AWS PrivateLink creates a secure, private connection between services running in AWS. This document describes the steps to set this up between Snowflake and Atlan, when you use our Single Tenant SaaS deployment.
Prerequisites
- Snowflake must be setup with Business Critical Edition (or higher).
- Open a ticket with Snowflake Support to enable PrivateLink for your Snowflake account.
- Snowflake support will take 1-2 days to review and enable PrivateLink.
- If you are using IP allowlist in your Snowflake instance, you must add the Atlan IP to the allowlist. Please raise a support request to do so.
(For all details, see the Snowflake documentation.)
Fetch PrivateLink information
Log in to snowCLI using the ACCOUNTADMIN
account, and run the following commands:
use role accountadmin;
select system$get_privatelink_config();
This will produce output like the following (formatted here for readability):
{
"privatelink-account-name":"abc123.ap-south-1.privatelink",
"privatelink-vpce-id":"com.amazonaws.vpce.ap-south-1.vpce-svc-257a4d536bd8e3594",
"privatelink-account-url":"abc123.ap-south-1.privatelink.snowflakecomputing.com",
"regionless-privatelink-account-url":"xyz789-abc123.privatelink.snowflakecomputing.com",
"privatelink_ocsp-url":"ocsp.abc123.ap-south-1.privatelink.snowflakecomputing.com",
"privatelink-connection-urls":"[]"
}
Share details with Atlan support team
Share the following values with the Atlan support team:
privatelink-account-name
privatelink-vpce-id
privatelink-account-url
privatelink_ocsp-url
Atlan support will finish the configuration on the Atlan side using these values. Support will then provide the Snowflake PrivateLink endpoint back to you.
When you use this endpoint in the configuration for crawling and mining, Atlan will connect to Snowflake over the PrivateLink.