Skip to content

getindata/terraform-snowflake-privatelink-aws

BranchesTags

Repository files navigation

Snowflake AWS PrivateLink Terraform Module

Snowflake Terraform

License Release

We help companies turn their data into assets

Terraform module that can create and manage AWS PrivateLink for Snowflake.

This module creates:

  • AWS VPC Endpoint
  • Security group and assigns it to the endpoint
  • AWS Route53 private zone and adds needed records inside

USAGE

module "snowflake_privatelink_aws" {
  source = "../../"

  name       = "snowflake"

  vpc_id     = "vpc-01234567890abcdef
  subnet_ids = ["subnet-01234567890abcdef", "subnet-01234567890abcdeg"]

  tags = {
    "example" = "tag"
  }
}

NOTES

In order to successfully setup a PrivateLink in AWS - manual authorization of PrivateLink requests is needed, more information can be found in Snowflake Documentation - https://docs.snowflake.com/en/user-guide/admin-security-privatelink.html#enabling-aws-privatelink.

Breaking changes in v2.x of the module

Due to replacement of nulllabel (context.tf) with context provider, some breaking changes were introduced

List od code and variable (API) changes:

  • Removed context.tf file (a single-file module with additonal variables), which implied a removal of all its variables (except name):
    • descriptor_formats
    • label_value_case
    • label_key_case
    • id_length_limit
    • regex_replace_chars
    • label_order
    • additional_tag_map
    • tags
    • labels_as_tags
    • attributes
    • delimiter
    • stage
    • environment
    • tenant
    • namespace
    • enabled
    • context
  • Remove support enabled flag - that might cause some backward compatibility issues with terraform state (please take into account that proper move clauses were added to minimize the impact), but proceed with caution
  • Additional context provider configuration
  • New variables were added, to allow naming configuration via context provider:
    • context_templates
    • name_schema

Due to rename of Snowflake terraform provider source, all versions.tf files were updated accordingly.

Please keep in mind to mirror this change in your own repos also.

For more information about provider rename, refer to Snowflake documentation.

Maximal version of supported provider was unblocked

Keep in mind that, starting with Snowflake provider version 1.x, the snowflake_system_get_privatelink_config resource is considered a preview feature and must be explicitly enabled in the provider configuration.

Required Provider Configuration:

provider "snowflake" {
  preview_features_enabled = ["snowflake_system_get_privatelink_config_datasource"]
}

Without this configuration, you will encounter the following error:

Error: snowflake_system_get_privatelink_config_datasource is currently a preview feature, and must be enabled by adding snowflake_system_get_privatelink_config_datasource to preview_features_enabled in Terraform configuration.

For more information about preview features, refer to the Snowflake provider documentation and Snowflake resource documentation.

Inputs

Name Description Type Default Required
account_name Name of the Snowflake account, used to create regionless privatelink fqdns string null no
additional_dns_records List of additional Route53 records to be added to local privatelink.snowflakecomputing.com hosted zone that points to Snowflake VPC endpoint. list(string) [] no
allow_vpc_cidr Whether allow access to the Snowflake PrivateLink endpoint from the whole VPC bool true no
allowed_cidrs List of subnet CIDRs that will be allowed to access Snowflake endpoint via PrivateLink list(string) [] no
context_templates Map of context templates used for naming conventions - this variable supersedes naming_scheme.properties and naming_scheme.delimiter configuration map(string) {} no
name Name of the resource string n/a yes
name_scheme Naming scheme configuration for the resource. This configuration is used to generate names using context provider:
- properties - list of properties to use when creating the name - is superseded by var.context_templates
- delimiter - delimited used to create the name from properties - is superseded by var.context_templates
- context_template_name - name of the context template used to create the name
- replace_chars_regex - regex to use for replacing characters in property-values created by the provider - any characters that match the regex will be removed from the name
- extra_values - map of extra label-value pairs, used to create a name
- uppercase - convert name to uppercase		 
object({
    properties            = optional(list(string), ["environment", "name"])
    delimiter             = optional(string, "_")
    context_template_name = optional(string, "snowflake-privatelink")
    replace_chars_regex   = optional(string, "[^a-zA-Z0-9_]")
    extra_values          = optional(map(string))
    uppercase             = optional(bool, false)
  })
 {} no
organisation_name Name of the organisation, where the Snowflake account is created, used to create regionless privatelink fqdns string null no
subnet_ids List of AWS Subnet IDs where Snowflake AWS PrivateLink Endpoint interfaces will be created list(string) n/a yes
vpc_id VPC ID where the AWS PrivateLink VPC Endpoint will be created string n/a yes

Modules

No modules.

Outputs

Name Description
dns_private_zone Details of Route53 private hosted zone created for Snowflake PrivateLink
security_group Details of security group assigned to Snowflake AWS PrivateLink VPC Endpoint
snowflake_additional_dns_records List of additional DNS records added to .privatelink.snowflakecomputing.com hosted zone
snowflake_privatelink_ocsp_url URL to access Snowflake OCSP endpont using AWS PrivateLink
snowflake_privatelink_url URL to access Snowflake using AWS PrivateLink
snowflake_regionless_private_link_account_url URL to access Snowflake account using AWS PrivateLink without specifying AWS region
snowflake_regionless_private_link_snowsight_url URL to access Snowsight UI using AWS PrivateLink without specifying AWS region
vpc_endpoint Details created Snowflake AWS PrivateLink VPC Endpoint

Providers

Name Version
aws ~> 4.0
context >=0.4.0
snowflake >= 0.47

Requirements

Name Version
terraform >= 1.3
aws ~> 4.0
context >=0.4.0
snowflake >= 0.47

Resources

Name Type
aws_route53_record.snowflake_additional_dns_records resource
aws_route53_record.snowflake_private_link_ocsp_url resource
aws_route53_record.snowflake_private_link_url resource
aws_route53_record.snowflake_regionless_private_link_account_url resource
aws_route53_record.snowflake_regionless_private_link_snowsight_url resource
aws_route53_zone.this resource
aws_security_group.this resource
aws_vpc_endpoint.this resource
aws_vpc.this data source
context_label.this data source
context_tags.this data source
snowflake_system_get_privatelink_config.this data source

CONTRIBUTING

Contributions are very welcomed!

Start by reviewing contribution guide and our code of conduct. After that, start coding and ship your changes by creating a new PR.

LICENSE

Apache 2 Licensed. See LICENSE for full details.

AUTHORS

Made with contrib.rocks.

About

Terraform module for Snowflake AWS PrivateLink management

Topics

aws module terraform snowflake privatelink

Resources

Readme

License

Apache-2.0 license

Code of conduct

Code of conduct

Contributing

Contributing
Activity
Custom properties

Stars

3 stars

Watchers

6 watching

Forks

0 forks
Report repository

Releases 5

Version v2.0.0 Latest
Aug 22, 2025
+ 4 releases

Packages

No packages published

Contributors 4

  •  
  •  
  •  
  •  

Languages