Terraform module that creates AWS Neptune resources.
- Create and manage AWS Neptune clusters and instances with support for Neptune Serverless.
- Configure Neptune cluster parameters dynamically.
- Create and manage Neptune cluster parameter groups.
- Define Neptune subnet groups for cluster deployment.
- Set up Neptune event subscriptions for monitoring.
- Create custom cluster endpoints with various configurations.
- No support for Neptune Global Cluster
Neptune serverless has some limitations. Please see the limitations before jumping into Neptune Serverless.
Neptune serverless requires that the engine_version attribute must be 1.2.0.1 or above. Also, you need to provide a cluster parameter group compatible with the family neptune1.2. In the examples below, the default cluster parameter group is used.
# main.tf
module "neptune" {
source = "dstrates/neptune/aws"
version = "0.0.1"
apply_immediately = true
backup_retention_period = 5
cluster_identifier = "neptune-db-dev-use2"
create_neptune_cluster = true
create_neptune_cluster_parameter_group = true
create_neptune_instance = true
create_neptune_subnet_group = true
enable_serverless = true
engine_version = "1.2.0.1" # Neptune Serverless
iam_database_authentication_enabled = true
kms_key_arn = data.aws_kms_key.default.arn
max_capacity = 128
min_capacity = 2.5
preferred_backup_window = "07:00-09:00"
skip_final_snapshot = true
subnet_ids = data.aws_subnets.db.ids
neptune_cluster_parameters = {
parameter1 = {
key = "neptune_enable_audit_log"
value = "1"
}
}
neptune_db_parameters = {
parameter1 = {
key = "neptune_query_timeout"
value = "25"
}
}
event_subscriptions = {
"subscription1" = "arn:aws:sns:us-east-1:123456789012:topic1"
"subscription2" = "arn:aws:sns:us-east-1:123456789012:topic2"
}
tags = {
Name = "neptune-db-dev-use2"
Environment = "dev"
}
}module "neptune" {
source = "dstrates/neptune/aws"
version = "0.0.1"
# Standard configuration
# ...
# ...
create_neptune_cluster_endpoint = true
neptune_cluster_endpoints = {
"endpoint1" = {
endpoint_type = "READER"
static_members = ["instance-1", "instance-2"]
excluded_members = []
tags = {
Name = "Endpoint 1"
}
},
"endpoint2" = {
endpoint_type = "WRITER"
static_members = []
excluded_members = ["instance-3"]
tags = {
Name = "Endpoint 2"
}
}
}
# ... (other variables as needed)
}| Name | Version |
|---|---|
| terraform | >= 1.0 |
| aws | >= 5.25 |
| Name | Version |
|---|---|
| aws | n/a |
No modules.
| Name | Type |
|---|---|
| aws_iam_role.this | resource |
| aws_iam_role_policy_attachment.this | resource |
| aws_neptune_cluster.this | resource |
| aws_neptune_cluster_endpoint.this | resource |
| aws_neptune_cluster_instance.this | resource |
| aws_neptune_cluster_parameter_group.this | resource |
| aws_neptune_cluster_snapshot.this | resource |
| aws_neptune_event_subscription.this | resource |
| aws_neptune_parameter_group.this | resource |
| aws_neptune_subnet_group.this | resource |
| aws_security_group.this | resource |
| aws_caller_identity.current | data source |
| aws_iam_policy_document.this | data source |
| aws_region.current | data source |
| Name | Description | Type | Default | Required |
|---|---|---|---|---|
| allow_major_version_upgrade | (Optional) Specifies whether upgrades between different major versions are allowed. You must set it to true when providing an engine_version parameter that uses a different major version than the DB cluster's current version. | bool |
false |
no |
| apply_immediately | Specifies whether cluster modifications are applied immediately | bool |
true |
no |
| backup_retention_period | The number of days to retain backups for | number |
7 |
no |
| cluster_identifier | The cluster identifier | string |
n/a | yes |
| create_neptune_cluster | Whether or not to create a Neptune cluster | bool |
true |
no |
| create_neptune_cluster_endpoint | Whether or not to create Neptune cluster endpoints. | bool |
false |
no |
| create_neptune_cluster_parameter_group | Whether or not to create a Neptune cluster parameter group | bool |
true |
no |
| create_neptune_cluster_snapshot | Whether or not to create a Neptune cluster snapshot | bool |
true |
no |
| create_neptune_iam_role | Whether or not to create and attach Neptune IAM role | bool |
true |
no |
| create_neptune_instance | Whether or not to create Neptune instances | bool |
true |
no |
| create_neptune_parameter_group | Whether or not to create a Neptune DB parameter group | bool |
true |
no |
| create_neptune_security_group | Whether or not to create a Neptune security group | bool |
true |
no |
| create_neptune_subnet_group | Whether or not to create a Neptune subnet group | bool |
true |
no |
| create_timeout | Timeout for creating the Neptune cluster snapshot | string |
"20m" |
no |
| db_cluster_identifier | The DB Cluster Identifier from which to take the snapshot | string |
n/a | yes |
| db_cluster_snapshot_identifier | The Identifier for the snapshot | string |
n/a | yes |
| deletion_protection | (Optional) A value that indicates whether the DB cluster has deletion protection enabled | bool |
false |
no |
| enable_cloudwatch_logs_exports | (Optional) A list of the log types this DB cluster is configured to export to Cloudwatch Logs. Currently only supports audit and slowquery. |
list(string) |
null |
no |
| enable_serverless | Whether or not to create a Serverless Neptune cluster | bool |
true |
no |
| engine_version | The database engine version | string |
"1.2.0.1" |
no |
| event_subscriptions | Map of Neptune event subscriptions with names and SNS topic ARNs Example: { "subscription1" = "arn:aws:sns:us-east-1:123456789012:topic1", "subscription2" = "arn:aws:sns:us-east-1:123456789012:topic2" # Add more subscriptions as needed } |
map(string) |
null |
no |
| iam_database_authentication_enabled | Specifies whether IAM database authentication is enabled | bool |
true |
no |
| iam_roles | (Optional) A List of ARNs for the IAM roles to associate to the Neptune Cluster | list(string) |
null |
no |
| kms_key_arn | (Optional) The ARN for the KMS encryption key. When specifying kms_key_arn, storage_encrypted needs to be set to true. | string |
null |
no |
| max_capacity | The maximum Neptune Capacity Units (NCUs) for the cluster | number |
128 |
no |
| min_capacity | The minimum Neptune Capacity Units (NCUs) for the cluster | number |
2.5 |
no |
| neptune_cluster_endpoints | A map of Neptune cluster endpoints to create. | map(object({ |
{} |
no |
| neptune_cluster_instance_tags | Tags for the Neptune cluster instances | map(string) |
{} |
no |
| neptune_cluster_parameter_group_tags | Tags for the Neptune cluster parameter group | map(string) |
{} |
no |
| neptune_cluster_parameters | A map of Neptune cluster parameter settings | map(object({ |
{ |
no |
| neptune_db_parameters | A map of Neptune DB parameter settings | map(object({ |
{ |
no |
| neptune_event_subscription_tags | Tags for the Neptune event subscription | map(string) |
{} |
no |
| neptune_family | The family of the neptune cluster and parameter group. | string |
"neptune1.2" |
no |
| neptune_parameter_group_tags | Tags for the Neptune parameter group | map(string) |
{} |
no |
| neptune_port | Network port for the Neptune DB Cluster | number |
8182 |
no |
| neptune_role_description | Description for the Neptune IAM role | string |
null |
no |
| neptune_role_name | Name for the Neptune IAM role | string |
"iam-role-neptune" |
no |
| neptune_role_permissions_boundary | ARN of the policy that is used to set the permissions boundary for the Neptune IAM role | string |
null |
no |
| neptune_security_group_tags | Tags for the Neptune security group | map(string) |
{} |
no |
| neptune_subnet_cidrs | A list of subnet CIDRs where the Neptune cluster is situated | list(string) |
[ |
no |
| neptune_subnet_group_tags | Tags for the Neptune subnet group | map(string) |
{} |
no |
| preferred_backup_window | The daily time range during which automated backups are created | string |
"07:00-09:00" |
no |
| skip_final_snapshot | Determines whether a final Neptune snapshot is created before deletion | bool |
true |
no |
| storage_encrypted | (Optional) Specifies whether the Neptune cluster is encrypted. The default is false if not specified. | bool |
true |
no |
| subnet_ids | A list of subnet IDs to associate with the Neptune cluster | list(string) |
null |
no |
| tags | A map of tags to assign to the Neptune cluster | map(string) |
null |
no |
| vpc_id | The VPC ID for the Neptune cluster and security group | string |
null |
no |
| vpc_security_group_ids | (Optional) List of VPC security groups to associate with the Cluster | list(string) |
null |
no |
| Name | Description |
|---|---|
| neptune_cluster_endpoint_ids | IDs of the Neptune cluster endpoints |
| neptune_cluster_id | ID of the Neptune cluster |
| neptune_cluster_snapshot_arn | The Amazon Resource Name (ARN) for the DB Cluster Snapshot |
| neptune_db_parameter_group_id | ID of the Neptune DB parameter group |
| neptune_event_subscription_ids | IDs of the Neptune event subscriptions |
| neptune_iam_role_arn | ARN of the IAM role for Neptune |
| neptune_instance_id | ID of the Neptune cluster instance |
| neptune_parameter_group_id | ID of the Neptune cluster parameter group |
| neptune_security_group_id | ID of the Neptune security group |
| neptune_subnet_group_id | ID of the Neptune subnet group |