- 최신
- 최다 투표
- 가장 많은 댓글
Queries to Neptune Database are not logged in CloudTrail, only calls to Neptune's control plane are logged in CloudTrail. You can enable Audit Logs on a Neptune cluster [1] and also configure those logs to get published to CloudWatch Logs [2]. If IAM authentication [3] is enabled for your Neptune Database cluster, then the related access key for the role used will appear in the Neptune audit logs along with the query issued.
You can restrict query access to Neptune using IAM Data Plane actions. If you wanted to restrict access from a notebook instance, you could create an IAM role for the notebook instance that only allows the WriteDataViaQuery action [4].
[1] https://docs.aws.amazon.com/neptune/latest/userguide/auditing.html
[2] https://docs.aws.amazon.com/neptune/latest/userguide/cloudwatch-logs.html
[3] https://docs.aws.amazon.com/neptune/latest/userguide/iam-auth.html
[4] https://docs.aws.amazon.com/neptune/latest/userguide/iam-dp-actions.html#writedataviaquery
관련 콘텐츠
AWS 공식업데이트됨 4년 전- AWS 공식업데이트됨 일 년 전
- AWS 공식업데이트됨 4년 전
hi i am using the below Policy attached to sagemaker but still using jupyter notebook i am able add and delete via query "{ "Version": "2012-10-17", "Statement": [ { "Sid": "VisualEditor0", "Effect": "Allow", "Action": [ "s3:GetObject", "logs:CreateLogStream", "sagemaker:DescribeNotebookInstance", "s3:ListBucket", "logs:CreateLogGroup", "logs:PutLogEvents" ], "Resource": [ "arn:aws:sagemaker:ap-south-1:107253860581:notebook-instance/", "arn:aws:logs:ap-south-1:107253860581:log-group:/aws/sagemaker/", "arn:aws:s3:::aws-neptune-notebook-ap-south-1", "arn:aws:s3:::aws-neptune-notebook-ap-south-1/" ] }, { "Sid": "VisualEditor1", "Effect": "Deny", "Action": [ "neptune-db:CancelLoaderJob", "neptune-db:CancelMLDataProcessingJob", "neptune-db:CancelMLModelTransformJob", "neptune-db:StartLoaderJob", "neptune-db:CancelMLModelTrainingJob", "neptune-db:ResetDatabase", "neptune-db:DeleteDataViaQuery", "neptune-db:DeleteMLEndpoint", "neptune-db:StartMLDataProcessingJob", "neptune-db:CreateMLEndpoint", "neptune-db:CancelQuery", "neptune-db:connect", "neptune-db:StartMLModelTrainingJob", "neptune-db:StartMLModelTransformJob", "neptune-db:ManageStatistics", "neptune-db:WriteDataViaQuery", "neptune-db:DeleteStatistics" ], "Resource": "arn:aws:neptune-db:ap-south-1:107253860581:cluster-KOTFG4ZPCJDD7IG4QPFGI7ADKU/" } ] }"