本文為英文版的機器翻譯版本,如內容有任何歧義或不一致之處,概以英文版為準。 # 步驟 3:建立 Amazon Keyspaces 的 VPC 端點 在此步驟中,您會使用 為 Amazon Keyspaces 建立雙堆疊 VPC 端點 AWS CLI。若要使用 VPC 主控台建立 VPC 端點,您可以遵循 *AWS PrivateLink 指南*中的[建立 VPC 端點](https://docs.aws.amazon.com/vpc/latest/privatelink/create-interface-endpoint.html#create-interface-endpoint)說明。篩選**服務名稱**時,請輸入 **Cassandra**。 **使用 建立 VPC 端點 AWS CLI** 1. 開始之前,請確認您可以使用其公有端點與 Amazon Keyspaces 通訊。 ``` aws keyspaces list-tables --keyspace-name 'myKeyspace' ``` 輸出會顯示包含在指定金鑰空間中的 Amazon Keyspaces 資料表清單。如果您沒有任何資料表,則清單為空白。 ``` { "tables": [ { "keyspaceName": "myKeyspace", "tableName": "myTable1", "resourceArn": "arn:aws:cassandra:us-east-1:111122223333:/keyspace/catalog/table/myTable1" }, { "keyspaceName": "myKeyspace", "tableName": "myTable2", "resourceArn": "arn:aws:cassandra:us-east-1:111122223333:/keyspace/catalog/table/myTable2" } ] } ``` 1. 確認 Amazon Keyspaces 是在目前 AWS 區域中建立 VPC 端點的可用服務。(命令會以粗體文字顯示,後面接著輸出範例。) ``` aws ec2 describe-vpc-endpoint-services { "ServiceNames": [ "com.amazonaws.us-east-1.cassandra", "com.amazonaws.us-east-1.cassandra-fips" "api.aws.us-east-1.cassandra-streams" ] } ``` 如果 Amazon Keyspaces 是 命令輸出中可用的服務之一,您可以繼續建立 VPC 端點。 1. 若要使用啟用 IPv6 的雙堆疊端點連線至 Amazon Keyspaces,請確認您的 VPC 支援 IPv6,並使用 IPv6 支援設定子網路。若要將 IPv6 支援新增至目前僅支援 IPv4 的現有 VPC,請參閱《Amazon VPC 使用者指南》中的 VPC [的 IPv6 支援](https://docs.aws.amazon.com/vpc/latest/userguide/)。 ** 1. 確定您的 VPC 識別碼。 ``` aws ec2 describe-vpcs { "Vpcs": [ { "OwnerId": "111122223333", "InstanceTenancy": "default", "Ipv6CidrBlockAssociationSet": [ { "AssociationId": "vpc-cidr-assoc-0000aaa0a00a00aa0", "Ipv6CidrBlock": "2600:1f18:e19:7d00::/56", "Ipv6CidrBlockState": { "State": "associated" }, "NetworkBorderGroup": "us-east-1", "Ipv6Pool": "Amazon", "Ipv6AddressAttribute": "public", "IpSource": "amazon" } ], "CidrBlockAssociationSet": [ { "AssociationId": "vpc-cidr-assoc-00a0000a", "CidrBlock": "111.11.0.0/16", "CidrBlockState": { "State": "associated" } } ], "IsDefault": true, "BlockPublicAccessStates": { "InternetGatewayBlockMode": "off" }, "VpcId": "vpc-a1234bcd", "State": "available", "CidrBlock": "111.11.0.0/16", "DhcpOptionsId": "dopt-a00aaaaa" } ] } ``` 在範例輸出中,VPC ID 為 `vpc-a1234bcd`。 1. 使用篩選條件來收集 VPC 子網路的詳細資訊。 ``` aws ec2 describe-subnets --filters "Name=vpc-id,Values=vpc-a1234bcd" { "Subnets": [ { "AvailabilityZoneId": "use1-az1", "MapCustomerOwnedIpOnLaunch": false, "OwnerId": "111122223333", "AssignIpv6AddressOnCreation": false, "Ipv6CidrBlockAssociationSet": [ { "AssociationId": "subnet-cidr-assoc-05d75732736740283", "Ipv6CidrBlock": "***********************", "Ipv6CidrBlockState": { "State": "associated" }, "Ipv6AddressAttribute": "public", "IpSource": "amazon" } ], "SubnetArn": "arn:aws:ec2:us-east-1:111122223333:subnet/subnet-70b24b16", "EnableDns64": false, "Ipv6Native": false, "PrivateDnsNameOptionsOnLaunch": { "HostnameType": "ip-name", "EnableResourceNameDnsARecord": false, "EnableResourceNameDnsAAAARecord": false }, "BlockPublicAccessStates": { "InternetGatewayBlockMode": "off" }, "SubnetId": "subnet-70b24b16", "State": "available", "VpcId": "vpc-a1234bcd", "CidrBlock": "**********/20", "AvailableIpAddressCount": 4089, "AvailabilityZone": "us-east-1a", "DefaultForAz": true, "MapPublicIpOnLaunch": true }, { "AvailabilityZoneId": "use1-az2", "MapCustomerOwnedIpOnLaunch": false, "OwnerId": "111122223333", "AssignIpv6AddressOnCreation": false, "Ipv6CidrBlockAssociationSet": [ { "AssociationId": "subnet-cidr-assoc-0ec6fb253e05b17eb", "Ipv6CidrBlock": "***********************", "Ipv6CidrBlockState": { "State": "associated" }, "Ipv6AddressAttribute": "public", "IpSource": "amazon" } ], "SubnetArn": "arn:aws:ec2:us-east-1:111122223333:subnet/subnet-c63ffbe7", "EnableDns64": false, "Ipv6Native": false, "PrivateDnsNameOptionsOnLaunch": { "HostnameType": "ip-name", "EnableResourceNameDnsARecord": false, "EnableResourceNameDnsAAAARecord": false }, "BlockPublicAccessStates": { "InternetGatewayBlockMode": "off" }, "SubnetId": "subnet-c63ffbe7", "State": "available", "VpcId": "vpc-a1234bcd", "CidrBlock": "***********/20", "AvailableIpAddressCount": 4087, "AvailabilityZone": "us-east-1b", "DefaultForAz": true, "MapPublicIpOnLaunch": true } ] } ``` 在範例輸出中,有兩個可用的子網路 IDs`subnet-70b24b16`和 `subnet-c63ffbe7`。 1. 建立 VPC 端點。對於 `--vpc-id` 參數,請指定上一個步驟的 VPC ID。針對 `--subnet-ids` 參數,指定上一個步驟IDs。使用 `--vpc-endpoint-type` 參數將端點定義為界面。若要建立雙堆疊端點,請使用 `--ip-address-type dualstack`。如需 命令的詳細資訊,請參閱《 *AWS CLI 命令參考*[https://docs.aws.amazon.com/cli/latest/reference/ec2/create-vpc-endpoint.html](https://docs.aws.amazon.com/cli/latest/reference/ec2/create-vpc-endpoint.html)》中的 。 ``` aws ec2 create-vpc-endpoint \ --vpc-endpoint-type Interface \ --vpc-id vpc-a1234bcd \ --ip-address-type dualstack \ --service-name com.amazonaws.us-east-1.cassandra \ --subnet-ids subnet-70b24b16 subnet-c63ffbe7 { "VpcEndpoint": { "VpcEndpointId": "vpce-000000abc111d2ef3", "VpcEndpointType": "Interface", "VpcId": "vpc-a1234bcd", "ServiceName": "com.amazonaws.us-east-1.cassandra", "State": "pending", "RouteTableIds": [], "SubnetIds": [ "subnet-70b24b16", "subnet-c63ffbe7" ], "Groups": [ { "GroupId": "sg-0123456789", "GroupName": "default" } ], "IpAddressType": "dualstack", "DnsOptions": { "DnsRecordIpType": "dualstack" }, "PrivateDnsEnabled": true, "RequesterManaged": false, "NetworkInterfaceIds": [ "eni-08cd525f72ea6f1fa", "eni-07b1f6c895169d8fb" ], "DnsEntries": [ { "DnsName": "vpce-0000000000-1234567.cassandra.us-east-1.vpce.amazonaws.com", "HostedZoneId": "Z7HUB22UULQXV" }, { "DnsName": "vpce-0000000000-1234567-us-east-1a.cassandra.us-east-1.vpce.amazonaws.com", "HostedZoneId": "Z7HUB22UULQXV" }, { "DnsName": "cassandra.us-east-1.amazonaws.com", "HostedZoneId": "ZONEIDPENDING" }, { "DnsName": "cassandra.us-east-1.api.aws", "HostedZoneId": "ZONEIDPENDING" } ], "CreationTimestamp": "2025-09-19T15:19:19.266000+00:00", "OwnerId": "111122223333", "ServiceRegion": "us-east-1" } } ```