Link Search Menu Expand Document
Virtues

Snowflake Private Link

urn:js:virtue:aspire:principle:17.1

TL;DR

It is mandatory to use Private link for all connections to Snowflake.

Rational

Using this feature, we will have secure connection to Snowflake without our data travesing over the public internet.

AWS Private link is an AWS service for creating private VPC endpoints that allow direct, secure connectivity between AWS VPCs without traversing the public Internet. Because Snowflake on AWS is implemented as a VPC, PrivateLink enables creating a highly-secure network between Snowflake and your other AWS VPCs (in the same AWS region), fully protected from unauthorized external access.

We have investigated it with Hilda from Snowflake, and she has confirmed that there is no additional license cost. This is primarily because we are already paying $1.9 / credit (private link rate) instead of $1.7 / credit (public link). We have also queries performance parameters with Snowflake, and they have confirmed that private link performance will be at par if not better than public link.

Therefore, we propose to make private link the universal method for all connections into Snowflake

Implications

  • Existing pipelines will need to be updated.

Appendix

Migrated From Confluence

link Original Author : Sanjay, Shambhu