Al usar AWS re:Post, aceptas las AWS re:Post Términos de uso
AWS re:Postre:Post

Someone executed some query on AWS neptune db using sagemaker notebook

0

Someone executed some query on AWS neptune db using sagemaker notebook, now i want find out who executed that what is the cloudtrail event name and if i want some one to restrict only update query to neptune via sagemaker notebook how to do this

Temas
Base de datosAprendizaje automático e IA
Etiquetas
Amazon NeptuneAmazon SageMaker
Idioma
English
rePost-User-6676408
preguntada hace 2 meses148 visualizaciones
1 Respuesta
1

Queries to Neptune Database are not logged in CloudTrail, only calls to Neptune's control plane are logged in CloudTrail. You can enable Audit Logs on a Neptune cluster [1] and also configure those logs to get published to CloudWatch Logs [2]. If IAM authentication [3] is enabled for your Neptune Database cluster, then the related access key for the role used will appear in the Neptune audit logs along with the query issued.

You can restrict query access to Neptune using IAM Data Plane actions. If you wanted to restrict access from a notebook instance, you could create an IAM role for the notebook instance that only allows the WriteDataViaQuery action [4].

[1] https://docs.aws.amazon.com/neptune/latest/userguide/auditing.html

[2] https://docs.aws.amazon.com/neptune/latest/userguide/cloudwatch-logs.html

[3] https://docs.aws.amazon.com/neptune/latest/userguide/iam-auth.html

[4] https://docs.aws.amazon.com/neptune/latest/userguide/iam-dp-actions.html#writedataviaquery

profile pictureAWS
Taylor-AWS
respondido hace 2 meses
  • rePost-User-6676408
    hace 23 días

    hi i am using the below Policy attached to sagemaker but still using jupyter notebook i am able add and delete via query "{ "Version": "2012-10-17", "Statement": [ { "Sid": "VisualEditor0", "Effect": "Allow", "Action": [ "s3:GetObject", "logs:CreateLogStream", "sagemaker:DescribeNotebookInstance", "s3:ListBucket", "logs:CreateLogGroup", "logs:PutLogEvents" ], "Resource": [ "arn:aws:sagemaker:ap-south-1:107253860581:notebook-instance/", "arn:aws:logs:ap-south-1:107253860581:log-group:/aws/sagemaker/", "arn:aws:s3:::aws-neptune-notebook-ap-south-1", "arn:aws:s3:::aws-neptune-notebook-ap-south-1/" ] }, { "Sid": "VisualEditor1", "Effect": "Deny", "Action": [ "neptune-db:CancelLoaderJob", "neptune-db:CancelMLDataProcessingJob", "neptune-db:CancelMLModelTransformJob", "neptune-db:StartLoaderJob", "neptune-db:CancelMLModelTrainingJob", "neptune-db:ResetDatabase", "neptune-db:DeleteDataViaQuery", "neptune-db:DeleteMLEndpoint", "neptune-db:StartMLDataProcessingJob", "neptune-db:CreateMLEndpoint", "neptune-db:CancelQuery", "neptune-db:connect", "neptune-db:StartMLModelTrainingJob", "neptune-db:StartMLModelTransformJob", "neptune-db:ManageStatistics", "neptune-db:WriteDataViaQuery", "neptune-db:DeleteStatistics" ], "Resource": "arn:aws:neptune-db:ap-south-1:107253860581:cluster-KOTFG4ZPCJDD7IG4QPFGI7ADKU/" } ] }"

No has iniciado sesión. Iniciar sesión para publicar una respuesta.

Una buena respuesta responde claramente a la pregunta, proporciona comentarios constructivos y fomenta el crecimiento profesional en la persona que hace la pregunta.

Pautas para responder preguntas

Contenido relevante