Using Amazon CloudShell to access Amazon Keyspaces
Amazon CloudShell is a browser-based, pre-authenticated shell that you can launch directly from the
Amazon Web Services Management Console. You can run Amazon CLI commands against Amazon services using your preferred shell (Bash,
PowerShell or Z shell). To work with Amazon Keyspaces using cqlsh
, you must install the cqlsh-expansion
.
For cqlsh-expansion
installation instructions, see Using the cqlsh-expansion to connect
to Amazon Keyspaces.
You launch Amazon CloudShell from the Amazon Web Services Management Console, and the Amazon credentials you used to sign in to
the console are automatically available in a new shell session. This pre-authentication of
Amazon CloudShell users allows you to skip configuring credentials when interacting with Amazon services
such as Amazon Keyspaces using cqlsh
or Amazon CLI version 2 (pre-installed on the shell's compute
environment).
Obtaining IAM permissions for Amazon CloudShell
Using the access management resources provided by Amazon Identity and Access Management, administrators can grant permissions to IAM users so they can access Amazon CloudShell and use the environment's features.
The quickest way for an administrator to grant access to users is through an Amazon managed policy. An Amazon managed policy is a standalone policy that's created and administered by Amazon. The following Amazon managed policy for CloudShell can be attached to IAM identities:
-
AWSCloudShellFullAccess
: Grants permission to use Amazon CloudShell with full access to all features.
If you want to limit the scope of actions that an IAM user can perform with Amazon CloudShell,
you can create a custom policy that uses the AWSCloudShellFullAccess
managed
policy as a template. For more information about limiting the actions that are available to
users in CloudShell, see Managing Amazon CloudShell access and usage with IAM policies in the
Amazon CloudShell User Guide.
Note
Your IAM identity also requires a policy that grants permission to make calls to Amazon Keyspaces.
You can use an Amazon managed policy to give your IAM identity access you Amazon Keyspaces, or start with the managed policy as a template and remove the permissions that you don't need. You can also limit access to specific keyspaces and tables to create a custom policy. The following managed policy for Amazon Keyspaces can be attached to IAM identities:
AmazonKeyspacesFullAccess – This policy grants permission to use Amazon Keyspaces with full access to all features.
For a detailed explanation of the actions defined in the managed policy, see Amazon managed policies for Amazon Keyspaces.
For more information about how to restrict actions or limit access to specific resources in Amazon Keyspaces, see How Amazon Keyspaces works with IAM.
Interacting with Amazon Keyspaces using Amazon CloudShell
After you launch Amazon CloudShell from the Amazon Web Services Management Console, you can immediately start to interact with
Amazon Keyspaces using cqlsh
or the command line interface. If you haven't already
installed the cqlsh-expansion
, see Using the cqlsh-expansion to connect
to Amazon Keyspaces for detailed
steps.
Note
When using the cqlsh-expansion
in Amazon CloudShell, you don't need
to configure credentials before making calls, because you're already authenticated within the shell.
Connect to Amazon Keyspaces and create a new keyspace. Then read from a system table to confirm that the keyspace was created using Amazon CloudShell
-
From the Amazon Web Services Management Console, you can launch CloudShell by choosing the following options available on the navigation bar:
-
Choose the CloudShell icon.
-
Start typing "cloudshell" in Search box and then choose the CloudShell option.
-
-
You can establish a connection to Amazon Keyspaces using the following command. Make sure to replace
cassandra.us-east-1.amazonaws.com
with the correct endpoint for your Region.cqlsh-expansion
cassandra.us-east-1.amazonaws.com
9142 --sslIf the connection is successful, you should see output similar to the following example.
Connected to Amazon Keyspaces at cassandra.us-east-1.amazonaws.com:9142 [cqlsh 6.1.0 | Cassandra 3.11.2 | CQL spec 3.4.4 | Native protocol v4] Use HELP for help. cqlsh current consistency level is ONE. cqlsh>
-
Create a new keyspace with the name
mykeyspace
. You can use the following command to do that.CREATE KEYSPACE mykeyspace WITH REPLICATION = {'class': 'SingleRegionStrategy'};
-
To confirm that the keyspace was created, you can read from a system table using the following command.
SELECT * FROM system_schema_mcs.keyspaces WHERE keyspace_name = 'mykeyspace';
If the call is successful, the command line displays a response from the service similar to the following output:
keyspace_name | durable_writes | replication ----------------+----------------+------------------------------------------------------------------------------------- mykeyspace | True | {'class': 'org.apache.cassandra.locator.SimpleStrategy', 'replication_factor': '3'} (1 rows)