Creating a new Neptune Analytics notebook using the AWS Management Console - Neptune Analytics
Create an IAM role

Creating a new Neptune Analytics notebook using the AWS Management Console

You can create a new notebook for Neptune Analytics by following the instructions mentioned in Using the Neptune workbench to host Neptune notebooks with a few changes:

Create an IAM role for a Neptune Analytics notebook

To create an IAM role for a Neptune Analytics notebook

  1. Sign in to the AWS Management Console and open the IAM console at https://console.aws.amazon.com/iam/.

  2. In the navigation pane, expand Access management, then choose Roles.

  3. Select Create role.

  4. Under Trusted entity type, select Custom trust policy and copy in the following trust policy:

    JSON
    {
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Principal": {
        "Service": "sagemaker.amazonaws.com"
      },
      "Action": "sts:AssumeRole"
    }
  ]
}

  5. Choose Next, and then Next again.

  6. Enter a name and description for the role, and select Create role.

  7. Go back to the Roles page, search for the name of the role you just created, and open it.

  8. On the Permissions tab Under Permissions policies, select Add permissions and choose Create inline policy.

  9. In the Policy editor, switch to the JSON option, and copy in the following policy:

    JSON
    {
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": [
                "s3:GetObject",
                "s3:ListBucket"
            ],
            "Resource": [
                "arn:aws:s3:::aws-neptune-notebook-(AWS region)",
                "arn:aws:s3:::aws-neptune-notebook-(AWS region)/*",
                "arn:aws:s3:::aws-neptune-customer-samples-(AWS region)",
                "arn:aws:s3:::aws-neptune-customer-samples-(AWS region)/*"
            ]
        },
        {
            "Effect": "Allow",
            "Action": "neptune-graph:*",
            "Resource": [
                "arn:aws:neptune-graph:us-east-1:(AWS account ID):graph/(Neptune Graph resource ID)"
            ]
        },
        {
            "Effect": "Allow",
            "Action": [
                "logs:CreateLogGroup",
                "logs:CreateLogStream",
                "logs:PutLogEvents"
            ],
            "Resource": [
                "arn:aws:logs:*:*:log-group:/aws/sagemaker/*"
            ]
        },
        {
            "Effect": "Allow",
            "Action": "sagemaker:DescribeNotebookInstance",
            "Resource": [
                "arn:aws:sagemaker:us-east-1:(AWS account ID):notebook-instance/*"
            ]
        }
    ]
}

  10. Choose Next.

  11. Give a name to the inline policy.

  12. Select Create policy. Make note of the name of the policy you just created.