Description: Base Template to create Neptune Stack inside a VPC Parameters: Env: Description: 'Environment tag, e.g. prod, nonprod.' Default: test Type: String AllowedPattern: '[a-z0-9]+' MaxLength: 15 DbInstanceType: Description: Neptune DB instance type Type: String Default: db.r4.xlarge AllowedValues: - db.r4.large - db.r4.xlarge - db.r4.2xlarge - db.r4.4xlarge - db.r4.8xlarge ConstraintDescription: Must be a valid Neptune instance type. DBReplicaIdentifierSuffix: Description: >- OPTIONAL: The ID for the Neptune Replica to use. Empty means no read replica. Type: String Default: '' DBClusterPort: Type: String Default: '8182' Description: Enter the port of your Neptune cluster NeptuneQueryTimeout: Type: Number Default: 20000 Description: Neptune Query Time out (in milliseconds) NeptuneEnableAuditLog: Type: Number Default: 0 AllowedValues: - 0 - 1 Description: Enable Audit Log. 0 means disable and 1 means enable. IamAuthEnabled: Type: String Default: 'false' AllowedValues: - 'true' - 'false' Description: Enable IAM Auth for Neptune. DBSnapshot: Type: String Conditions: CreateDBReplicaInstance: !Not - !Equals - !Ref DBReplicaIdentifierSuffix - '' Resources: NeptuneDBSubnetGroup: Type: 'AWS::Neptune::DBSubnetGroup' Properties: DBSubnetGroupDescription: Neptune DB subnet group SubnetIds: - !Ref Subnet1 - !Ref Subnet2 - !Ref Subnet3 Tags: - Key: Name Value: !Sub 'Neptune-${Env}' - Key: StackId Value: !Sub '${AWS::StackId}' - Key: Stack Value: !Sub '${AWS::Region}-${AWS::StackName}' - Key: Application Value: NeptuneCloudformation DependsOn: - Subnet1 - Subnet2 - Subnet3 VPCS3Endpoint: Type: 'AWS::EC2::VPCEndpoint' DependsOn: - VPC Properties: RouteTableIds: - !Ref PublicRouteTable ServiceName: !Join - '' - - com.amazonaws. - !Ref 'AWS::Region' - .s3 VpcId: !Ref VPC PolicyDocument: Version: 2012-10-17 Statement: - Effect: Allow Principal: '*' Action: - 's3:*' Resource: - '*' NeptuneSG: Type: 'AWS::EC2::SecurityGroup' DependsOn: - VPC Properties: VpcId: !Ref VPC GroupDescription: Allow Access SecurityGroupIngress: - FromPort: '22' ToPort: '22' IpProtocol: tcp CidrIp: 0.0.0.0/0 Description: ssh from anywhere - FromPort: !Ref DBClusterPort ToPort: !Ref DBClusterPort IpProtocol: tcp CidrIp: 0.0.0.0/0 Description: http access Tags: - Key: Name Value: !Sub 'Neptune-${Env}' - Key: StackId Value: !Sub '${AWS::StackId}' - Key: Stack Value: !Sub '${AWS::Region}-${AWS::StackName}' - Key: Application Value: NeptuneCloudformation NeptuneEC2InstanceProfile: Type: 'AWS::IAM::InstanceProfile' Properties: Path: / Roles: - !Ref NeptuneEC2ClientRole DependsOn: - NeptuneEC2ClientRole NeptuneEC2ClientRole: Type: 'AWS::IAM::Role' Properties: AssumeRolePolicyDocument: Version: 2012-10-17 Statement: - Effect: Allow Principal: Service: - ec2.amazonaws.com Action: - 'sts:AssumeRole' Path: / NeptuneIamAuthUser: Type: 'AWS::IAM::User' Properties: Path: / NeptuneAccessPolicy: Type: 'AWS::IAM::Policy' Properties: PolicyName: NeptuneAccessPolicy PolicyDocument: Statement: - Effect: Allow Action: - 'rds:*' - 'iam:GetAccountSummary' - 'iam:ListAccountAliases' - 'iam:PassRole' Resource: '*' Roles: - !Ref NeptuneEC2ClientRole NeptuneIAMAuthPolicy: Type: 'AWS::IAM::Policy' Properties: PolicyName: NeptuneIAMAuthPolicy PolicyDocument: Statement: - Effect: Allow Action: - 'neptune-db:*' Resource: !Join - '' - - 'arn:aws:neptune-db:' - !Ref 'AWS::Region' - ':' - !Ref 'AWS::AccountId' - ':' - !GetAtt - NeptuneDBCluster - ClusterResourceId - /* Roles: - !Ref NeptuneEC2ClientRole Users: - !Ref NeptuneIamAuthUser NeptuneLoadFromS3Role: Type: 'AWS::IAM::Role' Properties: AssumeRolePolicyDocument: Version: 2012-10-17 Statement: - Effect: Allow Principal: Service: - rds.amazonaws.com Action: - 'sts:AssumeRole' Path: / NeptuneLoadFromS3Policy: Type: 'AWS::IAM::Policy' Properties: PolicyName: NeptuneLoadFromS3Policy PolicyDocument: Statement: - Effect: Allow Action: - 's3:Get*' - 's3:List*' Resource: '*' Roles: - !Ref NeptuneLoadFromS3Role NeptuneDBClusterParameterGroup: Type: 'AWS::Neptune::DBClusterParameterGroup' Properties: Family: neptune1 Description: test-cfn-neptune-db-cluster-parameter-group-description Parameters: neptune_enable_audit_log: !Ref NeptuneEnableAuditLog Tags: - Key: Name Value: !Sub 'Neptune-${Env}' - Key: StackId Value: !Sub '${AWS::StackName}' - Key: Stack Value: !Sub '${AWS::Region}-${AWS::StackId}' - Key: Application Value: NeptuneCloudformation NeptuneDBParameterGroup: Type: 'AWS::Neptune::DBParameterGroup' Properties: Family: neptune1 Description: test-cfn-neptune-db-parameter-group-description Parameters: neptune_query_timeout: !Ref NeptuneQueryTimeout Tags: - Key: Name Value: !Sub 'Neptune-${Env}' - Key: StackId Value: !Sub '${AWS::StackId}' - Key: Stack Value: !Sub '${AWS::Region}-${AWS::StackName}' - Key: Application Value: NeptuneCloudformation NeptuneDBCluster: Type: 'AWS::Neptune::DBCluster' Properties: DBSubnetGroupName: !Ref NeptuneDBSubnetGroup VpcSecurityGroupIds: - !GetAtt - VPC - DefaultSecurityGroup - !Ref NeptuneSG DBClusterParameterGroupName: !Ref NeptuneDBClusterParameterGroup Port: !Ref DBClusterPort IamAuthEnabled: !Ref IamAuthEnabled SnapshotIdentifier: !Ref DBSnapshot Tags: - Key: Name Value: !Sub 'Neptune-${Env}' - Key: StackId Value: !Sub '${AWS::StackId}' - Key: Stack Value: !Sub '${AWS::Region}-${AWS::StackName}' - Key: Application Value: NeptuneCloudformation DependsOn: - NeptuneDBSubnetGroup - NeptuneDBClusterParameterGroup NeptuneDBInstance: Type: 'AWS::Neptune::DBInstance' Properties: DBClusterIdentifier: !Ref NeptuneDBCluster DBInstanceClass: !Ref DbInstanceType DBParameterGroupName: !Ref NeptuneDBParameterGroup Tags: - Key: Name Value: !Sub 'Neptune-${Env}' - Key: StackId Value: !Sub '${AWS::StackId}' - Key: Stack Value: !Sub '${AWS::Region}-${AWS::StackName}' - Key: Application Value: NeptuneCloudformation DependsOn: - NeptuneDBCluster - NeptuneDBParameterGroup NeptuneDBReplicaInstance: Type: 'AWS::Neptune::DBInstance' Condition: CreateDBReplicaInstance Properties: DBInstanceIdentifier: !Join - '' - - !Ref DBReplicaIdentifierSuffix - '-' - !Sub '${AWS::StackName}' DBClusterIdentifier: !Ref NeptuneDBCluster DBInstanceClass: !Ref DbInstanceType Tags: - Key: Name Value: !Sub 'Neptune-${Env}' - Key: StackId Value: !Sub '${AWS::StackId}' - Key: Stack Value: !Sub '${AWS::Region}-${AWS::StackName}' - Key: Application Value: NeptuneCloudformation DependsOn: - NeptuneDBCluster - NeptuneDBInstance VPC: Type: 'AWS::EC2::VPC' Properties: CidrBlock: 172.30.0.0/16 EnableDnsSupport: 'true' EnableDnsHostnames: 'true' Tags: - Key: Name Value: !Sub 'Neptune-${Env}' - Key: StackId Value: !Sub '${AWS::StackId}' - Key: Stack Value: !Sub '${AWS::Region}-${AWS::StackName}' - Key: Application Value: NeptuneCloudformation PublicRouteTable: Type: 'AWS::EC2::RouteTable' Properties: VpcId: !Ref VPC DependsOn: - VPC IGW: Type: 'AWS::EC2::InternetGateway' Properties: Tags: - Key: Name Value: !Sub 'Neptune-${Env}' - Key: StackId Value: !Sub '${AWS::StackId}' - Key: Stack Value: !Sub '${AWS::Region}-${AWS::StackName}' - Key: Application Value: NeptuneCloudformation IGWAtt: Type: 'AWS::EC2::VPCGatewayAttachment' Properties: InternetGatewayId: !Ref IGW VpcId: !Ref VPC DependsOn: - VPC - IGW PublicRoute: Type: 'AWS::EC2::Route' Properties: DestinationCidrBlock: 0.0.0.0/0 GatewayId: !Ref IGW RouteTableId: !Ref PublicRouteTable DependsOn: - IGWAtt Subnet1: Type: 'AWS::EC2::Subnet' Properties: CidrBlock: 172.30.1.0/24 MapPublicIpOnLaunch: 'true' VpcId: !Ref VPC AvailabilityZone: !Select - 0 - !GetAZs '' DependsOn: - VPC Subnet2: Type: 'AWS::EC2::Subnet' Properties: CidrBlock: 172.30.2.0/24 VpcId: !Ref VPC AvailabilityZone: !Select - 1 - !GetAZs '' DependsOn: - VPC Subnet3: Type: 'AWS::EC2::Subnet' Properties: CidrBlock: 172.30.3.0/24 VpcId: !Ref VPC AvailabilityZone: !Select - 2 - !GetAZs '' DependsOn: - VPC SubnetRTAssociation1: Type: 'AWS::EC2::SubnetRouteTableAssociation' DependsOn: - Subnet1 - PublicRouteTable Properties: RouteTableId: !Ref PublicRouteTable SubnetId: !Ref Subnet1 SubnetRTAssociation2: Type: 'AWS::EC2::SubnetRouteTableAssociation' DependsOn: - Subnet2 - PublicRouteTable Properties: RouteTableId: !Ref PublicRouteTable SubnetId: !Ref Subnet2 SubnetRTAssociation3: Type: 'AWS::EC2::SubnetRouteTableAssociation' DependsOn: - Subnet3 - PublicRouteTable Properties: RouteTableId: !Ref PublicRouteTable SubnetId: !Ref Subnet3 Outputs: DBClusterId: Description: Neptune Cluster Identifier Value: !Ref NeptuneDBCluster DBSubnetGroupId: Description: Neptune DBSubnetGroup Identifier Value: !Ref NeptuneDBSubnetGroup DBClusterResourceId: Description: Neptune Cluster Resource Identifier Value: !GetAtt - NeptuneDBCluster - ClusterResourceId DBClusterEndpoint: Description: Master Endpoint for Neptune Cluster Value: !GetAtt - NeptuneDBCluster - Endpoint DBInstanceEndpoint: Description: Master Instance Endpoint Value: !GetAtt - NeptuneDBInstance - Endpoint DBReplicaInstanceEndpoint: Description: ReadReplica Instance Endpoint Condition: CreateDBReplicaInstance Value: !GetAtt - NeptuneDBReplicaInstance - Endpoint SparqlEndpoint: Description: Sparql Endpoint for Neptune Value: !Join - '' - - 'https://' - !GetAtt - NeptuneDBCluster - Endpoint - ':' - !GetAtt - NeptuneDBCluster - Port - /sparql GremlinEndpoint: Description: Gremlin Endpoint for Neptune Value: !Join - '' - - 'https://' - !GetAtt - NeptuneDBCluster - Endpoint - ':' - !GetAtt - NeptuneDBCluster - Port - /gremlin LoaderEndpoint: Description: Loader Endpoint for Neptune Value: !Join - '' - - 'https://' - !GetAtt - NeptuneDBCluster - Endpoint - ':' - !GetAtt - NeptuneDBCluster - Port - /loader DBClusterReadEndpoint: Description: DB cluster Read Endpoint Value: !GetAtt - NeptuneDBCluster - ReadEndpoint DBClusterPort: Description: Port for the Neptune Cluster Value: !GetAtt - NeptuneDBCluster - Port NeptuneLoadFromS3IAMRoleArn: Description: IAM Role for loading data in Neptune Value: !GetAtt - NeptuneLoadFromS3Role - Arn NeptuneIamAuthUser: Description: IAM User for accessing Neptune via IAM Auth Value: !Ref NeptuneIamAuthUser PublicSubnet1: Description: Subnet Id Value: !Ref Subnet1 PublicSubnet2: Description: Subnet Id Value: !Ref Subnet2 PublicSubnet3: Description: Subnet Id Value: !Ref Subnet3 NeptuneEC2InstanceProfile: Description: Neptune EC2 Instance Profile Value: !Ref NeptuneEC2InstanceProfile VPC: Description: VPC Value: !Ref VPC NeptuneSG: Description: Neptune Security Group Value: !Ref NeptuneSG InternetGateway: Description: 'Neptune InternetGateway ' Value: !Ref IGW