本文属于机器翻译版本。若本译文内容与英语原文存在差异,则一律以英文原文为准。 # 步骤 3:为 Amazon Keyspaces 创建 VPC 端点 在此步骤中,您将使用为 Amazon Keyspaces 创建双栈 VPC 终端节点。 AWS CLI要使用 VPC 控制台创建 VPC 端点,您可以按照 *AWS PrivateLink 指南*中的[创建 VPC 端点](https://docs.aws.amazon.com/vpc/latest/privatelink/create-interface-endpoint.html#create-interface-endpoint)进行操作。筛选**服务名称**时,请输入 **Cassandra**。 **使用创建 VPC 终端节点 AWS CLI** 1. 在开始之前,请验证您是否可以使用 Amazon Keyspaces 的公共端点与其进行通信。 ``` aws keyspaces list-tables --keyspace-name 'myKeyspace' ``` 输出显示了包含在指定键空间中的 Amazon Keyspaces 表的列表。如果您没有任何表,该列表将为空。 ``` { "tables": [ { "keyspaceName": "myKeyspace", "tableName": "myTable1", "resourceArn": "arn:aws:cassandra:us-east-1:111122223333:/keyspace/catalog/table/myTable1" }, { "keyspaceName": "myKeyspace", "tableName": "myTable2", "resourceArn": "arn:aws:cassandra:us-east-1:111122223333:/keyspace/catalog/table/myTable2" } ] } ``` 1. 验证 Amazon Keyspaces 是否为在当前 AWS 区域创建 VPC 终端节点的可用服务。(命令以粗体文本显示,后面是示例输出。) ``` aws ec2 describe-vpc-endpoint-services { "ServiceNames": [ "com.amazonaws.us-east-1.cassandra", "com.amazonaws.us-east-1.cassandra-fips" "api.aws.us-east-1.cassandra-streams" ] } ``` 如果 Amazon Keyspaces 是命令输出中的可用服务之一,则可以继续创建 VPC 终端节点。 1. 要使用 IPv6 已启用的双堆栈终端节点连接到 Amazon Keyspaces,请确认您的 VPC 是否支持 IPv6 并配置支持子网。 IPv6 要增加对当前仅 IPv6 支持的现有 VPC 的[ IPv6 支持 IPv4,请参阅 Amazon VPC 用户指南中对您](https://docs.aws.amazon.com/vpc/latest/userguide/)*的 VPC 的支持;*。 1. 确定您的 VPC 标识符。 ``` aws ec2 describe-vpcs { "Vpcs": [ { "OwnerId": "111122223333", "InstanceTenancy": "default", "Ipv6CidrBlockAssociationSet": [ { "AssociationId": "vpc-cidr-assoc-0000aaa0a00a00aa0", "Ipv6CidrBlock": "2600:1f18:e19:7d00::/56", "Ipv6CidrBlockState": { "State": "associated" }, "NetworkBorderGroup": "us-east-1", "Ipv6Pool": "Amazon", "Ipv6AddressAttribute": "public", "IpSource": "amazon" } ], "CidrBlockAssociationSet": [ { "AssociationId": "vpc-cidr-assoc-00a0000a", "CidrBlock": "111.11.0.0/16", "CidrBlockState": { "State": "associated" } } ], "IsDefault": true, "BlockPublicAccessStates": { "InternetGatewayBlockMode": "off" }, "VpcId": "vpc-a1234bcd", "State": "available", "CidrBlock": "111.11.0.0/16", "DhcpOptionsId": "dopt-a00aaaaa" } ] } ``` 在示例输出中,VPC ID 为 `vpc-a1234bcd`。 1. 使用筛选条件来收集有关 VPC 子网的详细信息。 ``` aws ec2 describe-subnets --filters "Name=vpc-id,Values=vpc-a1234bcd" { "Subnets": [ { "AvailabilityZoneId": "use1-az1", "MapCustomerOwnedIpOnLaunch": false, "OwnerId": "111122223333", "AssignIpv6AddressOnCreation": false, "Ipv6CidrBlockAssociationSet": [ { "AssociationId": "subnet-cidr-assoc-05d75732736740283", "Ipv6CidrBlock": "***********************", "Ipv6CidrBlockState": { "State": "associated" }, "Ipv6AddressAttribute": "public", "IpSource": "amazon" } ], "SubnetArn": "arn:aws:ec2:us-east-1:111122223333:subnet/subnet-70b24b16", "EnableDns64": false, "Ipv6Native": false, "PrivateDnsNameOptionsOnLaunch": { "HostnameType": "ip-name", "EnableResourceNameDnsARecord": false, "EnableResourceNameDnsAAAARecord": false }, "BlockPublicAccessStates": { "InternetGatewayBlockMode": "off" }, "SubnetId": "subnet-70b24b16", "State": "available", "VpcId": "vpc-a1234bcd", "CidrBlock": "**********/20", "AvailableIpAddressCount": 4089, "AvailabilityZone": "us-east-1a", "DefaultForAz": true, "MapPublicIpOnLaunch": true }, { "AvailabilityZoneId": "use1-az2", "MapCustomerOwnedIpOnLaunch": false, "OwnerId": "111122223333", "AssignIpv6AddressOnCreation": false, "Ipv6CidrBlockAssociationSet": [ { "AssociationId": "subnet-cidr-assoc-0ec6fb253e05b17eb", "Ipv6CidrBlock": "***********************", "Ipv6CidrBlockState": { "State": "associated" }, "Ipv6AddressAttribute": "public", "IpSource": "amazon" } ], "SubnetArn": "arn:aws:ec2:us-east-1:111122223333:subnet/subnet-c63ffbe7", "EnableDns64": false, "Ipv6Native": false, "PrivateDnsNameOptionsOnLaunch": { "HostnameType": "ip-name", "EnableResourceNameDnsARecord": false, "EnableResourceNameDnsAAAARecord": false }, "BlockPublicAccessStates": { "InternetGatewayBlockMode": "off" }, "SubnetId": "subnet-c63ffbe7", "State": "available", "VpcId": "vpc-a1234bcd", "CidrBlock": "***********/20", "AvailableIpAddressCount": 4087, "AvailabilityZone": "us-east-1b", "DefaultForAz": true, "MapPublicIpOnLaunch": true } ] } ``` 在示例输出中,有两个可用的子网 IDs:`subnet-70b24b16`和`subnet-c63ffbe7`。 1. 创建 VPC 端点。对于 `--vpc-id` 参数,指定上一步中的 VPC ID。对于`--subnet-ids`参数,请指定上一步 IDs 中的子网。使用 `--vpc-endpoint-type` 参数将端点定义为接口。要创建双堆栈终端节点,请使用`--ip-address-type dualstack`。有关命令的更多信息,请参阅 *AWS CLI 命令参考*中的 [https://docs.aws.amazon.com/cli/latest/reference/ec2/create-vpc-endpoint.html](https://docs.aws.amazon.com/cli/latest/reference/ec2/create-vpc-endpoint.html)。 ``` aws ec2 create-vpc-endpoint \ --vpc-endpoint-type Interface \ --vpc-id vpc-a1234bcd \ --ip-address-type dualstack \ --service-name com.amazonaws.us-east-1.cassandra \ --subnet-ids subnet-70b24b16 subnet-c63ffbe7 { "VpcEndpoint": { "VpcEndpointId": "vpce-000000abc111d2ef3", "VpcEndpointType": "Interface", "VpcId": "vpc-a1234bcd", "ServiceName": "com.amazonaws.us-east-1.cassandra", "State": "pending", "RouteTableIds": [], "SubnetIds": [ "subnet-70b24b16", "subnet-c63ffbe7" ], "Groups": [ { "GroupId": "sg-0123456789", "GroupName": "default" } ], "IpAddressType": "dualstack", "DnsOptions": { "DnsRecordIpType": "dualstack" }, "PrivateDnsEnabled": true, "RequesterManaged": false, "NetworkInterfaceIds": [ "eni-08cd525f72ea6f1fa", "eni-07b1f6c895169d8fb" ], "DnsEntries": [ { "DnsName": "vpce-0000000000-1234567.cassandra.us-east-1.vpce.amazonaws.com", "HostedZoneId": "Z7HUB22UULQXV" }, { "DnsName": "vpce-0000000000-1234567-us-east-1a.cassandra.us-east-1.vpce.amazonaws.com", "HostedZoneId": "Z7HUB22UULQXV" }, { "DnsName": "cassandra.us-east-1.amazonaws.com", "HostedZoneId": "ZONEIDPENDING" }, { "DnsName": "cassandra.us-east-1.api.aws", "HostedZoneId": "ZONEIDPENDING" } ], "CreationTimestamp": "2025-09-19T15:19:19.266000+00:00", "OwnerId": "111122223333", "ServiceRegion": "us-east-1" } } ```