0

I was starting a neptune database from this base stack https://s3.amazonaws.com/aws-neptune-customer-samples/v2/cloudformation-templates/neptune-base-stack.json

However now i am wondering why a NAT Gateway and also an Internet Gateway are started in this stack? are they required for updates within Neptune? This seems like a huge security risk.

On top of that these gateways are not cheap.

I would be happy for an explanation on this

Julian Dm
  • 363
  • 2
  • 17

1 Answers1

1

The answer is no, it's not required, AWS just sneaked some unecessary costly ressources into the template.. Anyways if you want to use the updated template without NAT and IG GWs use this one that i just created https://neptune-stack-custom.s3.eu-central-1.amazonaws.com/base.json

Julian Dm
  • 363
  • 2
  • 17
  • 1
    The IG is free, only the NAT gateway has a cost. The reason it works without them is the S3 endpoint also included in the template. – jordanm Jun 06 '21 at 18:08
  • 1
    The primary purpose of the NAT Gateway is to support SPARQL 1.1. Federated Query against public SPARQL endpoints (as noted in the following blog post: https://aws.amazon.com/blogs/database/benefitting-from-sparql-1-1-federated-queries-with-amazon-neptune/). – Taylor Riggan Jun 07 '21 at 11:23
  • Thank you guys, that clears it up! I removed the IGW and NATGW since i access neptune via a lambda and vpc connector. – Julian Dm Jun 07 '21 at 12:23