neo4j-aura-provisioning-skill

Compare original and translation side by side

🇺🇸

Original

English

🇨🇳

Translation

Chinese

When to Use

适用场景

Creating an Aura instance (CLI, REST API, Python, Terraform)
Pausing, resuming, resizing, or deleting an instance
Downloading initial credentials from creation response
Polling instance status:
```
creating
```
→
```
running
```
Setting up CI/CD provisioning or teardown pipelines
Choosing instance tier (Free vs Professional vs Business Critical vs VDC)

创建Aura实例（CLI、REST API、Python、Terraform）
暂停、恢复、调整大小或删除实例
从创建响应中下载初始凭证
轮询实例状态：
```
creating
```
→
```
running
```
设置CI/CD配置或销毁流水线
选择实例层级（Free、Professional、Business Critical、VDC）

When NOT to Use

不适用场景

Cypher queries against running DB →
```
neo4j-cypher-skill
```
GDS algorithms on Aura →
```
neo4j-gds-skill
```
(Pro with plugin) or
```
neo4j-aura-graph-analytics-skill
```
(serverless)
neo4j-admin / cypher-shell →
```
neo4j-cli-tools-skill
```
Application driver setup → use a language driver skill (python, javascript, java, go, dotnet)

对运行中的数据库执行Cypher查询 → 使用
```
neo4j-cypher-skill
```
在Aura上运行GDS算法 → 使用
```
neo4j-gds-skill
```
（带插件的Professional版）或
```
neo4j-aura-graph-analytics-skill
```
（无服务器版）
使用neo4j-admin / cypher-shell → 使用
```
neo4j-cli-tools-skill
```
应用驱动设置 → 使用对应语言的驱动skill（python、javascript、java、go、dotnet）

Instance Tier Decision Table

实例层级决策表

Tier	API type code	Memory	GDS	Replicas	Use when
AuraDB Free	`free-db`	1 GB	❌	❌	Dev/demo; ≤200k nodes/400k rels
AuraDB Professional	`professional-db`	2–64 GB	plugin available	❌	Production workloads
AuraDB Business Critical	`business-critical`	4–384 GB	plugin available	✅	HA, multi-AZ, SLA
AuraDB VDC	`enterprise-db`	custom	✅	✅	Dedicated infra, compliance
AuraDS Professional	`professional-ds`	2–64 GB	✅ built-in	❌	Data science / GDS
AuraDS Enterprise	`enterprise-ds`	custom	✅	✅	Enterprise GDS

AuraDB Free limits: 200k nodes, 400k rels; auto-pauses after 72 h inactivity; deleted if paused >30 days; no resize.

层级	API类型编码	内存	GDS	副本	适用场景
AuraDB Free	`free-db`	1 GB	❌	❌	开发/演示；≤200k节点/400k关系
AuraDB Professional	`professional-db`	2–64 GB	可安装插件	❌	生产工作负载
AuraDB Business Critical	`business-critical`	4–384 GB	可安装插件	✅	高可用、多可用区、服务级别协议（SLA）
AuraDB VDC	`enterprise-db`	自定义	✅	✅	专用基础设施、合规需求
AuraDS Professional	`professional-ds`	2–64 GB	✅ 内置	❌	数据科学/GDS
AuraDS Enterprise	`enterprise-ds`	自定义	✅	✅	企业级GDS

AuraDB Free限制：200k节点、400k关系；闲置72小时后自动暂停；暂停超过30天将被删除；不支持调整大小。

Auth Setup

身份验证设置

CLI (aura-cli v1.7+)

CLI（aura-cli v1.7+）

Install (binary, not pip):

bash

undefined

安装（二进制文件，非pip）：

bash

undefined

macOS

curl -L https://github.com/neo4j/aura-cli/releases/latest/download/aura-cli-darwin-amd64.tar.gz | tar xz sudo mv aura-cli /usr/local/bin/ aura-cli -v # verify


Add credentials (from console.neo4j.io → Account Settings → API Credentials):
```bash
aura-cli credential add \
  --name "my-creds" \
  --client-id "$AURA_CLIENT_ID" \
  --client-secret "$AURA_CLIENT_SECRET"
aura-cli credential use --name "my-creds"

Verify:

bash

aura-cli instance list --output table

curl -L https://github.com/neo4j/aura-cli/releases/latest/download/aura-cli-darwin-amd64.tar.gz | tar xz sudo mv aura-cli /usr/local/bin/ aura-cli -v # verify


添加凭证（来自console.neo4j.io → 账户设置 → API凭证）：
```bash
aura-cli credential add \
  --name "my-creds" \
  --client-id "$AURA_CLIENT_ID" \
  --client-secret "$AURA_CLIENT_SECRET"
aura-cli credential use --name "my-creds"

验证：

bash

aura-cli instance list --output table

REST API — Get Bearer Token

REST API — 获取Bearer令牌

Token endpoint:

POST https://api.neo4j.io/oauth/token

Token expires: 3600 s (1 h). On 403 → refresh token.

bash

TOKEN=$(curl -s --request POST 'https://api.neo4j.io/oauth/token' \
  --user "${AURA_CLIENT_ID}:${AURA_CLIENT_SECRET}" \
  --header 'Content-Type: application/x-www-form-urlencoded' \
  --data-urlencode 'grant_type=client_credentials' \
  | jq -r '.access_token')
echo "Token: ${TOKEN:0:20}..."

Use in all subsequent calls:

--header "Authorization: Bearer $TOKEN"

令牌端点：

POST https://api.neo4j.io/oauth/token

令牌有效期：3600秒（1小时）。收到403错误时需刷新令牌。

bash

TOKEN=$(curl -s --request POST 'https://api.neo4j.io/oauth/token' \
  --user "${AURA_CLIENT_ID}:${AURA_CLIENT_SECRET}" \
  --header 'Content-Type: application/x-www-form-urlencoded' \
  --data-urlencode 'grant_type=client_credentials' \
  | jq -r '.access_token')
echo "Token: ${TOKEN:0:20}..."

在后续所有调用中使用：

--header "Authorization: Bearer $TOKEN"

Step 1 — List Tenants (Projects)

步骤1 — 列出租户（项目）

CLI:

bash

aura-cli tenants list --output table

CLI：

bash

aura-cli tenants list --output table

Copy TENANT_ID for create operations

复制TENANT_ID用于创建操作


REST:
```bash
curl -s https://api.neo4j.io/v1/tenants \
  -H "Authorization: Bearer $TOKEN" | jq '.data[] | {id, name}'


REST：
```bash
curl -s https://api.neo4j.io/v1/tenants \
  -H "Authorization: Bearer $TOKEN" | jq '.data[] | {id, name}'

Step 2 — Create Instance

步骤2 — 创建实例

CRITICAL: Capture output immediately. Initial password shown ONCE — never retrievable again. If lost: delete and recreate. Store

aura-creds.json

before doing anything else.

重要提示：立即保存输出结果。初始密码仅显示一次——无法再次找回。如果丢失：删除并重新创建。在进行其他操作前先保存

aura-creds.json

。

CLI

bash

aura-cli instance create \
  --name "my-instance" \
  --cloud-provider gcp \
  --region europe-west1 \
  --type professional-db \
  --tenant-id "$TENANT_ID" \
  --output json | tee aura-creds.json

bash

aura-cli instance create \
  --name "my-instance" \
  --cloud-provider gcp \
  --region europe-west1 \
  --type professional-db \
  --tenant-id "$TENANT_ID" \
  --output json | tee aura-creds.json

Extract for .env

提取信息用于.env

INSTANCE_ID=$(jq -r '.id' aura-creds.json) PASSWORD=$(jq -r '.password' aura-creds.json)

undefined

INSTANCE_ID=$(jq -r '.id' aura-creds.json) PASSWORD=$(jq -r '.password' aura-creds.json)

undefined

REST API (full create)

REST API（完整创建流程）

bash

RESPONSE=$(curl -s -X POST https://api.neo4j.io/v1/instances \
  -H "Authorization: Bearer $TOKEN" \
  -H "Content-Type: application/json" \
  -d '{
    "name":           "my-instance",
    "cloud_provider": "gcp",
    "region":         "europe-west1",
    "type":           "professional-db",
    "tenant_id":      "'"$TENANT_ID"'",
    "memory":         "4GB",
    "version":        "5"
  }')
echo "$RESPONSE" | tee aura-creds.json
INSTANCE_ID=$(echo "$RESPONSE" | jq -r '.data.id')
PASSWORD=$(echo "$RESPONSE"   | jq -r '.data.password')

Instance create request body fields:

Field	Required	Values
`name`	✅	any string
`cloud_provider`	✅	`gcp` `aws` `azure`
`region`	✅	see region table
`type`	✅	see tier table
`tenant_id`	✅	from tenant list
`memory`	✗	`1GB` `2GB` `4GB` `8GB` … `384GB`
`version`	✗	`5` (default)

bash

RESPONSE=$(curl -s -X POST https://api.neo4j.io/v1/instances \
  -H "Authorization: Bearer $TOKEN" \
  -H "Content-Type: application/json" \
  -d '{
    "name":           "my-instance",
    "cloud_provider": "gcp",
    "region":         "europe-west1",
    "type":           "professional-db",
    "tenant_id":      "'"$TENANT_ID"'",
    "memory":         "4GB",
    "version":        "5"
  }')
echo "$RESPONSE" | tee aura-creds.json
INSTANCE_ID=$(echo "$RESPONSE" | jq -r '.data.id')
PASSWORD=$(echo "$RESPONSE"   | jq -r '.data.password')

实例创建请求体字段：

字段	是否必填	可选值
`name`	✅	任意字符串
`cloud_provider`	✅	`gcp` `aws` `azure`
`region`	✅	查看区域表
`type`	✅	查看层级表
`tenant_id`	✅	来自租户列表
`memory`	✗	`1GB` `2GB` `4GB` `8GB` … `384GB`
`version`	✗	`5` （默认值）

Step 3 — Poll Until RUNNING (CRITICAL — All Ops Are Async)

步骤3 — 轮询直到状态为RUNNING（重要：所有操作均为异步）

ALL lifecycle operations (create, pause, resume, resize) are async. Do NOT attempt connection or next operation until status =

running

(or

paused

for pause op).

bash

poll_status() {
  local INSTANCE_ID=$1 TARGET=$2 MAX_WAIT=${3:-600}
  local ELAPSED=0 STATUS
  echo "Polling for status=$TARGET (max ${MAX_WAIT}s)..."
  while [ $ELAPSED -lt $MAX_WAIT ]; do
    STATUS=$(aura-cli instance get --instance-id "$INSTANCE_ID" --output json \
             | jq -r '.status' 2>/dev/null)
    echo "  [${ELAPSED}s] status=$STATUS"
    [ "$STATUS" = "$TARGET" ] && echo "Ready." && return 0
    [ "$STATUS" = "destroying" ] && echo "ERROR: instance is being destroyed" && return 1
    sleep 10; ELAPSED=$((ELAPSED + 10))
  done
  echo "TIMEOUT after ${MAX_WAIT}s — last status: $STATUS" && return 1
}

poll_status "$INSTANCE_ID" "running" 600

REST equivalent:

bash

while true; do
  STATUS=$(curl -s "https://api.neo4j.io/v1/instances/$INSTANCE_ID" \
    -H "Authorization: Bearer $TOKEN" | jq -r '.data.status')
  [ "$STATUS" = "running" ] && break
  sleep 10
done

Status lifecycle:

creating → running → pausing → paused → resuming → running
                  ↘ destroying → (gone)

所有生命周期操作（创建、暂停、恢复、调整大小）均为异步。在状态变为

running

（暂停操作则为

paused

）之前，请勿尝试连接或执行下一步操作。

bash

poll_status() {
  local INSTANCE_ID=$1 TARGET=$2 MAX_WAIT=${3:-600}
  local ELAPSED=0 STATUS
  echo "Polling for status=$TARGET (max ${MAX_WAIT}s)..."
  while [ $ELAPSED -lt $MAX_WAIT ]; do
    STATUS=$(aura-cli instance get --instance-id "$INSTANCE_ID" --output json \
             | jq -r '.status' 2>/dev/null)
    echo "  [${ELAPSED}s] status=$STATUS"
    [ "$STATUS" = "$TARGET" ] && echo "Ready." && return 0
    [ "$STATUS" = "destroying" ] && echo "ERROR: instance is being destroyed" && return 1
    sleep 10; ELAPSED=$((ELAPSED + 10))
  done
  echo "TIMEOUT after ${MAX_WAIT}s — last status: $STATUS" && return 1
}

poll_status "$INSTANCE_ID" "running" 600

REST等效代码：

bash

while true; do
  STATUS=$(curl -s "https://api.neo4j.io/v1/instances/$INSTANCE_ID" \
    -H "Authorization: Bearer $TOKEN" | jq -r '.data.status')
  [ "$STATUS" = "running" ] && break
  sleep 10
done

状态生命周期：

creating → running → pausing → paused → resuming → running
                  ↘ destroying → (已删除)

Step 4 — Write .env and Verify

步骤4 — 编写.env文件并验证

bash

CONNECTION_URI="neo4j+s://${INSTANCE_ID}.databases.neo4j.io"

cat > .env <<EOF
NEO4J_URI=${CONNECTION_URI}
NEO4J_USERNAME=neo4j
NEO4J_PASSWORD=${PASSWORD}
NEO4J_DATABASE=neo4j
AURA_INSTANCE_ID=${INSTANCE_ID}
EOF

bash

CONNECTION_URI="neo4j+s://${INSTANCE_ID}.databases.neo4j.io"

cat > .env <<EOF
NEO4J_URI=${CONNECTION_URI}
NEO4J_USERNAME=neo4j
NEO4J_PASSWORD=${PASSWORD}
NEO4J_DATABASE=neo4j
AURA_INSTANCE_ID=${INSTANCE_ID}
EOF

Ensure .env never committed

确保.env不会被提交

grep -q '^.env$' .gitignore 2>/dev/null || echo '.env' >> .gitignore

Verify connectivity

验证连接

cypher-shell -a "$CONNECTION_URI" -u neo4j -p "$PASSWORD" "RETURN 'connected' AS status"

---

cypher-shell -a "$CONNECTION_URI" -u neo4j -p "$PASSWORD" "RETURN 'connected' AS status"

---

Step 5 — Lifecycle Operations

步骤5 — 生命周期操作

All operations require instance in the correct state. Wrong-state ops return 4xx error.

所有操作要求实例处于正确状态。错误状态下执行操作会返回4xx错误。

Pause

暂停

Required state:

running

bash

aura-cli instance pause --instance-id "$INSTANCE_ID"
poll_status "$INSTANCE_ID" "paused" 600

要求状态：

running

bash

aura-cli instance pause --instance-id "$INSTANCE_ID"
poll_status "$INSTANCE_ID" "paused" 600

Resume

恢复

Required state:

paused

bash

aura-cli instance resume --instance-id "$INSTANCE_ID"
poll_status "$INSTANCE_ID" "running" 900   # resume can take longer

要求状态：

paused

bash

aura-cli instance resume --instance-id "$INSTANCE_ID"
poll_status "$INSTANCE_ID" "running" 900   # 恢复操作可能耗时更长

Resize (Professional+ only — NOT Free)

调整大小（仅Professional及以上版本支持——Free版不支持）

Required state:

running

; instance remains available during resize.

bash

undefined

要求状态：

running

；调整大小期间实例保持可用。

bash

undefined

REST only — CLI resize not available in v1.7

仅REST支持——v1.7版本的CLI不支持调整大小

curl -s -X PATCH "https://api.neo4j.io/v1/instances/$INSTANCE_ID"
-H "Authorization: Bearer $TOKEN"
-H "Content-Type: application/json"
-d '{"memory": "8GB"}' poll_status "$INSTANCE_ID" "running" 600

Cannot reduce below current usage level

无法调整到低于当前使用量的内存

undefined

undefined

Delete

删除

IRREVERSIBLE. Export snapshots first if data needed.

bash

aura-cli instance delete --instance-id "$INSTANCE_ID"

不可恢复。如需保留数据请先导出快照。

bash

aura-cli instance delete --instance-id "$INSTANCE_ID"

No poll needed — immediate

无需轮询——立即执行


REST:
```bash
curl -s -X DELETE "https://api.neo4j.io/v1/instances/$INSTANCE_ID" \
  -H "Authorization: Bearer $TOKEN"


REST：
```bash
curl -s -X DELETE "https://api.neo4j.io/v1/instances/$INSTANCE_ID" \
  -H "Authorization: Bearer $TOKEN"

Python CI/CD Provisioning Script

Python CI/CD配置脚本

python

import os, time, requests

CLIENT_ID     = os.environ["AURA_CLIENT_ID"]
CLIENT_SECRET = os.environ["AURA_CLIENT_SECRET"]
BASE          = "https://api.neo4j.io/v1"

def get_token() -> str:
    r = requests.post(
        "https://api.neo4j.io/oauth/token",
        auth=(CLIENT_ID, CLIENT_SECRET),
        data={"grant_type": "client_credentials"},
    )
    r.raise_for_status()
    return r.json()["access_token"]

def auth_headers(token: str) -> dict:
    return {"Authorization": f"Bearer {token}", "Content-Type": "application/json"}

def create_instance(token: str, tenant_id: str, **kwargs) -> dict:
    payload = {"tenant_id": tenant_id, "version": "5", **kwargs}
    r = requests.post(f"{BASE}/instances", headers=auth_headers(token), json=payload)
    r.raise_for_status()
    return r.json()["data"]   # contains id, password, connection_url

def poll_status(token: str, instance_id: str, target: str, timeout: int = 600) -> None:
    deadline = time.time() + timeout
    while time.time() < deadline:
        r = requests.get(f"{BASE}/instances/{instance_id}", headers=auth_headers(token))
        r.raise_for_status()
        status = r.json()["data"]["status"]
        print(f"  status={status}")
        if status == target:
            return
        if status == "destroying":
            raise RuntimeError("Instance destroyed unexpectedly")
        time.sleep(10)
    raise TimeoutError(f"Instance {instance_id} did not reach '{target}' in {timeout}s")

python

import os, time, requests

CLIENT_ID     = os.environ["AURA_CLIENT_ID"]
CLIENT_SECRET = os.environ["AURA_CLIENT_SECRET"]
BASE          = "https://api.neo4j.io/v1"

def get_token() -> str:
    r = requests.post(
        "https://api.neo4j.io/oauth/token",
        auth=(CLIENT_ID, CLIENT_SECRET),
        data={"grant_type": "client_credentials"},
    )
    r.raise_for_status()
    return r.json()["access_token"]

def auth_headers(token: str) -> dict:
    return {"Authorization": f"Bearer {token}", "Content-Type": "application/json"}

def create_instance(token: str, tenant_id: str, **kwargs) -> dict:
    payload = {"tenant_id": tenant_id, "version": "5", **kwargs}
    r = requests.post(f"{BASE}/instances", headers=auth_headers(token), json=payload)
    r.raise_for_status()
    return r.json()["data"]   # 包含id、password、connection_url

def poll_status(token: str, instance_id: str, target: str, timeout: int = 600) -> None:
    deadline = time.time() + timeout
    while time.time() < deadline:
        r = requests.get(f"{BASE}/instances/{instance_id}", headers=auth_headers(token))
        r.raise_for_status()
        status = r.json()["data"]["status"]
        print(f"  status={status}")
        if status == target:
            return
        if status == "destroying":
            raise RuntimeError("Instance destroyed unexpectedly")
        time.sleep(10)
    raise TimeoutError(f"Instance {instance_id} did not reach '{target}' in {timeout}s")

--- usage ---

--- 使用示例 ---

token = get_token() instance = create_instance( token, tenant_id = os.environ["AURA_TENANT_ID"], name = "ci-test-instance", cloud_provider = "aws", region = "us-east-1", type = "professional-db", memory = "2GB", )

SAVE CREDENTIALS IMMEDIATELY — password never retrievable again

立即保存凭证——密码无法再次找回

print(f"ID: {instance['id']}") print(f"URI: neo4j+s://{instance['id']}.databases.neo4j.io") print(f"Password: {instance['password']}") # log to secure vault NOW

poll_status(token, instance["id"], "running", timeout=600) print("Instance ready.")

---

print(f"ID: {instance['id']}") print(f"URI: neo4j+s://{instance['id']}.databases.neo4j.io") print(f"Password: {instance['password']}") # 立即记录到安全密钥库

poll_status(token, instance["id"], "running", timeout=600) print("Instance ready.")

---

Region Codes

区域代码

AWS

Region code	Location
`us-east-1`	N. Virginia
`us-east-2`	Ohio
`us-west-2`	Oregon
`eu-west-1`	Ireland
`eu-west-3`	Paris
`eu-central-1`	Frankfurt
`ap-southeast-1`	Singapore
`ap-southeast-2`	Sydney
`ap-south-1`	Mumbai
`sa-east-1`	São Paulo

区域代码	位置
`us-east-1`	北弗吉尼亚
`us-east-2`	俄亥俄
`us-west-2`	俄勒冈
`eu-west-1`	爱尔兰
`eu-west-3`	巴黎
`eu-central-1`	法兰克福
`ap-southeast-1`	新加坡
`ap-southeast-2`	悉尼
`ap-south-1`	孟买
`sa-east-1`	圣保罗

GCP

Region code	Location
`europe-west1`	Belgium
`europe-west3`	Frankfurt
`europe-west4`	Netherlands
`us-central1`	Iowa
`us-east1`	S. Carolina
`us-east4`	N. Virginia
`asia-east1`	Taiwan
`asia-northeast1`	Tokyo
`asia-southeast1`	Singapore
`australia-southeast1`	Sydney

区域代码	位置
`europe-west1`	比利时
`europe-west3`	法兰克福
`europe-west4`	荷兰
`us-central1`	爱荷华
`us-east1`	南卡罗来纳
`us-east4`	北弗吉尼亚
`asia-east1`	台湾
`asia-northeast1`	东京
`asia-southeast1`	新加坡
`australia-southeast1`	悉尼

Azure

Region code	Location
`eastus`	E. US
`eastus2`	E. US 2
`westeurope`	Netherlands
`northeurope`	Ireland
`uksouth`	London
`southeastasia`	Singapore
`brazilsouth`	Brazil
`koreacentral`	Korea

Enterprise tiers (Business Critical, VDC) add 20+ additional regions per provider. Check console for full list. Free tier: GCP only; limited subset of regions.

区域代码	位置
`eastus`	美国东部
`eastus2`	美国东部2
`westeurope`	荷兰
`northeurope`	爱尔兰
`uksouth`	伦敦
`southeastasia`	新加坡
`brazilsouth`	巴西
`koreacentral`	韩国

企业层级（Business Critical、VDC）每个云提供商额外支持20+个区域。请查看控制台获取完整列表。 Free版：仅支持GCP；区域有限。

Terraform Provider

hcl

terraform {
  required_providers {
    aura = {
      source  = "neo4j/neo4j-aura"
    }
  }
}

provider "aura" {
  client_id     = var.aura_client_id       # or AURA_CLIENT_ID env var
  client_secret = var.aura_client_secret   # or AURA_CLIENT_SECRET env var
}

resource "aura_instance" "db" {
  name           = "prod-db"
  type           = "professional-db"
  cloud_provider = "gcp"
  region         = "europe-west1"
  memory         = "4GB"
  tenant_id      = var.aura_tenant_id
}

output "neo4j_uri" {
  value     = "neo4j+s://${aura_instance.db.id}.databases.neo4j.io"
  sensitive = false
}
output "neo4j_password" {
  value     = aura_instance.db.password
  sensitive = true
}

After

terraform apply

: poll status before marking infra ready — Terraform resource creation returns when API call completes, not when DB is

running

hcl

terraform {
  required_providers {
    aura = {
      source  = "neo4j/neo4j-aura"
    }
  }
}

provider "aura" {
  client_id     = var.aura_client_id       # 或使用AURA_CLIENT_ID环境变量
  client_secret = var.aura_client_secret   # 或使用AURA_CLIENT_SECRET环境变量
}

resource "aura_instance" "db" {
  name           = "prod-db"
  type           = "professional-db"
  cloud_provider = "gcp"
  region         = "europe-west1"
  memory         = "4GB"
  tenant_id      = var.aura_tenant_id
}

output "neo4j_uri" {
  value     = "neo4j+s://${aura_instance.db.id}.databases.neo4j.io"
  sensitive = false
}
output "neo4j_password" {
  value     = aura_instance.db.password
  sensitive = true
}

执行

terraform apply

后：在标记基础设施就绪前需轮询状态——Terraform资源创建完成仅表示API调用完成，不代表数据库已处于

running

状态。

Common Errors

常见错误

Error	Cause	Fix
`403 Forbidden` after working	Token expired (1 h TTL)	Re-run `get_token()`
`409 Conflict` on create	Name already exists in tenant	Change name or delete existing
`422` on pause	Instance not `running`	Check status; wait for ongoing op to finish
`422` on resume	Instance not `paused`	Check status
`422` on resize	Below current usage	Reduce data first; can't shrink below usage
Region not found	Tier doesn't support that region	Use `Free` tier on GCP only; Pro/BC on all 3 clouds
Credentials lost after create	Password only returned at create time	Delete + recreate — no reset exists
`429 Too Many Requests`	Rate limit hit (25 req/min Free, 125 req/min Pro+)	Add `time.sleep(2)` between polling calls
`instance list` returns empty	Wrong credential active	`aura-cli credential use --name <name>`

错误	原因	修复方案
`403 Forbidden` （之前可正常使用）	令牌过期（有效期1小时）	重新执行 `get_token()`
创建时返回 `409 Conflict`	租户内已存在同名实例	修改名称或删除现有实例
暂停时返回 `422`	实例未处于 `running` 状态	检查状态；等待正在进行的操作完成
恢复时返回 `422`	实例未处于 `paused` 状态	检查状态
调整大小时返回 `422`	内存低于当前使用量	先减少数据；无法缩小到低于使用量的内存
区域未找到	所选层级不支持该区域	Free版仅支持GCP；Pro/BC版支持所有3个云提供商
创建后凭证丢失	密码仅在创建时返回	删除并重新创建——无重置功能
`429 Too Many Requests`	触发速率限制（Free版25请求/分钟，Pro+版125请求/分钟）	在轮询调用之间添加 `time.sleep(2)`
`instance list` 返回空	激活的凭证错误	执行 `aura-cli credential use --name <name>` 切换凭证

API Rate Limits

API速率限制

Tier	Requests/minute
Free / Pro Trial (no billing)	25
Pro with billing, BC, VDC	125

Poll interval: ≥10 s to stay within limits on Free; 5 s safe on Pro+. On

Retry-After

header in 5xx response: wait that many seconds before retry.

层级	请求数/分钟
Free / Pro试用版（未计费）	25
已计费Pro版、BC版、VDC版	125

轮询间隔：Free版≥10秒以避免触发限制；Pro+版5秒安全。收到5xx响应中的

Retry-After

头时：等待指定秒数后重试。

Security Rules

安全规则

Write initial credentials to
```
.env
```
; verify
```
.env
```
in
```
.gitignore
```
before proceeding
Never print
```
PASSWORD
```
in CI logs — write to secrets vault (AWS Secrets Manager, GitHub secret, Vault)
Use
```
from_env()
```
/
```
os.environ
```
— never hardcode credentials
If
```
.env
```
absent:
```
python-dotenv
```
```
load_dotenv()
```
auto-loads; do NOT prompt user unless loading fails

将初始凭证写入
```
.env
```
；继续操作前确认
```
.env
```
已加入
```
.gitignore
```
切勿在CI日志中打印
```
PASSWORD
```
——写入密钥库（AWS Secrets Manager、GitHub Secret、Vault）
使用
```
from_env()
```
/
```
os.environ
```
——切勿硬编码凭证
如果
```
.env
```
不存在：
```
python-dotenv
```
的
```
load_dotenv()
```
会自动加载；加载失败时再提示用户

WebFetch — Current Docs

官方文档链接

Need	URL
REST API spec (OpenAPI)	`https://neo4j.com/docs/aura/platform/api/specification/`
CLI reference	`https://neo4j.com/docs/aura/aura-cli/`
Region list	`https://neo4j.com/docs/aura/managing-instances/regions/`
Auth details	`https://neo4j.com/docs/aura/api/authentication/`
Instance actions	`https://neo4j.com/docs/aura/managing-instances/instance-actions/`

需求	URL
REST API规范（OpenAPI）	`https://neo4j.com/docs/aura/platform/api/specification/`
CLI参考文档	`https://neo4j.com/docs/aura/aura-cli/`
区域列表	`https://neo4j.com/docs/aura/managing-instances/regions/`
身份验证详情	`https://neo4j.com/docs/aura/api/authentication/`
实例操作	`https://neo4j.com/docs/aura/managing-instances/instance-actions/`

Checklist

检查清单

```
.env
```
created with URI/user/password;
```
.env
```
in
```
.gitignore
```
Initial credentials saved to secure storage immediately after create
```
poll_status
```
called after create — do NOT connect before status =
```
running
```
```
poll_status
```
called after pause/resume
Correct tier selected (Free for dev, Pro+ for production, BC for HA)
Region confirmed available for chosen tier and cloud provider
Tenant ID provided for all create/list operations (required in multi-tenant orgs)
Token refreshed if > 1 h old (or 403 received)
Delete confirmed by user — data loss is permanent, no recovery

已创建包含URI/用户名/密码的
```
.env
```
；
```
.env
```
已加入
```
.gitignore
```
创建后立即将初始凭证保存到安全存储
创建后调用
```
poll_status
```
——状态变为
```
running
```
前请勿连接
暂停/恢复后调用
```
poll_status
```
已选择正确的层级（开发用Free，生产用Pro+，高可用用BC）
已确认所选层级和云提供商支持该区域
所有创建/列表操作均提供了租户ID（多租户组织必填）
令牌超过1小时或收到403错误时已刷新
删除操作已获得用户确认——数据丢失永久不可恢复