# How to commit data models to Amazon Keyspaces and Apache Cassandra
<a name="workbench.commit"></a>

This section shows you how to commit completed data models to Amazon Keyspaces and Apache Cassandra clusters. This process automatically creates the server-side resources for keyspaces and tables based on the settings that you defined in the data model. 

![\[Console screenshot that shows the commit options.\]](http://docs.aws.amazon.com/keyspaces/latest/devguide/images/workbench/key_nosql_commit.png)


**Topics**
+ [Before you begin](#workbench.commit.preqequ)
+ [Connect to Amazon Keyspaces with service-specific credentials](workbench.commit.ssc.md)
+ [Connect to Amazon Keyspaces with AWS Identity and Access Management (IAM) credentials](workbench.commit.iam.md)
+ [Use a saved connection](workbench.commit.default.md)
+ [Commit to Apache Cassandra](workbench.commit.cassandra.md)

## Before you begin
<a name="workbench.commit.preqequ"></a>

Amazon Keyspaces requires the use of Transport Layer Security (TLS) to help secure connections with clients. To connect to Amazon Keyspaces using TLS, you need to complete the following task before you can start.
+  Download the following digital certificates and save the files locally or in your home directory.

  1. AmazonRootCA1

  1. AmazonRootCA2

  1. AmazonRootCA3

  1. AmazonRootCA4

  1. Starfield Class 2 Root (optional – for backward compatibility)

  To download the certificates, you can use the following commands.

  ```
  curl -O https://www.amazontrust.com/repository/AmazonRootCA1.pem
  curl -O https://www.amazontrust.com/repository/AmazonRootCA2.pem
  curl -O https://www.amazontrust.com/repository/AmazonRootCA3.pem
  curl -O https://www.amazontrust.com/repository/AmazonRootCA4.pem
  curl -O https://certs.secureserver.net/repository/sf-class2-root.crt
  ```
**Note**  
Amazon Keyspaces previously used TLS certificates anchored to the Starfield Class 2 CA. AWS is migrating all AWS Regions to certificates issued under Amazon Trust Services (Amazon Root CAs 1–4). During this transition, configure clients to trust both Amazon Root CAs 1–4 and the Starfield root to ensure compatibility across all Regions.

  Combine all downloaded certificates into a single `pem` file with the name *keyspaces-bundle.pem* in our examples. You can do this by running the following command. Take note of the path to the file, you need this later.

  ```
  cat AmazonRootCA1.pem \
   AmazonRootCA2.pem \
   AmazonRootCA3.pem \
   AmazonRootCA4.pem \
   sf-class2-root.crt \
   > keyspaces-bundle.pem
  ```

After you have saved the certificate file, you can connect to Amazon Keyspaces. One option is to connect by using service-specific credentials. Service-specific credentials are a user name and password that are associated with a specific IAM user and can only be used with the specified service. The second option is to connect with IAM credentials that are using the [AWS Signature Version 4 process (SigV4)](https://docs.aws.amazon.com/general/latest/gr/signature-version-4.html). To learn more about these two options, see [Create credentials for programmatic access to Amazon Keyspaces](programmatic.credentials.md).

To connect with service-specific credentials, see [Connect to Amazon Keyspaces with service-specific credentials](workbench.commit.ssc.md).

To connect with IAM credentials, see [Connect to Amazon Keyspaces with AWS Identity and Access Management (IAM) credentials](workbench.commit.iam.md).

# Connect to Amazon Keyspaces with service-specific credentials
<a name="workbench.commit.ssc"></a>

This section shows how to use service-specific credentials to commit the data model you created or edited with NoSQL Workbench.

1. To create a new connection using service-specific credentials, choose the **Connect by using user name and password** tab. 

   1. Before you begin, you must create service-specific credentials using the process documented at [Create service-specific credentials for programmatic access to Amazon Keyspaces](programmatic.credentials.ssc.md).

   After you have obtained the service-specific credentials, you can continue to set up the connection. Continue with one of the following:
   + **User name** – Enter the user name.
   + **Password** – Enter the password.
   + **AWS Region** – For available Regions, see [Service endpoints for Amazon Keyspaces](programmatic.endpoints.md).
   + **Port** – Amazon Keyspaces uses port 9142. 

   Alternatively, you can import saved credentials from a file.

1. Choose **Commit** to update Amazon Keyspaces with the data model.

![\[Console screenshot that shows a connection to Amazon Keyspaces using service-specific credentials.\]](http://docs.aws.amazon.com/keyspaces/latest/devguide/images/workbench/key_nosql_SSC.png)


# Connect to Amazon Keyspaces with AWS Identity and Access Management (IAM) credentials
<a name="workbench.commit.iam"></a>

This section shows how to use IAM credentials to commit the data model created or edited with NoSQL Workbench.

1. To create a new connection using IAM credentials, choose the **Connect by using IAM credentials** tab. 

   1. Before you begin, you must create IAM credentials using one of the following methods.
     + For console access, use your IAM user name and password to sign in to the [AWS Management Console](https://console.aws.amazon.com/console/home) from the IAM sign-in page. For information about AWS security credentials, including programmatic access and alternatives to long-term credentials, see [AWS security credentials](https://docs.aws.amazon.com/IAM/latest/UserGuide/security-creds.html) in the *IAM User Guide*. For details about signing in to your AWS account, see [How to sign in to AWS](https://docs.aws.amazon.com/signin/latest/userguide/how-to-sign-in.html) in the *AWS Sign-In User Guide*.
     + For CLI access, you need an access key ID and a secret access key. Use temporary credentials instead of long-term access keys when possible. Temporary credentials include an access key ID, a secret access key, and a security token that indicates when the credentials expire. For more information, see [ Using temporary credentials with AWS resources](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_use-resources.html) in the *IAM User Guide*.
     + For API access, you need an access key ID and secret access key. Use IAM user access keys instead of AWS account root user access keys. For more information about creating access keys, see [Manage access keys for IAM users](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_access-keys.html) in the *IAM User Guide*. 

     For more information, see [Managing access keys for IAM users](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_access-keys.html).

   After you have obtained the IAM credentials, you can continue to set up the connection.
   + **Connection name** – The name of the connection.
   + **AWS Region** – For available Regions, see [Service endpoints for Amazon Keyspaces](programmatic.endpoints.md).
   + **Access key ID** – Enter the access key ID.
   + **Secret access key** – Enter the secret access key.
   + **Port** – Amazon Keyspaces uses port 9142. 
   + **AWS public certificate** – Point to the AWS certificate that was downloaded in the first step.
   + **Persist connection** – Select this check box if you want to save the AWS connection secrets locally.

1. Choose **Commit** to update Amazon Keyspaces with the data model.

![\[Console screenshot that shows a connection to Amazon Keyspaces using IAM credentials.\]](http://docs.aws.amazon.com/keyspaces/latest/devguide/images/workbench/key_nosql_IAM.png)


# Use a saved connection
<a name="workbench.commit.default"></a>

If you have previously set up a connection to Amazon Keyspaces, you can use that as the default connection to commit data model changes. Choose the **Use saved connections** tab and continue to commit the updates.

![\[Console screenshot that shows the default connection to Amazon Keyspaces.\]](http://docs.aws.amazon.com/keyspaces/latest/devguide/images/workbench/key_nosql_connection.png)


# Commit to Apache Cassandra
<a name="workbench.commit.cassandra"></a>

This section walks you through making the connections to an Apache Cassandra cluster to commit the data model created or edited with NoSQL Workbench.

**Note**  
Only data models that have been created with `SimpleStrategy` or `NetworkTopologyStrategy` can be committed to Apache Cassandra clusters. To change the replication strategy, edit the keyspace in the data modeler.

1. 
   + **User name** – Enter the user name if authentication is enabled on the cluster.
   + **Password** – Enter the password if authentication is enabled on the cluster.
   + **Contact points** – Enter the contact points.
   + **Local data center** – Enter the name of the local data center.
   + **Port** – The connection uses port 9042.

1. Choose **Commit** to update the Apache Cassandra cluster with the data model.

![\[Console screenshot that shows a connection to Apache Cassandra.\]](http://docs.aws.amazon.com/keyspaces/latest/devguide/images/workbench/key_nosql_cassandra.png)