AWS PrivateLink for Snowflake
AWS PrivateLink provides private connectivity from the Immuta SaaS platform to Snowflake accounts hosted on AWS. It ensures that all traffic to the configured endpoints only traverses private networks.
This feature is supported in most regions across Immuta's global segments (NA, EU, and AP); contact your Immuta representative if you have questions about availability.

Requirements
You have an Immuta SaaS tenant.
Your Snowflake account is hosted on AWS.
Your Snowflake account is on the Business Critical Edition.
You have
ACCOUNTADMIN
role on your Snowflake account to configure the Private Link connection.You have enabled AWS PrivateLink for Snowflake.
Using Snowflake network policies with AWS PrivateLink
Snowflake network policies allow you to limit access to your Snowflake service endpoints. Network rules can be used with those network policies to define the specific IP CIDR blocks or AWS VPC endpoints that are allowed. Immuta supports both, but we highly recommend that you configure your network rules to reference our VPC endpoints and not our CIDR block.
VPC endpoint network rule
With a network rule type of AWSVPCEID
, you can use the following table of Immuta's VPC endpoints by AWS region to configure access from Immuta SaaS to your Snowflake service:
ap-northeast-1
Asia Pacific (Tokyo)
vpce-0c738d241aa0bfde7
ap-northeast-2
Asia Pacific (Seoul)
vpce-00daddfa7477666eb
ap-south-1
Asia Pacific (Mumbai)
vpce-08a6d075ddd92df58
ap-southeast-1
Asia Pacific (Singapore)
vpce-030933ffc228d94ac
ap-southeast-2
Asia Pacific (Sydney)
vpce-0803dc2285d0d695f
ca-central-1
Canada (Central)
vpce-0ebff3192617126c9
eu-central-1
Europe (Frankfurt)
vpce-07f633ac50bc430c2
eu-north-1
Europe (Stockholm)
vpce-05c586fedca0a4112
eu-west-1
Europe (Ireland)
vpce-0ac01be5c06a919b0
eu-west-2
Europe (London)
vpce-0dd3c340c3dd64a5b
us-east-1
US East (Virginia)
vpce-03b3bf4334aa34d88
us-east-2
US East (Ohio)
vpce-04fdafe0ed07caace
us-west-2
US West (Oregon)
vpce-06624165eaa569250
IPv4 network rule
With a network rule type of IPV4
, you must configure an IP address block of 10.0.0.0/8
.
This size of block is required because traffic could come from anywhere in Immuta's network. Immuta has globally distributed compute and does not assign static IP addresses to any workloads. This is why you should use VPC endpoint network rules instead.
Configure Snowflake with AWS PrivateLink
In your Snowflake environment, run the following SQL query, which will return a JSON object with the connection information you will need to include in your support ticket:
select SYSTEM$GET_PRIVATELINK_CONFIG()
Copy the returned JSON object into a support ticket with Immuta Support to request for the feature to be enabled on your Immuta SaaS tenant.
Configure the Snowflake integration using the
privatelink-account-url
from the JSON object in step one as the the Host.
Last updated
Was this helpful?