Accessing Amazon Keyspaces (for Apache Cassandra)
You can access Amazon Keyspaces using the console, Amazon CloudShell, programmatically by running a
cqlsh
client, the Amazon SDK, or by using an Apache 2.0 licensed Cassandra driver. Amazon Keyspaces
supports drivers and clients that are compatible with Apache Cassandra 3.11.2.
Before accessing Amazon Keyspaces, you must complete setting up Amazon Identity and Access Management and then grant an IAM identity access permissions to Amazon Keyspaces.
Setting up Amazon Identity and Access Management
Sign up for an Amazon Web Services account
If you do not have an Amazon Web Services account, use the following procedure to create one.
To sign up for Amazon Web Services
Open http://www.amazonaws.cn/
and choose Sign Up. Follow the on-screen instructions.
Amazon sends you a confirmation email after the sign-up process is
complete. At any time, you can view your current account activity and manage your account by
going to http://www.amazonaws.cn/
Secure IAM users
After you sign up for an Amazon Web Services account, safeguard your administrative user by turning on multi-factor authentication (MFA). For instructions, see Enable a virtual MFA device for an IAM user (console) in the IAM User Guide.
To give other users access to your Amazon Web Services account resources, create IAM users. To secure your IAM users, turn on MFA and only give the IAM users the permissions needed to perform their tasks.
For more information about creating and securing IAM users, see the following topics in the IAM User Guide:
Setting up Amazon Keyspaces
Access to Amazon Keyspaces resources is managed using IAM. Using IAM, you can attach policies to IAM users, roles, and federated identities that grant read and write permissions to specific resources in Amazon Keyspaces.
To get started with granting permissions to an IAM identity, you can use one of the Amazon managed policies for Amazon Keyspaces:
AmazonKeyspacesFullAccess – this policy grants permissions to access all resources in Amazon Keyspaces with full access to all features.
AmazonKeyspacesReadOnlyAccess_v2 – this policy grants read-only permissions to Amazon Keyspaces.
For a detailed explanation of the actions defined in the managed policies, see Amazon managed policies for Amazon Keyspaces.
To limit the scope of actions that an IAM identity can perform or limit the
resources that the identity can access, you can create a custom policy that uses the
AmazonKeyspacesFullAccess
managed policy as a template and remove all
permissions that you don't need. You can also limit access to specific keyspaces or
tables. For more information about how to restrict actions or limit access to specific
resources in Amazon Keyspaces, see How Amazon Keyspaces works with
IAM.
To access Amazon Keyspaces after you have created the Amazon Web Services account and created a policy that grants an IAM identity access to Amazon Keyspaces, continue to one of the following sections: