Snowflake Setup Guide

This is the simplest connection method. To use this method, add Fivetran's IP addresses to your network policy's allowed list to allow connections from Fivetran.

IMPORTANT: You must have a Business Critical plan to use AWS PrivateLink.

AWS PrivateLink allows VPCs and AWS-hosted or on-premises services to communicate with one another without exposing traffic to the public internet. PrivateLink is the most secure connection method. Learn more in AWS’ PrivateLink documentation.

Prerequisites

To set up AWS PrivateLink, you need:

• A Fivetran instance configured to run in AWS
• A Business Critical Snowflake database in one of our supported regions

Configure AWS PrivateLink

1. Inform Snowflake's support team that you want to enable AWS PrivateLink for Fivetran and provide them with the following information:

   • Fivetran’s AWS VPC Account ID: arn:aws:iam::834469178297:root
   • Your Snowflake account URL

   Once Snowflake receives this information, they will allow Fivetran to establish a PrivateLink connection to your Snowflake database and provide you with a VPCe in the following format: com.amazonaws.vpce.<region_id>.vpce-svc-xxxxxxxxxxxxxxxxx.

2. Make a note of the VPCe that Snowflake provides you. You will need it to complete the AWS PrivateLink configuration.

3. Go to your Snowflake instance and run the following query:

   SELECT SYSTEM$GET_PRIVATELINK_CONFIG();

   NOTE: For more information about the query, see Snowflake's documentation.

4. Make a note of the query output. The output will be in the following format:

   {
   "privatelink-account-name": "<account_name>",
   "privatelink-account-url": "<privatelink_account_url>",
   "privatelink-ocsp-url": "<privatelink_ocsp_url>",
   "privatelink-vpce-id": "<aws_vpce_id>"
   }
   

5. Send the VPCe you found in Step 2 and the output of the query to your Fivetran account manager.

6. Notify your Fivetran account manager that you have completed these steps. We will complete the set up for your Snowflake database from our side. Once the setup is complete, we will send you the host address and resource ID for your PrivateLink connection.

7. Make a note of the host address that you received from Fivetran. You will need it to configure Fivetran.

8. Contact Snowflake's support team and provide the resource ID that you received from Fivetran.

(Optional) Configure Snowflake network policy

If you have configured AWS PrivateLink, add Fivetran's internal VPC CIDR range to the Snowflake network policy's allowed list:

Alternatively, add the Fivetran VPC Endpoint ID or AWS VPCE ID to your network policy's allowed list.

NOTE: Contact our support team for the Fivetran VPC Endpoint ID or AWS VPCE ID.

IMPORTANT: You must have a Business Critical plan to use Azure Private Link.

Azure Private Link allows VNet and Azure-hosted or on-premises services to communicate with one another without exposing traffic to the public internet. Learn more in Microsoft's Azure Private Link documentation.

Prerequisites

To set up Azure Private Link, you need:

• A Fivetran instance configured to run in Azure
• An Azure-hosted, Azure Virtual Machine-hosted, or on-premises Snowflake database in one of our supported regions

Configure Azure Private Link

1. Inform Snowflake's support team that you want to enable Azure Private Link for Fivetran and provide them with the following information:

   • Fivetran’s Azure subscription ID: 6d755170-32cd-4a50-8bf2-621c984f3528
   • Your Snowflake account URL

   Once Snowflake receives this information, they will allow Fivetran to establish a Private Link connection to your Snowflake database.

2. Once Snowflake has approved your request, go to your Snowflake instance and run the following query as a user with the Snowflake ACCOUNTADMIN role to obtain the URL that we need to access Snowflake through Azure Private Link:

   SELECT SYSTEM$GET_PRIVATELINK_CONFIG();

   NOTE: For more information about the query, see Snowflake's documentation.

3. Make a note of the query output. The output will be in the following format:

   {
     "privatelink-account-name": "<account_identifier>",
     "privatelink-internal-stage": "<privatelink_stage_endpoint>",
     "privatelink-account-url":"<privatelink_account_url>",
     "privatelink-ocsp-url": "<privatelink_ocsp_url>",
     "privatelink-pls-id": "<azure_privatelink_service_id>"
   }
   

4. Send the output of the query to your Fivetran account manager. Notify your Fivetran account manager that you have completed these steps. We will complete the set up for your Snowflake database from our side. Once the setup is complete, we will send you the host address and the resource ID for your Private Link connection.

5. Make a note of the host address that you received from Fivetran. You will need it to configure Fivetran.

6. Contact Snowflake's support team and provide the resource ID that you received from Fivetran.

   NOTE: For more information about configuring Azure Private Link, see Snowflake's documentation.

(Optional) Configure Snowflake network policy

If you have configured Azure Private Link, add Fivetran's internal VNet CIDR range to the Snowflake network policy's allowed list:

Alternatively, add the Fivetran Resource ID or Azure LinkID to your network policy's allowed list. To add the Fivetran Resource ID or Azure LinkID, do the following:

1. Run the following command as an account admin:

   SELECT SYSTEM$GET_PRIVATELINK_AUTHORIZED_ENDPOINTS();

2. Make a note of the linkIdentifier value and provide it to our support team to complete the setup for you.

Google Cloud Private Service Connect allows VPCs and Google-hosted or on-premises services to communicate with one another without exposing traffic to the public internet. Learn more in Google Cloud's Private Service Connect documentation.

Prerequisites

To set up Google Cloud Private Service Connect, you need:

• A Fivetran instance configured to run in Google Cloud
• A Business Critical Snowflake database in one of our supported regions

Configure Google Cloud Private Service Connect

1. Inform Snowflake's support team that you want to enable Google Cloud Private Service Connect for Fivetran and provide them with the following information:

   • Fivetran’s project id: fivetran-donkeys
   • Your Snowflake account URL

   Once Snowflake receives this information, they will allow auto-approval for Fivetran’s project.

2. Once Snowflake has approved your request, go to your Snowflake instance and run the following query as a user with the Snowflake ACCOUNTADMIN role to obtain the URL that we need to access Snowflake through Google Cloud Private Service Connect:

   SELECT SYSTEM$GET_PRIVATELINK_CONFIG();

   NOTE: For more information about the query, see Snowflake's documentation.

3. Send the output of the query to your Fivetran account manager. The output will be in the following format:

   {
     "privatelink-account-name": "<account_identifier>",
     "privatelink-account-url":"<privatelink_account_url>",
     "privatelink-ocsp-url": "<privatelink_ocsp_account_url>",
     "privatelink-gcp-service-attachment": "<privatelink_service_attachment_id>"
   }
   

4. Notify your Fivetran account manager that you have completed these steps. We will complete the set up for your Snowflake database from our side. Once the setup is complete, we will send you the host address and Private Service Connection ID.

5. Make a note of the host address that you received from Fivetran. You need it to configure Fivetran.

(Optional) Configure Snowflake network policy

If you have configured Google Cloud Private Service Connect, add Fivetran's internal VPC CIDR range to the Snowflake network policy's allowed list: