Actions available in Neptune IAM data-access policy statements - Amazon Neptune
* * * Query-based actions * * *ReadDataViaQueryWriteDataViaQueryDeleteDataViaQueryGetQueryStatusGetStreamRecordsCancelQuery* * * General actions * * *GetEngineStatusGetStatisticsStatusGetGraphSummaryManageStatisticsDeleteStatisticsResetDatabase* * * Loader actions * * *StartLoaderJobGetLoaderJobStatusListLoaderJobsCancelLoaderJob* * * Machine-learning * * *StartMLDataProcessingJobStartMLModelTrainingJobStartMLModelTransformJobCreateMLEndpointGetMLDataProcessingJobStatusGetMLModelTrainingJobStatusGetMLModelTransformJobStatusGetMLEndpointStatusListMLDataProcessingJobsListMLModelTrainingJobsListMLModelTransformJobsListMLEndpointsCancelMLDataProcessingJobCancelMLModelTrainingJobCancelMLModelTransformJobDeleteMLEndpoint
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).

Actions available in Neptune IAM data-access policy statements

Note that Neptune data-access actions have the prefix neptune-db:, whereas administrative actions in Neptune have the prefix rds:.

The Amazon Resource Name (ARN) for a data resource in IAM is not the same as the ARN assigned to a cluster on creation. You must construct the ARN as shown in Specifying data resources. Such data resource ARNs can use wildcards to include multiple resources.

Data-access policy statements can also include the neptune-db:QueryLanguage condition key to restrict access by query language.

Starting with Release: 1.2.0.0 (2022-07-21), Neptune supports restricting permissions to one or more specific Neptune actions. This provides more granular access control than was previously possible.

Important

  • Changes to an IAM policy take up to 10 minutes to apply to the specified Neptune resources.

  • IAM policies that are applied to a Neptune DB cluster apply to all instances in that cluster.

Query-based data-access actions

Note

It isn't always obvious what permissions are needed to run a given query, because queries can potentially take more than one action depending on the data that they process. See Using query actions for more information.

neptune-db:ReadDataViaQuery

ReadDataViaQuery allows the user to read data from the Neptune database by submitting queries.

Action groups: read-only, read-write.

Action context keys: neptune-db:QueryLanguage.

Required resources: database.

neptune-db:WriteDataViaQuery

WriteDataViaQuery allows the user to write data to the Neptune database by submitting queries.

Action groups: read-write.

Action context keys: neptune-db:QueryLanguage.

Required resources: database.

neptune-db:DeleteDataViaQuery

DeleteDataViaQuery allows the user to delete data from the Neptune database by submitting queries.

Action groups: read-write.

Action context keys: neptune-db:QueryLanguage.

Required resources: database.

neptune-db:GetQueryStatus

GetQueryStatus allows the user to check the status of all active queries.

Action groups: read-only, read-write.

Action context keys: neptune-db:QueryLanguage.

Required resources: database.

neptune-db:GetStreamRecords

GetStreamRecords allows the user to fetch stream records from Neptune.

Action groups: read-write.

Action context keys: neptune-db:QueryLanguage.

Required resources: database.

neptune-db:CancelQuery

CancelQuery allows the user to to cancel a query.

Action groups: read-write.

Required resources: database.

General data-access actions

neptune-db:GetEngineStatus

GetEngineStatus allows the user to check the status of the Neptune engine.

Action groups: read-only, read-write.

Required resources: database.

neptune-db:GetStatisticsStatus

GetStatisticsStatus allows the user to check the status of statistics being collected for the database.

Action groups: read-only, read-write.

Required resources: database.

neptune-db:GetGraphSummary

GetGraphSummary The graph summary API enables you to retrieve a read-only summary of your graph.

Action groups: read-only, read-write.

Required resources: database.

neptune-db:ManageStatistics

ManageStatistics allows the user to to manage the collection of statistics for the database.

Action groups: read-write.

Required resources: database.

neptune-db:DeleteStatistics

DeleteStatistics allows the user to delete all the statistics in the database.

Action groups: read-write.

Required resources: database.

neptune-db:ResetDatabase

ResetDatabase allows the user to get the token needed for a reset and to reset the Neptune database.

Action groups: read-write.

Required resources: database.

Bulk-loader data-access actions

neptune-db:StartLoaderJob

StartLoaderJob allows the user to start a bulk-loader job.

Action groups: read-write.

Required resources: database.

neptune-db:GetLoaderJobStatus

GetLoaderJobStatus allows the user to check the status of a bulk-loader job.

Action groups: read-only, read-write.

Required resources: database.

neptune-db:ListLoaderJobs

ListLoaderJobs allows the user to list all the bulk-loader jobs.

Action groups: list-only, read-only, read-write.

Required resources: database.

neptune-db:CancelLoaderJob

CancelLoaderJob allows the user to cancel a loader job.

Action groups: read-write.

Required resources: database.

Machine-learning data-access actions

neptune-db:StartMLDataProcessingJob

StartMLDataProcessingJob allows a user to start a Neptune ML data processing job.

Action groups: read-write.

Required resources: database.

neptune-db:StartMLModelTrainingJob

StartMLModelTrainingJob allows a user to start an ML model training job.

Action groups: read-write.

Required resources: database.

neptune-db:StartMLModelTransformJob

StartMLModelTransformJob allows a user to start an ML model transform job.

Action groups: read-write.

Required resources: database.

neptune-db:CreateMLEndpoint

CreateMLEndpoint allows a user to create a Neptune ML endpoint.

Action groups: read-write.

Required resources: database.

neptune-db:GetMLDataProcessingJobStatus

GetMLDataProcessingJobStatus allows a user to check the status of a Neptune ML data processing job.

Action groups: read-only, read-write.

Required resources: database.

neptune-db:GetMLModelTrainingJobStatus

GetMLModelTrainingJobStatus allows a user to check the status of a Neptune ML model training job.

Action groups: read-only, read-write.

Required resources: database.

neptune-db:GetMLModelTransformJobStatus

GetMLModelTransformJobStatus allows a user to check the status of a Neptune ML model transform job.

Action groups: read-only, read-write.

Required resources: database.

neptune-db:GetMLEndpointStatus

GetMLEndpointStatus allows a user to check the status of a Neptune ML endpoint.

Action groups: read-only, read-write.

Required resources: database.

neptune-db:ListMLDataProcessingJobs

ListMLDataProcessingJobs allows a user to list all the Neptune ML data processing jobs.

Action groups: list-only, read-only, read-write.

Required resources: database.

neptune-db:ListMLModelTrainingJobs

ListMLModelTrainingJobs allows a user to list all the Neptune ML model training jobs.

Action groups: list-only, read-only, read-write.

Required resources: database.

neptune-db:ListMLModelTransformJobs

ListMLModelTransformJobs allows a user to list all the ML model transform jobs.

Action groups: list-only, read-only, read-write.

Required resources: database.

neptune-db:ListMLEndpoints

ListMLEndpoints allows a user to list all the Neptune ML endpoints.

Action groups: list-only, read-only, read-write.

Required resources: database.

neptune-db:CancelMLDataProcessingJob

CancelMLDataProcessingJob allows a user to cancel a Neptune ML data processing job.

Action groups: read-write.

Required resources: database.

neptune-db:CancelMLModelTrainingJob

CancelMLModelTrainingJob allows a user to cancel a Neptune ML model training job.

Action groups: read-write.

Required resources: database.

neptune-db:CancelMLModelTransformJob

CancelMLModelTransformJob allows a user to cancel a Neptune ML model transform job.

Action groups: read-write.

Required resources: database.

neptune-db:DeleteMLEndpoint

DeleteMLEndpoint allows a user to delete a Neptune ML endpoint.

Action groups: read-write.

Required resources: database.