Amazon Neptune
User Guide (API Version 2017-11-29)

Amazon Neptune Quick Start

This section shows you the steps required to quickly get started with Amazon Neptune. For general information about Neptune, see What Is Amazon Neptune?.


Before you create an Amazon Neptune cluster, you need the following items in one of the supported regions.


Amazon Neptune is available in the following regions:

  • US East (N. Virginia)

  • US East (Ohio)

  • US West (Oregon)

  • EU (Ireland)

  • An Amazon Virtual Private Cloud (Amazon VPC). The default VPC will work. The Neptune console can create a VPC for you when you create a Neptune cluster.

  • A Neptune DB subnet group with at least two subnets, with each subnet in a different Availability Zone. You can create a DB subnet group in the Neptune console at

  • An Amazon Elastic Compute Cloud (Amazon EC2) instance in the VPC.


    Access to the Neptune cluster from outside the VPC is disabled.

  • A security group that allows SSH (port 22) access to the Amazon EC2 instance.

  • A security group that allows TCP access to the Neptune port (the default is 8182) from the Amazon EC2 IP or its security group.


    This can be one single security group.

  • An AWS Identity and Access Management (IAM) user with NeptuneFullAccess permissions. These permissions are required to use the Neptune console and create a Neptune cluster. For information about adding these permissions, see AWS Managed (Predefined) Policies for Amazon Neptune.

    The NeptuneFullAccess IAM policy does not grant permissions for VPC, VPC endpoints, or S3. You must add these additional permissions to your IAM user or role to operate on other services. For example, if you choose to have the Neptune Console create a VPC, the IAM user or role must have VPC permissions.


    Neptune requires permission to create a service-linked role the first time you create any Neptune resources. Add the following iam:CreateServiceLinkedRole permissions to the same user or role that you give NeptuneFullAccess.

    { "Action": "iam:CreateServiceLinkedRole", "Effect": "Allow", "Resource": "arn:aws:iam::*:role/aws-service-role/", "Condition": { "StringLike": { "iam:AWSServiceName":"" } } }

    For more information, see Using Service-Linked Roles for Neptune.

  • (Loading only) An Amazon Simple Storage Service (Amazon S3) bucket in the same region as the VPC.

  • (Loading only) An Amazon S3 VPC endpoint in the region. For more information see, Amazon S3 VPC Endpoint.

For detailed instructions and information about creating these items, see Getting Started with Neptune.

Creating a Neptune Cluster

  1. Sign in to the AWS Management Console, and open the Amazon Neptune console at

  2. Ensure the console region is set to the region you used in the previous section.

  3. Choose Launch DB Instance in the upper-right corner.

  4. In the settings for the instance, use the VPC and security groups from the previous section.

  5. Launch the instance, and note the Cluster endpoint value.

For detailed instructions and information about creating an instance, see Launching a Neptune DB Cluster.

Accessing the Neptune Graph

Now that you have an instance, you can log into your EC2 instance via SSH and connect to the Neptune graph.

For Gremlin:

For a tutorial with examples on getting started with Neptune and Gremlin, see Getting Started with Neptune (Gremlin Console).

For general information about connecting to the Gremlin endpoint of the Neptune graph, see Accessing the Neptune Graph with Gremlin.


For information about connecting to the SPARQL endpoint of the Neptune graph, see Accessing the Neptune Graph with SPARQL.

For information about using the RDF4J Workbench to connect to the Neptune graph, see Using RDF4J Workbench to Connect to a Neptune DB Instance .