How to set up an Azure private network link to Snowflake

Azure Private Link creates a secure, private connection between services running in Azure. This document describes the steps to set this up between Snowflake and Atlan.

🤓 Who can do this? You will need Snowflake Support, and probably your Snowflake administrator involved — you may not have access or the tools to run these tasks.

Prerequisites

  • Snowflake must be set up with Business Critical Edition (or higher).
  • Open a ticket with Snowflake Support to enable Azure Private Link for your Snowflake account.
  • Snowflake support will take 1-2 days to review and enable Azure Private Link.

(For all details, see the Snowflake documentation.)

Fetch Private Link information

Log in to snowCLI using the ACCOUNTADMIN account, and run the following commands:

use role accountadmin;
select system$get_privatelink_config();

This will produce an output like the following (formatted here for readability):

{
   "regionless-snowsight-privatelink-url": "abc123.privatelink.snowflakecomputing.com",
   "privatelink-account-name": "abc123.west-europe.privatelink",
   "snowsight-privatelink-url": "abc123.west-europe.privatelink.snowflakecomputing.com",
   "privatelink-account-url": "abc123.west-europe.privatelink.snowflakecomputing.com",
   "privatelink-connection-ocsp-urls": "[]",
   "privatelink-pls-id": "abc123.westeurope.azure.privatelinkservice",
   "regionless-privatelink-account-url": "abc123.privatelink.snowflakecomputing.com",
   "privatelink_ocsp-url": "ocsp.abc123.west-europe.privatelink.snowflakecomputing.com",
   "privatelink-connection-urls": "[]"
}

Share details with Atlan support team

Share the following values with the Atlan support team:

  • regionless-snowsight-privatelink-url
  • privatelink-account-name
  • snowsight-privatelink-url
  • privatelink-account-url
  • privatelink-connection-ocsp-urls
  • privatelink-pls-id
  • regionless-privatelink-account-url
  • privatelink_ocsp-url
  • privatelink-connection-urls

Atlan support will finish the configuration on the Atlan side using these values. Support will then provide you with the Snowflake private endpoint resource ID and Azure token for you to approve the request.

Approve the endpoint connection request

Log in to snowCLI using the ACCOUNTADMIN account, and run the following commands:

use role accountadmin;
SELECT SYSTEM$AUTHORIZE_PRIVATELINK (
  '/subscriptions/26d.../resourcegroups/sf-1/providers/microsoft.network/privateendpoints/test-self-service',
  'eyJ...'
  );

Snowflake will return an Account is authorized for PrivateLink. message to confirm successful authorization. The status of the private endpoint in Atlan will then change to Approved.

When you use this endpoint in the configuration for crawling and mining Snowflake, Atlan will connect to Snowflake over the Private Link.

Related articles

Was this article helpful?
0 out of 0 found this helpful