Terraform AWS Neptune Module

Terraform module that creates AWS Neptune resources.

Features

• Create and manage AWS Neptune clusters and instances with support for Neptune Serverless.
• Configure Neptune cluster parameters dynamically.
• Create and manage Neptune cluster parameter groups.
• Define Neptune subnet groups for cluster deployment.
• Set up Neptune event subscriptions for monitoring.
• Create custom cluster endpoints with various configurations.

Limitations

• No support for Neptune Global Cluster

Usage

Neptune serverless has some limitations. Please see the limitations before jumping into Neptune Serverless.

Neptune serverless requires that the engine_version attribute must be 1.2.0.1 or above. Also, you need to provide a cluster parameter group compatible with the family neptune1.2. In the examples below, the default cluster parameter group is used.

Standard configuration

# main.tf

module "neptune" {
  source  = "dstrates/neptune/aws"
  version = "0.0.1"

  apply_immediately                      = true
  backup_retention_period                = 5
  cluster_identifier                     = "neptune-db-dev-use2"
  create_neptune_cluster                 = true
  create_neptune_cluster_parameter_group = true
  create_neptune_instance                = true
  create_neptune_subnet_group            = true
  enable_serverless                      = true
  engine_version                         = "1.2.0.1" # Neptune Serverless
  iam_database_authentication_enabled    = true
  kms_key_arn                            = data.aws_kms_key.default.arn
  max_capacity                           = 128
  min_capacity                           = 2.5
  preferred_backup_window                = "07:00-09:00"
  skip_final_snapshot                    = true
  subnet_ids                             = data.aws_subnets.db.ids

  neptune_cluster_parameters = {
    parameter1 = {
      key   = "neptune_enable_audit_log"
      value = "1"
    }
  }

  neptune_db_parameters = {
    parameter1 = {
      key   = "neptune_query_timeout"
      value = "25"
    }
  }

  event_subscriptions = {
    "subscription1" = "arn:aws:sns:us-east-1:123456789012:topic1"
    "subscription2" = "arn:aws:sns:us-east-1:123456789012:topic2"
  }

  tags = {
    Name        = "neptune-db-dev-use2"
    Environment = "dev"
  }
}

Advanced endpoint configuration

module "neptune" {
  source  = "dstrates/neptune/aws"
  version = "0.0.1"

  # Standard configuration
  # ...
  # ...

  create_neptune_cluster_endpoint     = true

  neptune_cluster_endpoints           = {
    "endpoint1" = {
      endpoint_type    = "READER"
      static_members   = ["instance-1", "instance-2"]
      excluded_members = []
      tags             = {
        Name = "Endpoint 1"
      }
    },
    "endpoint2" = {
      endpoint_type    = "WRITER"
      static_members   = []
      excluded_members = ["instance-3"]
      tags             = {
        Name = "Endpoint 2"
      }
    }
  }

  # ... (other variables as needed)
}

Examples

• Neptune Cluster Complete

Requirements

Name	Version
terraform	>= 1.0
aws	>= 5.25

Providers

Name	Version
aws	n/a

Modules

No modules.

Resources

Name	Type
aws_iam_role.this	resource
aws_iam_role_policy_attachment.this	resource
aws_neptune_cluster.this	resource
aws_neptune_cluster_endpoint.this	resource
aws_neptune_cluster_instance.this	resource
aws_neptune_cluster_parameter_group.this	resource
aws_neptune_cluster_snapshot.this	resource
aws_neptune_event_subscription.this	resource
aws_neptune_parameter_group.this	resource
aws_neptune_subnet_group.this	resource
aws_security_group.this	resource
aws_caller_identity.current	data source
aws_iam_policy_document.this	data source
aws_region.current	data source

Inputs

Name	Description	Type	Default	Required
allow_major_version_upgrade	(Optional) Specifies whether upgrades between different major versions are allowed. You must set it to true when providing an engine_version parameter that uses a different major version than the DB cluster's current version.	bool	false	no
apply_immediately	Specifies whether cluster modifications are applied immediately	bool	true	no
backup_retention_period	The number of days to retain backups for	number	7	no
cluster_identifier	The cluster identifier	string	n/a	yes
create_neptune_cluster	Whether or not to create a Neptune cluster	bool	true	no
create_neptune_cluster_endpoint	Whether or not to create Neptune cluster endpoints.	bool	false	no
create_neptune_cluster_parameter_group	Whether or not to create a Neptune cluster parameter group	bool	true	no
create_neptune_cluster_snapshot	Whether or not to create a Neptune cluster snapshot	bool	true	no
create_neptune_iam_role	Whether or not to create and attach Neptune IAM role	bool	true	no
create_neptune_instance	Whether or not to create Neptune instances	bool	true	no
create_neptune_parameter_group	Whether or not to create a Neptune DB parameter group	bool	true	no
create_neptune_security_group	Whether or not to create a Neptune security group	bool	true	no
create_neptune_subnet_group	Whether or not to create a Neptune subnet group	bool	true	no
create_timeout	Timeout for creating the Neptune cluster snapshot	string	"20m"	no
db_cluster_identifier	The DB Cluster Identifier from which to take the snapshot	string	n/a	yes
db_cluster_snapshot_identifier	The Identifier for the snapshot	string	n/a	yes
deletion_protection	(Optional) A value that indicates whether the DB cluster has deletion protection enabled	bool	false	no
enable_cloudwatch_logs_exports	(Optional) A list of the log types this DB cluster is configured to export to Cloudwatch Logs. Currently only supports audit and slowquery.	list(string)	null	no
enable_serverless	Whether or not to create a Serverless Neptune cluster	bool	true	no
engine_version	The database engine version	string	"1.2.0.1"	no
event_subscriptions	Map of Neptune event subscriptions with names and SNS topic ARNs Example: { "subscription1" = "arn:aws:sns:us-east-1:123456789012:topic1", "subscription2" = "arn:aws:sns:us-east-1:123456789012:topic2" # Add more subscriptions as needed }	map(string)	null	no
iam_database_authentication_enabled	Specifies whether IAM database authentication is enabled	bool	true	no
iam_roles	(Optional) A List of ARNs for the IAM roles to associate to the Neptune Cluster	list(string)	null	no
kms_key_arn	(Optional) The ARN for the KMS encryption key. When specifying kms_key_arn, storage_encrypted needs to be set to true.	string	null	no
max_capacity	The maximum Neptune Capacity Units (NCUs) for the cluster	number	128	no
min_capacity	The minimum Neptune Capacity Units (NCUs) for the cluster	number	2.5	no
neptune_cluster_endpoints	A map of Neptune cluster endpoints to create.	map(object({ endpoint_type = string static_members = list(string) excluded_members = list(string) tags = map(string) }))	{}	no
neptune_cluster_instance_tags	Tags for the Neptune cluster instances	map(string)	{}	no
neptune_cluster_parameter_group_tags	Tags for the Neptune cluster parameter group	map(string)	{}	no
neptune_cluster_parameters	A map of Neptune cluster parameter settings	map(object({ key = string value = string }))	{ "parameter1": { "key": "neptune_enable_audit_log", "value": "1" } }	no
neptune_db_parameters	A map of Neptune DB parameter settings	map(object({ key = string value = string }))	{ "parameter1": { "key": "neptune_query_timeout", "value": "25" } }	no
neptune_event_subscription_tags	Tags for the Neptune event subscription	map(string)	{}	no
neptune_family	The family of the neptune cluster and parameter group.	string	"neptune1.2"	no
neptune_parameter_group_tags	Tags for the Neptune parameter group	map(string)	{}	no
neptune_port	Network port for the Neptune DB Cluster	number	8182	no
neptune_role_description	Description for the Neptune IAM role	string	null	no
neptune_role_name	Name for the Neptune IAM role	string	"iam-role-neptune"	no
neptune_role_permissions_boundary	ARN of the policy that is used to set the permissions boundary for the Neptune IAM role	string	null	no
neptune_security_group_tags	Tags for the Neptune security group	map(string)	{}	no
neptune_subnet_cidrs	A list of subnet CIDRs where the Neptune cluster is situated	list(string)	[ "10.0.0.0/8" ]	no
neptune_subnet_group_tags	Tags for the Neptune subnet group	map(string)	{}	no
preferred_backup_window	The daily time range during which automated backups are created	string	"07:00-09:00"	no
skip_final_snapshot	Determines whether a final Neptune snapshot is created before deletion	bool	true	no
storage_encrypted	(Optional) Specifies whether the Neptune cluster is encrypted. The default is false if not specified.	bool	true	no
subnet_ids	A list of subnet IDs to associate with the Neptune cluster	list(string)	null	no
tags	A map of tags to assign to the Neptune cluster	map(string)	null	no
vpc_id	The VPC ID for the Neptune cluster and security group	string	null	no
vpc_security_group_ids	(Optional) List of VPC security groups to associate with the Cluster	list(string)	null	no

Outputs

Name	Description
neptune_cluster_endpoint_ids	IDs of the Neptune cluster endpoints
neptune_cluster_id	ID of the Neptune cluster
neptune_cluster_snapshot_arn	The Amazon Resource Name (ARN) for the DB Cluster Snapshot
neptune_db_parameter_group_id	ID of the Neptune DB parameter group
neptune_event_subscription_ids	IDs of the Neptune event subscriptions
neptune_iam_role_arn	ARN of the IAM role for Neptune
neptune_instance_id	ID of the Neptune cluster instance
neptune_parameter_group_id	ID of the Neptune cluster parameter group
neptune_security_group_id	ID of the Neptune security group
neptune_subnet_group_id	ID of the Neptune subnet group