Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions,
see Getting Started with Amazon Web Services in China
(PDF).
Create service-specific
credentials for programmatic access to Amazon Keyspaces
Service-specific credentials are similar to the traditional username and password that Cassandra uses for authentication
and access management.
Service-specific credentials enable IAM users to access a specific Amazon
service. These long-term credentials can't be used to access other Amazon services. They are
associated with a specific IAM user and can't be used by other IAM users.
Use one of the following procedures to generate service-specific
credentials.
- Console
-
Create service-specific credentials using the
console
-
Sign in to the Amazon Web Services Management Console and open the Amazon Identity and Access Management console at
https://console.aws.amazon.com/iam/home.
-
In the navigation pane, choose Users, and
then choose the user that you created earlier that has Amazon Keyspaces
permissions (policy attached).
-
Choose Security Credentials. Under
Credentials for Amazon Keyspaces, choose
Generate credentials to generate the
service-specific credentials.
Your service-specific credentials are now available. This is
the only time you can download or view the password. You cannot
recover it later. However, you can reset your password at any
time. Save the user and password in a secure location, because
you'll need them later.
- CLI
-
Create service-specific credentials using the Amazon CLI
Before generating service-specific credentials, you need to
download, install, and configure the Amazon Command Line Interface (Amazon CLI):
-
Download the Amazon CLI at http://www.amazonaws.cn/cli.
The Amazon CLI runs on Windows, macOS, or Linux.
-
Follow the instructions for Installing the Amazon
CLI and Configuring
the Amazon CLI in the
Amazon Command Line Interface User Guide.
-
Using the Amazon CLI, run the following command to generate
service-specific credentials for the user alice
, so
that she can access Amazon Keyspaces.
aws iam create-service-specific-credential \
--user-name alice \
--service-name cassandra.amazonaws.com
The output looks like the following.
{
"ServiceSpecificCredential": {
"CreateDate": "2019-10-09T16:12:04Z",
"ServiceName": "cassandra.amazonaws.com",
"ServiceUserName": "alice-at-111122223333",
"ServicePassword": "wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY",
"ServiceSpecificCredentialId": "ACCAYFI33SINPGJEBYESF",
"UserName": "alice",
"Status": "Active"
}
}
In the output, note the values for ServiceUserName
and
ServicePassword
. Save these values in a secure
location, because you'll need them later.
This is the only time that the ServicePassword
will
be available to you.