Amazon Neptune (IAM)

aws database

Amazon Neptune is a fast, reliable, fully managed graph database service that makes it easy to build and run applications that work with highly connected datasets.

Common permissions

neptune-db:GetEngineStatusneptune-db:GetGraphSummaryneptune-db:ReadDataViaQueryneptune-db:WriteDataViaQueryneptune-db:GetQueryStatusneptune-db:ListLoaderJobsneptune-db:GetStreamRecordsneptune-db:GetStatisticsStatus

Least-privilege example

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Action": [
        "neptune-db:GetEngineStatus",
        "neptune-db:GetGraphSummary",
        "neptune-db:ReadDataViaQuery",
        "neptune-db:WriteDataViaQuery",
        "neptune-db:GetQueryStatus",
        "neptune-db:ListLoaderJobs",
        "neptune-db:GetStreamRecords",
        "neptune-db:GetStatisticsStatus"
      ],
      "Resource": "*"
    }
  ]
}

Warnings

Avoid neptune-db:* — grants full control including delete/modify of data and ML endpoints
Avoid neptune-db:DeleteDataViaQuery — can delete graph data via SPARQL/Gremlin queries

Resources

AWS referenceservicereference.us-east-1.amazonaws.com/v1/neptune-db/neptune-db.json ↗

API

full doc /v1/iam/neptune-db