步驟 3:建立 Amazon Keyspaces 的 VPC 端點 - Amazon Keyspaces (適用於 Apache Cassandra)

本文為英文版的機器翻譯版本,如內容有任何歧義或不一致之處,概以英文版為準。

步驟 3:建立 Amazon Keyspaces 的 VPC 端點

在此步驟中,您會使用 為 Amazon Keyspaces 建立雙堆疊 VPC 端點 AWS CLI。若要使用 VPC 主控台建立 VPC 端點,您可以遵循 AWS PrivateLink 指南中的建立 VPC 端點說明。篩選服務名稱時,請輸入 Cassandra

使用 建立 VPC 端點 AWS CLI
  1. 開始之前,請確認您可以使用其公有端點與 Amazon Keyspaces 通訊。

    aws keyspaces list-tables --keyspace-name 'myKeyspace'

    輸出會顯示包含在指定金鑰空間中的 Amazon Keyspaces 資料表清單。如果您沒有任何資料表,則清單為空白。

    { "tables": [ { "keyspaceName": "myKeyspace", "tableName": "myTable1", "resourceArn": "arn:aws:cassandra:us-east-1:111122223333:/keyspace/catalog/table/myTable1" }, { "keyspaceName": "myKeyspace", "tableName": "myTable2", "resourceArn": "arn:aws:cassandra:us-east-1:111122223333:/keyspace/catalog/table/myTable2" } ] }
  2. 確認 Amazon Keyspaces 是在目前 AWS 區域中建立 VPC 端點的可用服務。(命令會以粗體文字顯示,後面接著輸出範例。)

    aws ec2 describe-vpc-endpoint-services { "ServiceNames": [ "com.amazonaws.us-east-1.cassandra", "com.amazonaws.us-east-1.cassandra-fips" "api.aws.us-east-1.cassandra-streams" ] }

    如果 Amazon Keyspaces 是 命令輸出中可用的服務之一,您可以繼續建立 VPC 端點。

  3. 若要使用啟用 IPv6 的雙堆疊端點連線至 Amazon Keyspaces,請確認您的 VPC 支援 IPv6,並使用 IPv6 支援設定子網路。若要將 IPv6 支援新增至目前僅支援 IPv4 的現有 VPC,請參閱《Amazon VPC 使用者指南》中的 VPC 的 IPv6 支援

  4. 確定您的 VPC 識別碼。

    aws ec2 describe-vpcs { "Vpcs": [ { "OwnerId": "111122223333", "InstanceTenancy": "default", "Ipv6CidrBlockAssociationSet": [ { "AssociationId": "vpc-cidr-assoc-0000aaa0a00a00aa0", "Ipv6CidrBlock": "2600:1f18:e19:7d00::/56", "Ipv6CidrBlockState": { "State": "associated" }, "NetworkBorderGroup": "us-east-1", "Ipv6Pool": "Amazon", "Ipv6AddressAttribute": "public", "IpSource": "amazon" } ], "CidrBlockAssociationSet": [ { "AssociationId": "vpc-cidr-assoc-00a0000a", "CidrBlock": "111.11.0.0/16", "CidrBlockState": { "State": "associated" } } ], "IsDefault": true, "BlockPublicAccessStates": { "InternetGatewayBlockMode": "off" }, "VpcId": "vpc-a1234bcd", "State": "available", "CidrBlock": "111.11.0.0/16", "DhcpOptionsId": "dopt-a00aaaaa" } ] }

    在範例輸出中,VPC ID 為 vpc-a1234bcd

  5. 使用篩選條件來收集 VPC 子網路的詳細資訊。

    aws ec2 describe-subnets --filters "Name=vpc-id,Values=vpc-a1234bcd" { "Subnets": [ { "AvailabilityZoneId": "use1-az1", "MapCustomerOwnedIpOnLaunch": false, "OwnerId": "111122223333", "AssignIpv6AddressOnCreation": false, "Ipv6CidrBlockAssociationSet": [ { "AssociationId": "subnet-cidr-assoc-05d75732736740283", "Ipv6CidrBlock": "***********************", "Ipv6CidrBlockState": { "State": "associated" }, "Ipv6AddressAttribute": "public", "IpSource": "amazon" } ], "SubnetArn": "arn:aws:ec2:us-east-1:111122223333:subnet/subnet-70b24b16", "EnableDns64": false, "Ipv6Native": false, "PrivateDnsNameOptionsOnLaunch": { "HostnameType": "ip-name", "EnableResourceNameDnsARecord": false, "EnableResourceNameDnsAAAARecord": false }, "BlockPublicAccessStates": { "InternetGatewayBlockMode": "off" }, "SubnetId": "subnet-70b24b16", "State": "available", "VpcId": "vpc-a1234bcd", "CidrBlock": "**********/20", "AvailableIpAddressCount": 4089, "AvailabilityZone": "us-east-1a", "DefaultForAz": true, "MapPublicIpOnLaunch": true }, { "AvailabilityZoneId": "use1-az2", "MapCustomerOwnedIpOnLaunch": false, "OwnerId": "111122223333", "AssignIpv6AddressOnCreation": false, "Ipv6CidrBlockAssociationSet": [ { "AssociationId": "subnet-cidr-assoc-0ec6fb253e05b17eb", "Ipv6CidrBlock": "***********************", "Ipv6CidrBlockState": { "State": "associated" }, "Ipv6AddressAttribute": "public", "IpSource": "amazon" } ], "SubnetArn": "arn:aws:ec2:us-east-1:111122223333:subnet/subnet-c63ffbe7", "EnableDns64": false, "Ipv6Native": false, "PrivateDnsNameOptionsOnLaunch": { "HostnameType": "ip-name", "EnableResourceNameDnsARecord": false, "EnableResourceNameDnsAAAARecord": false }, "BlockPublicAccessStates": { "InternetGatewayBlockMode": "off" }, "SubnetId": "subnet-c63ffbe7", "State": "available", "VpcId": "vpc-a1234bcd", "CidrBlock": "***********/20", "AvailableIpAddressCount": 4087, "AvailabilityZone": "us-east-1b", "DefaultForAz": true, "MapPublicIpOnLaunch": true } ] }

    在範例輸出中,有兩個可用的子網路 IDssubnet-70b24b16subnet-c63ffbe7

  6. 建立 VPC 端點。對於 --vpc-id 參數,請指定上一個步驟的 VPC ID。針對 --subnet-ids 參數,指定上一個步驟IDs。使用 --vpc-endpoint-type 參數將端點定義為界面。若要建立雙堆疊端點,請使用 --ip-address-type dualstack。如需 命令的詳細資訊,請參閱《 AWS CLI 命令參考create-vpc-endpoint》中的 。

    aws ec2 create-vpc-endpoint \ --vpc-endpoint-type Interface \ --vpc-id vpc-a1234bcd \ --ip-address-type dualstack \ --service-name com.amazonaws.us-east-1.cassandra \ --subnet-ids subnet-70b24b16 subnet-c63ffbe7 { "VpcEndpoint": { "VpcEndpointId": "vpce-000000abc111d2ef3", "VpcEndpointType": "Interface", "VpcId": "vpc-a1234bcd", "ServiceName": "com.amazonaws.us-east-1.cassandra", "State": "pending", "RouteTableIds": [], "SubnetIds": [ "subnet-70b24b16", "subnet-c63ffbe7" ], "Groups": [ { "GroupId": "sg-0123456789", "GroupName": "default" } ], "IpAddressType": "dualstack", "DnsOptions": { "DnsRecordIpType": "dualstack" }, "PrivateDnsEnabled": true, "RequesterManaged": false, "NetworkInterfaceIds": [ "eni-08cd525f72ea6f1fa", "eni-07b1f6c895169d8fb" ], "DnsEntries": [ { "DnsName": "vpce-0000000000-1234567.cassandra.us-east-1.vpce.amazonaws.com", "HostedZoneId": "Z7HUB22UULQXV" }, { "DnsName": "vpce-0000000000-1234567-us-east-1a.cassandra.us-east-1.vpce.amazonaws.com", "HostedZoneId": "Z7HUB22UULQXV" }, { "DnsName": "cassandra.us-east-1.amazonaws.com", "HostedZoneId": "ZONEIDPENDING" }, { "DnsName": "cassandra.us-east-1.api.aws", "HostedZoneId": "ZONEIDPENDING" } ], "CreationTimestamp": "2025-09-19T15:19:19.266000+00:00", "OwnerId": "111122223333", "ServiceRegion": "us-east-1" } }