{"id":21514892,"url":"https://github.com/getindata/terraform-snowflake-privatelink-aws","last_synced_at":"2026-05-20T02:43:22.005Z","repository":{"id":137896406,"uuid":"579967781","full_name":"getindata/terraform-snowflake-privatelink-aws","owner":"getindata","description":"Terraform module for Snowflake AWS PrivateLink management","archived":false,"fork":false,"pushed_at":"2024-01-15T19:38:31.000Z","size":51,"stargazers_count":3,"open_issues_count":5,"forks_count":0,"subscribers_count":6,"default_branch":"main","last_synced_at":"2025-01-24T02:30:56.001Z","etag":null,"topics":["aws","module","privatelink","snowflake","terraform"],"latest_commit_sha":null,"homepage":"","language":"HCL","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/getindata.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":"CONTRIBUTING.md","funding":null,"license":"LICENSE","code_of_conduct":"CODE_OF_CONDUCT.md","threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2022-12-19T11:48:12.000Z","updated_at":"2024-07-24T22:25:09.000Z","dependencies_parsed_at":"2025-01-24T02:30:05.020Z","dependency_job_id":"260727af-0c46-48fb-8b12-4c0f06b0bf96","html_url":"https://github.com/getindata/terraform-snowflake-privatelink-aws","commit_stats":null,"previous_names":[],"tags_count":4,"template":false,"template_full_name":"getindata/terraform-module-template","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/getindata%2Fterraform-snowflake-privatelink-aws","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/getindata%2Fterraform-snowflake-privatelink-aws/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/getindata%2Fterraform-snowflake-privatelink-aws/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/getindata%2Fterraform-snowflake-privatelink-aws/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/getindata","download_url":"https://codeload.github.com/getindata/terraform-snowflake-privatelink-aws/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":244066192,"owners_count":20392407,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["aws","module","privatelink","snowflake","terraform"],"created_at":"2024-11-23T23:53:26.756Z","updated_at":"2026-05-20T02:43:21.998Z","avatar_url":"https://github.com/getindata.png","language":"HCL","funding_links":[],"categories":[],"sub_categories":[],"readme":"# Snowflake AWS PrivateLink Terraform Module\n\n\u003c!--- Pick Cloud provider Badge --\u003e\n\u003c!---![Azure](https://img.shields.io/badge/azure-%230072C6.svg?style=for-the-badge\u0026logo=microsoftazure\u0026logoColor=white) --\u003e\n\u003c!---![Google Cloud](https://img.shields.io/badge/GoogleCloud-%234285F4.svg?style=for-the-badge\u0026logo=google-cloud\u0026logoColor=white) --\u003e\n![Snowflake](https://img.shields.io/badge/-SNOWFLAKE-249edc?style=for-the-badge\u0026logo=snowflake\u0026logoColor=white)\n![Terraform](https://img.shields.io/badge/terraform-%235835CC.svg?style=for-the-badge\u0026logo=terraform\u0026logoColor=white)\n\n\u003c!--- Replace repository name --\u003e\n![License](https://badgen.net/github/license/getindata/terraform-snowflake-privatelink-aws/)\n![Release](https://badgen.net/github/release/getindata/terraform-snowflake-privatelink-aws/)\n\n\u003cp align=\"center\"\u003e\n  \u003cimg height=\"150\" src=\"https://getindata.com/img/logo.svg\"\u003e\n  \u003ch3 align=\"center\"\u003eWe help companies turn their data into assets\u003c/h3\u003e\n\u003c/p\u003e\n\n---\n\nTerraform module that can create and manage AWS PrivateLink for Snowflake.\n\nThis module creates:\n\n* AWS VPC Endpoint\n* Security group and assigns it to the endpoint\n* AWS Route53 private zone and adds needed records inside\n\n## USAGE\n\n```terraform\n\nmodule \"snowflake_privatelink_aws\" {\n  source = \"../../\"\n\n  name       = \"snowflake\"\n\n  vpc_id     = \"vpc-01234567890abcdef\n  subnet_ids = [\"subnet-01234567890abcdef\", \"subnet-01234567890abcdeg\"]\n\n  tags = {\n    \"example\" = \"tag\"\n  }\n}\n\n```\n\n## NOTES\n\nIn order to successfully setup a PrivateLink in AWS - manual authorization of PrivateLink requests is needed,\nmore information can be found in Snowflake Documentation -\n\u003chttps://docs.snowflake.com/en/user-guide/admin-security-privatelink.html#enabling-aws-privatelink\u003e.\n\n## Breaking changes in v2.x of the module\n\n### Due to replacement of nulllabel (`context.tf`) with context provider, some **breaking changes** were introduced\n\nList od code and variable (API) changes:\n\n- Removed `context.tf` file (a single-file module with additonal variables), which implied a removal of all its variables (except `name`):\n  - `descriptor_formats`\n  - `label_value_case`\n  - `label_key_case`\n  - `id_length_limit`\n  - `regex_replace_chars`\n  - `label_order`\n  - `additional_tag_map`\n  - `tags`\n  - `labels_as_tags`\n  - `attributes`\n  - `delimiter`\n  - `stage`\n  - `environment`\n  - `tenant`\n  - `namespace`\n  - `enabled`\n  - `context`\n- Remove support `enabled` flag - that might cause some backward compatibility issues with terraform state (please take into account that proper `move` clauses were added to minimize the impact), but proceed with caution\n- Additional `context` provider configuration\n- New variables were added, to allow naming configuration via `context` provider:\n  - `context_templates`\n  - `name_schema`\n\n### Due to rename of Snowflake terraform provider source, all `versions.tf` files were updated accordingly.\n\n  Please keep in mind to mirror this change in your own repos also.\n\n  For more information about provider rename, refer to [Snowflake documentation](https://github.com/snowflakedb/terraform-provider-snowflake/blob/main/SNOWFLAKEDB_MIGRATION.md).\n\n### Maximal version of supported provider was unblocked\n\nKeep in mind that, starting with Snowflake provider version `1.x`, the `snowflake_system_get_privatelink_config` resource is considered a preview feature and must be explicitly enabled in the provider configuration.\n\n  **Required Provider Configuration:**\n\n  ```terraform\n  provider \"snowflake\" {\n    preview_features_enabled = [\"snowflake_system_get_privatelink_config_datasource\"]\n  }\n  ```\n\n  Without this configuration, you will encounter the following error:\n\n  ```shell\n  Error: snowflake_system_get_privatelink_config_datasource is currently a preview feature, and must be enabled by adding snowflake_system_get_privatelink_config_datasource to preview_features_enabled in Terraform configuration.\n  ```\n\n  For more information about preview features, refer to the [Snowflake provider documentation](https://registry.terraform.io/providers/snowflakedb/snowflake/latest/docs/resources/stage#preview-features) and [Snowflake resource documentation](https://registry.terraform.io/providers/snowflakedb/snowflake/latest/docs/resources/stage).\n\n\u003c!-- BEGIN_TF_DOCS --\u003e\n\n\n\n\n## Inputs\n\n| Name | Description | Type | Default | Required |\n|------|-------------|------|---------|:--------:|\n| \u003ca name=\"input_account_name\"\u003e\u003c/a\u003e [account\\_name](#input\\_account\\_name) | Name of the Snowflake account, used to create regionless privatelink fqdns | `string` | `null` | no |\n| \u003ca name=\"input_additional_dns_records\"\u003e\u003c/a\u003e [additional\\_dns\\_records](#input\\_additional\\_dns\\_records) | List of additional Route53 records to be added to local `privatelink.snowflakecomputing.com` hosted zone that points to Snowflake VPC endpoint. | `list(string)` | `[]` | no |\n| \u003ca name=\"input_allow_vpc_cidr\"\u003e\u003c/a\u003e [allow\\_vpc\\_cidr](#input\\_allow\\_vpc\\_cidr) | Whether allow access to the Snowflake PrivateLink endpoint from the whole VPC | `bool` | `true` | no |\n| \u003ca name=\"input_allowed_cidrs\"\u003e\u003c/a\u003e [allowed\\_cidrs](#input\\_allowed\\_cidrs) | List of subnet CIDRs that will be allowed to access Snowflake endpoint via PrivateLink | `list(string)` | `[]` | no |\n| \u003ca name=\"input_context_templates\"\u003e\u003c/a\u003e [context\\_templates](#input\\_context\\_templates) | Map of context templates used for naming conventions - this variable supersedes `naming_scheme.properties` and `naming_scheme.delimiter` configuration | `map(string)` | `{}` | no |\n| \u003ca name=\"input_name\"\u003e\u003c/a\u003e [name](#input\\_name) | Name of the resource | `string` | n/a | yes |\n| \u003ca name=\"input_name_scheme\"\u003e\u003c/a\u003e [name\\_scheme](#input\\_name\\_scheme) | Naming scheme configuration for the resource. This configuration is used to generate names using context provider:\u003cbr/\u003e    - `properties` - list of properties to use when creating the name - is superseded by `var.context_templates`\u003cbr/\u003e    - `delimiter` - delimited used to create the name from `properties` - is superseded by `var.context_templates`\u003cbr/\u003e    - `context_template_name` - name of the context template used to create the name\u003cbr/\u003e    - `replace_chars_regex` - regex to use for replacing characters in property-values created by the provider - any characters that match the regex will be removed from the name\u003cbr/\u003e    - `extra_values` - map of extra label-value pairs, used to create a name\u003cbr/\u003e    - `uppercase` - convert name to uppercase | \u003cpre\u003eobject({\u003cbr/\u003e    properties            = optional(list(string), [\"environment\", \"name\"])\u003cbr/\u003e    delimiter             = optional(string, \"_\")\u003cbr/\u003e    context_template_name = optional(string, \"snowflake-privatelink\")\u003cbr/\u003e    replace_chars_regex   = optional(string, \"[^a-zA-Z0-9_]\")\u003cbr/\u003e    extra_values          = optional(map(string))\u003cbr/\u003e    uppercase             = optional(bool, false)\u003cbr/\u003e  })\u003c/pre\u003e | `{}` | no |\n| \u003ca name=\"input_organisation_name\"\u003e\u003c/a\u003e [organisation\\_name](#input\\_organisation\\_name) | Name of the organisation, where the Snowflake account is created, used to create regionless privatelink fqdns | `string` | `null` | no |\n| \u003ca name=\"input_subnet_ids\"\u003e\u003c/a\u003e [subnet\\_ids](#input\\_subnet\\_ids) | List of AWS Subnet IDs where Snowflake AWS PrivateLink Endpoint interfaces will be created | `list(string)` | n/a | yes |\n| \u003ca name=\"input_vpc_id\"\u003e\u003c/a\u003e [vpc\\_id](#input\\_vpc\\_id) | VPC ID where the AWS PrivateLink VPC Endpoint will be created | `string` | n/a | yes |\n\n## Modules\n\nNo modules.\n\n## Outputs\n\n| Name | Description |\n|------|-------------|\n| \u003ca name=\"output_dns_private_zone\"\u003e\u003c/a\u003e [dns\\_private\\_zone](#output\\_dns\\_private\\_zone) | Details of Route53 private hosted zone created for Snowflake PrivateLink |\n| \u003ca name=\"output_security_group\"\u003e\u003c/a\u003e [security\\_group](#output\\_security\\_group) | Details of security group assigned to Snowflake AWS PrivateLink VPC Endpoint |\n| \u003ca name=\"output_snowflake_additional_dns_records\"\u003e\u003c/a\u003e [snowflake\\_additional\\_dns\\_records](#output\\_snowflake\\_additional\\_dns\\_records) | List of additional DNS records added to `.privatelink.snowflakecomputing.com` hosted zone |\n| \u003ca name=\"output_snowflake_privatelink_ocsp_url\"\u003e\u003c/a\u003e [snowflake\\_privatelink\\_ocsp\\_url](#output\\_snowflake\\_privatelink\\_ocsp\\_url) | URL to access Snowflake OCSP endpont using AWS PrivateLink |\n| \u003ca name=\"output_snowflake_privatelink_url\"\u003e\u003c/a\u003e [snowflake\\_privatelink\\_url](#output\\_snowflake\\_privatelink\\_url) | URL to access Snowflake using AWS PrivateLink |\n| \u003ca name=\"output_snowflake_regionless_private_link_account_url\"\u003e\u003c/a\u003e [snowflake\\_regionless\\_private\\_link\\_account\\_url](#output\\_snowflake\\_regionless\\_private\\_link\\_account\\_url) | URL to access Snowflake account using AWS PrivateLink without specifying AWS region |\n| \u003ca name=\"output_snowflake_regionless_private_link_snowsight_url\"\u003e\u003c/a\u003e [snowflake\\_regionless\\_private\\_link\\_snowsight\\_url](#output\\_snowflake\\_regionless\\_private\\_link\\_snowsight\\_url) | URL to access Snowsight UI using AWS PrivateLink without specifying AWS region |\n| \u003ca name=\"output_vpc_endpoint\"\u003e\u003c/a\u003e [vpc\\_endpoint](#output\\_vpc\\_endpoint) | Details created Snowflake AWS PrivateLink VPC Endpoint |\n\n## Providers\n\n| Name | Version |\n|------|---------|\n| \u003ca name=\"provider_aws\"\u003e\u003c/a\u003e [aws](#provider\\_aws) | ~\u003e 4.0 |\n| \u003ca name=\"provider_context\"\u003e\u003c/a\u003e [context](#provider\\_context) | \u003e=0.4.0 |\n| \u003ca name=\"provider_snowflake\"\u003e\u003c/a\u003e [snowflake](#provider\\_snowflake) | \u003e= 0.47 |\n\n## Requirements\n\n| Name | Version |\n|------|---------|\n| \u003ca name=\"requirement_terraform\"\u003e\u003c/a\u003e [terraform](#requirement\\_terraform) | \u003e= 1.3 |\n| \u003ca name=\"requirement_aws\"\u003e\u003c/a\u003e [aws](#requirement\\_aws) | ~\u003e 4.0 |\n| \u003ca name=\"requirement_context\"\u003e\u003c/a\u003e [context](#requirement\\_context) | \u003e=0.4.0 |\n| \u003ca name=\"requirement_snowflake\"\u003e\u003c/a\u003e [snowflake](#requirement\\_snowflake) | \u003e= 0.47 |\n\n## Resources\n\n| Name | Type |\n|------|------|\n| [aws_route53_record.snowflake_additional_dns_records](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/route53_record) | resource |\n| [aws_route53_record.snowflake_private_link_ocsp_url](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/route53_record) | resource |\n| [aws_route53_record.snowflake_private_link_url](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/route53_record) | resource |\n| [aws_route53_record.snowflake_regionless_private_link_account_url](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/route53_record) | resource |\n| [aws_route53_record.snowflake_regionless_private_link_snowsight_url](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/route53_record) | resource |\n| [aws_route53_zone.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/route53_zone) | resource |\n| [aws_security_group.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/security_group) | resource |\n| [aws_vpc_endpoint.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/vpc_endpoint) | resource |\n| [aws_vpc.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/vpc) | data source |\n| [context_label.this](https://registry.terraform.io/providers/cloudposse/context/latest/docs/data-sources/label) | data source |\n| [context_tags.this](https://registry.terraform.io/providers/cloudposse/context/latest/docs/data-sources/tags) | data source |\n| [snowflake_system_get_privatelink_config.this](https://registry.terraform.io/providers/snowflakedb/snowflake/latest/docs/data-sources/system_get_privatelink_config) | data source |\n\u003c!-- END_TF_DOCS --\u003e\n\n## CONTRIBUTING\n\nContributions are very welcomed!\n\nStart by reviewing [contribution guide](CONTRIBUTING.md) and our [code of conduct](CODE_OF_CONDUCT.md). After that, start coding and ship your changes by creating a new PR.\n\n## LICENSE\n\nApache 2 Licensed. See [LICENSE](LICENSE) for full details.\n\n## AUTHORS\n\n\u003c!--- Replace repository name --\u003e\n\u003ca href=\"https://github.com/getindata/snowflake-privatelink-aws/graphs/contributors\"\u003e\n  \u003cimg src=\"https://contrib.rocks/image?repo=getindata/terraform-snowflake-privatelink-aws\" /\u003e\n\u003c/a\u003e\n\nMade with [contrib.rocks](https://contrib.rocks).\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fgetindata%2Fterraform-snowflake-privatelink-aws","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fgetindata%2Fterraform-snowflake-privatelink-aws","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fgetindata%2Fterraform-snowflake-privatelink-aws/lists"}