Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).

Accessing Amazon Keyspaces (for Apache Cassandra)

You can access Amazon Keyspaces using the console, Amazon CloudShell, programmatically by running a cqlsh client, the Amazon SDK, or by using an Apache 2.0 licensed Cassandra driver. Amazon Keyspaces supports drivers and clients that are compatible with Apache Cassandra 3.11.2. Before accessing Amazon Keyspaces, you must complete setting up Amazon Identity and Access Management and then grant an IAM identity access permissions to Amazon Keyspaces.

Setting up Amazon Identity and Access Management

Sign up for an Amazon Web Services account

If you do not have an Amazon Web Services account, use the following procedure to create one.

Amazon sends you a confirmation email after the sign-up process is complete. At any time, you can view your current account activity and manage your account by going to http://www.amazonaws.cn/ and choosing My Account.

Secure IAM users

After you sign up for an Amazon Web Services account, safeguard your administrative user by turning on multi-factor authentication (MFA). For instructions, see Enable a virtual MFA device for an IAM user (console) in the IAM User Guide.

To give other users access to your Amazon Web Services account resources, create IAM users. To secure your IAM users, turn on MFA and only give the IAM users the permissions needed to perform their tasks.

For more information about creating and securing IAM users, see the following topics in the IAM User Guide:

Setting up Amazon Keyspaces

Access to Amazon Keyspaces resources is managed using IAM. Using IAM, you can attach policies to IAM users, roles, and federated identities that grant read and write permissions to specific resources in Amazon Keyspaces.

To get started with granting permissions to an IAM identity, you can use one of the Amazon managed policies for Amazon Keyspaces:

For a detailed explanation of the actions defined in the managed policies, see Amazon managed policies for Amazon Keyspaces.

To limit the scope of actions that an IAM identity can perform or limit the resources that the identity can access, you can create a custom policy that uses the AmazonKeyspacesFullAccess managed policy as a template and remove all permissions that you don't need. You can also limit access to specific keyspaces or tables. For more information about how to restrict actions or limit access to specific resources in Amazon Keyspaces, see How Amazon Keyspaces works with IAM.

To access Amazon Keyspaces after you have created the Amazon Web Services account and created a policy that grants an IAM identity access to Amazon Keyspaces, continue to one of the following sections: