Snowflake UDF example to trigger Immuta API calls
The Immuta API call example is to make use of AWS Lambda services.
PreviousSnowflae Datashare examples with ImmutaNextImmuta-Snowflake warehouse utilization at-a-glance
Last updated
The Immuta API call example is to make use of AWS Lambda services.
Last updated
Create a lambda function on AWS Lambda
Create REST API endpoint on AWS API Gateway
Create AWS IAM role for Snowflake connectivity
(optional) Validate and associate API Gateway to AWS Lambda function for above steps
Create Snowflake integration object
Create Snowflake external function
Trigger the external function from within Snowflake
The following steps creates a UDF and performs a project-context switching/reset back to No Current Project on Immuta if the user has previously set a different project. It is triggered within Snowflake by passing two parameters: user_api_key and user_email_uid. The UDF is based on a Snowflake integration object’s AWS API gateway info and triggers an AWS Lambda function to perform the API call to Immuta using the provided user_api_key and user_email_uid. Additionally, this approach allows for other Immuta API endpoints to be hit through the same Lambda function.
The following steps create a UDF and perform a project-context switch or reset back to "No Current Project" on Immuta if the user has previously set a different project. This process is triggered within Snowflake by passing two parameters: user_api_key and user_email_uid. The UDF utilizes the AWS API Gateway information of a Snowflake integration object and triggers an AWS Lambda function to make an API call to Immuta using the provided user_api_key and user_email_uid. This is an example; other Immuta API endpoints can be accessed using a similar approach.
Record the name of the Lambda function.
Set the function payload from the currentProject parameter to None.
(NOTE) Replace different endpoint and payload as needed to interact with different Immuta endpoints for various functions.
Create and set api gateway
Create Resources with endpoint
Create Method, i.e. POST method to set_project_null
Associate the Lambda function to the POST request: i.e: bc_set_project_null
Deploy API and note the Invoke URL
Create IAM and add APIGateway and Lambda access to it
Note the ARN info
Go to the AWS lambda function and add it to the lambda function as fit.
Snowflake integration object: provide the AWS IAM role info, and the API-gateway endpoint.
Describing the Snowflake integration object will provide the API_AWS_IAM_USE_ARN and the API_AWS_EXTERNAL_ID, which need to be provided to the AWS IAM role on AWS.
On AWS: navigate to the IAM role add the above information to the Trust Relationships for the role:
Create an external function which takes two parameters: api_key and user_id(email)
Associate the function with the integration object and the API Gateway endpoint
Test the lambda function has been throughly tested before deployment.
Execute a SELECT query on the function using the parameter values shown in the image below.
The project context in the Immuta instance will be reset or set to "No Current Project."
