Step 3: Create a VPC endpoint for Amazon Keyspaces - Amazon Keyspaces (for Apache Cassandra)
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).

Step 3: Create a VPC endpoint for Amazon Keyspaces

In this step, you create a VPC endpoint for Amazon Keyspaces using the Amazon CLI. To create the VPC endpoint using the VPC console, you can follow the Create a VPC endpoint instructions in the Amazon PrivateLink Guide. When filtering for the Service name, enter Cassandra.

To create a VPC endpoint using the Amazon CLI
  1. Before you begin, verify that you can communicate with Amazon Keyspaces using its public endpoint.

    aws keyspaces list-tables --keyspace-name 'myKeyspace'

    The output shows a list of Amazon Keyspaces tables that are contained in the specified keyspace. If you don't have any tables, the list is empty.

    { "tables": [ { "keyspaceName": "myKeyspace", "tableName": "myTable1", "resourceArn": "arn:aws:cassandra:us-east-1:111122223333:/keyspace/catalog/table/myTable1" }, { "keyspaceName": "myKeyspace", "tableName": "myTable2", "resourceArn": "arn:aws:cassandra:us-east-1:111122223333:/keyspace/catalog/table/myTable2" } ] }
  2. Verify that Amazon Keyspaces is an available service for creating VPC endpoints in the current Amazon Region. (The command is shown in bold text, followed by example output.)

    aws ec2 describe-vpc-endpoint-services { "ServiceNames": [ "com.amazonaws.us-east-1.cassandra", "com.amazonaws.us-east-1.cassandra-fips" ] }

    In the example output, Amazon Keyspaces is one of the services available, so you can proceed with creating a VPC endpoint for it.

  3. Determine your VPC identifier.

    aws ec2 describe-vpcs { "Vpcs": [ { "VpcId": "vpc-a1234bcd", "InstanceTenancy": "default", "State": "available", "DhcpOptionsId": "dopt-8454b7e1", "CidrBlock": "111.31.0.0/16", "IsDefault": true } ] }

    In the example output, the VPC ID is vpc-a1234bcd.

  4. Use a filter to gather details about the subnets of the VPC.

    aws ec2 describe-subnets --filters "Name=vpc-id,Values=vpc-a1234bcd" { { "Subnets":[ { "AvailabilityZone":"us-east-1a", "AvailabilityZoneId":"use2-az1", "AvailableIpAddressCount":4085, "CidrBlock":"111.31.0.0/20", "DefaultForAz":true, "MapPublicIpOnLaunch":true, "MapCustomerOwnedIpOnLaunch":false, "State":"available", "SubnetId":"subnet-920aacf9", "VpcId":"vpc-a1234bcd", "OwnerId":"111122223333", "AssignIpv6AddressOnCreation":false, "Ipv6CidrBlockAssociationSet":[ ], "SubnetArn":"arn:aws:ec2:us-east-1:111122223333:subnet/subnet-920aacf9", "EnableDns64":false, "Ipv6Native":false, "PrivateDnsNameOptionsOnLaunch":{ "HostnameType":"ip-name", "EnableResourceNameDnsARecord":false, "EnableResourceNameDnsAAAARecord":false } }, { "AvailabilityZone":"us-east-1c", "AvailabilityZoneId":"use2-az3", "AvailableIpAddressCount":4085, "CidrBlock":"111.31.32.0/20", "DefaultForAz":true, "MapPublicIpOnLaunch":true, "MapCustomerOwnedIpOnLaunch":false, "State":"available", "SubnetId":"subnet-4c713600", "VpcId":"vpc-a1234bcd", "OwnerId":"111122223333", "AssignIpv6AddressOnCreation":false, "Ipv6CidrBlockAssociationSet":[ ], "SubnetArn":"arn:aws:ec2:us-east-1:111122223333:subnet/subnet-4c713600", "EnableDns64":false, "Ipv6Native":false, "PrivateDnsNameOptionsOnLaunch":{ "HostnameType":"ip-name", "EnableResourceNameDnsARecord":false, "EnableResourceNameDnsAAAARecord":false } }, { "AvailabilityZone":"us-east-1b", "AvailabilityZoneId":"use2-az2", "AvailableIpAddressCount":4086, "CidrBlock":"111.31.16.0/20", "DefaultForAz":true, "MapPublicIpOnLaunch":true, } ] }

    In the example output, there are two available subnet IDs: subnet-920aacf9 and subnet-4c713600.

  5. Create the VPC endpoint. For the --vpc-id parameter, specify the VPC ID from the previous step. For the --subnet-id parameter, specify the subnet IDs from the previous step. Use the --vpc-endpoint-type parameter to define the endpoint as an interface. For more information about the command, see create-vpc-endpoint in the Amazon CLI Command Reference.

    aws ec2 create-vpc-endpoint --vpc-endpoint-type Interface --vpc-id vpc-a1234bcd --service-name com.amazonaws.us-east-1.cassandra --subnet-id subnet-920aacf9 subnet-4c713600 { "VpcEndpoint": { "VpcEndpointId": "vpce-000ab1cdef23456789", "VpcEndpointType": "Interface", "VpcId": "vpc-a1234bcd", "ServiceName": "com.amazonaws.us-east-1.cassandra", "State": "pending", "RouteTableIds": [], "SubnetIds": [ "subnet-920aacf9", "subnet-4c713600" ], "Groups": [ { "GroupId": "sg-ac1b0e8d", "GroupName": "default" } ], "IpAddressType": "ipv4", "DnsOptions": { "DnsRecordIpType": "ipv4" }, "PrivateDnsEnabled": true, "RequesterManaged": false, "NetworkInterfaceIds": [ "eni-043c30c78196ad82e", "eni-06ce37e3fd878d9fa" ], "DnsEntries": [ { "DnsName": "vpce-000ab1cdef23456789-m2b22rtz.cassandra.us-east-1.vpce.amazonaws.com", "HostedZoneId": "Z7HUB22UULQXV" }, { "DnsName": "vpce-000ab1cdef23456789-m2b22rtz-us-east-1a.cassandra.us-east-1.vpce.amazonaws.com", "HostedZoneId": "Z7HUB22UULQXV" }, { "DnsName": "vpce-000ab1cdef23456789-m2b22rtz-us-east-1c.cassandra.us-east-1.vpce.amazonaws.com", "HostedZoneId": "Z7HUB22UULQXV" }, { "DnsName": "vpce-000ab1cdef23456789-m2b22rtz-us-east-1b.cassandra.us-east-1.vpce.amazonaws.com", "HostedZoneId": "Z7HUB22UULQXV" }, { "DnsName": "vpce-000ab1cdef23456789-m2b22rtz-us-east-1d.cassandra.us-east-1.vpce.amazonaws.com", "HostedZoneId": "Z7HUB22UULQXV" }, { "DnsName": "cassandra.us-east-1.amazonaws.com", "HostedZoneId": "ZONEIDPENDING" } ], "CreationTimestamp": "2023-01-27T16:12:36.834000+00:00", "OwnerId": "111122223333" } } }