Skip to content

Configure Aerospike Clients

Client applications should use the database credentials for a Cloud database user. See Create database users for more information.

TLS configuration

The TLS connection between Aerospike client and Aerospike Cloud must exist inside a peered VPC. See VPC peering for more information.

Client TLS setup instructions:

The TLS Client Certificate can be downloaded from the Aerospike Cloud Console in the Details tab for your Cloud database or from the public APIs through the GET /databases/<database-id> endpoint.

Troubleshooting

FAIL_FORBIDDEN on writes

ISSUE

Write operations fail with a FAIL_FORBIDDEN: Operation not allowed at this time error, even when the database user has the correct role-based access control (RBAC) roles such as read-write. The message can be mistaken for an RBAC or connectivity issue.

The Aerospike server rejects writes that include a time to live (TTL) value when the namespace has record expiration disabled. TTL writes are accepted only when expiration is enabled. Record expiration is disabled when nsup-period defaults to 0, which is the case for new Aerospike Cloud clusters. The server logs a warning similar to:

WARNING (rw): (write.c::) write_master: disallowed ttl with nsup-period 0

SOLUTION

Choose one of the following approaches:

  • Remove the TTL from your client code. If your application does not require record expiration, update your write operations to omit the TTL (or set it to 0, which means the record does not expire).

  • Enable record expiration on the cluster. If your application requires TTLs, set nsup-period to a non-zero value in your cluster’s advanced configuration. This starts the namespace supervisor so the server accepts writes with a TTL.

Feedback

Was this page helpful?

What type of feedback are you giving?

What would you like us to know?

+Capture screenshot

Can we reach out to you?