Use case
MDAA covers relational, search, and lakehouse analytics, but has no module for a graph database. Graph workloads — entity resolution, hierarchy/lineage traversal, relationship exploration — are common in data platforms. Today users must hand-roll Neptune outside MDAA, losing the compliance, naming, and SSM-coupling guarantees MDAA provides everywhere else.
Proposal
Add an Amazon Neptune analytics module (@aws-mdaa/neptune app + @aws-mdaa/neptune-l3-construct) following MDAA conventions, slotting alongside the existing analytics modules.
The simplest config a user would write:
clusterConfig:
engineVersion: '1.3.2.1'
instanceConfig:
instanceClass: db.r6g.large
count: 1
vpcId: vpc-a1b2c3d4
subnetIds:
- subnet-1a2b3c4d
- subnet-5e6f7a8b
Produces a production-ready, secure-by-default cluster: IAM database auth, KMS encryption (CMK w/ rotation), audit logging to CloudWatch, deletion protection, a DB subnet group, a port-8182 security group (no 0.0.0.0/0 ingress), and SSM-published endpoints. Optional config adds bulk-loader/export IAM roles (scoped to S3 prefix + KMS), CloudWatch alarms, custom parameter groups / query timeout, and Serverless scaling (auto-disabled in GovCloud).
Compliance
Built on MDAA L2 constructs; passes AWS Solutions, NIST 800-53 R5, HIPAA, and PCI-DSS CDK-Nag rulesets with zero errors. Partition-agnostic ARNs throughout; GovCloud-aware (region validation + Serverless gating).
Scope
Implementation is complete (L3 construct + app, JSON schema, minimal + comprehensive sample configs with synth baseline diff tests, unit + property-based + CDK-Nag compliance tests, README + architecture diagram). npm run prepush:all passes locally. Ready to open as a PR pending core-team approval of this proposal.
MDAA version: based on 1.6.0 (main).
Use case
MDAA covers relational, search, and lakehouse analytics, but has no module for a graph database. Graph workloads — entity resolution, hierarchy/lineage traversal, relationship exploration — are common in data platforms. Today users must hand-roll Neptune outside MDAA, losing the compliance, naming, and SSM-coupling guarantees MDAA provides everywhere else.
Proposal
Add an Amazon Neptune analytics module (
@aws-mdaa/neptuneapp +@aws-mdaa/neptune-l3-construct) following MDAA conventions, slotting alongside the existinganalyticsmodules.The simplest config a user would write:
Produces a production-ready, secure-by-default cluster: IAM database auth, KMS encryption (CMK w/ rotation), audit logging to CloudWatch, deletion protection, a DB subnet group, a port-8182 security group (no
0.0.0.0/0ingress), and SSM-published endpoints. Optional config adds bulk-loader/export IAM roles (scoped to S3 prefix + KMS), CloudWatch alarms, custom parameter groups / query timeout, and Serverless scaling (auto-disabled in GovCloud).Compliance
Built on MDAA L2 constructs; passes AWS Solutions, NIST 800-53 R5, HIPAA, and PCI-DSS CDK-Nag rulesets with zero errors. Partition-agnostic ARNs throughout; GovCloud-aware (region validation + Serverless gating).
Scope
Implementation is complete (L3 construct + app, JSON schema, minimal + comprehensive sample configs with synth baseline diff tests, unit + property-based + CDK-Nag compliance tests, README + architecture diagram).
npm run prepush:allpasses locally. Ready to open as a PR pending core-team approval of this proposal.MDAA version: based on
1.6.0(main).