/terraform-aws-neptune

Terraform module that creates AWS Neptune resources

Primary LanguageHCLApache License 2.0Apache-2.0

Terraform AWS Neptune Module

Terraform module that creates AWS Neptune resources.

Features

  • Create and manage AWS Neptune clusters and instances with support for Neptune Serverless.
  • Configure Neptune cluster parameters dynamically.
  • Create and manage Neptune cluster parameter groups.
  • Define Neptune subnet groups for cluster deployment.
  • Set up Neptune event subscriptions for monitoring.
  • Create custom cluster endpoints with various configurations.

Limitations

  • No support for Neptune Global Cluster

Usage

Neptune serverless has some limitations. Please see the limitations before jumping into Neptune Serverless.

Neptune serverless requires that the engine_version attribute must be 1.2.0.1 or above. Also, you need to provide a cluster parameter group compatible with the family neptune1.2. In the examples below, the default cluster parameter group is used.

Standard configuration

# main.tf

module "neptune" {
  source  = "dstrates/neptune/aws"
  version = "0.0.1"

  apply_immediately                      = true
  backup_retention_period                = 5
  cluster_identifier                     = "neptune-db-dev-use2"
  create_neptune_cluster                 = true
  create_neptune_cluster_parameter_group = true
  create_neptune_instance                = true
  create_neptune_subnet_group            = true
  enable_serverless                      = true
  engine_version                         = "1.2.0.1" # Neptune Serverless
  iam_database_authentication_enabled    = true
  kms_key_arn                            = data.aws_kms_key.default.arn
  max_capacity                           = 128
  min_capacity                           = 2.5
  preferred_backup_window                = "07:00-09:00"
  skip_final_snapshot                    = true
  subnet_ids                             = data.aws_subnets.db.ids

  neptune_cluster_parameters = {
    parameter1 = {
      key   = "neptune_enable_audit_log"
      value = "1"
    }
  }

  neptune_db_parameters = {
    parameter1 = {
      key   = "neptune_query_timeout"
      value = "25"
    }
  }

  event_subscriptions = {
    "subscription1" = "arn:aws:sns:us-east-1:123456789012:topic1"
    "subscription2" = "arn:aws:sns:us-east-1:123456789012:topic2"
  }

  tags = {
    Name        = "neptune-db-dev-use2"
    Environment = "dev"
  }
}

Advanced endpoint configuration

module "neptune" {
  source  = "dstrates/neptune/aws"
  version = "0.0.1"

  # Standard configuration
  # ...
  # ...

  create_neptune_cluster_endpoint     = true

  neptune_cluster_endpoints           = {
    "endpoint1" = {
      endpoint_type    = "READER"
      static_members   = ["instance-1", "instance-2"]
      excluded_members = []
      tags             = {
        Name = "Endpoint 1"
      }
    },
    "endpoint2" = {
      endpoint_type    = "WRITER"
      static_members   = []
      excluded_members = ["instance-3"]
      tags             = {
        Name = "Endpoint 2"
      }
    }
  }

  # ... (other variables as needed)
}

Examples

Requirements

Name Version
terraform >= 1.0
aws >= 5.25

Providers

Name Version
aws n/a

Modules

No modules.

Resources

Name Type
aws_iam_role.this resource
aws_iam_role_policy_attachment.this resource
aws_neptune_cluster.this resource
aws_neptune_cluster_endpoint.this resource
aws_neptune_cluster_instance.this resource
aws_neptune_cluster_parameter_group.this resource
aws_neptune_cluster_snapshot.this resource
aws_neptune_event_subscription.this resource
aws_neptune_parameter_group.this resource
aws_neptune_subnet_group.this resource
aws_security_group.this resource
aws_caller_identity.current data source
aws_iam_policy_document.this data source
aws_region.current data source

Inputs

Name Description Type Default Required
allow_major_version_upgrade (Optional) Specifies whether upgrades between different major versions are allowed. You must set it to true when providing an engine_version parameter that uses a different major version than the DB cluster's current version. bool false no
apply_immediately Specifies whether cluster modifications are applied immediately bool true no
backup_retention_period The number of days to retain backups for number 7 no
cluster_identifier The cluster identifier string n/a yes
create_neptune_cluster Whether or not to create a Neptune cluster bool true no
create_neptune_cluster_endpoint Whether or not to create Neptune cluster endpoints. bool false no
create_neptune_cluster_parameter_group Whether or not to create a Neptune cluster parameter group bool true no
create_neptune_cluster_snapshot Whether or not to create a Neptune cluster snapshot bool true no
create_neptune_iam_role Whether or not to create and attach Neptune IAM role bool true no
create_neptune_instance Whether or not to create Neptune instances bool true no
create_neptune_parameter_group Whether or not to create a Neptune DB parameter group bool true no
create_neptune_security_group Whether or not to create a Neptune security group bool true no
create_neptune_subnet_group Whether or not to create a Neptune subnet group bool true no
create_timeout Timeout for creating the Neptune cluster snapshot string "20m" no
db_cluster_identifier The DB Cluster Identifier from which to take the snapshot string n/a yes
db_cluster_snapshot_identifier The Identifier for the snapshot string n/a yes
deletion_protection (Optional) A value that indicates whether the DB cluster has deletion protection enabled bool false no
enable_cloudwatch_logs_exports (Optional) A list of the log types this DB cluster is configured to export to Cloudwatch Logs. Currently only supports audit and slowquery. list(string) null no
enable_serverless Whether or not to create a Serverless Neptune cluster bool true no
engine_version The database engine version string "1.2.0.1" no
event_subscriptions Map of Neptune event subscriptions with names and SNS topic ARNs

Example:
{
"subscription1" = "arn:aws:sns:us-east-1:123456789012:topic1",
"subscription2" = "arn:aws:sns:us-east-1:123456789012:topic2"
# Add more subscriptions as needed
}
map(string) null no
iam_database_authentication_enabled Specifies whether IAM database authentication is enabled bool true no
iam_roles (Optional) A List of ARNs for the IAM roles to associate to the Neptune Cluster list(string) null no
kms_key_arn (Optional) The ARN for the KMS encryption key. When specifying kms_key_arn, storage_encrypted needs to be set to true. string null no
max_capacity The maximum Neptune Capacity Units (NCUs) for the cluster number 128 no
min_capacity The minimum Neptune Capacity Units (NCUs) for the cluster number 2.5 no
neptune_cluster_endpoints A map of Neptune cluster endpoints to create.
map(object({
endpoint_type = string
static_members = list(string)
excluded_members = list(string)
tags = map(string)
}))
{} no
neptune_cluster_instance_tags Tags for the Neptune cluster instances map(string) {} no
neptune_cluster_parameter_group_tags Tags for the Neptune cluster parameter group map(string) {} no
neptune_cluster_parameters A map of Neptune cluster parameter settings
map(object({
key = string
value = string
}))
{
"parameter1": {
"key": "neptune_enable_audit_log",
"value": "1"
}
}
no
neptune_db_parameters A map of Neptune DB parameter settings
map(object({
key = string
value = string
}))
{
"parameter1": {
"key": "neptune_query_timeout",
"value": "25"
}
}
no
neptune_event_subscription_tags Tags for the Neptune event subscription map(string) {} no
neptune_family The family of the neptune cluster and parameter group. string "neptune1.2" no
neptune_parameter_group_tags Tags for the Neptune parameter group map(string) {} no
neptune_port Network port for the Neptune DB Cluster number 8182 no
neptune_role_description Description for the Neptune IAM role string null no
neptune_role_name Name for the Neptune IAM role string "iam-role-neptune" no
neptune_role_permissions_boundary ARN of the policy that is used to set the permissions boundary for the Neptune IAM role string null no
neptune_security_group_tags Tags for the Neptune security group map(string) {} no
neptune_subnet_cidrs A list of subnet CIDRs where the Neptune cluster is situated list(string)
[
"10.0.0.0/8"
]
no
neptune_subnet_group_tags Tags for the Neptune subnet group map(string) {} no
preferred_backup_window The daily time range during which automated backups are created string "07:00-09:00" no
skip_final_snapshot Determines whether a final Neptune snapshot is created before deletion bool true no
storage_encrypted (Optional) Specifies whether the Neptune cluster is encrypted. The default is false if not specified. bool true no
subnet_ids A list of subnet IDs to associate with the Neptune cluster list(string) null no
tags A map of tags to assign to the Neptune cluster map(string) null no
vpc_id The VPC ID for the Neptune cluster and security group string null no
vpc_security_group_ids (Optional) List of VPC security groups to associate with the Cluster list(string) null no

Outputs

Name Description
neptune_cluster_endpoint_ids IDs of the Neptune cluster endpoints
neptune_cluster_id ID of the Neptune cluster
neptune_cluster_snapshot_arn The Amazon Resource Name (ARN) for the DB Cluster Snapshot
neptune_db_parameter_group_id ID of the Neptune DB parameter group
neptune_event_subscription_ids IDs of the Neptune event subscriptions
neptune_iam_role_arn ARN of the IAM role for Neptune
neptune_instance_id ID of the Neptune cluster instance
neptune_parameter_group_id ID of the Neptune cluster parameter group
neptune_security_group_id ID of the Neptune security group
neptune_subnet_group_id ID of the Neptune subnet group