Posted On: Mar 17, 2020

Amazon Managed Apache Cassandra Service (MCS), a scalable, highly available, and managed Apache Cassandra–compatible database service, now helps you manage access to your keyspaces and tables by using AWS Identity and Access Management (IAM) roles and federated identities. 

IAM roles can help you manage user and application access to your MCS resources by using temporary security credentials for authentication instead of sharing long-term credentials. For example, you can create an IAM role that grants an application read and write permissions only to specific tables in your account. IAM roles can also be used to manage access for federated identities from a centralized identity provider, such as a corporate directory. 

You can use IAM roles with MCS by using an authentication plugin for the open-source DataStax Java driver. The plugin enables you to add authentication information to your MCS API requests by using the Signature Version 4 Signing Process.  

There is no additional cost to use the plugin, and support for the plugin is available in all AWS Regions where Amazon MCS is offered. Amazon MCS is available in preview in the US East (N. Virginia), US East (Ohio), EU (Stockholm), Asia Pacific (Tokyo), and Asia Pacific (Singapore) Regions. 

For more information about using the plugin to authenticate API calls and manage access to MCS resources, see Creating Credentials to Programmatically access Amazon Managed Cassandra Service in the Amazon MCS Developer Guide.