Using a Cassandra Go Client Driver to Access Amazon Keyspaces Programmatically - Amazon Keyspaces (for Apache Cassandra)

Using a Cassandra Go Client Driver to Access Amazon Keyspaces Programmatically

This section shows you how to connect to Amazon Keyspaces by using a Go client driver. To provide users and applications with credentials for programmatic access to Amazon Keyspaces resources, you can do either of the following:

Before You Begin

You need to complete the following task before you can start.

Amazon Keyspaces requires the use of Transport Layer Security (TLS) to help secure connections with clients. To connect to Amazon Keyspaces using TLS, you need to download an Amazon digital certificate and configure the Python driver to use TLS.

Download the Amazon digital certificate using the following command and save it to the path_to_file/.cassandra directory.

curl https://www.amazontrust.com/repository/AmazonRootCA1.pem -O

Connect to Amazon Keyspaces Using the Gocql Driver for Apache Cassandra and Service-Specific Credentials

  1. Create a directory for your application.

    mkdir ./gocqlexample
  2. Navigate to the new directory.

    cd gocqlexample
  3. Create a file for your application.

    touch cqlapp.go
  4. Download the Go driver

    go get github.com/gocql/gocql
  5. Add the following sample code to the cqlapp.go file.

    package main import ( "fmt" "github.com/gocql/gocql" "log" ) func main() { // add the Amazon Keyspaces service endpoint cluster := gocql.NewCluster("cassandra.us-east-2.amazonaws.com:9142") // add your service specific credentials cluster.Authenticator = gocql.PasswordAuthenticator{ Username: "ServiceUserName", Password: "ServicePassword"} // provide the path to the AmazonRootCA1.pem cluster.SslOpts = &gocql.SslOptions{ CaPath: "path_to_file/AmazonRootCA1.pem", } // Override default Consistency to LocalQuorum cluster.Consistency = gocql.LocalQuorum // Disable initial host lookup cluster.DisableInitialHostLookup = true session, err := cluster.CreateSession() if err != nil { fmt.Println("err>", err) } defer session.Close() // run a sample query from the system keyspace var text string iter := session.Query("SELECT keyspace_name FROM system_schema.tables;").Iter() for iter.Scan(&text) { fmt.Println("keyspace_name:", text) } if err := iter.Close(); err != nil { log.Fatal(err) } session.Close() }

    Usage notes:

    1. Replace "path_to_file/AmazonRootCA1.pem" with the path to the certificate saved in the first step.

    2. Ensure that the ServiceUserName and ServicePassword match the user name and password you obtained when you generated the service-specific credentials by following the steps to Generate Service-Specific Credentials.

    3. For a list of available endpoints, see Service Endpoints for Amazon Keyspaces.

  6. Build the program

    go build cqlapp.go
  7. Execute the program

    ./cqlapp

Connect to Amazon Keyspaces Using the Go Driver for Apache Cassandra and the SigV4 Authentication Plugin

The following code sample shows how to use the SigV4 authentication plugin for the open-source Go driver to access Amazon Keyspaces (for Apache Cassandra). The plugin is available from the GitHub repository.

Add the Go SigV4 authentication plugin to your application. The plugin supports version 4.x of the open-source Go Driver for Cassandra and depends on the AWS SDK for Go.

$ go mod init $ go get github.com/aws/aws-sigv4-auth-cassandra-gocql-driver-plugin

In this code sample, the Amazon Keyspaces endpoint is represented by the Cluster class. It uses the AwsAuthenticator for the authenticator property of the cluster to obtain credentials.

package main import ( "fmt" "github.com/aws/aws-sigv4-auth-cassandra-gocql-driver-plugin/sigv4" "github.com/gocql/gocql" "log" ) func main() { // configuring the cluster options cluster := gocql.NewCluster("cassandra.us-west-2.amazonaws.com:9142") var auth sigv4.AwsAuthenticator = sigv4.NewAwsAuthenticator() auth.Region = "us-west-2" auth.AccessKeyId = "AKIAIOSFODNN7EXAMPLE" auth.SecretAccessKey = "wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY" cluster.Authenticator = auth cluster.SslOpts = &gocql.SslOptions{ CaPath: "path_to_file/AmazonRootCA1.pem", } cluster.Consistency = gocql.LocalQuorum cluster.DisableInitialHostLookup = true session, err := cluster.CreateSession() if err != nil { fmt.Println("err>", err) return } defer session.Close() // doing the query var text string iter := session.Query("SELECT keyspace_name FROM system_schema.tables;").Iter() for iter.Scan(&text) { fmt.Println("keyspace_name:", text) } if err := iter.Close(); err != nil { log.Fatal(err) } }

Usage notes:

  1. Replace "path_to_file/AmazonRootCA1.pem" with the path to the certificate saved in the first step.

  2. Ensure that the AccessKeyId and SecretAccessKey match the Access Key and Secret Access Key you obtained using AwsAuthenticator. For more information, see Configuring the AWS SDK for Go in the AWS SDK for Go.

  3. For a list of available endpoints, see Service Endpoints for Amazon Keyspaces.