AWS Security ChangesHomeSearch

AWS keyspaces medium security documentation change

Service: keyspaces · 2025-08-28 · Security-related medium

File: keyspaces/latest/devguide/spark-tutorial-step4.md

Summary

Updated connection instructions to use `cqlsh-expansion` instead of `cqlsh`, removed explicit username/password example, and standardized service endpoint formatting.

Security assessment

Removal of hardcoded credentials (even placeholders) in documentation examples reduces the risk of accidental exposure. The change promotes using a dedicated tool (`cqlsh-expansion`) which may enforce better security practices.

Diff

diff --git a/keyspaces/latest/devguide/spark-tutorial-step4.md b/keyspaces/latest/devguide/spark-tutorial-step4.md
index d9ca49136..08d78aa41 100644
--- a//keyspaces/latest/devguide/spark-tutorial-step4.md
+++ b//keyspaces/latest/devguide/spark-tutorial-step4.md
@@ -24 +24 @@ In contrast, randomizing data helps to take advantage of the built-in load balan
-    1. Connect to Amazon Keyspaces using `cqlsh`, and replace the service endpoint, user name, and password in the following example with your own values.
+    1. Connect to Amazon Keyspaces using the `cqlsh-expansion`. For `cqlsh-expansion` installation instructions, see [Using the cqlsh-expansion to connect to Amazon Keyspaces](./programmatic.cqlsh.html#using_cqlsh). 
@@ -26 +26,3 @@ In contrast, randomizing data helps to take advantage of the built-in load balan
-                cqlsh cassandra.us-east-2.amazonaws.com 9142 -u "111122223333" -p "wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY" --ssl
+Replace the service endpoint in the following example with your own value.
+        
+                cqlsh-expansion cassandra.us-east-1.amazonaws.com 9142 --ssl