Connect to a Neptune instance

As per this Amazon page, "The most convenient way for most people, however, is to connect to set up an Amazon EC2 proxy server within the VPC and then use SSH tunnelling (also called port fowarding), to connect to it."  And on this page, "For information about connecting to an EC2 instance using SSH, see Connect to Your Linux Instance in the Amazon EC2 User Guide for Linux Instances."


Below are step-by-step instructions in the context of Hackolade.

Create a Neptune cluster

Go to Neptune in AWS console and create database






Create security group and subnet group

Make sure to select "Create new VPC", then open up "Additional connectivity configuration", then "Create new DB Subnet Group", and make a note of the new VPC security group name:




Then, press the Create data base button.


Create an EC2 instance

Go to EC2 -> Network & Security -> Security Groups in AWS console

Select the VPC security group created above:




Edit the inbound rules

Add SSH port with CIDR and to port 8182 add CIDR  Or restrict to the IP addresses of your Hackolade installation.




Go to EC2 instances in AWS console

Create an instance in the same region as your Neptune cluster, e.g. “Ubuntu Server 20.04 LTS”




In the configuration section select the same VPC as for Neptune, choose one of the Subnets and assign public IP:





In the security group section select existing security group (neptune-security-group)



Press “review and launch”, then in the dialog, create and download key pair:




In Hackolade

Fill in the connection settings, from either the forward- or reverse-engineering functions:




Name is friendly name you assign to the connection

Cluster identifier corresponds to the cluster name you assigned to the Neptune cluster:



Region is the the region where both your Neptune cluster and EC2 instance are located

EC2 Public Address is the IP address of the EC2 instance created above

SSH Port is 22

User Name is ubuntu, unless you chose a different type of EC2 instance.  To check, select your instance and click Connect




Private key is the path and file name to the .pem file downloaded during the previous step.


Finally, in the Authentication tab of the Hackolade connection dialog:




You may leave the information blank if you already have an AWSCLI setup.  Otherwise, enter either a session token, or the Access Key ID and Secret Access Key combination.