Illustration Image

Cassandra.Link

The best knowledge base on Apache Cassandra®

Helping platform leaders, architects, engineers, and operators build scalable real time data platforms.

12/25/2017

Reading time:1 min

LoyaltyOne/cassandra-aws

by John Doe

README.md This CloudFormation template deploys 3 node Cassandra cluster in a single AWS regionacross multiple Availability Zones.Cassandra storage is backed by AWS Elastic File System. Each cassandra node maintains its own data folder on a single File System.This file system spans across multiple availability zones for redundancy.Why EFS?No need to resize volumes when data increases (automatically handled)Backups of volumes are less crucial since EFS is replicated across Availability ZonesPerformance is good enough for non-prod environmentsNote Using EFS to back a cassandra cluster is only suitable for development purposes.Consider using EBS volumes or instance storage for production grade setups.TODOTo generate a keystore and truststore for use by cassandra for encryption usethe truststore-setup script.truststore-setup does the following:Generates a keystore with a user supplied password which contains a private key used by Cassandra to establish securecommunication amongst nodes in the clusterGenerates a truststore which contains the public cert (corresponding to the private key in the keystore) for the clusterGenerates a client PEM file containing the public cert for the cluster intended to be used with cqlsh for secure client-to-node communicationUpdates cassandra.yaml with the user supplied password for the keystore and truststoreRun the truststore-setup script and specify the password and cluster name.$ ./truststore-setup <password> <clustername>This will generate the keystore and the truststore in cassandra-config:cassandra-config/├── conf│   └── certs│   ├── cassandra.keystore│   └── cassandra.truststore...For clients connecting to the cluster, the cassandra.truststore can be used to establish secure communication. This is a JKS based truststore.It will also generate the client pem in the root folder. This file can be used with cqlshcluster-ca-certificate.pemSync the s3 bucket holding the Cassandra configuration and certs.$ aws s3 sync cassandra-config s3://cassandra-configuration/<clustername>Note: You must name the CloudFormation stack exactly the same as <clustername> defined above in order forencryption to work correctly.For example, we have named our bucket sandbox-cassandra-configuration and the name of the cluster is sandbox-cassandra:

Illustration Image

README.md

This CloudFormation template deploys 3 node Cassandra cluster in a single AWS region across multiple Availability Zones.

Cassandra storage is backed by AWS Elastic File System. Each cassandra node maintains its own data folder on a single File System. This file system spans across multiple availability zones for redundancy.

Why EFS?

  • No need to resize volumes when data increases (automatically handled)
  • Backups of volumes are less crucial since EFS is replicated across Availability Zones
  • Performance is good enough for non-prod environments

Note Using EFS to back a cassandra cluster is only suitable for development purposes. Consider using EBS volumes or instance storage for production grade setups.

TODO

To generate a keystore and truststore for use by cassandra for encryption use the truststore-setup script.

truststore-setup does the following:

  • Generates a keystore with a user supplied password which contains a private key used by Cassandra to establish secure communication amongst nodes in the cluster
  • Generates a truststore which contains the public cert (corresponding to the private key in the keystore) for the cluster
  • Generates a client PEM file containing the public cert for the cluster intended to be used with cqlsh for secure client-to-node communication
  • Updates cassandra.yaml with the user supplied password for the keystore and truststore

Run the truststore-setup script and specify the password and cluster name.

$ ./truststore-setup <password> <clustername>

This will generate the keystore and the truststore in cassandra-config:

cassandra-config/
├── conf
│   └── certs
│       ├── cassandra.keystore
│       └── cassandra.truststore
...

For clients connecting to the cluster, the cassandra.truststore can be used to establish secure communication. This is a JKS based truststore.

It will also generate the client pem in the root folder. This file can be used with cqlsh

cluster-ca-certificate.pem

Sync the s3 bucket holding the Cassandra configuration and certs.

$ aws s3 sync cassandra-config s3://cassandra-configuration/<clustername>

Note: You must name the CloudFormation stack exactly the same as <clustername> defined above in order for encryption to work correctly.

For example, we have named our bucket sandbox-cassandra-configuration and the name of the cluster is sandbox-cassandra: image

Related Articles

database
datastax
aws

Getting Started with DataStax Astra DB and Amazon Bedrock | DataStax

John Doe

11/30/2023

cassandra
devops

Checkout Planet Cassandra

Claim Your Free Planet Cassandra Contributor T-shirt!

Make your contribution and score a FREE Planet Cassandra Contributor T-Shirt! 
We value our incredible Cassandra community, and we want to express our gratitude by sending an exclusive Planet Cassandra Contributor T-Shirt you can wear with pride.

Join Our Newsletter!

Sign up below to receive email updates and see what's going on with our company

Explore Related Topics

AllKafkaSparkScyllaSStableKubernetesApiGithubGraphQl

Explore Further

aws