πŸŽ‰ 75% of content is free forever β€” Unlock Premium from $10/mo β†’
CW
Search courses…
πŸ’Ό Servicesℹ️ Aboutβœ‰οΈ ContactView Pricing Plansfrom $10

Snowflake Cloud Provider Integration

🟒 Free Lesson

Advertisement

Snowflake Cloud Provider Integration

Snowflake provides deep integration with all major cloud providers, enabling seamless connectivity, security, and performance optimization for cloud-native workloads.

Multi-Cloud ArchitectureSnowflakeCompute LayerAWSS3, LambdaAzureBlob, FunctionsGCPGCS, FunctionsPrivateLinkSecure AccessDataCloudVPC PeeringPrivate networkingIAM IntegrationRole-based accessKMS EncryptionAt-rest securityCross-CloudData sharing

What is Cloud Integration?

  • Connects natively to AWS, Azure, and GCP
  • Provides PrivateLink for secure, private connectivity
  • Enables cross-cloud data sharing without data movement

Architecture Overview

The Snowflake multi-cloud architecture connects to three major cloud providers:

ProviderStorageNetworkingSecurityCompute
AWSS3VPC Peering, PrivateLinkIAM Roles, KMS EncryptionLambda
AzureBlob StorageVNet Integration, Private LinkManaged Identity, Key VaultFunctions
GCPCloud StorageVPC peering, Private Google AccessService Accounts, Cloud KMSFunctions

Snowflake Data Cloud provides multi-region capabilities with consistent APIs across all providers.

Integration Features

  • Networking β€” PrivateLink, VPC peering
  • Security β€” IAM, KMS, encryption
  • Storage β€” S3, Blob, GCS
  • Compute β€” Lambda, Functions

AWS Integration

S3 External Stage

-- Create storage integration
CREATE OR REPLACE STORAGE INTEGRATION s3_integration
  TYPE = EXTERNAL_STAGE
  ENABLED = TRUE
  STORAGE_PROVIDER = S3
  STORAGE_AWS_ROLE_ARN = 'arn:aws:iam::123456789:role/snowflake-role'
  STORAGE_ALLOWED_LOCATIONS = ('s3://my-bucket/data/');

-- Create external stage
CREATE OR REPLACE STAGE s3_stage
  URL = 's3://my-bucket/data/'
  STORAGE_INTEGRATION = s3_integration
  FILE_FORMAT = (TYPE = 'PARQUET');

AWS PrivateLink

-- Configure PrivateLink
CREATE OR REPLACE ACCOUNT LEVEL PARAMETERS
SET PRIVATE_ENDPOINT = 'vpce-1234567890abcdef0.snowflake.us-east-1.vpce.amazonaws.com';

-- Verify connection
SELECT SYSTEM$TYPE_OF_CONNECTION();

Azure Integration

Blob Storage Stage

CREATE OR REPLACE STORAGE INTEGRATION azure_integration
  TYPE = EXTERNAL_STAGE
  ENABLED = TRUE
  STORAGE_PROVIDER = AZURE
  AZURE_TENANT_ID = 'your-tenant-id'
  AZURE_STORAGE_ALLOWED_LOCATIONS = ('azure://myaccount.blob.core.windows.net/mycontainer/');

CREATE OR REPLACE STAGE azure_stage
  URL = 'azure://myaccount.blob.core.windows.net/mycontainer/data/'
  STORAGE_INTEGRATION = azure_integration;

Azure Private Link

CREATE OR REPLACE ACCOUNT LEVEL PARAMETERS
SET PRIVATE_ENDPOINT = 'privatelink.snf-abc123.database.windows.net';

GCP Integration

GCS Stage

CREATE OR REPLACE STORAGE INTEGRATION gcs_integration
  TYPE = EXTERNAL_STAGE
  ENABLED = TRUE
  STORAGE_PROVIDER = GCS
  GCS_STORAGE_ALLOWED_LOCATIONS = ('gcs://my-bucket/data/');

CREATE OR REPLACE STAGE gcs_stage
  URL = 'gcs://my-bucket/data/'
  STORAGE_INTEGRATION = gcs_integration;

Cross-Cloud Data Sharing

-- Share data across clouds
CREATE SHARE cross_cloud_share;
GRANT USAGE ON DATABASE my_db TO SHARE cross_cloud_share;
GRANT USAGE ON SCHEMA my_schema TO SHARE cross_cloud_share;
GRANT SELECT ON TABLE my_table TO SHARE cross_cloud_share;

-- Consumer account (different cloud)
CREATE DATABASE shared_data FROM SHARE provider_account.cross_cloud_share;
SELECT * FROM shared_data.my_schema.my_table;

Security Integration

Key Management

-- AWS KMS encryption
CREATE OR REPLACE STORAGE INTEGRATION encrypted_s3
  TYPE = EXTERNAL_STAGE
  STORAGE_PROVIDER = S3
  STORAGE_AWS_ROLE_ARN = 'arn:aws:iam::role/snowflake-role'
  STORAGE_AWS_KMS_KEY_ARN = 'arn:aws:kms:us-east-1:123456789:key/12345678-1234-1234-1234-123456789012';

-- Azure Key Vault
CREATE OR REPLACE STORAGE INTEGRATION encrypted_azure
  TYPE = EXTERNAL_STAGE
  STORAGE_PROVIDER = AZURE
  AZURE_TENANT_ID = 'tenant-id'
  AZURE_ENCRYPTION_TYPE = 'AZURE_KEY_VAULT'
  AZURE_KEY_URL = 'https://mykeyvault.vault.azure.net/keys/mykey';

Network Security

-- IP restrictions
ALTER ACCOUNT SET NETWORK_POLICY = 'restricted_policy';

-- Network policy
CREATE OR REPLACE NETWORK POLICY restricted_policy
  ALLOWED_IP_LIST = ('203.0.113.0/24', '198.51.100.0/24')
  BLOCKED_IP_LIST = ('192.0.2.0/24');

Always use PrivateLink for production workloads. It provides encrypted, private connectivity that doesn't traverse the public internet. Combine with network policies for defense in depth.

Cloud Provider Comparison

FeatureAWSAzureGCP
StorageS3BlobGCS
NetworkingVPC PeeringVNetVPC Peering
Private AccessPrivateLinkPrivate LinkPrivate Google Access
IAMIAM RolesManaged IdentityService Accounts
KMSKMSKey VaultCloud KMS
CDNCloudFrontAzure CDNCloud CDN
  • Snowflake supports multi-cloud with consistent APIs across providers
  • PrivateLink provides secure, private connectivity
  • Storage integrations enable seamless data sharing
  • Cross-cloud data sharing without data movement
  • Enterprise security with KMS encryption and IAM integration
⭐

Premium Content

Snowflake Cloud Provider Integration

Unlock this lesson and 900+ advanced tutorials with a Premium plan.

🎯End-to-end Projects
πŸ’ΌInterview Prep
πŸ“œCertificates
🀝Community Access

Already a member? Log in

Need Expert Snowflake Help?

Get personalized tutoring, project support, or professional consulting.

Advertisement