Amazon Neptune
User Guide (API Version 2017-11-29)

Configuring Security in Amazon Neptune

Security for Amazon Neptune is managed at multiple levels:

  • To control who can perform Neptune management actions on Neptune DB clusters and DB instances, you use AWS Identity and Access Management (IAM). When you connect to AWS using IAM credentials, your IAM account must have IAM policies that grant the permissions required to perform Neptune management operations. For more information, see Managing Access Using IAM.

    If you are using an IAM account to access the Neptune console, you must first log on to the AWS Management Console with your IAM account. Then open the Neptune console at

  • Neptune DB clusters must be created in a virtual private cloud (VPC). To control which devices and Amazon EC2 instances can open connections to the endpoint and port of the DB instance for Neptune DB clusters in a VPC, you use a VPC security group. For more information about VPCs, see Creating a Security Group to Provide Access to the Neptune DB Instance in the VPC .

  • You can use IAM database authentication for Neptune.

    With IAM database authentication, you authenticate to your Neptune DB cluster by using an IAM user. For more information, see IAM Database Authentication for Neptune.

  • You can use AWS Key Management Service (AWS KMS) to create encryption keys and use those keys to encrypt Neptune cluster data at rest. For more information, see Encrypting Neptune Resources