Centralizing data protection and compliance for Amazon Neptune with AWS Backup
Amazon Neptune is a fast, reliable, fully managed graph database service that makes it easy to build and run applications that work with highly connected datasets. Amazon Neptune has native support for backing up and restoring Neptune DB clusters and customers currently using those methods can continue to do so. However, many customers, especially those in regulated industries, require centralized management of their data protection and compliance across different AWS services. They currently write custom code to track Neptune snapshots and build auditor-friendly compliance reports instead of being able to leverage AWS Backup like they do for other database services. As more customers modernize their applications using purpose-built databases, they want the ability to configure one centralized service for all of their databases instead of having to manage backups in each database service individually.
Today, AWS Backup launched support for Amazon Neptune. Neptune’s database engine is optimized for storing billions of relationships and querying with millisecond latency. AWS Backup is a fully managed service that enables customers to centralize and automate data protection and compliance across AWS compute, storage, and database services using centralized backup policies. This ensures that you meet your data protection and compliance goals across your application. Together with AWS Organizations, AWS Backup enables you to centrally deploy data protection (backup) policies to configure, manage, and govern backup activity across AWS Regions and accounts.
In this post, I demonstrate how you can use AWS Backup to enable support for Neptune, add Neptune DB clusters to a backup plan, and restore a Neptune snapshot directly from AWS Backup. AWS Backup and Neptune native backup complement each other, so you can implement these steps without worry of affecting your existing Neptune backups.
AWS Backup for Amazon Neptune
First, log in to the AWS Management Console. Using the search bar at the top of the console, type ‘AWS Backup’ to find the AWS Backup console. Then, select the AWS Backup console search result in order to navigate to the AWS Backup console.
Next, make sure that you have enabled Amazon Neptune as a service that you want AWS Backup to protect. On the left pane, under the My account section, select Settings. Then, navigate to the Service opt-in section and ensure that you have enabled Amazon Neptune; confirm that by checking under the Status column, it will show as Enabled. If Neptune is showing as Disabled, then select the Configure resources button and select the toggle button to enable Neptune. This is only necessary the first time you enable the service.
Now that you have enabled AWS Backup support for Neptune, let’s create a backup plan to protect our resources. Returning to the left pane, under the My account section, select Backup plans. Select Build a new plan and give the backup plan a name.
Scroll down to Backup rule configuration to define the backup rule. You will give it a name of “3-day-retention,” selecting a daily backup frequency and a retention period of 3 days. Every AWS Region in your account has a default backup vault. You have the option to create your backups in the default vault, or you can create new backup vaults in every Region. You will use the Default backup vault that was created for us. After you finish configuring the rule, select Create plan at the bottom of the page.
At this point, you have an AWS Backup plan but there are no resources that are being protected by it. Select the Assign resources button to choose which resources to protect.
You can add a single Neptune cluster by selecting Resource ID in the Assign by selector, Neptune as the Resource type, and choosing the cluster ID of our cluster under Database name. If you have multiple resources to assign, using Tags in the Assign by selector is a simple and scalable way to include all resources with the tags that you specify in the Key and Value fields in the backup plan. Add assignment can be used to add additional Resource ID or Tags assignments to the list. When you are finished adding resources, select Assign resources to attach them to the backup plan.
Now your resources are protected with an AWS Backup plan. The schedule will run once a day as set in the plan and the recovery point will be retained in the AWS Backup vault for 3 days.
Next, you will browse to the backup vault and test a restore.
Restoring a Neptune snapshot from AWS Backup
From the AWS Backup console, first go to Backup vaults and select the default vault where our backup plan was configured to store the backups.
In the search bar you can search for your backup by resource type, recovery point ID, or source account ID. Search for your backup and once found check the box next to it then select Actions and Restore to initiate the recovery.
After you have initiated the restore, AWS Backup will prompt you to name the instance and cluster that you are restoring to. You can also change Neptune-specific options such as database port, parameter groups, and Amazon Neptune audit logging. Choose the Restore backup button at the bottom of the page to initiate the restore process.
You will be redirected to the list of Restore jobs where you can see the progress of the restore action you just initiated. Once the job status changes to Completed, you can view the results using the Neptune console.
Using the search bar at the top of the console, type ‘Neptune’ to find the Neptune console. Then, select the Neptune console search result in order to navigate to the Neptune console. On the left menu, select Databases to see our list of Neptune clusters.
You will see that the cluster was created from the snapshot, but you need to perform one more step before you can use your cluster. Only the storage layer is restored from AWS Backup. You need to add a compute instance to interact with the storage layer. To do this, choose the CloudShell button on the top menu of the console.
When the CloudShell prompt fully loads, you can run the following command at the prompt to achieve this. Make sure to substitute your region, db-cluster-identifier, and engine-version parameters if they differ from our example.
aws neptune create-db-instance --db-instance-identifier neptune-restored-instance --db-instance-class db.r5.large --engine neptune --engine-version 22.214.171.124 --db-cluster-identifier neptune-restored --region us-east-1
If you return to the Neptune console, you can now see that you have a compute instance being created attached to our restored cluster.
Restoring an AWS Backup managed Neptune snapshot from Neptune
If you prefer to continue using Neptune to perform your restore activities, you still have the option to do so. Selecting the Neptune cluster name opens a dashboard for that cluster. Select the Maintenance & backups tab.
Scrolling down to the bottom of the screen brings you to the Snapshots section. You can view the snapshots taken by AWS Backup by inspecting the Snapshot type column for the value awsbackup.
AWS Backup charges per GB-Month for storage of Neptune snapshots. To avoid ongoing charges for maintaining 3 snapshots, from the AWS Backup console, go to Backup plans and select the plan you created. Under the Resource Assignments section, select each resource individually, select the Delete button, and perform the confirmation check to remove the assignment. When all resources are removed, you can delete the backup plan by selecting the Delete button in the upper-right corner of the page and completing the confirmation check.
Next, delete any existing backups that were created by the plan by selecting Backup vaults from the left navigation menu and selecting the vault you stored your backups in. Under the Backups section, check the box next to each backup you’d like to delete and select Delete under the Actions menu. Complete the confirmation process by typing “delete” in the box as instructed and selecting the Delete Recovery Points button.
In this post, I reviewed how AWS Backup now supports Amazon Neptune. I detailed how to configure a new backup plan in AWS Backup and use it to secure your Neptune clusters. I also demonstrated how you can use both the AWS Backup console and the Neptune console to restore a cluster from an AWS Backup managed snapshot. Customers, who already use AWS Backup to protect other AWS services, can use the same backup policies to manage and track Neptune snapshots, giving them a centralized and consistent data protection and compliance experience for Amazon Neptune. Get started using AWS Backup in the AWS Management Console today.
Thank you for reading this blog post. If you have any comments or questions, don’t hesitate to leave them in the comments section.