.

Using SPARQL with IAM authentication

• Connecting to Neptune Using Java and SPARQL with Signature Version 4 Signing (RDF4J and Jena)

• Example: Connecting to Neptune Using Python with Signature Version 4 Signing

  Note

  This example applies to both Gremlin and SPARQL.