Step 3: Create a VPC endpoint for Amazon Keyspaces

In this step, you create a VPC endpoint for Amazon Keyspaces using the AWS CLI. To create the VPC endpoint using the VPC console, you can follow the Create a VPC endpoint instructions in the AWS PrivateLink Guide. When filtering for the Service name, enter Cassandra.

To create a VPC endpoint using the AWS CLI

Before you begin, verify that you can communicate with Amazon Keyspaces using its public endpoint.


aws keyspaces list-tables --keyspace-name 'myKeyspace'

The output shows a list of Amazon Keyspaces tables that are contained in the specified keyspace. If you don't have any tables, the list is empty.


{
    "tables": [
        {
            "keyspaceName": "myKeyspace",
            "tableName": "myTable1",
            "resourceArn": "arn:aws:cassandra:us-east-1:111122223333:/keyspace/catalog/table/myTable1"
        },
        {
            "keyspaceName": "myKeyspace",
            "tableName": "myTable2",
            "resourceArn": "arn:aws:cassandra:us-east-1:111122223333:/keyspace/catalog/table/myTable2"
        }
    ]
}

Verify that Amazon Keyspaces is an available service for creating VPC endpoints in the current AWS Region. (The command is shown in bold text, followed by example output.)
```
aws ec2 describe-vpc-endpoint-services
 
{
    "ServiceNames": [
        "com.amazonaws.us-east-1.cassandra", 
        "com.amazonaws.us-east-1.cassandra-fips"
    ]
}
```
In the example output, Amazon Keyspaces is one of the services available, so you can proceed with creating a VPC endpoint for it.

Determine your VPC identifier.


aws ec2 describe-vpcs
 
{
    "Vpcs": [
        {
            "VpcId": "vpc-a1234bcd", 
            "InstanceTenancy": "default", 
            "State": "available", 
            "DhcpOptionsId": "dopt-8454b7e1", 
            "CidrBlock": "111.31.0.0/16", 
            "IsDefault": true
        }
    ]
}

In the example output, the VPC ID is vpc-a1234bcd.

Use a filter to gather details about the subnets of the VPC.


aws ec2 describe-subnets --filters "Name=vpc-id,Values=vpc-a1234bcd"
 
{
     {
    "Subnets":[
       {
          "AvailabilityZone":"us-east-1a",
          "AvailabilityZoneId":"use2-az1",
          "AvailableIpAddressCount":4085,
          "CidrBlock":"111.31.0.0/20",
          "DefaultForAz":true,
          "MapPublicIpOnLaunch":true,
          "MapCustomerOwnedIpOnLaunch":false,
          "State":"available",
          "SubnetId":"subnet-920aacf9",
          "VpcId":"vpc-a1234bcd",
          "OwnerId":"111122223333",
          "AssignIpv6AddressOnCreation":false,
          "Ipv6CidrBlockAssociationSet":[
             
          ],
          "SubnetArn":"arn:aws:ec2:us-east-1:111122223333:subnet/subnet-920aacf9",
          "EnableDns64":false,
          "Ipv6Native":false,
          "PrivateDnsNameOptionsOnLaunch":{
             "HostnameType":"ip-name",
             "EnableResourceNameDnsARecord":false,
             "EnableResourceNameDnsAAAARecord":false
          }
       },
       {
          "AvailabilityZone":"us-east-1c",
          "AvailabilityZoneId":"use2-az3",
          "AvailableIpAddressCount":4085,
          "CidrBlock":"111.31.32.0/20",
          "DefaultForAz":true,
          "MapPublicIpOnLaunch":true,
          "MapCustomerOwnedIpOnLaunch":false,
          "State":"available",
          "SubnetId":"subnet-4c713600",
          "VpcId":"vpc-a1234bcd",
          "OwnerId":"111122223333",
          "AssignIpv6AddressOnCreation":false,
          "Ipv6CidrBlockAssociationSet":[
             
          ],
          "SubnetArn":"arn:aws:ec2:us-east-1:111122223333:subnet/subnet-4c713600",
          "EnableDns64":false,
          "Ipv6Native":false,
          "PrivateDnsNameOptionsOnLaunch":{
             "HostnameType":"ip-name",
             "EnableResourceNameDnsARecord":false,
             "EnableResourceNameDnsAAAARecord":false
          }
       },
       {
          "AvailabilityZone":"us-east-1b",
          "AvailabilityZoneId":"use2-az2",
          "AvailableIpAddressCount":4086,
          "CidrBlock":"111.31.16.0/20",
          "DefaultForAz":true,
          "MapPublicIpOnLaunch":true,
          

        }
    ]
}

In the example output, there are two available subnet IDs: subnet-920aacf9 and subnet-4c713600.

Create the VPC endpoint. For the --vpc-id parameter, specify the VPC ID from the previous step. For the --subnet-id parameter, specify the subnet IDs from the previous step. Use the --vpc-endpoint-type parameter to define the endpoint as an interface. For more information about the command, see create-vpc-endpoint in the AWS CLI Command Reference.


aws ec2 create-vpc-endpoint --vpc-endpoint-type Interface --vpc-id vpc-a1234bcd --service-name com.amazonaws.us-east-1.cassandra --subnet-id subnet-920aacf9 subnet-4c713600
 
{
    "VpcEndpoint": {
        "VpcEndpointId": "vpce-000ab1cdef23456789",
        "VpcEndpointType": "Interface",
        "VpcId": "vpc-a1234bcd",
        "ServiceName": "com.amazonaws.us-east-1.cassandra",
        "State": "pending",
        "RouteTableIds": [],
        "SubnetIds": [
            "subnet-920aacf9",
            "subnet-4c713600"
        ],
        "Groups": [
            {
                "GroupId": "sg-ac1b0e8d",
                "GroupName": "default"
            }
        ],
        "IpAddressType": "ipv4",
        "DnsOptions": {
            "DnsRecordIpType": "ipv4"
        },
        "PrivateDnsEnabled": true,
        "RequesterManaged": false,
        "NetworkInterfaceIds": [
            "eni-043c30c78196ad82e",
            "eni-06ce37e3fd878d9fa"
        ],
        "DnsEntries": [
            {
                "DnsName": "vpce-000ab1cdef23456789-m2b22rtz.cassandra.us-east-1.vpce.amazonaws.com",
                "HostedZoneId": "Z7HUB22UULQXV"
            },
            {
                "DnsName": "vpce-000ab1cdef23456789-m2b22rtz-us-east-1a.cassandra.us-east-1.vpce.amazonaws.com",
                "HostedZoneId": "Z7HUB22UULQXV"
            },
            {
                "DnsName": "vpce-000ab1cdef23456789-m2b22rtz-us-east-1c.cassandra.us-east-1.vpce.amazonaws.com",
                "HostedZoneId": "Z7HUB22UULQXV"
            },
            {
                "DnsName": "vpce-000ab1cdef23456789-m2b22rtz-us-east-1b.cassandra.us-east-1.vpce.amazonaws.com",
                "HostedZoneId": "Z7HUB22UULQXV"
            },
            {
                "DnsName": "vpce-000ab1cdef23456789-m2b22rtz-us-east-1d.cassandra.us-east-1.vpce.amazonaws.com",
                "HostedZoneId": "Z7HUB22UULQXV"
            },
            {
                "DnsName": "cassandra.us-east-1.amazonaws.com",
                "HostedZoneId": "ZONEIDPENDING"
            }
        ],
        "CreationTimestamp": "2023-01-27T16:12:36.834000+00:00",
        "OwnerId": "111122223333"
    }
}

}

Warning Javascript is disabled or is unavailable in your browser.

To use the Amazon Web Services Documentation, Javascript must be enabled. Please refer to your browser's Help pages for instructions.

Document Conventions

Step 2: Configure your Amazon EC2 instance

Step 4: Configure permissions for the VPC endpoint connection