Securing your data in Amazon Neptune - Amazon Neptune
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China.

Securing your data in Amazon Neptune

There are multiple ways for you to secure your Amazon Neptune clusters.

Using IAM policies to restrict access to a Neptune DB cluster

To control who can perform Neptune management actions on Neptune DB clusters and DB instances, use Amazon Identity and Access Management (IAM).

When you use an IAM account to access the Neptune console, you must first sign in to the Amazon Web Services Management Console using your IAM account before opening the Neptune console at https://console.aws.amazon.com/neptune/home.

When you connect to Amazon using IAM credentials, your IAM account must have IAM policies that grant the permissions required to perform Neptune management operations. For more information, see Using different kinds of IAM policies for controlling access to Neptune.

Using VPC security groups to restrict access to a Neptune DB cluster

Neptune DB clusters must be created in an Amazon Virtual Private Cloud (Amazon VPC). To control which devices and EC2 instances can open connections to the endpoint and port of the DB instance for Neptune DB clusters in a VPC, you use a VPC security group. For more information about VPCs, see Create a security group using the VPC console.

Using IAM authentication to restrict access to a Neptune DB cluster

If you enable Amazon Identity and Access Management (IAM) authentication in a Neptune DB cluster, anyone accessing the DB cluster must first be authenticated. See Overview of Amazon Identity and Access Management (IAM) in Amazon Neptune for information about setting up IAM authentication.

For information about using temporary credentials to authenticate, including examples for the Amazon CLI, Amazon Lambda, and Amazon EC2, see IAM Authentication Using Temporary Credentials.

The following links provide additional information about connecting to Neptune using IAM authentication with the individual query languages: