AWS Security ChangesHomeSearch

AWS keyspaces medium security documentation change

Service: keyspaces · 2025-10-01 · Security-related medium

File: keyspaces/latest/devguide/programmatic.endpoints.md

Summary

Added documentation for dual-stack endpoints (IPv4/IPv6) across all regions, updated FIPS endpoints to include dual-stack variants, and introduced new Streams endpoints section for CDC streams with HTTPS protocol

Security assessment

The changes explicitly add dual-stack endpoints with FIPS compliance (security-focused cryptographic standards) and enforce HTTPS for all new Streams endpoints. These updates improve encryption and compliance posture, which are security enhancements. The FIPS endpoint expansion directly relates to federal security requirements.

Diff

diff --git a/keyspaces/latest/devguide/programmatic.endpoints.md b/keyspaces/latest/devguide/programmatic.endpoints.md
index 64597dd9b..01aa40660 100644
--- a//keyspaces/latest/devguide/programmatic.endpoints.md
+++ b//keyspaces/latest/devguide/programmatic.endpoints.md
@@ -5 +5 @@
-Ports and protocolsGlobal endpointsAWS GovCloud (US) Region FIPS endpointsChina Regions endpoints
+Ports and protocolsGlobal endpointsAWS GovCloud (US) Region FIPS endpointsChina Regions endpointsStreams endpoints
@@ -18,0 +19,4 @@ Ports and protocolsGlobal endpointsAWS GovCloud (US) Region FIPS endpointsChina
+  * Streams endpoints
+
+  * [Connecting to dual-stack endpoints](./dualstack_endpoints.html)
+
@@ -39 +43,12 @@ For TLS connections, Amazon Keyspaces uses the Starfield CA to authenticate agai
-Amazon Keyspaces is available in the following AWS Regions. This table shows the available service endpoint for each Region. 
+Amazon Keyspaces supports both IPv4 and IPv6 public endpoints. You can choose between IPv4 endpoints and dual-stack endpoints. The endpoints use the following naming convention, where you can replace `us-east-1` with another available AWS Region from the table.
+
+  * **IPv4 endpoints** – `cassandra.`us-east-1`.amazonaws.com`
+
+  * **Dual-stack endpoints** – `cassandra.`us-east-1`.api.aws`
+
+
+
+
+For more information about dual-stack endpoints and how to configure connections, see [Connecting to dual-stack endpoints](./dualstack_endpoints.html).
+
+Amazon Keyspaces is available in the following Regions. 
@@ -43,3 +58,3 @@ Region Name | Region | Endpoint | Protocol
-US East (Ohio) | us-east-2 |  cassandra.us-east-2.amazonaws.com  | HTTPS and TLS  
-US East (N. Virginia) | us-east-1 |  cassandra.us-east-1.amazonaws.com  cassandra-fips.us-east-1.amazonaws.com  |  HTTPS and TLS TLS  
-US West (N. California) | us-west-1 |  cassandra.us-west-1.amazonaws.com  | HTTPS and TLS  
+US East (Ohio) | us-east-2 |  cassandra.us-east-2.amazonaws.com  cassandra.us-east-2.api.aws  |  HTTPS and TLS HTTPS and TLS  
+US East (N. Virginia) | us-east-1 |  cassandra.us-east-1.amazonaws.com  cassandra-fips.us-east-1.api.aws  cassandra-fips.us-east-1.amazonaws.com  cassandra.us-east-1.api.aws  |  HTTPS and TLS HTTPS and TLS HTTPS and TLS HTTPS and TLS  
+US West (N. California) | us-west-1 |  cassandra.us-west-1.amazonaws.com  cassandra.us-west-1.api.aws  |  HTTPS and TLS HTTPS and TLS  
@@ -49 +64 @@ Asia Pacific (Hong Kong) | ap-east-1 |  cassandra.ap-east-1.amazonaws.com  | HTT
-Asia Pacific (Mumbai) | ap-south-1 |  cassandra.ap-south-1.amazonaws.com  | HTTPS and TLS  
+Asia Pacific (Mumbai) | ap-south-1 |  cassandra.ap-south-1.amazonaws.com  cassandra.ap-south-1.api.aws  |  HTTPS and TLS HTTPS and TLS  
@@ -51 +66 @@ Asia Pacific (Seoul) | ap-northeast-2 |  cassandra.ap-northeast-2.amazonaws.com
-Asia Pacific (Singapore) | ap-southeast-1 |  cassandra.ap-southeast-1.amazonaws.com  | HTTPS and TLS  
+Asia Pacific (Singapore) | ap-southeast-1 |  cassandra.ap-southeast-1.amazonaws.com  cassandra.ap-southeast-1.api.aws  |  HTTPS and TLS HTTPS and TLS  
@@ -53,4 +68,4 @@ Asia Pacific (Sydney) | ap-southeast-2 |  cassandra.ap-southeast-2.amazonaws.com
-Asia Pacific (Tokyo) | ap-northeast-1 |  cassandra.ap-northeast-1.amazonaws.com  | HTTPS and TLS  
-Canada (Central) | ca-central-1 |  cassandra.ca-central-1.amazonaws.com  | HTTPS and TLS  
-Europe (Frankfurt) | eu-central-1 |  cassandra.eu-central-1.amazonaws.com  | HTTPS and TLS  
-Europe (Ireland) | eu-west-1 |  cassandra.eu-west-1.amazonaws.com  | HTTPS and TLS  
+Asia Pacific (Tokyo) | ap-northeast-1 |  cassandra.ap-northeast-1.amazonaws.com  cassandra.ap-northeast-1.api.aws  |  HTTPS and TLS HTTPS and TLS  
+Canada (Central) | ca-central-1 |  cassandra.ca-central-1.amazonaws.com  cassandra.ca-central-1.api.aws  |  HTTPS and TLS HTTPS and TLS  
+Europe (Frankfurt) | eu-central-1 |  cassandra.eu-central-1.amazonaws.com  cassandra.eu-central-1.api.aws  |  HTTPS and TLS HTTPS and TLS  
+Europe (Ireland) | eu-west-1 |  cassandra.eu-west-1.amazonaws.com  cassandra.eu-west-1.api.aws  |  HTTPS and TLS HTTPS and TLS  
@@ -58,2 +73,2 @@ Europe (London) | eu-west-2 |  cassandra.eu-west-2.amazonaws.com  | HTTPS and TL
-Europe (Paris) | eu-west-3 |  cassandra.eu-west-3.amazonaws.com  | HTTPS and TLS  
-Europe (Stockholm) | eu-north-1 |  cassandra.eu-north-1.amazonaws.com  | HTTPS and TLS  
+Europe (Paris) | eu-west-3 |  cassandra.eu-west-3.amazonaws.com  cassandra.eu-west-3.api.aws  |  HTTPS and TLS HTTPS and TLS  
+Europe (Stockholm) | eu-north-1 |  cassandra.eu-north-1.amazonaws.com  cassandra.eu-north-1.api.aws  |  HTTPS and TLS HTTPS and TLS  
@@ -61 +76 @@ Middle East (Bahrain) | me-south-1 |  cassandra.me-south-1.amazonaws.com  | HTTP
-South America (São Paulo) | sa-east-1 |  cassandra.sa-east-1.amazonaws.com  | HTTPS and TLS  
+South America (São Paulo) | sa-east-1 |  cassandra.sa-east-1.amazonaws.com  cassandra.sa-east-1.api.aws  |  HTTPS and TLS HTTPS and TLS  
@@ -67 +82 @@ AWS GovCloud (US-West) | us-gov-west-1 |  cassandra.us-gov-west-1.amazonaws.com
-Available FIPS endpoints in the AWS GovCloud (US) Region. For more information, see [Amazon Keyspaces in the _AWS GovCloud (US) User Guide_](https://docs.aws.amazon.com/govcloud-us/latest/UserGuide/govcloud-keyspaces.html).
+Available FIPS endpoints in the AWS GovCloud (US) Region. Amazon Keyspaces supports both IPv4 and IPv6 FIPS endpoints. You can choose between IPv4 endpoints and dual-stack endpoints. For more information, see [Amazon Keyspaces in the _AWS GovCloud (US) User Guide_](https://docs.aws.amazon.com/govcloud-us/latest/UserGuide/govcloud-keyspaces.html).
@@ -69,4 +84,4 @@ Available FIPS endpoints in the AWS GovCloud (US) Region. For more information,
-Region name | Region | FIPS endpoint | Protocol  
----|---|---|---  
-AWS GovCloud (US-East) | us-gov-east-1 | cassandra.us-gov-east-1.amazonaws.com |  HTTPS and TLS  
-AWS GovCloud (US-West) | us-gov-west-1 | cassandra.us-gov-west-1.amazonaws.com |  HTTPS and TLS  
+Region name | Region | FIPS endpoint IPv4 | FIPS endpoint dual-stack | Protocol  
+---|---|---|---|---  
+AWS GovCloud (US-East) | us-gov-east-1 | cassandra.us-gov-east-1.amazonaws.com | cassandra.us-gov-east-1.api.aws |  HTTPS and TLS  
+AWS GovCloud (US-West) | us-gov-west-1 | cassandra.us-gov-west-1.amazonaws.com | cassandra.us-gov-west-1.api.aws |  HTTPS and TLS  
@@ -76 +91 @@ AWS GovCloud (US-West) | us-gov-west-1 | cassandra.us-gov-west-1.amazonaws.com |
-The following Amazon Keyspaces endpoints are available in the AWS China Regions. 
+Amazon Keyspaces supports IPv4 endpoints in the AWS China Regions. 
@@ -84,0 +100,28 @@ China (Ningxia) | cn-northwest-1 | cassandra.cn-northwest-1.amazonaws.com.cn | H
+## Streams endpoints
+
+Amazon Keyspaces CDC streams is available in the following AWS Regions. This table shows the available dual-stack service endpoint for each Region. For more information about Amazon Keyspaces CDC streams, see [How to access CDC stream endpoints in Amazon Keyspaces](./CDC_access-endpoints.html).
+
+Region Name | Region | Endpoint | Protocol  
+---|---|---|---  
+US East (Ohio) | us-east-2 |  cassandra-streams.us-east-2.api.aws  | HTTPS  
+US East (N. Virginia) | us-east-1 |  cassandra-streams.us-east-1.api.aws  | HTTPS  
+US West (N. California) | us-west-1 |  cassandra-streams.us-west-1.api.aws  | HTTPS  
+US West (Oregon) | us-west-2 |  cassandra-streams.us-west-2.api.aws  | HTTPS  
+Africa (Cape Town) | af-south-1 |  cassandra-streams.af-south-1.api.aws  | HTTPS  
+Asia Pacific (Hong Kong) | ap-east-1 |  cassandra-streams.ap-east-1.api.aws  | HTTPS  
+Asia Pacific (Mumbai) | ap-south-1 |  cassandra-streams.ap-south-1.api.aws  | HTTPS  
+Asia Pacific (Seoul) | ap-northeast-2 |  cassandra-streams.ap-northeast-2.api.aws  | HTTPS  
+Asia Pacific (Singapore) | ap-southeast-1 |  cassandra-streams.ap-southeast-1.api.aws  | HTTPS  
+Asia Pacific (Sydney) | ap-southeast-2 |  cassandra-streams.ap-southeast-2.api.aws  | HTTPS  
+Asia Pacific (Tokyo) | ap-northeast-1 |  cassandra-streams.ap-northeast-1.api.aws  | HTTPS  
+Canada (Central) | ca-central-1 |  cassandra-streams.ca-central-1.api.aws  | HTTPS  
+Europe (Frankfurt) | eu-central-1 |  cassandra-streams.eu-central-1.api.aws  | HTTPS  
+Europe (Ireland) | eu-west-1 |  cassandra-streams.eu-west-1.api.aws  | HTTPS  
+Europe (London) | eu-west-2 |  cassandra-streams.eu-west-2.api.aws  | HTTPS  
+Europe (Paris) | eu-west-3 |  cassandra-streams.eu-west-3.api.aws  | HTTPS  
+Europe (Stockholm) | eu-north-1 |  cassandra-streams.eu-north-1.api.aws  | HTTPS  
+Middle East (Bahrain) | me-south-1 |  cassandra-streams.me-south-1.api.aws  | HTTPS  
+South America (São Paulo) | sa-east-1 |  cassandra-streams.sa-east-1.api.aws  | HTTPS  
+AWS GovCloud (US-East) | us-gov-east-1 |  cassandra-streams.us-gov-east-1.api.aws  | HTTPS  
+AWS GovCloud (US-West) | us-gov-west-1 |  cassandra-streams.us-gov-west-1.api.aws  | HTTPS  
+  
@@ -93 +136 @@ Manage access keys
-Using cqlsh
+Connecting to dual-stack endpoints