in src/lib/stack.ts [168:236]
private _createGraphDB_Neptune(vpc: IVpc, bucket: IBucket, dataPrefix: string, instanceType: string, replicaCount: number): {
cluster: IDatabaseCluster;
loadObjectPrefix: string;
loadRole: string;
} {
const clusterPort = 8182;
const clusterParams = new ClusterParameterGroup(this, 'ClusterParams', {
description: 'Cluster parameter group',
parameters: {
neptune_enable_audit_log: '1',
neptune_streams: '1',
},
});
const dbParams = new ParameterGroup(this, 'DBParamGroup', {
description: 'Neptune DB Param Group',
parameters: {
neptune_query_timeout: '600000',
},
});
const neptuneRole = new Role(this, 'NeptuneBulkLoadRole', {
assumedBy: new ServicePrincipal('rds.amazonaws.com'),
});
const neptuneLoadObjectPrefix = `${dataPrefix}neptune/bulk-load`;
bucket.grantRead(neptuneRole, `${neptuneLoadObjectPrefix}/*`);
const graphDBSG = new SecurityGroup(this, 'NeptuneSG', {
vpc,
allowAllOutbound: true,
});
(graphDBSG.node.defaultChild as CfnResource).addMetadata('cfn_nag', {
rules_to_suppress: [
{
id: 'W40',
reason: 'Neptune bulk load need internet access to query S3 endpoint',
},
{
id: 'W5',
reason: 'Neptune bulk load need internet access to query S3 endpoint',
},
],
});
const graphDBCluster = new DatabaseCluster(this, 'TransactionGraphCluster', {
vpc,
instanceType: InstanceType.of(instanceType),
clusterParameterGroup: clusterParams,
parameterGroup: dbParams,
associatedRoles: [neptuneRole],
iamAuthentication: true,
storageEncrypted: true,
port: clusterPort,
vpcSubnets: {
subnetType: SubnetType.PRIVATE,
},
instances: 1 + replicaCount,
removalPolicy: RemovalPolicy.DESTROY,
backupRetention: Duration.days(7),
securityGroups: [graphDBSG],
});
graphDBCluster.node.findAll().filter(c => (c as CfnDBInstance).cfnOptions)
.forEach(c => (c as CfnDBInstance).autoMinorVersionUpgrade = true);
return {
cluster: graphDBCluster,
loadObjectPrefix: neptuneLoadObjectPrefix,
loadRole: neptuneRole.roleArn,
};
}