Condition keys available in Neptune IAM data-access policy statements - Amazon Neptune
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China.

Condition keys available in Neptune IAM data-access policy statements

Using condition keys, you can specify conditions in an IAM policy statement so that the statement takes effect only when the conditions are true.

The condition keys that you can use in Neptune data-access policy statements fall into the following categories:

Amazon global condition context keys supported by Neptune in data-access policy statements

The following table lists the subset of Amazon global condition context keys that Amazon Neptune supports for use in data-access policy statements:

Global condition keys that you can use in data-access policy statements
Condition Keys Description Type
aws:CurrentTime Filters access by the current date and time of the request. String
aws:EpochTime Filters access by date and time of the request expressed as a UNIX epoch value. Numeric
aws:PrincipalAccount Filters access by the account to which the requesting principal belongs. String
aws:PrincipalArn Filters access by the ARN of the principal that made the request. String
aws:PrincipalIsAWSService Allows access only if the call is being made directly by an Amazon service principal. Boolean
aws:PrincipalOrgID Filters access by the identifier of the organization in Amazon Organizations to which the requesting principal belongs. String
aws:PrincipalOrgPaths Filters access by the Amazon Organizations path for the principal who is making the request. String
aws:PrincipalTag Filters access by a tag attached to the principal making the request. String
aws:PrincipalType Filters access by the type of principal making the request. String
aws:RequestedRegion Filters access by the Amazon Region that was called in the request. String
aws:SecureTransport Allows access only if the request was sent using SSL. Boolean
aws:SourceIp Filters access by the requester's IP address. String
aws:TokenIssueTime Filters access by the date and time that temporary security credentials were issued. String
aws:UserAgent Filters access by the requester's client application. String
aws:userid Filters access by the requester's principal identifier. String
aws:ViaAWSService Allows access only if an Amazon service made the request on your behalf. Boolean

Neptune service-specific condition keys

Neptune supports the following service-specific condition key for IAM policies:

Neptune service-specific condition keys
Condition Keys Description Type
neptune-db:QueryLanguage

Filters data access by the query language being used.

Valid values are: gremlin, sparql, and opencypher.

Supported actions are ReadDataViaQuery, WriteDataViaQuery, DeleteDataViaQuery, GetQueryStatus, and CancelQuery.

String