Link Search Menu Expand Document
Virtues

Connecting AWS Accounts to Snowflake

urn:js:virtue:aspire:standard:14.1

TL;DR

PrivateLink must be used for all AWS connections to Snowflake.

Definition

  • AWS PrivateLink is the only approved connection method for AWS accounts to Snowflake
  • If you have an on-premises environment (e.g. a non-hosted data center), you can choose to use AWS Direct Connect, in conjunction with AWS PrivateLink, to connect all your virtual and physical environments in a single, private network.
  • Privatelink should not be used as a proxy for user traffic
  • Privatelink should be used for 3rd party cloud systems that require access to snowflake, if possible, so it can be segregated (eg: MSTR cloud)
  • Privatelink should not be used as a network concentrator as that can lead to SPOFs, security escalation issues and blending of different data classifications on the same network

Appendix

Migrated From Confluence

link Original Author : Graeme Forbes