Services or capabilities described in AWS documentation might vary by Region. To see the differences applicable to the AWS European Sovereign Cloud Region, see the AWS European Sovereign Cloud User Guide.AWS managed policy: NeptuneGraphReadOnlyAccess
The NeptuneGraphReadOnlyAccess
managed policy provides read-only access to all Neptune Analytics resources along with read-only
permissions for dependent services.
This policy includes permissions to do the following:
For Amazon EC2 – Retrieve information about VPCs,
subnets, security groups, and availability zones.
For AWS KMS – Retrieve information about KMS keys and aliases.
For CloudWatch – Retrieve information about CloudWatch metrics.
For CloudWatch Logs – Retrieve information about CloudWatch log streams and events.
This policy was released on 2023-11-29.
- JSON
-
-
{
"Version":"2012-10-17",
"Statement": [
{
"Sid": "AllowReadOnlyPermissionsForNeptuneGraph",
"Effect": "Allow",
"Action": [
"neptune-graph:Get*",
"neptune-graph:List*",
"neptune-graph:Read*"
],
"Resource": "*"
},
{
"Sid": "AllowReadOnlyPermissionsForEC2",
"Effect": "Allow",
"Action": [
"ec2:DescribeVpcEndpoints",
"ec2:DescribeVpcAttribute",
"ec2:DescribeSecurityGroups",
"ec2:DescribeSubnets",
"ec2:DescribeVpcs",
"ec2:DescribeAvailabilityZones"
],
"Resource": "*"
},
{
"Sid": "AllowReadOnlyPermissionsForKMS",
"Effect": "Allow",
"Action": [
"kms:ListKeys",
"kms:ListAliases"
],
"Resource": "*"
},
{
"Sid": "AllowReadOnlyPermissionsForCloudwatch",
"Effect": "Allow",
"Action": [
"cloudwatch:GetMetricData",
"cloudwatch:ListMetrics",
"cloudwatch:GetMetricStatistics"
],
"Resource": "*"
},
{
"Sid": "AllowReadOnlyPermissionsForLogs",
"Effect": "Allow",
"Action": [
"logs:DescribeLogStreams",
"logs:GetLogEvents"
],
"Resource": [
"arn:aws-eusc:logs:*:*:log-group:/aws/neptune/*:log-stream:*"
]
}
]
}