Accessing Amazon Keyspaces (for Apache Cassandra) - Amazon Keyspaces (for Apache Cassandra)

Accessing Amazon Keyspaces (for Apache Cassandra)

You can access Amazon Keyspaces using the console, programmatically by running a cqlsh client, or by using an Apache 2.0 licensed Cassandra driver. Amazon Keyspaces supports drivers and clients that are compatible with Apache Cassandra 3.11.2. Before accessing Amazon Keyspaces, you must complete the following two steps:

Signing up for AWS

To use the Amazon Keyspaces service, you must have an AWS account. If you don't already have an account, you are prompted to create one when you sign up. You're not charged for any AWS services that you sign up for unless you use them.

To sign up for AWS
  1. Open https://portal.aws.amazon.com/billing/signup.

  2. Follow the online instructions.

    Part of the sign-up procedure involves receiving a phone call and entering a verification code on the phone keypad.

    When you sign up for an AWS account, an AWS account root user is created. The root user has access to all AWS services and resources in the account. As a security best practice, assign administrative access to an administrative user, and use only the root user to perform tasks that require root user access.

Setting up AWS Identity and Access Management

Access to Amazon Keyspaces resources is managed using AWS Identity and Access Management (IAM). Using IAM, you can attach policies to IAM users, roles, and federated identities that grant read and write permissions to specific resources. For example, you can grant an IAM user read-only access to only a subset of keyspaces and tables.

The following example IAM policy grants full read and write access to your Amazon Keyspaces resources, which is only recommended for trials. For sample policies following security guidelines, see Accessing Amazon Keyspaces tables.

Note

If you are connecting to Amazon Keyspaces from a VPC endpoint, additional policies are required. For more information see Populating system.peers table entries with interface VPC endpoint information.

  1. Create an AWS Identity and Access Management user.

  2. Create and attach the following policy to the user you just created.

{ "Version":"2012-10-17", "Statement":[ { "Effect":"Allow", "Action":[ "cassandra:*" ], "Resource":[ "*" ] } ] }

To access Amazon Keyspaces after you have created the AWS account and IAM policies, see the following sections:

Note

If you are connecting to Amazon Keyspaces from a VPC endpoint, additional policies are required. For more information see, Populating system.peers table entries with interface VPC endpoint information.