Amazon Neptune
User Guide (API Version 2017-11-29)

Creating a Security Group to Provide Access to a Neptune DB Instance in a VPC

Your Neptune DB instance is launched in a virtual private cloud (VPC). Security groups provide access to the Neptune DB instance in the VPC. They act as a firewall for the associated Neptune DB instance, controlling both inbound and outbound traffic at the instance level. Neptune DB instances are created by default with a firewall and a default security group that prevents access to the Neptune DB instance. You must add rules to a security group so that you can connect to your DB instance.

The security group that you need to create is a VPC security group. Neptune DB instances in a VPC require that you add rules to a VPC security group to allow access to the instance.

The following procedure shows you how to add a custom TCP rule that specifies the port range and IP addresses that the Amazon EC2 instance uses to access the database. You can use the VPC security group assigned to the EC2 instance rather than the IP address.

To create a VPC security group for Neptune on the console

  1. Sign in to the AWS Management Console and open the Amazon VPC console at https://console.aws.amazon.com/vpc/.

  2. In the upper-right corner of the console, choose the AWS Region in which you want to create the VPC security group and the Neptune DB instance. In the list of Amazon VPC resources for that Region, it should show that you have at least one VPC and several subnets. If it does not, you don't have a default VPC in that Region.

  3. In the navigation pane, choose Security Groups.

  4. Choose Create Security Group.

  5. In the Create Security Group window, enter the Name tag, Group name, and Description of your security group. Choose the VPC that you want to create your Neptune DB instance in. Choose Yes, Create.

  6. The VPC security group that you created should still be selected. The details pane at the bottom of the console window displays the details for the security group, and tabs for working with inbound and outbound rules. Choose the Inbound Rules

  7. On the Inbound Rules tab, choose Edit. In the Type list, choose Custom TCP Rule.

  8. In the PortRange text box, enter 8182, the default port value for a Neptune DB instance. Then enter the IP address range (CIDR value) from where you will access the instance. Or, choose a security group name in the Source text box.

  9. If you need to add more IP addresses or different port ranges, choose Add another rule.

  10. When you finish, choose Save.

Use the VPC security group that you just created as the security group for your DB instance when you create it.

If you use a default VPC, a default subnet group spanning all of the VPC's subnets is already created for you. When you use the Launch a Neptune DB instance wizard to create a DB instance, you can choose the default VPC and use default for the DB Subnet Group.

After you complete the setup requirements, you can use your settings and the security group that you created to launch a Neptune DB instance.