Skip to content

AWS · Managed Graph Database

Amazon Neptune Backup and Recovery

Built for cloud teams

Air-gapped backup and recovery for Amazon Neptune clusters. Atomic cluster snapshots, schema-and-relationship-preserving restores, and cross-account or cross-region recovery for both Property Graph and RDF workloads.

Storage tier

SecureVault Standard

Restore type

Full cluster

Cross-region

Supported

Cross-account

Supported

01 · Why Clumio for Amazon Neptune

Why pick Clumio for Neptune

Native Neptune snapshots cap at 35 days and live in the source account. Cyber resilience, multi-year retention, and cross-account recovery need a separate protection layer. Clumio handles those without disturbing the source cluster.

AGENT-LESS

No agents, no backup infrastructure

Clumio runs entirely outside your AWS account. Nothing installs on Neptune database hosts, no proxy hosts to maintain, and no backup servers to size or patch. Snapshots are driven through AWS APIs, so protection adds zero CPU or memory load to the workload.

CLUSTER-CONSISTENT

Atomic graph snapshots

Each backup captures the entire cluster state at a single instant. Vertices, edges, properties, and indexes all reflect the same transactionally consistent point in time across every cluster node, with no torn-write artifacts on restore.

LONG RETENTION

Beyond AWS automated backup limits

Clumio can retain Neptune backups for months and years in addition to daily and weekly, independent of AWS’s 35-day maximum retention for automated backups. Snapshots live in the air-gapped vault on a separate lifecycle, sized for compliance, audit, and long-tail recovery windows.

AIR-GAPPED VAULT

Survives account compromise

SecureVault backups sit in Clumio’s immutable, off-account vault. If the source AWS account is compromised, or an admin deletes the Neptune cluster, the backup is still there and still restorable into any account.

TAG-BASED PROTECTION

Auto-protect at scale

Protection rules pick up new Neptune clusters by AWS tag, name pattern, account, or region. Newly launched clusters are auto-attached to a policy at the next discovery cycle, so spinning up a new dev, staging, or per-tenant cluster doesn’t carry a manual onboarding step.

CROSS-REGION DURABILITY

Backup target outside the source region

Point a policy at a different AWS region for the backup vault and recovery points stay reachable even when a regional event affects the source. Standard data-transfer fees apply when the vault region differs from the source.

New to Clumio?

Set up your AWS account first

This page assumes a connected AWS account with at least one Neptune cluster. If you haven’t done that yet, the Getting Started guide walks you through sign-up, account connection, and first backup in about thirty minutes.

02 · Backup

How to back up Amazon Neptune

Neptune clusters run in a single AWS account and region. Clumio captures snapshot-consistent cluster state including vertices, edges, properties, and indexes, and preserves the graph model end-to-end.

01

Create a backup policy

A policy defines schedule, retention, and target region. Neptune policies operate at the cluster level: a single backup captures graph data, indexes, and cluster metadata as a transactionally consistent snapshot. The backup is consistent across all nodes in the cluster.

Protect → Policies → Create policy 

02

Pick the right RPO

The policy schedule sets the cadence (daily, weekly, monthly, or yearly), with an optional start time and an optional backup window that constrains when runs can begin. The seed run transfers a full cluster snapshot; subsequent runs are incremental.

03

Choose a tier (SecureVault Standard)

SecureVault Standard
Neptune backups land in SecureVault Standard, an air-gapped tier outside your source account. Restore directly to a new cluster in the same account, a different region, or a different AWS account altogether. Standard is the only tier available for Neptune today.

Protect → Neptune policies → Backup tier 

04

Choose a region (in-region or out-of-region)

By default, backups land in the same region as the source. Target a different region on the policy for cross-region durability; standard data-transfer charges may apply.

Heads up: cross-region backup adds standard AWS data-transfer charges. Confirm the target region is supported by your account.

05

Apply the policy with protection rules

Once the policy is saved, use protection rules to apply it. Target Neptune clusters by AWS tag, name pattern, account, or region. Resources can also be excluded by tag for fine-grained control. The seed backup runs first; subsequent backups are incremental.

Set up → Protection rules  

03 · Restore

How to restore Amazon Neptune

A Neptune restore comes down to three choices: when to recover from, what to recover, and where it lands.

SecureVault Standard backup

Pick a SecureVault Standard dot on the calendar. Air-gapped copy outside your AWS account. Fast restore directly to a new cluster. Best for ransomware response, account-compromise scenarios, and routine recovery.

Restore → Cluster → SecureVault 

Restore creates a new cluster at cluster-level granularity.

Full cluster: Restore the entire cluster as a new resource: instance class, parameter group, subnet group, KMS key, security group, and tags configurable at restore time. The default and only shape.

Restore to a new cluster in the source account, or land in a different account or region.
Same account, same or different region

Restore to a new Neptune cluster in the source account. Pick the target region (defaults to the source), modify cluster name, instance class, and configuration as needed, then confirm. Cross-region restore from a same-region backup is supported and adds data transfer fees.

Restore → Same-account 

Cross-account (any region)

Restore to a target AWS account, useful for ransomware recovery, environment promotion, or staging refreshes. The target account must have a Clumio connector installed with a reachable subnet group in the destination region. No dependency on the source account being healthy.

Restore → Cross-account 

05 · Common questions

Frequently asked questions

Questions from engineers setting up Neptune protection or troubleshooting restores.

Are Clumio Neptune backups incremental?

Each backup is a full cluster snapshot, not a delta. But the storage and bandwidth footprint scales with how much graph data is actually in the cluster, not with the cluster’s provisioned capacity, so practical cost and transfer track what your workload is actively storing rather than how much room you’ve allocated. Cluster metadata (instance class, parameter group, subnet group, security groups) is captured every time so each backup remains a complete, restorable point.

Which Neptune engine versions and graph models are supported?

Clumio supports current Neptune engine versions and both data models (Property Graph via Gremlin / openCypher, and RDF via SPARQL). No code or query rewrites are required at restore.

Can I auto-protect new clusters by tag or naming pattern?

Yes. Protection rules target Neptune clusters by AWS tag, name pattern, account, or region. New clusters that match are auto-attached to the policy at the next discovery cycle.

How is restore configuration handled (instance class, parameter groups, security groups, KMS)?

At restore time, you specify the target subnet group, parameter group, instance class, KMS key, and security groups. Defaults inherit from the source where applicable; everything is overridable so the restored cluster can land in any account, VPC, or configuration.

06 · Related resources

Go deeper

Blog posts and reference material for teams building on Clumio Amazon Neptune protection.

analyst report

The Total Economic Impact™ Of Clumio

After interviews with decision-makers from four organizations, Forrester aggregated the data and concluded that Clumio has the following three-year financial impact on a composite organization.

Blog

Automating AWS Data Protection with Terraform and Clumio

A cloud-native approach to backup as Infrastructure as Code. 

Checklist

Defense Against Ransomware Attacks

Protecting your data against ransomware attacks involves developing and establishing a multi-layer defensive plan that covers everything from thwarting such attacks to recovering quickly in the event of a breach.