Accessing Amazon Keyspaces (for Apache Cassandra)
You can access Amazon Keyspaces using the console, programmatically by running a
cqlsh
client, or by using an Apache 2.0 licensed Cassandra driver. Amazon Keyspaces
supports drivers and clients that are compatible with Apache Cassandra 3.11.2.
Before accessing Amazon Keyspaces, you must complete the following two steps:
Signing up for AWS
To use the Amazon Keyspaces service, you must have an AWS account. If you don't already have an account, you are prompted to create one when you sign up. You're not charged for any AWS services that you sign up for unless you use them.
To sign up for AWS
Follow the online instructions.
Part of the sign-up procedure involves receiving a phone call and entering a verification code on the phone keypad.
When you sign up for an AWS account, an AWS account root user is created. The root user has access to all AWS services and resources in the account. As a security best practice, assign administrative access to an administrative user, and use only the root user to perform tasks that require root user access.
Setting up AWS Identity and Access Management
Access to Amazon Keyspaces resources is managed using AWS Identity and Access Management (IAM). Using IAM, you can attach policies to IAM users, roles, and federated identities that grant read and write permissions to specific resources. For example, you can grant an IAM user read-only access to only a subset of keyspaces and tables.
The following example IAM policy grants full read and write access to your Amazon Keyspaces resources, which is only recommended for trials. For sample policies following security guidelines, see Accessing Amazon Keyspaces tables.
Note
If you are connecting to Amazon Keyspaces from a VPC endpoint, additional policies are required. For more information see Populating system.peers table entries with interface VPC endpoint information.
-
Create an AWS Identity and Access Management user.
-
Create and attach the following policy to the user you just created.
{ "Version":"2012-10-17", "Statement":[ { "Effect":"Allow", "Action":[ "cassandra:*" ], "Resource":[ "*" ] } ] }
To access Amazon Keyspaces after you have created the AWS account and IAM policies, see the following sections:
Note
If you are connecting to Amazon Keyspaces from a VPC endpoint, additional policies are required. For more information see, Populating system.peers table entries with interface VPC endpoint information.