Configure the IAM permissions required to add an Amazon Web Services Region to a keyspace - Amazon Keyspaces (for Apache Cassandra)
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).

Configure the IAM permissions required to add an Amazon Web Services Region to a keyspace

To add a Region to a keyspace, the IAM principal needs the following permissions:

  • cassandra:Alter

  • cassandra:AlterMultiRegionResource

  • cassandra:Create

  • cassandra:CreateMultiRegionResource

  • cassandra:Select

  • cassandra:SelectMultiRegionResource

  • cassandra:Modify

  • cassandra:ModifyMultiRegionResource

If the keyspace and table has tags, the IAM principal requires additional permissions.

  • cassandra:TagResource

  • cassandra:TagMultiRegionResource

If the table is configured in provisioned mode with auto scaling enabled, the following additional permissions are needed.

  • application-autoscaling:RegisterScalableTarget

  • application-autoscaling:DeregisterScalableTarget

  • application-autoscaling:DescribeScalableTargets

  • application-autoscaling:PutScalingPolicy

  • application-autoscaling:DescribeScalingPolicies