{"id":21514843,"url":"https://github.com/getindata/terraform-snowflake-stage","last_synced_at":"2026-01-03T10:50:24.945Z","repository":{"id":137896396,"uuid":"588080500","full_name":"getindata/terraform-snowflake-stage","owner":"getindata","description":"Terraform module for managing Snowflake stages","archived":false,"fork":false,"pushed_at":"2025-01-13T01:59:35.000Z","size":66,"stargazers_count":1,"open_issues_count":3,"forks_count":0,"subscribers_count":6,"default_branch":"main","last_synced_at":"2025-01-24T02:30:20.664Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"HCL","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/getindata.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":"CONTRIBUTING.md","funding":null,"license":"LICENSE","code_of_conduct":"CODE_OF_CONDUCT.md","threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2023-01-12T09:27:20.000Z","updated_at":"2025-01-07T15:24:10.000Z","dependencies_parsed_at":"2025-01-24T02:29:39.599Z","dependency_job_id":"e6d06032-7bcc-4999-9f73-7ec2db14cb94","html_url":"https://github.com/getindata/terraform-snowflake-stage","commit_stats":null,"previous_names":[],"tags_count":7,"template":false,"template_full_name":"getindata/terraform-module-template","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/getindata%2Fterraform-snowflake-stage","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/getindata%2Fterraform-snowflake-stage/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/getindata%2Fterraform-snowflake-stage/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/getindata%2Fterraform-snowflake-stage/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/getindata","download_url":"https://codeload.github.com/getindata/terraform-snowflake-stage/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":244066190,"owners_count":20392407,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-11-23T23:53:11.982Z","updated_at":"2026-01-03T10:50:24.940Z","avatar_url":"https://github.com/getindata.png","language":"HCL","funding_links":[],"categories":[],"sub_categories":[],"readme":"# Snowflake Stage Terraform Module\n![Snowflake](https://img.shields.io/badge/-SNOWFLAKE-249edc?style=for-the-badge\u0026logo=snowflake\u0026logoColor=white)\n![Terraform](https://img.shields.io/badge/terraform-%235835CC.svg?style=for-the-badge\u0026logo=terraform\u0026logoColor=white)\n\n![License](https://badgen.net/github/license/getindata/terraform-snowflake-stage/)\n![Release](https://badgen.net/github/release/getindata/terraform-snowflake-stage/)\n\n\u003cp align=\"center\"\u003e\n  \u003cimg height=\"150\" src=\"https://getindata.com/img/logo.svg\"\u003e\n  \u003ch3 align=\"center\"\u003eWe help companies turn their data into assets\u003c/h3\u003e\n\u003c/p\u003e\n\n---\n\nTerraform module for Snowflake stage management.\n\n- Creates Snowflake stage\n- Can create custom Snowflake database-roles with role-to-role assignments\n- Can create a set of default roles to simplify access management:\n  - `READONLY` - granted `USAGE` or `READ` privilages\n  - `READWRITE` - granted `WRITE` privileges\n  - `ADMIN` - granted `ALL PRIVILEGES`\n\n## USAGE\n\n```terraform\nmodule \"snowflake_stage\" {\n  source = \"getindata/stage/snowflake\"\n  # version  = \"x.x.x\"\n\n  name     = \"my_stage\"\n  schema   = \"my_schema\"\n  database = \"my_db\"\n  \n  url         = \"s3://com.example.bucket/prefix\"\n  credentials = \"AWS_KEY_ID='${var.example_aws_key_id}' AWS_SECRET_KEY='${var.example_aws_secret_key}'\"\n  \n  create_default_database_roles = true\n}\n```\n\n## EXAMPLES\n\n- [Simple](examples/simple) - Basic usage of the module\n- [Complete](examples/complete) - Advanced usage of the module\n\n## Breaking changes in v2.x of the module\n\nDue to breaking changes in Snowflake provider and additional code optimizations, **breaking changes** were introduced in `v2.0.0` version of this module.\n\nList of code and variable (API) changes:\n\n- Switched to `snowflake_grant_ownership` resource instead of provider-removed `snowflake_role_ownership_grant`\n- Switched to `snowflake_database_role` module to leverage new `database_roles` mechanism\n- `default_roles` and `custom_roles` are now combined and managed by single module\n- `roles` variable map received following additions:\n  - `all_privileges` - optional, bool\n  - `on_all` - optional, bool, defaults to false\n  - `on_future` - optional, bool, defaults to false\n  - `with_grant_option` - optional, bool\n  - `granted_to_database_roles` - optional, string\n  - `granted_database_roles` - optional, list of strings\n\n- and got following items removed:\n  - `enabled`\n  - `comment`\n  - `role_ownership_grant`\n  - `granted_roles`\n  - `granted_to_users`\n\n\nWhen upgrading from `v1.x`, expect most of the resources to be recreated - if recreation is impossible, then it is possible to import some existing resources.\n\nFor more information, refer to [variables.tf](variables.tf), list of inputs below and Snowflake provider documentation\n\n## Breaking changes in v3.x of the module\n\nDue to replacement of nulllabel (`context.tf`) with context provider, some **breaking changes** were introduced in `v3.0.0` version of this module.\n\nList od code and variable (API) changes:\n\n- Removed `context.tf` file (a single-file module with additonal variables), which implied a removal of all its variables (except `name`):\n  - `descriptor_formats`\n  - `label_value_case`\n  - `label_key_case`\n  - `id_length_limit`\n  - `regex_replace_chars`\n  - `label_order`\n  - `additional_tag_map`\n  - `tags`\n  - `labels_as_tags`\n  - `attributes`\n  - `delimiter`\n  - `stage`\n  - `environment`\n  - `tenant`\n  - `namespace`\n  - `enabled`\n  - `context`\n- Remove support `enabled` flag - that might cause some backward compatibility issues with terraform state (please take into account that proper `move` clauses were added to minimize the impact), but proceed with caution\n- Additional `context` provider configuration\n- New variables were added, to allow naming configuration via `context` provider:\n  - `context_templates`\n  - `name_schema`\n\n## Breaking changes in v4.x of the module\n\n- Due to rename of Snowflake terraform provider source, all `versions.tf` files were updated accordingly.\n\n  Please keep in mind to mirror this change in your own repos also.\n\n  For more information about provider rename, refer to [Snowflake documentation](https://github.com/snowflakedb/terraform-provider-snowflake/blob/main/SNOWFLAKEDB_MIGRATION.md).\n\n- Maximal version of supported provider was also unblocked in version `v4.1.x` , so keep in mind that, starting with Snowflake provider version `1.x`, the `snowflake_stage` resource is considered a preview feature and must be explicitly enabled in the provider configuration.\n\n  **Required Provider Configuration:**\n\n  ```terraform\n  provider \"snowflake\" {\n    preview_features_enabled = [\"snowflake_stage_resource\"]\n  }\n  ```\n\n  Without this configuration, you will encounter the following error:\n\n  ```shell\n  Error: snowflake_stage_resource is currently a preview feature, and must be enabled by adding snowflake_stage_resource to preview_features_enabled in Terraform configuration.\n  ```\n\n  For more information about preview features, refer to the [Snowflake provider documentation](https://registry.terraform.io/providers/snowflakedb/snowflake/latest/docs/resources/stage#preview-features) and [Snowflake stage resource documentation](https://registry.terraform.io/providers/snowflakedb/snowflake/latest/docs/resources/stage).\n\n\u003c!-- BEGIN_TF_DOCS --\u003e\n\n\n\n\n## Inputs\n\n| Name | Description | Type | Default | Required |\n|------|-------------|------|---------|:--------:|\n| \u003ca name=\"input_aws_external_id\"\u003e\u003c/a\u003e [aws\\_external\\_id](#input\\_aws\\_external\\_id) | ID of the customer AWS account | `string` | `null` | no |\n| \u003ca name=\"input_comment\"\u003e\u003c/a\u003e [comment](#input\\_comment) | Specifies a comment for the stage | `string` | `null` | no |\n| \u003ca name=\"input_context_templates\"\u003e\u003c/a\u003e [context\\_templates](#input\\_context\\_templates) | Map of context templates used for naming conventions - this variable supersedes `naming_scheme.properties` and `naming_scheme.delimiter` configuration | `map(string)` | `{}` | no |\n| \u003ca name=\"input_copy_options\"\u003e\u003c/a\u003e [copy\\_options](#input\\_copy\\_options) | Specifies the copy options for the stage | `string` | `null` | no |\n| \u003ca name=\"input_create_default_roles\"\u003e\u003c/a\u003e [create\\_default\\_roles](#input\\_create\\_default\\_roles) | Whether the default database roles should be created | `bool` | `false` | no |\n| \u003ca name=\"input_credentials\"\u003e\u003c/a\u003e [credentials](#input\\_credentials) | Specifies the credentials for the stage | `string` | `null` | no |\n| \u003ca name=\"input_database\"\u003e\u003c/a\u003e [database](#input\\_database) | The database in which to create the stage | `string` | n/a | yes |\n| \u003ca name=\"input_directory\"\u003e\u003c/a\u003e [directory](#input\\_directory) | Specifies the directory settings for the stage | `string` | `null` | no |\n| \u003ca name=\"input_encryption\"\u003e\u003c/a\u003e [encryption](#input\\_encryption) | Specifies the encryption settings for the stage | `string` | `null` | no |\n| \u003ca name=\"input_file_format\"\u003e\u003c/a\u003e [file\\_format](#input\\_file\\_format) | Specifies the file format for the stage | `string` | `null` | no |\n| \u003ca name=\"input_name\"\u003e\u003c/a\u003e [name](#input\\_name) | Name of the resource | `string` | n/a | yes |\n| \u003ca name=\"input_name_scheme\"\u003e\u003c/a\u003e [name\\_scheme](#input\\_name\\_scheme) | Naming scheme configuration for the resource. This configuration is used to generate names using context provider:\u003cbr/\u003e    - `properties` - list of properties to use when creating the name - is superseded by `var.context_templates`\u003cbr/\u003e    - `delimiter` - delimited used to create the name from `properties` - is superseded by `var.context_templates`\u003cbr/\u003e    - `context_template_name` - name of the context template used to create the name\u003cbr/\u003e    - `replace_chars_regex` - regex to use for replacing characters in property-values created by the provider - any characters that match the regex will be removed from the name\u003cbr/\u003e    - `extra_values` - map of extra label-value pairs, used to create a name\u003cbr/\u003e    - `uppercase` - convert name to uppercase | \u003cpre\u003eobject({\u003cbr/\u003e    properties            = optional(list(string), [\"name\"])\u003cbr/\u003e    delimiter             = optional(string, \"_\")\u003cbr/\u003e    context_template_name = optional(string, \"snowflake-stage\")\u003cbr/\u003e    replace_chars_regex   = optional(string, \"[^a-zA-Z0-9_]\")\u003cbr/\u003e    extra_values          = optional(map(string))\u003cbr/\u003e    uppercase             = optional(bool, true)\u003cbr/\u003e  })\u003c/pre\u003e | `{}` | no |\n| \u003ca name=\"input_roles\"\u003e\u003c/a\u003e [roles](#input\\_roles) | Database roles created in the stage scope | \u003cpre\u003emap(object({\u003cbr/\u003e    name_scheme = optional(object({\u003cbr/\u003e      properties            = optional(list(string))\u003cbr/\u003e      delimiter             = optional(string)\u003cbr/\u003e      context_template_name = optional(string)\u003cbr/\u003e      replace_chars_regex   = optional(string)\u003cbr/\u003e      extra_labels          = optional(map(string))\u003cbr/\u003e      uppercase             = optional(bool)\u003cbr/\u003e    }))\u003cbr/\u003e    comment                   = optional(string)\u003cbr/\u003e    with_grant_option         = optional(bool)\u003cbr/\u003e    granted_to_roles          = optional(list(string))\u003cbr/\u003e    granted_to_database_roles = optional(list(string))\u003cbr/\u003e    granted_database_roles    = optional(list(string))\u003cbr/\u003e    stage_grants              = optional(list(string))\u003cbr/\u003e    all_privileges            = optional(bool)\u003cbr/\u003e  }))\u003c/pre\u003e | `{}` | no |\n| \u003ca name=\"input_schema\"\u003e\u003c/a\u003e [schema](#input\\_schema) | The schema in which to create the stage | `string` | n/a | yes |\n| \u003ca name=\"input_snowflake_iam_user\"\u003e\u003c/a\u003e [snowflake\\_iam\\_user](#input\\_snowflake\\_iam\\_user) | Specifies the Snowflake IAM user | `string` | `null` | no |\n| \u003ca name=\"input_stage_ownership_grant\"\u003e\u003c/a\u003e [stage\\_ownership\\_grant](#input\\_stage\\_ownership\\_grant) | To which account role the stage ownership should be granted | `string` | `null` | no |\n| \u003ca name=\"input_storage_integration\"\u003e\u003c/a\u003e [storage\\_integration](#input\\_storage\\_integration) | Specifies the name of the storage integration used to delegate authentication responsibility for external cloud storage to a Snowflake identity and access management (IAM) entity | `string` | `null` | no |\n| \u003ca name=\"input_url\"\u003e\u003c/a\u003e [url](#input\\_url) | Specifies the URL for the stage | `string` | `null` | no |\n\n## Modules\n\n| Name | Source | Version |\n|------|--------|---------|\n| \u003ca name=\"module_roles_deep_merge\"\u003e\u003c/a\u003e [roles\\_deep\\_merge](#module\\_roles\\_deep\\_merge) | Invicton-Labs/deepmerge/null | 0.1.5 |\n| \u003ca name=\"module_snowflake_custom_role\"\u003e\u003c/a\u003e [snowflake\\_custom\\_role](#module\\_snowflake\\_custom\\_role) | getindata/database-role/snowflake | 3.0.0 |\n| \u003ca name=\"module_snowflake_default_role\"\u003e\u003c/a\u003e [snowflake\\_default\\_role](#module\\_snowflake\\_default\\_role) | getindata/database-role/snowflake | 3.0.0 |\n\n## Outputs\n\n| Name | Description |\n|------|-------------|\n| \u003ca name=\"output_database_roles\"\u003e\u003c/a\u003e [database\\_roles](#output\\_database\\_roles) | This stage access roles |\n| \u003ca name=\"output_fully_qualified_name\"\u003e\u003c/a\u003e [fully\\_qualified\\_name](#output\\_fully\\_qualified\\_name) | Fully Qualified Name of the stage |\n| \u003ca name=\"output_name\"\u003e\u003c/a\u003e [name](#output\\_name) | Name of the stage |\n\n## Providers\n\n| Name | Version |\n|------|---------|\n| \u003ca name=\"provider_context\"\u003e\u003c/a\u003e [context](#provider\\_context) | \u003e=0.4.0 |\n| \u003ca name=\"provider_snowflake\"\u003e\u003c/a\u003e [snowflake](#provider\\_snowflake) | \u003e= 0.95 |\n\n## Requirements\n\n| Name | Version |\n|------|---------|\n| \u003ca name=\"requirement_terraform\"\u003e\u003c/a\u003e [terraform](#requirement\\_terraform) | \u003e= 1.3 |\n| \u003ca name=\"requirement_context\"\u003e\u003c/a\u003e [context](#requirement\\_context) | \u003e=0.4.0 |\n| \u003ca name=\"requirement_snowflake\"\u003e\u003c/a\u003e [snowflake](#requirement\\_snowflake) | \u003e= 0.95 |\n\n## Resources\n\n| Name | Type |\n|------|------|\n| [snowflake_grant_ownership.stage_ownership](https://registry.terraform.io/providers/snowflakedb/snowflake/latest/docs/resources/grant_ownership) | resource |\n| [snowflake_stage.this](https://registry.terraform.io/providers/snowflakedb/snowflake/latest/docs/resources/stage) | resource |\n| [context_label.this](https://registry.terraform.io/providers/cloudposse/context/latest/docs/data-sources/label) | data source |\n\u003c!-- END_TF_DOCS --\u003e\n\n## CONTRIBUTING\n\nContributions are very welcomed!\n\nStart by reviewing [contribution guide](CONTRIBUTING.md) and our [code of conduct](CODE_OF_CONDUCT.md). After that, start coding and ship your changes by creating a new PR.\n\n## LICENSE\n\nApache 2 Licensed. See [LICENSE](LICENSE) for full details.\n\n## AUTHORS\n\n\u003c!--- Replace repository name --\u003e\n\u003ca href=\"https://github.com/getindata/REPO_NAME/graphs/contributors\"\u003e\n  \u003cimg src=\"https://contrib.rocks/image?repo=getindata/terraform-snowflake-stage\" /\u003e\n\u003c/a\u003e\n\nMade with [contrib.rocks](https://contrib.rocks).\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fgetindata%2Fterraform-snowflake-stage","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fgetindata%2Fterraform-snowflake-stage","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fgetindata%2Fterraform-snowflake-stage/lists"}