Using a Cassandra Node.js Client Driver to Access Amazon Keyspaces Programmatically - Amazon Keyspaces (for Apache Cassandra)

Using a Cassandra Node.js Client Driver to Access Amazon Keyspaces Programmatically

This section shows you how to connect to Amazon Keyspaces by using a Node.js client driver. To provide users and applications with credentials for programmatic access to Amazon Keyspaces resources, you can do either of the following:

Before You Begin

You need to complete the following task before you can start.

Amazon Keyspaces requires the use of Transport Layer Security (TLS) to help secure connections with clients. To connect to Amazon Keyspaces using TLS, you need to download an Amazon digital certificate and configure the Python driver to use TLS.

Download the Amazon digital certificate using the following command and save it to the path_to_file/.cassandra directory.

curl https://www.amazontrust.com/repository/AmazonRootCA1.pem -O

Connect to Amazon Keyspaces Using the NodeJS DataStax Driver for Apache Cassandra and Service-Specific Credentials

Configure your driver to use the Amazon digital certificate for TLS and authenticate using service-specific credentials. For example:

const cassandra = require('cassandra-driver'); const fs = require('fs'); const auth = new cassandra.auth.PlainTextAuthProvider('ServiceUserName', 'ServicePassword'); const sslOptions1 = { ca: [ fs.readFileSync('path_to_file/AmazonRootCA1.pem', 'utf-8')], host: 'cassandra.us-west-2.amazonaws.com', rejectUnauthorized: true }; const client = new cassandra.Client({ contactPoints: ['cassandra.us-west-2.amazonaws.com'], localDataCenter: 'us-west-2', authProvider: auth, sslOptions: sslOptions1, protocolOptions: { port: 9142 } }); const query = 'SELECT * FROM system_schema.keyspaces'; client.execute(query) .then( result => console.log('Row from Keyspaces %s', result.rows[0])) .catch( e=> console.log(`${e}`));

Usage notes:

  1. Replace "path_to_file/AmazonRootCA1.pem" with the path to the certificate saved in the first step.

  2. Ensure that the ServiceUserName and ServicePassword match the user name and password you obtained when you generated the service-specific credentials by following the steps to Generate Service-Specific Credentials.

  3. For a list of available endpoints, see Service Endpoints for Amazon Keyspaces.

Connect to Amazon Keyspaces Using the DataStax NodeJS Driver for Apache Cassandra and the SigV4 Authentication Plugin

The following section shows how to use the SigV4 authentication plugin for the open-source DataStax NodeJS Driver for Apache Cassandra to access Amazon Keyspaces (for Apache Cassandra). The plugin is available from the GitHub repository.

Add the NodeJS SigV4 authentication plugin to your application. The plugin supports version 4.x of the DataStax NodeJS Driver for Cassandra. The plugin depends on the AWS SDK for NodeJS. It uses AWSCredentialsProvider to obtain credentials.

$ npm install aws-sigv4-auth-cassandra-plugin --save

This code sample shows how to set a Region-specific instance of SigV4AuthProvider as the authentication provider.

const cassandra = require('cassandra-driver'); const fs = require('fs'); const sigV4 = require('aws-sigv4-auth-cassandra-plugin'); const auth = new sigV4.SigV4AuthProvider({ region: 'us-west-2', accessKeyId:'AKIAIOSFODNN7EXAMPLE', secretAccessKey: 'wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY'}); const sslOptions1 = { ca: [ fs.readFileSync('path_to_filecassandra/AmazonRootCA1.pem', 'utf-8')], host: 'cassandra.us-west-2.amazonaws.com', rejectUnauthorized: true }; const client = new cassandra.Client({ contactPoints: ['cassandra.us-west-2.amazonaws.com'], localDataCenter: 'us-west-2', authProvider: auth, sslOptions: sslOptions1, protocolOptions: { port: 9142 } }); const query = 'SELECT * FROM system_schema.keyspaces'; client.execute(query).then( result => console.log('Row from Keyspaces %s', result.rows[0])) .catch( e=> console.log(`${e}`));

Usage notes:

  1. Replace "path_to_file/AmazonRootCA1.pem" with the path to the certificate saved in the first step.

  2. Ensure that the accessKeyId and secretAccessKey match the Access Key and Secret Access Key you obtained using AWSCredentialsProvider. For more information, see Setting Credentials in Node.js in the AWS SDK for JavaScript in Node.js.

  3. For a list of available endpoints, see Service Endpoints for Amazon Keyspaces.