By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

Someone executed some query on AWS neptune db using sagemaker notebook

0

Someone executed some query on AWS neptune db using sagemaker notebook, now i want find out who executed that what is the cloudtrail event name and if i want some one to restrict only update query to neptune via sagemaker notebook how to do this

Topics
DatabaseMachine Learning & AI
Tags
Amazon NeptuneAmazon SageMaker
Language
English
rePost-User-6676408
asked a month ago135 views
1 Answer
1

Queries to Neptune Database are not logged in CloudTrail, only calls to Neptune's control plane are logged in CloudTrail. You can enable Audit Logs on a Neptune cluster [1] and also configure those logs to get published to CloudWatch Logs [2]. If IAM authentication [3] is enabled for your Neptune Database cluster, then the related access key for the role used will appear in the Neptune audit logs along with the query issued.

You can restrict query access to Neptune using IAM Data Plane actions. If you wanted to restrict access from a notebook instance, you could create an IAM role for the notebook instance that only allows the WriteDataViaQuery action [4].

[1] https://docs.aws.amazon.com/neptune/latest/userguide/auditing.html

[2] https://docs.aws.amazon.com/neptune/latest/userguide/cloudwatch-logs.html

[3] https://docs.aws.amazon.com/neptune/latest/userguide/iam-auth.html

[4] https://docs.aws.amazon.com/neptune/latest/userguide/iam-dp-actions.html#writedataviaquery

profile pictureAWS
Taylor-AWS
answered a month ago
  • rePost-User-6676408
    10 days ago

    hi i am using the below Policy attached to sagemaker but still using jupyter notebook i am able add and delete via query "{ "Version": "2012-10-17", "Statement": [ { "Sid": "VisualEditor0", "Effect": "Allow", "Action": [ "s3:GetObject", "logs:CreateLogStream", "sagemaker:DescribeNotebookInstance", "s3:ListBucket", "logs:CreateLogGroup", "logs:PutLogEvents" ], "Resource": [ "arn:aws:sagemaker:ap-south-1:107253860581:notebook-instance/", "arn:aws:logs:ap-south-1:107253860581:log-group:/aws/sagemaker/", "arn:aws:s3:::aws-neptune-notebook-ap-south-1", "arn:aws:s3:::aws-neptune-notebook-ap-south-1/" ] }, { "Sid": "VisualEditor1", "Effect": "Deny", "Action": [ "neptune-db:CancelLoaderJob", "neptune-db:CancelMLDataProcessingJob", "neptune-db:CancelMLModelTransformJob", "neptune-db:StartLoaderJob", "neptune-db:CancelMLModelTrainingJob", "neptune-db:ResetDatabase", "neptune-db:DeleteDataViaQuery", "neptune-db:DeleteMLEndpoint", "neptune-db:StartMLDataProcessingJob", "neptune-db:CreateMLEndpoint", "neptune-db:CancelQuery", "neptune-db:connect", "neptune-db:StartMLModelTrainingJob", "neptune-db:StartMLModelTransformJob", "neptune-db:ManageStatistics", "neptune-db:WriteDataViaQuery", "neptune-db:DeleteStatistics" ], "Resource": "arn:aws:neptune-db:ap-south-1:107253860581:cluster-KOTFG4ZPCJDD7IG4QPFGI7ADKU/" } ] }"

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content