You are here:
Update Your Snowflake Network Policy
To ensure access, modify your Snowflake network policy to include the Data Cloud VPC endpoint ID.
Required Editions
| Available in: All Editions supported by Data 360. See Data 360 edition availability. |
| User Permissions Needed | |
|---|---|
| To create a Snowflake network route | Data Cloud Architect permission set OR Manage External Connections or Customize Application permission |
| To administer a Snowflake environment | Snowflake account administrator |
- To find your Data Cloud VPC Endpoint ID and Data Cloud DNS Name, go to the details page of the network route after it's provisioned.
-
(Data Federation) Create network rules based on their purpose and type of network
identifier. Use
MODE=INGRESS TYPE=AWSVPCEID VALUE_LIST=('<VPCE-ID-value>'). See Create network rules and Incoming requests. -
(Data Federation) Create a network policy that contain the identifiers including the
rule:
CREATE NETWORK POLICY policy_salesforce_vpce_only ALLOWED_NETWORK_RULE_LIST = ('allow_salesforce_vpce');. See Create a network policy and Interaction between allowed lists and blocked lists. -
(Data Federation) Apply the policy to the user connecting from Salesforce for a JDBC
based connection using the private network route:
ALTER USER <salesforce_user> SET NETWORK_POLICY policy_salesforce_vpce_only; -
(Data Share) Apply the policy to the Security Integration for DST (Data Share Target)
using the PrivateLink URL:
ALTER SECURITY INTEGRATION <my_security_integration> SET NETWORK_POLICY = <my_policy>;. See Create Security Integration.
Did this article solve your issue?
Let us know so we can improve!
