Generate service-specific credentials - Amazon Keyspaces (for Apache Cassandra)
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).

Generate service-specific credentials

Service-specific credentials are similar to the traditional username and password that Cassandra uses for authentication and access management. Service-specific credentials enable IAM users to access a specific Amazon service. These long-term credentials can't be used to access other Amazon services. They are associated with a specific IAM user and can't be used by other IAM users.

Important

Service-specific credentials are long-term credentials associated with a specific IAM user and can only be used for the service they were created for. To give IAM roles or federated identities permissions to access all your Amazon resources using temporary credentials, you should use Amazon authentication with the SigV4 authentication plugin for Amazon Keyspaces.

Use one of the following procedures to generate service-specific credentials.

To generate service-specific credentials using the console

  1. Sign in to the Amazon Web Services Management Console and open the Amazon Identity and Access Management console at https://console.aws.amazon.com/iam/home.

  2. In the navigation pane, choose Users, and then choose the user that you created earlier that has Amazon Keyspaces permissions (policy attached).

  3. Choose Security Credentials. Under Credentials for Amazon Keyspaces, choose Generate credentials to generate the service-specific credentials.

    Your service-specific credentials are now available. This is the only time you can download or view the password. You cannot recover it later. However, you can reset your password at any time. Save the user and password in a secure location, because you'll need them later.

To generate service-specific credentials using the Amazon CLI

Before generating service-specific credentials, you need to download, install, and configure the Amazon Command Line Interface (Amazon CLI):

  1. Download the Amazon CLI at http://www.amazonaws.cn/cli.

    Note

    The Amazon CLI runs on Windows, macOS, or Linux.

  2. Follow the instructions for Installing the Amazon CLI and Configuring the Amazon CLI in the Amazon Command Line Interface User Guide.

  3. Using the Amazon CLI, run the following command to generate service-specific credentials for the user alice, so that she can access Amazon Keyspaces.

    aws iam create-service-specific-credential \
    --user-name alice \
    --service-name cassandra.amazonaws.com

The output looks like the following.

{
    "ServiceSpecificCredential": {
        "CreateDate": "2019-10-09T16:12:04Z",
        "ServiceName": "cassandra.amazonaws.com",
        "ServiceUserName": "alice-at-111122223333",
        "ServicePassword": "wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY",
        "ServiceSpecificCredentialId": "ACCAYFI33SINPGJEBYESF",
        "UserName": "alice",
        "Status": "Active"
    }
}

In the output, note the values for ServiceUserName and ServicePassword. Save these values in a secure location, because you'll need them later.

Important

This is the only time that the ServicePassword will be available to you.