Set Up a Snowflake File Federation Connection
Configure a connection between Data Cloud and an AWS or Azure-hosted Snowflake instance and federate data into Data Cloud.
| User Permissions Needed | |
|---|---|
| To create a Snowflake Data Federation connection in Data Cloud. | System Admin profile or Data Cloud Architect permission set |
Prerequisites:
- Firewall: If the Snowflake instance is behind a network firewall, add these Data Cloud IP addresses to your access control list before configuring a connection. If the network firewall that protects the server hosting the catalog is distinct from the network firewall that protects the storage bucket, make sure to update both. Both the Open Catalog and the storage bucket must be publicly accessible. Data Cloud doesn't support connecting over AWS PrivateLink or Azure Private Link.
- Catalog: The Snowflake instance must be managed by an Open Catalog. See Snowflake Open Catalog.
- Storage: If the Snowflake instance is hosted on AWS, data must be stored in an AWS S3 storage bucket. If the Snowflake instance is hosted on Azure, data must be stored in an Azure Data Lake Storage Gen2 storage container.
Set Up Connection
-
In Data Cloud, click Setup and select Data Cloud Setup.
-
Under External Integrations, select Other Connectors.
-
On the Source tab, select Snowflake File Federation and click Next.
-
Enter the connection name and connection API name.
-
In the Authentication Details section, select CATALOG_PROVIDED if your Open Catalog supports storage credential vending. Otherwise, select S3 if data is stored in AWS S3 and AZURE if data is stored in either Azure Blob Storage or ADLS Gen2.
- Open Catalog: Register Data Cloud as a client of the Snowflake instance and record the client ID and client secret generated as part of the registration process. Use the generated credentials to complete the authentication. See Configure Snowflake OAuth for custom clients.
- Storage Bucket: If you did not select CATALOG_PROVIDED, provide additional information about your storage bucket or container.
| Storage Type | Authentication Details |
|---|---|
| Azure Blob Storage or Azure Data Lake Storage Gen2 | Storage Account Name - Provide the name of the storage account. |
| SAS Token - SAS Token - Provide the shared access signature token that Data Cloud will use to access the relevant storage container within the storage account. | |
| S3 | Bucket Name - Provide the name of the storage bucket. |
| Access Key ID - Provide the access key ID for the IAM user that Data Cloud will use to access the storage bucket. | |
| Secret Access Key - Provide the secret access key for the IAM user that Data Cloud will use to access the storage bucket. | |
| AWS Region - Provide the name of the AWS region the storage bucket is hosted in. See Regions, Availability Zones, and Local Zones - Amazon Relational Database Service for the list of AWS regions. |
-
In connection details section, enter the publicly-accessible HTTPS URL of the Open Catalog. The format for the URL is https://<open_catalog_account_identifier>.snowflakecomputing.com/polaris/api/catalog.
-
To review your configuration, click Test Connection.
-
Click Save.
Considerations
- Views: Querying Iceberg views is not supported.
- Row-Level Updates: Querying Iceberg tables that are configured to use Iceberg V2 MoR Position / Equality Deletes or Iceberg V3 Deletion Vectors is not supported.
- Namespaces: Only single-level (catalog -> database -> table) and two-level namespaces (catalog -> database -> schema -> table) are supported.
- Cross-Region S3 Storage Bucket: If your Data Cloud org is not in the same region as your S3 storage bucket and your catalog doesn't support storage credential vending, you must ensure that the server hosting the REST catalog includes the client.region property in the LoadTableResult object.
- Temporal Data Types: The time and timestamp_ntz data types are unsupported.