Snowflake

Snowflake is cloud-based data storage and analytics service. This guide explains how to add Snowflake integration to Cloudaware.

To see how Cloudaware seamlessly integrates with Snowflake in action, request a demo.

Prerequsites

1. Create a custom role, e.g. READ_ONLY.

2. Create a user, e.g. CLOUDAWARE, and assign the role READ_ONLY.

   CODE

   create user CLOUDAWARE default_role=READ_ONLY

3. Grant the role access to a warehouse*:

   CODE

   grant usage on warehouse <warehouse_name> to role READ_ONLY

^*Cloudaware collects metadata only for objects that the role has access to. Assign the permissions below depending on the required access level.

Basic Access

GRANT IMPORTED PRIVILEGES ON DATABASE SNOWFLAKE TO ROLE READ_ONLY

Detailed Access

Snowflake Integration: GRANT USAGE ON INTEGRATION <integration_name> TO READ_ONLY

Snowflake Database: GRANT USAGE ON DATABASE <database_name> TO READ_ONLY

Snowflake Schema:

GRANT USAGE ON ALL SCHEMAS IN DATABASE <database_name> TO READ_ONLY
GRANT USAGE ON FUTURE SCHEMAS IN DATABASE <database_name> TO READ_ONLY

Snowflake Stage:

GRANT USAGE ON ALL STAGES IN DATABASE <database_name> TO READ_ONLY
GRANT USAGE ON FUTURE STAGES IN DATABASE <database_name> TO READ_ONLY

Snowflake Table:

GRANT REFERENCES ON ALL EXTERNAL TABLES IN DATABASE <database_name> TO READ_ONLY
GRANT REFERENCES ON FUTURE EXTERNAL TABLES IN DATABASE <database_name> TO READ_ONLY

Snowflake Pipe:

GRANT MONITOR ON PIPE <database_name>.<schema_name>.<pipe_name> TO READ_ONLY
GRANT MONITOR ON FUTURE PIPES IN DATABASE <database_name> TO READ_ONLY

Add a Snowflake account

1. Log in to Cloudaware → Admin.
   

   

2. Find Snowflake in integrations. Click +ADD.
   

   

3. Fill out the form:
   

   

   WHERE
   ¹ Account ID – the Snowflake account identifier. Use either Account Name in the format myorg-account123 or Account Locator in the format xy12345 or xy12345.cloud_region_id
   Username – the name of the user created for this integration, e.g., CLOUDAWARE. Note: This field is case-sensitive. Enter the username exactly as it appears in the Snowflake account. If the parameter QUOTED_IDENTIFIERS_IGNORE_CASE is set to True at the account/user or ACCOUNTADMIN/SECURITYADMIN level, Snowflake automatically uppercases the username, which may cause authorization errors. Read more
   ² Select Certificate – click +CREATE NEW, enter a meaningful name, then click +GENERATE to add a new key pair
   ³ Next Step – copy the command, run it in Snowflake to update the user’s rsa_public_key
   ⁴ Warehouse – click GET WAREHOUSES and select a warehouse-down list
   
   Click SAVE.
   

4. A green light in the ‘Status’ column indicates successful configuration. If the light is red, contact support@cloudaware.com.
   

   

5. To view Snowflake-related data, go to Cloudaware CMDB Navigator. Select SNOWFLAKE in the left-hand menu.
   

   

List of Snowflake objects

Cloudaware supports the following Snowflake objects:

• Snowflake Account CA10SN2__CaSnowflakeAccount__c

• Snowflake Database CA10SN2__CaSnowflakeDatabase__c

• Snowflake Identity CA10SN2__CaSnowflakeIdentity__c

• Snowflake Pipe CA10SN2__CaSnowflakePipe__c

• Snowflake Role CA10SN2__CaSnowflakeRole__c

• Snowflake Schema CA10SN2__CaSnowflakeSchema__c

• Snowflake Stage CA10SN2__CaSnowflakeStage__c

• Snowflake Table CA10SN2__CaSnowflakeTable__c

• Snowflake User CA10SN2__CaSnowflakeUser__c

• Snowflake User Role Link CA10SN2__CaSnowflakeUserRoleLink__c

• Snowflake View CA10SN2__CaSnowflakeView__c