- 新しい順
- 投票が多い順
- コメントが多い順
Queries to Neptune Database are not logged in CloudTrail, only calls to Neptune's control plane are logged in CloudTrail. You can enable Audit Logs on a Neptune cluster [1] and also configure those logs to get published to CloudWatch Logs [2]. If IAM authentication [3] is enabled for your Neptune Database cluster, then the related access key for the role used will appear in the Neptune audit logs along with the query issued.
You can restrict query access to Neptune using IAM Data Plane actions. If you wanted to restrict access from a notebook instance, you could create an IAM role for the notebook instance that only allows the WriteDataViaQuery action [4].
[1] https://docs.aws.amazon.com/neptune/latest/userguide/auditing.html
[2] https://docs.aws.amazon.com/neptune/latest/userguide/cloudwatch-logs.html
[3] https://docs.aws.amazon.com/neptune/latest/userguide/iam-auth.html
[4] https://docs.aws.amazon.com/neptune/latest/userguide/iam-dp-actions.html#writedataviaquery
関連するコンテンツ
- 質問済み 6年前
- AWS公式更新しました 1年前
- AWS公式更新しました 4年前
hi i am using the below Policy attached to sagemaker but still using jupyter notebook i am able add and delete via query "{ "Version": "2012-10-17", "Statement": [ { "Sid": "VisualEditor0", "Effect": "Allow", "Action": [ "s3:GetObject", "logs:CreateLogStream", "sagemaker:DescribeNotebookInstance", "s3:ListBucket", "logs:CreateLogGroup", "logs:PutLogEvents" ], "Resource": [ "arn:aws:sagemaker:ap-south-1:107253860581:notebook-instance/", "arn:aws:logs:ap-south-1:107253860581:log-group:/aws/sagemaker/", "arn:aws:s3:::aws-neptune-notebook-ap-south-1", "arn:aws:s3:::aws-neptune-notebook-ap-south-1/" ] }, { "Sid": "VisualEditor1", "Effect": "Deny", "Action": [ "neptune-db:CancelLoaderJob", "neptune-db:CancelMLDataProcessingJob", "neptune-db:CancelMLModelTransformJob", "neptune-db:StartLoaderJob", "neptune-db:CancelMLModelTrainingJob", "neptune-db:ResetDatabase", "neptune-db:DeleteDataViaQuery", "neptune-db:DeleteMLEndpoint", "neptune-db:StartMLDataProcessingJob", "neptune-db:CreateMLEndpoint", "neptune-db:CancelQuery", "neptune-db:connect", "neptune-db:StartMLModelTrainingJob", "neptune-db:StartMLModelTransformJob", "neptune-db:ManageStatistics", "neptune-db:WriteDataViaQuery", "neptune-db:DeleteStatistics" ], "Resource": "arn:aws:neptune-db:ap-south-1:107253860581:cluster-KOTFG4ZPCJDD7IG4QPFGI7ADKU/" } ] }"