本文属于机器翻译版本。若本译文内容与英语原文存在差异,则一律以英文原文为准。
步骤 3:为 Amazon Keyspaces 创建 VPC 端点
在此步骤中,您将使用为 Amazon Keyspaces 创建双栈 VPC 终端节点。 AWS CLI要使用 VPC 控制台创建 VPC 端点,您可以按照 AWS PrivateLink 指南中的创建 VPC 端点进行操作。筛选服务名称时,请输入 Cassandra。
使用创建 VPC 终端节点 AWS CLI
-
在开始之前,请验证您是否可以使用 Amazon Keyspaces 的公共端点与其进行通信。
aws keyspaces list-tables --keyspace-name 'myKeyspace'输出显示了包含在指定键空间中的 Amazon Keyspaces 表的列表。如果您没有任何表,该列表将为空。
{ "tables": [ { "keyspaceName": "myKeyspace", "tableName": "myTable1", "resourceArn": "arn:aws:cassandra:us-east-1:111122223333:/keyspace/catalog/table/myTable1" }, { "keyspaceName": "myKeyspace", "tableName": "myTable2", "resourceArn": "arn:aws:cassandra:us-east-1:111122223333:/keyspace/catalog/table/myTable2" } ] } -
验证 Amazon Keyspaces 是否为在当前 AWS 区域创建 VPC 终端节点的可用服务。(命令以粗体文本显示,后面是示例输出。)
aws ec2 describe-vpc-endpoint-services{ "ServiceNames": [ "com.amazonaws.us-east-1.cassandra", "com.amazonaws.us-east-1.cassandra-fips" "api.aws.us-east-1.cassandra-streams" ] }如果 Amazon Keyspaces 是命令输出中的可用服务之一,则可以继续创建 VPC 终端节点。
要使用 IPv6 已启用的双堆栈终端节点连接到 Amazon Keyspaces,请确认您的 VPC 是否支持 IPv6 并配置支持子网。 IPv6 要增加对当前仅 IPv6 支持的现有 VPC 的 IPv6 支持 IPv4,请参阅 Amazon VPC 用户指南中对您的 VPC 的支持;。
-
确定您的 VPC 标识符。
aws ec2 describe-vpcs{ "Vpcs": [ { "OwnerId": "111122223333", "InstanceTenancy": "default", "Ipv6CidrBlockAssociationSet": [ { "AssociationId": "vpc-cidr-assoc-0000aaa0a00a00aa0", "Ipv6CidrBlock": "2600:1f18:e19:7d00::/56", "Ipv6CidrBlockState": { "State": "associated" }, "NetworkBorderGroup": "us-east-1", "Ipv6Pool": "Amazon", "Ipv6AddressAttribute": "public", "IpSource": "amazon" } ], "CidrBlockAssociationSet": [ { "AssociationId": "vpc-cidr-assoc-00a0000a", "CidrBlock": "111.11.0.0/16", "CidrBlockState": { "State": "associated" } } ], "IsDefault": true, "BlockPublicAccessStates": { "InternetGatewayBlockMode": "off" }, "VpcId": "vpc-a1234bcd", "State": "available", "CidrBlock": "111.11.0.0/16", "DhcpOptionsId": "dopt-a00aaaaa" } ] }在示例输出中,VPC ID 为
vpc-a1234bcd。 -
使用筛选条件来收集有关 VPC 子网的详细信息。
aws ec2 describe-subnets --filters "Name=vpc-id,Values=vpc-a1234bcd"{ "Subnets": [ { "AvailabilityZoneId": "use1-az1", "MapCustomerOwnedIpOnLaunch": false, "OwnerId": "111122223333", "AssignIpv6AddressOnCreation": false, "Ipv6CidrBlockAssociationSet": [ { "AssociationId": "subnet-cidr-assoc-05d75732736740283", "Ipv6CidrBlock": "***********************", "Ipv6CidrBlockState": { "State": "associated" }, "Ipv6AddressAttribute": "public", "IpSource": "amazon" } ], "SubnetArn": "arn:aws:ec2:us-east-1:111122223333:subnet/subnet-70b24b16", "EnableDns64": false, "Ipv6Native": false, "PrivateDnsNameOptionsOnLaunch": { "HostnameType": "ip-name", "EnableResourceNameDnsARecord": false, "EnableResourceNameDnsAAAARecord": false }, "BlockPublicAccessStates": { "InternetGatewayBlockMode": "off" }, "SubnetId": "subnet-70b24b16", "State": "available", "VpcId": "vpc-a1234bcd", "CidrBlock": "**********/20", "AvailableIpAddressCount": 4089, "AvailabilityZone": "us-east-1a", "DefaultForAz": true, "MapPublicIpOnLaunch": true }, { "AvailabilityZoneId": "use1-az2", "MapCustomerOwnedIpOnLaunch": false, "OwnerId": "111122223333", "AssignIpv6AddressOnCreation": false, "Ipv6CidrBlockAssociationSet": [ { "AssociationId": "subnet-cidr-assoc-0ec6fb253e05b17eb", "Ipv6CidrBlock": "***********************", "Ipv6CidrBlockState": { "State": "associated" }, "Ipv6AddressAttribute": "public", "IpSource": "amazon" } ], "SubnetArn": "arn:aws:ec2:us-east-1:111122223333:subnet/subnet-c63ffbe7", "EnableDns64": false, "Ipv6Native": false, "PrivateDnsNameOptionsOnLaunch": { "HostnameType": "ip-name", "EnableResourceNameDnsARecord": false, "EnableResourceNameDnsAAAARecord": false }, "BlockPublicAccessStates": { "InternetGatewayBlockMode": "off" }, "SubnetId": "subnet-c63ffbe7", "State": "available", "VpcId": "vpc-a1234bcd", "CidrBlock": "***********/20", "AvailableIpAddressCount": 4087, "AvailabilityZone": "us-east-1b", "DefaultForAz": true, "MapPublicIpOnLaunch": true } ] }在示例输出中,有两个可用的子网 IDs:
subnet-70b24b16和subnet-c63ffbe7。 -
创建 VPC 端点。对于
--vpc-id参数,指定上一步中的 VPC ID。对于--subnet-ids参数,请指定上一步 IDs 中的子网。使用--vpc-endpoint-type参数将端点定义为接口。要创建双堆栈端点,请使用--ip-address-type dualstack。有关命令的更多信息,请参阅 AWS CLI 命令参考中的create-vpc-endpoint。aws ec2 create-vpc-endpoint \ --vpc-endpoint-type Interface \ --vpc-id vpc-a1234bcd \ --ip-address-type dualstack \ --service-name com.amazonaws.us-east-1.cassandra \ --subnet-ids subnet-70b24b16 subnet-c63ffbe7{ "VpcEndpoint": { "VpcEndpointId": "vpce-000000abc111d2ef3", "VpcEndpointType": "Interface", "VpcId": "vpc-a1234bcd", "ServiceName": "com.amazonaws.us-east-1.cassandra", "State": "pending", "RouteTableIds": [], "SubnetIds": [ "subnet-70b24b16", "subnet-c63ffbe7" ], "Groups": [ { "GroupId": "sg-0123456789", "GroupName": "default" } ], "IpAddressType": "dualstack", "DnsOptions": { "DnsRecordIpType": "dualstack" }, "PrivateDnsEnabled": true, "RequesterManaged": false, "NetworkInterfaceIds": [ "eni-08cd525f72ea6f1fa", "eni-07b1f6c895169d8fb" ], "DnsEntries": [ { "DnsName": "vpce-0000000000-1234567.cassandra.us-east-1.vpce.amazonaws.com", "HostedZoneId": "Z7HUB22UULQXV" }, { "DnsName": "vpce-0000000000-1234567-us-east-1a.cassandra.us-east-1.vpce.amazonaws.com", "HostedZoneId": "Z7HUB22UULQXV" }, { "DnsName": "cassandra.us-east-1.amazonaws.com", "HostedZoneId": "ZONEIDPENDING" }, { "DnsName": "cassandra.us-east-1.api.aws", "HostedZoneId": "ZONEIDPENDING" } ], "CreationTimestamp": "2025-09-19T15:19:19.266000+00:00", "OwnerId": "111122223333", "ServiceRegion": "us-east-1" } }
