Creating credentials to access Amazon Keyspaces programmatically

To provide users and applications with credentials for programmatic access to Amazon Keyspaces resources, you can do either of the following:

• Create service-specific credentials that are similar to the traditional username and password that Cassandra uses for authentication and access management. AWS service-specific credentials are associated with a specific AWS Identity and Access Management (IAM) user and can only be used for the service they were created for. For more information, see Using IAM with Amazon Keyspaces (for Apache Cassandra) in the IAM User Guide.

• For enhanced security, we recommend to create IAM access keys for IAM users and roles that are used across all AWS services. The Amazon Keyspaces SigV4 authentication plugin for Cassandra client drivers enables you to authenticate calls to Amazon Keyspaces using IAM access keys instead of user name and password. To learn more about how the Amazon Keyspaces SigV4 plugin enables IAM users, roles, and federated identities to authenticate in Amazon Keyspaces API requests, see AWS Signature Version 4 process (SigV4).

  You can download the SigV4 plugins from the following locations.

  • Java: https://github.com/aws/aws-sigv4-auth-cassandra-java-driver-plugin.

  • Node.js: https://github.com/aws/aws-sigv4-auth-cassandra-nodejs-driver-plugin.

  • Python: https://github.com/aws/aws-sigv4-auth-cassandra-python-driver-plugin.

  • Go: https://github.com/aws/aws-sigv4-auth-cassandra-gocql-driver-plugin.

  For code samples that show how to establish connections using the SigV4 authentication plugin, see Using a Cassandra client driver to access Amazon Keyspaces programmatically.

Topics

• Service-specific credentials
• IAM credentials for AWS authentication