You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: aws-cloudshell/README.md
+16-16Lines changed: 16 additions & 16 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -1,13 +1,13 @@
1
1
# Using the Amazon Keyspaces Toolkit from AWS CloudShell
2
2
3
3
4
-
The AWS CloudShell is a convenient pre-authenticated browser based shell that gives you a secure and easy way to manage and interact with your AWS resources. In addition, AWS CloudShell offers persistent storage of 1 GB for each AWS region at no additional cost. The persistent storage is located in your home directory ($HOME) and is private to you. Unlike ephemeral environment resources that are recycled after each shell session ends, data in your home directory persists between sessions. CloudShell is outside of the VPC and needs to communicate with the Amazon Keyspaces public endpoint. The Amazon Keyspaces Toolkit contains common Cassandra tooling and helpers that come preconfigured for Amazon Keyspaces, it's lightweight and supports the Sigv4 Authentication plugin, and you can execute cqlsh without having to download the full distribution. This makes the toolkit lightweight. Now you can access the Amazon Keyspaces tool kit through the AWS Cloud Shell. In this readme file are the steps to install the Amazon Keyspaces toolkit in your cloud shell environment.
4
+
AWS CloudShell is a convenient pre-authenticated browser based shell that gives you a secure and easy way to manage and interact with your AWS resources. In addition, AWS CloudShell offers persistent storage of 1 GB for each AWS region at no additional cost. The persistent storage is located in your home directory ($HOME) and is private to you. Unlike ephemeral environment resources that are recycled after each shell session ends, data in your home directory persists between sessions. CloudShell is outside of the VPC and needs to communicate with the Amazon Keyspaces public endpoint. The Amazon Keyspaces Toolkit contains common Cassandra tooling and helpers that come preconfigured for Amazon Keyspaces, it's lightweight and supports the Sigv4 Authentication plugin, and you can execute cqlsh without having to download the full distribution. This makes the toolkit lightweight. Now you can access the Amazon Keyspaces tool kit through the AWS Cloud Shell. In this readme file are the steps to install the Amazon Keyspaces toolkit in your cloud shell environment.
5
5
6
6
7
-
## Prerequisites to install cqlsh-expansion in AWS CloudShell
7
+
## Prerequisites to installing cqlsh-expansion in AWS CloudShell
8
8
9
9
10
-
In this section, we will prepare the AWS CloudShell for installation. The preferred method of installation is through pip. pip is the [package installer ](https://packaging.python.org/guides/tool-recommendations/) for Python. You can use pip to install packages from the [Python Package Index.](https://pypi.org/) The cqlsh-expansion requires python 2 so you have to verify the what version python the Cloudshell is running before installing cqlsh-expansion.
10
+
In this section we will be prepare the AWS CloudShell for installation. The preferred method of installation is through pip. pip is the [package installer ](https://packaging.python.org/guides/tool-recommendations/) for Python. You can use pip to install packages from the [Python Package Index.](https://pypi.org/) The cqlsh-expansion requires python 2 so you have to verify the what version python the Cloudshell is running before installing cqlsh-expansion.
## Setup cqlsh-expansion to connect to Amazon Keyspaces
40
+
## Setting up cqlsh-expansion to connect to Amazon Keyspaces
41
41
42
42
43
-
To use the cqlsh-expansion with Amazon Keyspaces you can use the following post install script or follow the instructions found in the official [Amazon Keyspaces documentation.](https://docs.aws.amazon.com/keyspaces/latest/devguide/programmatic.cqlsh.html)
43
+
When using the cqlsh-expansion with Amazon Keyspaces you can use the following post install script or follow the instructions found in the official [Amazon Keyspaces documentation.](https://docs.aws.amazon.com/keyspaces/latest/devguide/programmatic.cqlsh.html)
44
44
By default the cqlsh-expansion is not configured with ssl enabled, but the package includes a post [install script](https://github.com/aws-samples/amazon-keyspaces-toolkit/blob/master/cqlsh-expansion/config/post_install.py) helper to quickly set up your environment after installation. The script will place the necessary configuration and SSL certificate in the user’s .cassandra directory. Amazon Keyspaces only accepts secure connections using Transportation Layer Security or TLS. Encryption in transit provides an additional layer of data protection by encrypting your data as it travels to and from Amazon Keyspaces. The post install script first will create the .cassandra directory if it does not exist already. Then it will copy a preconfigured [cqlshrc file](https://github.com/aws-samples/amazon-keyspaces-toolkit/blob/master/cqlsh-expansion/config/cqlshrc_template) and the Starfield digital certificate into the .cassandra directory. The .cassandra directory will be created in the user home directory, as it is the default location. As best practice, please review the post [install script ](https://github.com/aws-samples/amazon-keyspaces-toolkit/blob/master/cqlsh-expansion/config/post_install.py) before executing. Modifications made by this post install script will not be undone if uninstalling the cqlsh-expansion with pip.
45
45
46
46
47
47
48
-
This command will configure the Toolkit in CloudShell.
48
+
This command is configing the Toolkit in CloudShell.
49
49
50
50
`
51
51
cqlsh-expansion.init
@@ -54,19 +54,19 @@ cqlsh-expansion.init
54
54
55
55
56
56
57
-
## Connection to Amazon Keyspaces
57
+
## Connecting to Amazon Keyspaces
58
58
59
-
Now that you have you cqlsh-expansion installed and have set up the configuration for SSL communication with Amazon Keyspaces, you can connect to the Amazon Keyspaces services using your IAM access keys or Service Specific Credentials.
59
+
Now that weve installed the cqlsh-expansion and have set up the configuration for SSL communication with Amazon Keyspaces, you can connect to the Amazon Keyspaces services using your IAM access keys or Service Specific Credentials.
60
60
61
-
### Choose a region and endpoint
61
+
### Choosing a region and endpoint
62
62
63
-
To connect to Amazon Keyspaces you will need to choose one of the [service endpoints](https://docs.aws.amazon.com/keyspaces/latest/devguide/programmatic.endpoints.html). You can also connect to Amazon Keyspaces using [Interface VPC endpoints](https://docs.aws.amazon.com/keyspaces/latest/devguide/vpc-endpoints.html) to enable private communication between your Virtual Private Cloud (VPC) running in Amazon VPC and Amazon Keyspaces. For example, to connect to the Keyspaces service in US East (N. Virginia) (us-east-1) [you will want to use the cassandra.us-east-1.amazonaws.com](http://cassandra.us-east-1.amazonaws.com/) service endpoint. All communication with Amazon Keyspaces will be over port 9142.
63
+
For us to connect to Amazon Keyspaces you will need to choose one of the [service endpoints](https://docs.aws.amazon.com/keyspaces/latest/devguide/programmatic.endpoints.html). You can also connect to Amazon Keyspaces using [Interface VPC endpoints](https://docs.aws.amazon.com/keyspaces/latest/devguide/vpc-endpoints.html) to enable private communication between your Virtual Private Cloud (VPC) running in Amazon VPC and Amazon Keyspaces. For example, to connect to the Keyspaces service in US East (N. Virginia) (us-east-1) [you will want to use the cassandra.us-east-1.amazonaws.com](http://cassandra.us-east-1.amazonaws.com/) service endpoint. All communication with Amazon Keyspaces will be over port 9142.
64
64
65
-
## Choose authentication method and connect
65
+
## Choossing authentication method and connect
66
66
67
67
To provide users and applications with credentials for programmatic access to Amazon Keyspaces resources, you can do either of the following:
68
68
69
-
### Connect with IAM access keys (users,roles, and federated identities)
69
+
### Connecting with IAM access keys (users,roles, and federated identities)
70
70
71
71
For enhanced security, we recommend creating IAM access keys for IAM users and roles that are used across all AWS services. To use IAM access keys to connect to Amazon Keyspaces, customers can use the Signature Version 4 Process (SigV4) authentication plugin for Cassandra client drivers. To learn more about how the Amazon Keyspaces SigV4 plugin enables IAM users, roles, and [federated identities](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles.html) to authenticate Amazon Keyspaces API requests, see [AWS Signature Version 4 process (SigV4)](https://docs.aws.amazon.com/general/latest/gr/signature-version-4.html). You can use the Sigv4 plugin with the cqlsh-expansion script by providing the following flag: --auth-provider "SigV4AuthProvider" . The Sigv4 plugin depends on the AWS SDK for Python (Boto3) which is included in the requirements file. You will also need to set the the proper credentials to make service calls. You can use the following tutorial to set up credentials using the [AWS CLI.](https://boto3.amazonaws.com/v1/documentation/api/latest/guide/credentials.html)
72
72
After you have the credentials set up with [privileges](https://docs.aws.amazon.com/keyspaces/latest/devguide/security_iam_service-with-iam.html) to access Amazon Keyspaces system tables, you can execute the following command to connect to Amazon Keyspaces with CQLSH using the Sigv4 process.
You can create service-specific credentials that are similar to the traditional username and password that Cassandra uses for authentication and access management. AWS service-specific credentials are associated with a specific AWS Identity and Access Management (IAM) user and can only be used for the service they were created for. For more information, see Using IAM with [Amazon Keyspaces (for Apache Cassandra)](https://docs.aws.amazon.com/keyspaces/latest/devguide/security-iam.html) in the IAM User Guide. To connect to Amazon Keyspaces using the cqlsh-expansion and IAM service-specific credentials you can use the command below. In this command we are connecting to us-east-1 region with service specific user ‘mike-user-99’* and service specific user password ‘user-pass-01’. *You will need to replace these credentials with your own user name and password that were given to you when creating the service specific credentials.
82
+
When creating service-specific credentials that are similar to the traditional username and password that Cassandra uses for authentication and access management. AWS service-specific credentials are associated with a specific AWS Identity and Access Management (IAM) user and can only be used for the service they were created for. For more information, see Using IAM with [Amazon Keyspaces (for Apache Cassandra)](https://docs.aws.amazon.com/keyspaces/latest/devguide/security-iam.html) in the IAM User Guide. To connect to Amazon Keyspaces using the cqlsh-expansion and IAM service-specific credentials you can use the command below. In this command we are connecting to us-east-1 region with service specific user ‘mike-user-99’* and service specific user password ‘user-pass-01’. *You will need to replace these credentials with your own user name and password that were given to you when creating the service specific credentials.
To remove the cqlsh-expansion package you can use the pip uninstall api. Additionally, if you executed the post install script cqlsh-expansion.init, you may want to delete the .cassandra directory which contains the cqlshrc file and the ssl certificate. Using pip uninstall will not remove changes made by the post install script.
99
+
When removing the cqlsh-expansion package you can use the pip uninstall api. Additionally, if you executed the post install script cqlsh-expansion.init, you may want to delete the .cassandra directory which contains the cqlshrc file and the ssl certificate. Using pip uninstall will not remove changes made by the post install script.
0 commit comments