Required if CREATE_VPC=false and USE_PRIVATE_SUBNET=false
PRIVATE_SUBNET_ID
string
subnet-xxxxxxxx
Conditional
Required if CREATE_VPC=false and USE_PRIVATE_SUBNET=true
CREATE_SSM_VPC_ENDPOINT
bool
true/false
Conditional
Required if USE_PRIVATE_SUBNET=true
SSM_VPC_ENDPOINT_ID
string
vpce-xxxxxxxx
Conditional
Required if CREATE_SSM_VPC_ENDPOINT=true
CREATE_SECRETSMANAGER_VPC_ENDPOINT
bool
true/false
Conditional
Required if USE_PRIVATE_SUBNET=true
SECRETSMANAGER_VPC_ENDPOINT_ID
string
vpce-xxxxxxxx
Conditional
Required if CREATE_SECRETSMANAGER_VPC_ENDPOINT=true
CREATE_S3_VPC_ENDPOINT
bool
true/false
Conditional
Required if USE_PRIVATE_SUBNET=true
S3_VPC_ENDPOINT_ID
string
vpce-xxxxxxxx
Conditional
Required if CREATE_S3_VPC_ENDPOINT=true
DEPLOY_NAT_GATEWAY
bool
true/false
Conditional
Required if USE_PRIVATE_SUBNET=true
EXTERNAL_NAT_GATEWAY_ID
string
nat-xxxxxxxx
Conditional
Required if DEPLOY_NAT_GATEWAY=false
DEPLOY_BASTION_SERVER
bool
true/false
Conditional
Optional if USE_PRIVATE_SUBNET=true
ADMIN_IP
string
192.168.1.1/32
Conditional
Required if DEPLOY_BASTION_SERVER=true
Note: "Conditional" in the "Required" column indicates that the requirement of the variable depends on specific configurations or conditions.
Infrastructure
Conditions added to support private deployments with and without VPC and VPC endpoints.
VPC endpoints are required for private deployments for access to AWS services.
Added support for deploying a bastion server for private deployments.
Allows access to the shell of the database instance.
Added support for deploying a NAT Gateway for private deployments.
Required for Neo4j to initialize.
Added support for deploying VPC endpoints for private deployments.
Deployment logic updated in Makefile to support private deployments including deploying and deleting VPC endpoints and updating security groups.
Optional deployment of access services for private deployments.
Bastion server to access database instance
NAT Gateway to access database instance
Database
Conditions added to support private deployments with and without VPC, VPC endpoints and NAT Gateway.
Updated Neo4j configuration for private deployments.
Deploys and configures Neo4j 5.13 using an Ubuntu 22.04 base image instead of Bitnami
Access Neo4j Browser by running the target STAGE=<stage> make database.ui.connect
Pipeline
Conditions added to support private deployments with and without VPC, VPC endpoints and NAT Gateway.
Reinstated pre/post data backup steps during executions
New Usage
Connecting to Neo4j Browser running in a private subnet
For deployments using a private subnet, Neo4j Browser can be accessed through port forwarding. For first time access follow these steps:
Change the permissions of the SSH key.
chmod 400 <stage>-gfe-db-us-east-1-neo4j-key.pem
Connect to the database server so that your identity is stored on the machine and accept the prompts to connect.
STAGE=<stage> make database.connect
> Are you sure you want to continue connecting (yes/no)? yes
In a new shell, connect to Neo4j Browser and accept any additional prompts to connect.
STAGE=<stage>make database.ui.connect
> Neo4j Browser is available at: http://localhost:7474/browser/
These steps only need to be performed the first time you want to connect to Neo4j Browser. After this all you need to do is run STAGE=<stage>make database.ui.connect and navigate to http://localhost:7474/browser/ to use the graph.
Run gfe-db Locally Using Docker
Once the application has been deployed and the database is loaded, it is possible to build and run the latest version of gfe-db locally using Docker.
Build Environment
Make sure you have added your Docker Hub credentials to your .env file.
Build and push the image to Docker Hub. The Makefile will automatically fetch the most recent backup data from S3 and use it to build the image. You can access the logs in ./gfe-db/local/neo4j/logs.
STAGE=<stage> make local.build
Once the image is built and pushed to Docker Hub you can run the command to run the most recent version of gfe-db locally.
# Run from the root directory of gfe-db
docker run \
--restart always \
--publish=7474:7474 --publish=7687:7687 \
--volume=$(pwd)/gfe-db/local/neo4j/logs:/logs \
$DOCKER_USERNAME/gfe-db:latest
Next Steps
Commit-level state management and pipeline execution
@pbashyal-nmdp The conflict in the requirements.txt file is for py-gfe. It can be switched back but I think you might need to update the py-gfe release on PyPI (probably to 1.1.6 for the patch).
Description
Major update to support private deployments with and without VPC, VPC endpoints and NAT Gateway for Neo4j 5.
Summary of Changes
All services and configuration include:
STAGE=<stage> make database.ui.connect
Environment Variables
Note: "Conditional" in the "Required" column indicates that the requirement of the variable depends on specific configurations or conditions.
Infrastructure
Database
STAGE=<stage> make database.ui.connect
Pipeline
New Usage
Connecting to Neo4j Browser running in a private subnet
For deployments using a private subnet, Neo4j Browser can be accessed through port forwarding. For first time access follow these steps:
These steps only need to be performed the first time you want to connect to Neo4j Browser. After this all you need to do is run
STAGE=<stage>make database.ui.connect
and navigate tohttp://localhost:7474/browser/
to use the graph.Run
gfe-db
Locally Using DockerOnce the application has been deployed and the database is loaded, it is possible to build and run the latest version of gfe-db locally using Docker.
Build Environment
Make sure you have added your Docker Hub credentials to your .env file.
Usage
Build and push the image to Docker Hub. The Makefile will automatically fetch the most recent backup data from S3 and use it to build the image. You can access the logs in
./gfe-db/local/neo4j/logs
.Once the image is built and pushed to Docker Hub you can run the command to run the most recent version of gfe-db locally.
Next Steps