Amazon managed (predefined) policies for Amazon Neptune - Amazon Neptune
Updates
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).

Amazon managed (predefined) policies for Amazon Neptune

Amazon addresses many common use cases by providing standalone IAM policies that are created and administered by Amazon. Managed policies grant necessary permissions for common use cases so you can avoid having to investigate what permissions are needed. For more information, see Amazon Managed Policies in the IAM User Guide.

The following Amazon managed policies, which you can attach to users in your account, are for using Amazon Neptune management APIs:

  • NeptuneReadOnlyAccess — Grants read-only access to all Neptune resources for both administrative and data-access purposes in the root Amazon account.

  • NeptuneFullAccess — Grants full access to all Neptune resources for both administrative and data-access purposes in the root Amazon account. This is recommended if you need full Neptune access from the Amazon CLI or SDK, but not for Amazon Web Services Management Console access.

  • NeptuneConsoleFullAccess — Grants full access in the root Amazon account to all Neptune administrative actions and resources, but not to any data-access actions or resources. It also includes additional permissions to simplify Neptune access from the console, including limited IAM and Amazon EC2 (VPC) permissions.

  • NeptuneGraphReadOnlyAccess — Provides read-only access to all Amazon Neptune Analytics resources along with read-only permissions for dependent services

  • AWSServiceRoleForNeptuneGraphPolicy — Lets Neptune Analytics graphs to publish CloudWatch operational and usage metrics and logs.

Neptune IAM roles and policies grant some access to Amazon RDS resources, because Neptune shares operational technology with Amazon RDS for certain management features. This includes administrative API permissions, which is why Neptune administrative actions have an rds: prefix.

Updates to Neptune Amazon managed policies

The following table tracks updates to Neptune managed policies starting from the time Neptune began tracking these changes:

Policy Description Date

Amazon managed policies for Amazon Neptune - update to existing policies

The NeptuneReadOnlyAcess and NeptuneFullAccess managed policies now include Sid (statement ID) as an identifier in the policy statement.

2024-01-22

NeptuneGraphReadOnlyAccess (released)

Released to provide read-only access to Neptune Analytics graphs and resources.

2023-11-29

AWSServiceRoleForNeptuneGraphPolicy (released)

Released to allow Neptune Analytics graphs access to CloudWatch to publish operational and usage metrics and logs. See Using service-linked roles (SLRs) in Neptune Analytics.

2023-11-29

NeptuneConsoleFullAccess (added permissions)

Added permissions provide all access needed to interact with Neptune Analytics graphs.

2023-11/29

NeptuneFullAccess (added permissions)

Added data-access permissions, and permissions for new global database APIs.

2022-07-28

NeptuneConsoleFullAccess (added permissions)

Added permissions for new global database APIs.

2022-07-21

Neptune started tracking changes

Neptune began tracking changes to its Amazon managed policies.

2022-07-21