AWS · Managed Graph Database
Amazon Neptune Backup and Recovery
Built for cloud teams
Air-gapped backup and recovery for Amazon Neptune clusters. Atomic cluster snapshots, schema-and-relationship-preserving restores, and cross-account or cross-region recovery for both Property Graph and RDF workloads.
Storage tier
Restore type
Cross-region
Cross-account
01 · Why Clumio for Amazon Neptune
Why pick Clumio for Neptune
Native Neptune snapshots cap at 35 days and live in the source account. Cyber resilience, multi-year retention, and cross-account recovery need a separate protection layer. Clumio handles those without disturbing the source cluster.
AGENT-LESS
No agents, no backup infrastructure
Clumio runs entirely outside your AWS account. Nothing installs on Neptune database hosts, no proxy hosts to maintain, and no backup servers to size or patch. Snapshots are driven through AWS APIs, so protection adds zero CPU or memory load to the workload.
CLUSTER-CONSISTENT
Atomic graph snapshots
Each backup captures the entire cluster state at a single instant. Vertices, edges, properties, and indexes all reflect the same transactionally consistent point in time across every cluster node, with no torn-write artifacts on restore.
LONG RETENTION
Beyond AWS automated backup limits
Clumio can retain Neptune backups for months and years in addition to daily and weekly, independent of AWS’s 35-day maximum retention for automated backups. Snapshots live in the air-gapped vault on a separate lifecycle, sized for compliance, audit, and long-tail recovery windows.
AIR-GAPPED VAULT
Survives account compromise
SecureVault backups sit in Clumio’s immutable, off-account vault. If the source AWS account is compromised, or an admin deletes the Neptune cluster, the backup is still there and still restorable into any account.
TAG-BASED PROTECTION
Auto-protect at scale
Protection rules pick up new Neptune clusters by AWS tag, name pattern, account, or region. Newly launched clusters are auto-attached to a policy at the next discovery cycle, so spinning up a new dev, staging, or per-tenant cluster doesn’t carry a manual onboarding step.
CROSS-REGION DURABILITY
Backup target outside the source region
Point a policy at a different AWS region for the backup vault and recovery points stay reachable even when a regional event affects the source. Standard data-transfer fees apply when the vault region differs from the source.
New to Clumio?
Set up your AWS account first
This page assumes a connected AWS account with at least one Neptune cluster. If you haven’t done that yet, the Getting Started guide walks you through sign-up, account connection, and first backup in about thirty minutes.
02 · Backup
How to back up Amazon Neptune
Neptune clusters run in a single AWS account and region. Clumio captures snapshot-consistent cluster state including vertices, edges, properties, and indexes, and preserves the graph model end-to-end.
Create a backup policy
A policy defines schedule, retention, and target region. Neptune policies operate at the cluster level: a single backup captures graph data, indexes, and cluster metadata as a transactionally consistent snapshot. The backup is consistent across all nodes in the cluster.
Pick the right RPO
The policy schedule sets the cadence (daily, weekly, monthly, or yearly), with an optional start time and an optional backup window that constrains when runs can begin. The seed run transfers a full cluster snapshot; subsequent runs are incremental.
Choose a tier (SecureVault Standard)
SecureVault Standard
Neptune backups land in SecureVault Standard, an air-gapped tier outside your source account. Restore directly to a new cluster in the same account, a different region, or a different AWS account altogether. Standard is the only tier available for Neptune today.
Choose a region (in-region or out-of-region)
By default, backups land in the same region as the source. Target a different region on the policy for cross-region durability; standard data-transfer charges may apply.
Heads up: cross-region backup adds standard AWS data-transfer charges. Confirm the target region is supported by your account.
Apply the policy with protection rules
Once the policy is saved, use protection rules to apply it. Target Neptune clusters by AWS tag, name pattern, account, or region. Resources can also be excluded by tag for fine-grained control. The seed backup runs first; subsequent backups are incremental.
03 · Restore
How to restore Amazon Neptune
A Neptune restore comes down to three choices: when to recover from, what to recover, and where it lands.
SecureVault Standard backup
Pick a SecureVault Standard dot on the calendar. Air-gapped copy outside your AWS account. Fast restore directly to a new cluster. Best for ransomware response, account-compromise scenarios, and routine recovery.
Restore creates a new cluster at cluster-level granularity.
Full cluster: Restore the entire cluster as a new resource: instance class, parameter group, subnet group, KMS key, security group, and tags configurable at restore time. The default and only shape.
Restore to a new cluster in the source account, or land in a different account or region.
Restore to a new Neptune cluster in the source account. Pick the target region (defaults to the source), modify cluster name, instance class, and configuration as needed, then confirm. Cross-region restore from a same-region backup is supported and adds data transfer fees.
Restore to a target AWS account, useful for ransomware recovery, environment promotion, or staging refreshes. The target account must have a Clumio connector installed with a reachable subnet group in the destination region. No dependency on the source account being healthy.
05 · Common questions
Frequently asked questions
Questions from engineers setting up Neptune protection or troubleshooting restores.
Are Clumio Neptune backups incremental?
Each backup is a full cluster snapshot, not a delta. But the storage and bandwidth footprint scales with how much graph data is actually in the cluster, not with the cluster’s provisioned capacity, so practical cost and transfer track what your workload is actively storing rather than how much room you’ve allocated. Cluster metadata (instance class, parameter group, subnet group, security groups) is captured every time so each backup remains a complete, restorable point.
Which Neptune engine versions and graph models are supported?
Clumio supports current Neptune engine versions and both data models (Property Graph via Gremlin / openCypher, and RDF via SPARQL). No code or query rewrites are required at restore.
Can I auto-protect new clusters by tag or naming pattern?
Yes. Protection rules target Neptune clusters by AWS tag, name pattern, account, or region. New clusters that match are auto-attached to the policy at the next discovery cycle.
How is restore configuration handled (instance class, parameter groups, security groups, KMS)?
At restore time, you specify the target subnet group, parameter group, instance class, KMS key, and security groups. Defaults inherit from the source where applicable; everything is overridable so the restored cluster can land in any account, VPC, or configuration.
06 · Related resources
Go deeper
Blog posts and reference material for teams building on Clumio Amazon Neptune protection.
analyst report
The Total Economic Impact™ Of Clumio
After interviews with decision-makers from four organizations, Forrester aggregated the data and concluded that Clumio has the following three-year financial impact on a composite organization.
Blog
Automating AWS Data Protection with Terraform and Clumio
A cloud-native approach to backup as Infrastructure as Code.
Checklist
Defense Against Ransomware Attacks
Protecting your data against ransomware attacks involves developing and establishing a multi-layer defensive plan that covers everything from thwarting such attacks to recovering quickly in the event of a breach.