Azure Private Link for Snowflake

Azure Private Link provides private connectivity from the Immuta SaaS platform, hosted on AWS, to customer-managed Snowflake Accounts on Azure. It ensures that all traffic to the configured endpoints only traverses private networks over the Immuta Private Cloud Exchange.

Support for Azure Private Link is available in all Snowflake-supported Azure regions.

Requirements

You have an Immuta SaaS tenant.
Your Snowflake account is hosted on Azure.
Your Snowflake account is on the Business Critical Edition.
You have ACCOUNTADMIN role on your Snowflake account to configure the Private Link connection.

Configure Snowflake with Azure Private Link

Snowflake requires that an Azure temporary access token be used when configuring the Azure Private Link connection. Due to the constraint imposed by the 1-hour token expiration, your Immuta representative will ask for a time window in which you can accept the connection in your Snowflake account. During this window, the token will be generated by Immuta and provided to you when you're ready to run the following SQL query.

In your Snowflake environment, run the following SQL query, which will return a JSON object with the connection information you will need to include in your support ticket:
```
select SYSTEM$GET_PRIVATELINK_CONFIG()
```
Copy the returned JSON object into a support ticket with Immuta Support to request for the feature to be enabled on your Immuta SaaS tenant.
Your Immuta representative will work with you to schedule a time in which to accept the connection in your Snowflake account. They will provide you with a SQL query to run using the ACCOUNTADMIN role. The SQL query will be in this format:
```
SELECT SYSTEM$AUTHORIZE_PRIVATELINK (
'/subscriptions/<SUBSCRIPTION_ID>/resourceGroups/<RESOURCE_GROUP>/providers/Microsoft.Network/privateEndpoints/abc12345.east-us-2.azure.snowflakecomputing.com-eus2',
  '<ACCESS_TOKEN>'
);
```
The query should return the following response: Private link access authorized.
Configure the Snowflake integration.
Register your tables as Immuta data sources. Note that the privatelink-account-url from the JSON object in step one will be the Server when registering data sources.

PreviousAWS PrivateLink for Snowflake NextStarburst (Trino) Private Connectivity

Last updated 4 days ago

Configure Snowflake with Azure Private Link

In your Snowflake environment, run the following SQL query, which will return a JSON object with the connection information you will need to include in your support ticket:

select SYSTEM$GET_PRIVATELINK_CONFIG()

Copy the returned JSON object into a support ticket with Immuta Support to request for the feature to be enabled on your Immuta SaaS tenant.

Your Immuta representative will work with you to schedule a time in which to accept the connection in your Snowflake account. They will provide you with a SQL query to run using the ACCOUNTADMIN role. The SQL query will be in this format:

SELECT SYSTEM$AUTHORIZE_PRIVATELINK (
'/subscriptions/<SUBSCRIPTION_ID>/resourceGroups/<RESOURCE_GROUP>/providers/Microsoft.Network/privateEndpoints/abc12345.east-us-2.azure.snowflakecomputing.com-eus2',
  '<ACCESS_TOKEN>'
);

The query should return the following response: Private link access authorized.

Configure the Snowflake integration.

Register your tables as Immuta data sources. Note that the privatelink-account-url from the JSON object in step one will be the Server when registering data sources.