Skip to content

Neptune Graph API Token

Service Name: Amazon Neptune

Service Description: Amazon Neptune is a fast, reliable, fully managed graph database service that makes it easy to build and run applications that work with highly connected datasets. Neptune supports popular graph models Property Graph and W3C's RDF, and their respective query languages Apache TinkerPop Gremlin and SPARQL.

Service Address: https://aws.amazon.com/neptune/

Validation Type: API Auth

IP Allow list: IP Restriction is available per service using Security Groups or VPCs.

Secret Access Scope: Grants programmatic access to Neptune graph database instances and allows querying and manipulating graph data.

Secret Revokement URL: https://docs.aws.amazon.com/neptune/latest/userguide/security-iam.html

Secret Example: eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiJuZXB0dW5lLWFwaS11c2VyIiwiaWF0IjoxNTE2MjM5MDIyfQ.SflKxwRJSMeKKF2QT4fwpMeJf36POk6yJV_adQssw5c

Suspicious Activity Investigation Instructions:

  • Review CloudTrail logs for unusual API calls to Neptune instances
  • Check for unexpected query patterns or data access in Neptune logs
  • Monitor for unusual traffic volumes or connection attempts to Neptune endpoints
  • Look for unauthorized schema changes or data modifications
  • Verify if there are any unexpected IAM policy changes related to Neptune access

Mitigation Instructions:

  • Rotate the Neptune API token immediately
  • Update IAM policies to restrict access to Neptune resources
  • Implement more restrictive Security Groups for Neptune instances
  • Enable enhanced monitoring and logging for Neptune databases
  • Review and update authentication mechanisms for Neptune access
  • Consider implementing AWS IAM authentication instead of token-based authentication
  • Verify and update network access controls to limit connectivity to Neptune endpoints