Terraform module that creates AWS Neptune resources.
- Create and manage AWS Neptune clusters, instances & snapshots.
- Create and manage Neptune cluster parameter groups.
- Define Neptune subnet groups for cluster deployment.
- Set up Neptune event subscriptions for monitoring.
- Create custom cluster endpoints with various configurations.
- Create Global clusters and read-only replicas in secondary regions.
Neptune serverless has some limitations. Please see the limitations before jumping into Neptune Serverless.
Neptune serverless requires that the engine_version attribute must be 1.2.0.1 or above. Also, you need to provide a cluster parameter group compatible with the family neptune1.2. In the examples below, the default cluster parameter group is used.
# main.tf
module "neptune" {
source = "dstrates/neptune/aws"
version = "0.1.0"
apply_immediately = true
backup_retention_period = 5
cluster_identifier = "neptune-db-dev-use2"
copy_tags_to_snapshot = true
create_neptune_cluster = true
create_neptune_cluster_parameter_group = true
create_neptune_instance = true
create_neptune_subnet_group = true
enable_serverless = false
engine_version = "1.2.0.0"
iam_database_authentication_enabled = true
kms_key_arn = data.aws_kms_key.default.arn
max_capacity = 128
min_capacity = 2.5
preferred_backup_window = "07:00-09:00"
preferred_maintenance_window = "sun:06:00-sun:10:00"
skip_final_snapshot = true
subnet_ids = data.aws_subnets.db.ids
instance_class = "db.r5.large"
neptune_cluster_parameters = {
parameter1 = {
key = "neptune_enable_audit_log"
value = "1"
}
}
neptune_db_parameters = {
parameter1 = {
key = "neptune_query_timeout"
value = "25"
}
}
event_subscriptions = {
"subscription1" = "arn:aws:sns:us-east-1:123456789012:topic1"
"subscription2" = "arn:aws:sns:us-east-1:123456789012:topic2"
}
tags = {
Name = "neptune-db-dev-use2"
Environment = "dev"
}
}module "neptune" {
source = "dstrates/neptune/aws"
version = "0.1.0"
# Standard configuration
# ...
# ...
create_neptune_cluster_endpoint = true
neptune_cluster_endpoints = {
"endpoint1" = {
endpoint_type = "READER"
static_members = ["instance-1", "instance-2"]
excluded_members = []
tags = {
Name = "Endpoint 1"
}
},
"endpoint2" = {
endpoint_type = "WRITER"
static_members = []
excluded_members = ["instance-3"]
tags = {
Name = "Endpoint 2"
}
}
}
# ... (other variables as needed)
}- Neptune Cluster Complete
- Neptune Global Cluster (New)
- Neptune Global Cluster (Existing DB cluster)
- Neptune Cluster Read-Replicas
| Name | Version |
|---|---|
| terraform | >= 1.0 |
| aws | >= 5.25 |
| Name | Version |
|---|---|
| aws | >= 5.25 |
No modules.
| Name | Type |
|---|---|
| aws_iam_role.this | resource |
| aws_iam_role_policy_attachment.this | resource |
| aws_neptune_cluster.this | resource |
| aws_neptune_cluster_endpoint.this | resource |
| aws_neptune_cluster_instance.primary | resource |
| aws_neptune_cluster_instance.read_replicas | resource |
| aws_neptune_cluster_parameter_group.this | resource |
| aws_neptune_cluster_snapshot.this | resource |
| aws_neptune_event_subscription.this | resource |
| aws_neptune_global_cluster.this | resource |
| aws_neptune_parameter_group.this | resource |
| aws_neptune_subnet_group.this | resource |
| aws_security_group.this | resource |
| aws_caller_identity.current | data source |
| aws_iam_policy_document.this | data source |
| aws_partition.current | data source |
| aws_region.current | data source |
| Name | Description | Type | Default | Required |
|---|---|---|---|---|
| allow_major_version_upgrade | (Optional) Specifies whether upgrades between different major versions are allowed. You must set it to true when providing an engine_version parameter that uses a different major version than the DB cluster's current version. | bool |
false |
no |
| apply_immediately | Specifies whether cluster modifications are applied immediately | bool |
true |
no |
| availability_zones | (Optional) A list of EC2 Availability Zones that instances in the Neptune cluster can be created in. | list(string) |
null |
no |
| backup_retention_period | The number of days to retain backups for | number |
7 |
no |
| cluster_identifier | The cluster identifier | string |
n/a | yes |
| cluster_identifier_prefix | (Optional) Creates a unique cluster identifier beginning with the specified prefix. Conflicts with cluster_identifier. | string |
null |
no |
| copy_tags_to_snapshot | (Optional) If set to true, tags are copied to any snapshot of the DB cluster that is created. | bool |
null |
no |
| create_neptune_cluster | Whether or not to create a Neptune cluster | bool |
true |
no |
| create_neptune_cluster_endpoint | Whether or not to create Neptune cluster endpoints. | bool |
false |
no |
| create_neptune_cluster_parameter_group | Whether or not to create a Neptune cluster parameter group | bool |
true |
no |
| create_neptune_cluster_snapshot | Whether or not to create a Neptune cluster snapshot | bool |
true |
no |
| create_neptune_global_cluster | Whether or not to create a Neptune global cluster | bool |
false |
no |
| create_neptune_iam_role | Whether or not to create and attach a Neptune IAM role | bool |
true |
no |
| create_neptune_instance | Whether or not to create Neptune instances | bool |
true |
no |
| create_neptune_parameter_group | Whether or not to create a Neptune DB parameter group | bool |
true |
no |
| create_neptune_security_group | Whether or not to create a Neptune security group | bool |
true |
no |
| create_neptune_subnet_group | Whether or not to create a Neptune subnet group | bool |
true |
no |
| create_timeout | Timeout for creating the Neptune cluster snapshot | string |
"20m" |
no |
| db_cluster_identifier | The DB Cluster Identifier from which to take the snapshot | string |
null |
no |
| db_cluster_snapshot_identifier | The Identifier for the snapshot | string |
null |
no |
| deletion_protection | (Optional) A value that indicates whether the DB cluster has deletion protection enabled | bool |
false |
no |
| enable_cloudwatch_logs_exports | (Optional) A list of the log types this DB cluster is configured to export to Cloudwatch Logs. Currently only supports audit and slowquery. |
list(string) |
null |
no |
| enable_serverless | Whether or not to create a Serverless Neptune cluster | bool |
true |
no |
| engine_version | The database engine version | string |
"1.2.0.1" |
no |
| event_subscriptions | Map of Neptune event subscriptions with names and SNS topic ARNs Example: { "subscription1" = "arn:aws:sns:us-east-1:123456789012:topic1", "subscription2" = "arn:aws:sns:us-east-1:123456789012:topic2" } |
map(string) |
null |
no |
| final_snapshot_identifier | (Optional) The name of your final Neptune snapshot when this Neptune cluster is deleted. If omitted, no final snapshot will be made. | string |
null |
no |
| global_cluster_deletion_protection | (Optional) Whether or not the global cluster should have deletion protection enabled. Default: false. | bool |
false |
no |
| global_cluster_engine | (Optional) Name of the database engine to be used for the global cluster. Valid values: neptune. | string |
null |
no |
| global_cluster_engine_version | (Optional) Engine version of the global database. Must be compatible with Neptune global cluster versions. | string |
null |
no |
| global_cluster_identifier | (Optional) The global cluster identifier specified on aws_neptune_global_cluster. | string |
null |
no |
| global_cluster_source_db_cluster_identifier | (Optional) ARN of a Neptune DB Cluster to use as the primary DB cluster of the global cluster. | string |
null |
no |
| global_cluster_storage_encrypted | (Optional) Specifies whether the global cluster is encrypted. The default is false unless the source DB cluster is encrypted. | bool |
null |
no |
| iam_database_authentication_enabled | Specifies whether IAM database authentication is enabled | bool |
true |
no |
| iam_roles | (Optional) A List of ARNs for the IAM roles to associate to the Neptune Cluster | list(string) |
null |
no |
| instance_class | The instance class to use for the Neptune instances (e.g., db.r5.large, db.serverless). | string |
"db.serverless" |
no |
| kms_key_arn | (Optional) The ARN for the KMS encryption key. When specifying kms_key_arn, storage_encrypted needs to be set to true. | string |
null |
no |
| max_capacity | The maximum Neptune Capacity Units (NCUs) for the cluster | number |
128 |
no |
| min_capacity | The minimum Neptune Capacity Units (NCUs) for the cluster | number |
2.5 |
no |
| neptune_cluster_endpoints | A map of Neptune cluster endpoints to create. | map(object({ |
{} |
no |
| neptune_cluster_instance_tags | Tags for the Neptune cluster instances | map(string) |
{} |
no |
| neptune_cluster_parameter_group_tags | Tags for the Neptune cluster parameter group | map(string) |
{} |
no |
| neptune_cluster_parameters | A map of Neptune cluster parameter settings | map(object({ |
{ |
no |
| neptune_db_parameters | A map of Neptune DB parameter settings | map(object({ |
{ |
no |
| neptune_event_subscription_tags | Tags for the Neptune event subscription | map(string) |
{} |
no |
| neptune_family | The family of the neptune cluster and parameter group. | string |
"neptune1.2" |
no |
| neptune_parameter_group_tags | Tags for the Neptune parameter group | map(string) |
{} |
no |
| neptune_port | Network port for the Neptune DB Cluster | number |
8182 |
no |
| neptune_role_description | Description for the Neptune IAM role | string |
null |
no |
| neptune_role_name | Name for the Neptune IAM role | string |
"iam-role-neptune" |
no |
| neptune_role_permissions_boundary | ARN of the policy that is used to set the permissions boundary for the Neptune IAM role | string |
null |
no |
| neptune_security_group_tags | Tags for the Neptune security group | map(string) |
{} |
no |
| neptune_subnet_cidrs | A list of subnet CIDRs where the Neptune cluster is situated | list(string) |
[ |
no |
| neptune_subnet_group_tags | Tags for the Neptune subnet group | map(string) |
{} |
no |
| port | (Optional) The port on which the Neptune accepts connections. | number |
8182 |
no |
| preferred_backup_window | The daily time range during which automated backups are created | string |
"07:00-09:00" |
no |
| preferred_maintenance_window | (Optional) The weekly time range during which system maintenance can occur, in UTC, e.g., 'wed:04:00-wed:04:30'. | string |
null |
no |
| read_replica_count | Number of read replicas to create. | number |
0 |
no |
| replication_source_identifier | (Optional) ARN of a source Neptune cluster or Neptune instance if this Neptune cluster is to be created as a Read Replica. | string |
null |
no |
| skip_final_snapshot | Determines whether a final Neptune snapshot is created before deletion | bool |
true |
no |
| snapshot_identifier | (Optional) Specifies whether or not to create this cluster from a snapshot. | string |
null |
no |
| storage_encrypted | (Optional) Specifies whether the Neptune cluster is encrypted. | bool |
true |
no |
| storage_type | (Optional) Storage type associated with the cluster (standard or iopt1). Default: standard | string |
"standard" |
no |
| subnet_ids | A list of subnet IDs to associate with the Neptune cluster | list(string) |
null |
no |
| tags | A map of tags to assign to the Neptune cluster | map(string) |
{} |
no |
| vpc_id | The VPC ID for the Neptune cluster and security group | string |
null |
no |
| vpc_security_group_ids | (Optional) List of VPC security groups to associate with the Cluster | list(string) |
null |
no |
| Name | Description |
|---|---|
| neptune_cluster_arn | ARN of the Neptune cluster |
| neptune_cluster_endpoint | The endpoint of the Neptune cluster |
| neptune_cluster_endpoint_ids | IDs of the Neptune cluster endpoints |
| neptune_cluster_id | ID of the Neptune cluster |
| neptune_cluster_reader_endpoint | The reader endpoint of the Neptune cluster |
| neptune_cluster_resource_id | The resource ID of the Neptune cluster |
| neptune_cluster_snapshot_arn | The Amazon Resource Name (ARN) for the DB Cluster Snapshot |
| neptune_db_parameter_group_id | ID of the Neptune DB parameter group |
| neptune_event_subscription_ids | IDs of the Neptune event subscriptions |
| neptune_global_cluster_arn | ARN of the Neptune global cluster |
| neptune_global_cluster_id | ID of the Neptune global cluster |
| neptune_global_cluster_members | A set of objects containing global cluster members |
| neptune_global_cluster_resource_id | AWS Region-unique, immutable identifier for the global database cluster |
| neptune_iam_role_arn | ARN of the IAM role for Neptune |
| neptune_instance_id | ID of the Neptune cluster instance |
| neptune_parameter_group_id | ID of the Neptune cluster parameter group |
| neptune_security_group_id | ID of the Neptune security group |
| neptune_subnet_group_id | ID of the Neptune subnet group |
![@renovate[bot]](https://avatars.githubusercontent.com/in/2740?s=64&v=4){kind=small}
![@github-actions[bot]](https://avatars.githubusercontent.com/in/15368?s=64&v=4){kind=small}