Connecting AWS Accounts to Snowflake

urn:js:virtue:aspire:pattern:.

TL;DR

How to link your AWS account to Snowflake via PrivateLink so that you can connect to Snowflake.

Instructions

This page will walk you through how to link your AWS account to Snowflake via PrivateLink so that you can connect to Snowflake.

1. Raise a ServiceNow Ticket link, and request that they raise a Support Ticket with Snowflake to have PrivateLink enabled for your account
   • You will need to provide them with your numeric AWS Account ID. See Your AWS Account ID and its Alias on how to find this.
   • You will need to wait for Snowflake to complete this task before you can continue.

2. Once Snowflake have completed this request, they will provide you with a VPC Endpoint ID. This will take the form com.amazonaws.vpce..vpce- svc-xxxxxxxxxxxxxxxxx. However, these details do not vary per PrivateLink activation, so you can use the details for the sainsburys.eu-west-1 account below:

          {
            "privatelink-account-name": "sainsburys.eu-west-1.privatelink",
            "privatelink-vpce-id": "com.amazonaws.vpce.eu-west-1.vpce-svc-03594486c11f7955a",
            "privatelink-account-url": "sainsburys.eu-west-1.privatelink.snowflakecomputing.com",
            "privatelink_ocsp-url": "ocsp.sainsburys.eu-west-1.privatelink.snowflakecomputing.com"
        }
   

3. Ensure that ‘DNS hostnames’ and ‘DNS resolution’ are both ‘Enabled’ on your AWS VPC:

4. Either:
   • Deploy the following CloudFormation Stack to your AWS account, which will configure the necessary components to enable PrivateLink:
   • Use Terraform to configure the necessary components in your account:link
5. You can now use PrivateLink to connect to Snowflake from within your AWS VPC. The private IP blocks are already authorised in the Snowflake Whitelist (10.0.0.0/8, 172.16.0.0/12 and 192.168.0.0/16) so no further action is required here. The following code provides an example of how to connect to Snowflake using the Python Connector and PrivateLink. Note the account URL is slightly different, including ‘privatelink’.
   • This example uses a username and password to connect to Snowflake. It is recommended that you instead use RSA keys to connect to Snowflake programatically. See here on how to configure this. If you must use a username and password, please ensure that these are not stored in plain text in your code.

Snowflake Example Connection

#!/usr/local/bin/python3
import snowflake.connector
import sys
import pandas as pd
import os

ctx = snowflake.connector.connect(
    user='my_username', #fill with your username
    password=os.getenv('SNOWFLAKE_PWD'),
    account='sainsburys.eu-west-1.privatelink',
    warehouse='adw_xsmall_adhoc_wh',
    role='public'
)
cs = ctx.cursor()

try:
    cs.execute('select current_version()')
    print(cs.fetchone()[0])
finally:
    cs.close()
    ctx.close()

Useful links:

• AWS Private Link
• How to configure private link
• Video Link To Intro For The Need For Snowflake Private Link (Agenda Item 2)

Appendix

Migrated From Confluence

link Original Author : Graeme Forbes