Data

Tools

Indexes

Applications

Experiments

Awesome

An open API service indexing awesome lists of open source software.

https://github.com/getindata/terraform-snowflake-privatelink-aws

Terraform module for Snowflake AWS PrivateLink management
https://github.com/getindata/terraform-snowflake-privatelink-aws

aws module privatelink snowflake terraform

Last synced: 24 days ago
JSON representation

Terraform module for Snowflake AWS PrivateLink management

Awesome Lists containing this project

README 

          
# Snowflake AWS PrivateLink Terraform Module



![Snowflake](https://img.shields.io/badge/-SNOWFLAKE-249edc?style=for-the-badge&logo=snowflake&logoColor=white)

![Terraform](https://img.shields.io/badge/terraform-%235835CC.svg?style=for-the-badge&logo=terraform&logoColor=white)



![License](https://badgen.net/github/license/getindata/terraform-snowflake-privatelink-aws/)

![Release](https://badgen.net/github/release/getindata/terraform-snowflake-privatelink-aws/)





  

  
We help companies turn their data into assets



---



Terraform module that can create and manage AWS PrivateLink for Snowflake.



This module creates:



* AWS VPC Endpoint

* Security group and assigns it to the endpoint

* AWS Route53 private zone and adds needed records inside



## USAGE



```terraform



module "snowflake_privatelink_aws" {

  source = "../../"



  name       = "snowflake"



  vpc_id     = "vpc-01234567890abcdef

  subnet_ids = ["subnet-01234567890abcdef", "subnet-01234567890abcdeg"]



  tags = {

    "example" = "tag"

  }

}



```



## NOTES



In order to successfully setup a PrivateLink in AWS - manual authorization of PrivateLink requests is needed,

more information can be found in Snowflake Documentation -

.



## Breaking changes in v2.x of the module



### Due to replacement of nulllabel (`context.tf`) with context provider, some **breaking changes** were introduced



List od code and variable (API) changes:



- Removed `context.tf` file (a single-file module with additonal variables), which implied a removal of all its variables (except `name`):

  - `descriptor_formats`

  - `label_value_case`

  - `label_key_case`

  - `id_length_limit`

  - `regex_replace_chars`

  - `label_order`

  - `additional_tag_map`

  - `tags`

  - `labels_as_tags`

  - `attributes`

  - `delimiter`

  - `stage`

  - `environment`

  - `tenant`

  - `namespace`

  - `enabled`

  - `context`

- Remove support `enabled` flag - that might cause some backward compatibility issues with terraform state (please take into account that proper `move` clauses were added to minimize the impact), but proceed with caution

- Additional `context` provider configuration

- New variables were added, to allow naming configuration via `context` provider:

  - `context_templates`

  - `name_schema`



### Due to rename of Snowflake terraform provider source, all `versions.tf` files were updated accordingly.



  Please keep in mind to mirror this change in your own repos also.



  For more information about provider rename, refer to [Snowflake documentation](https://github.com/snowflakedb/terraform-provider-snowflake/blob/main/SNOWFLAKEDB_MIGRATION.md).



### Maximal version of supported provider was unblocked



Keep in mind that, starting with Snowflake provider version `1.x`, the `snowflake_system_get_privatelink_config` resource is considered a preview feature and must be explicitly enabled in the provider configuration.



  **Required Provider Configuration:**



  ```terraform

  provider "snowflake" {

    preview_features_enabled = ["snowflake_system_get_privatelink_config_datasource"]

  }

  ```



  Without this configuration, you will encounter the following error:



  ```shell

  Error: snowflake_system_get_privatelink_config_datasource is currently a preview feature, and must be enabled by adding snowflake_system_get_privatelink_config_datasource to preview_features_enabled in Terraform configuration.

  ```



  For more information about preview features, refer to the [Snowflake provider documentation](https://registry.terraform.io/providers/snowflakedb/snowflake/latest/docs/resources/stage#preview-features) and [Snowflake resource documentation](https://registry.terraform.io/providers/snowflakedb/snowflake/latest/docs/resources/stage).



## Inputs



| Name | Description | Type | Default | Required |

|------|-------------|------|---------|:--------:|

|  [account\_name](#input\_account\_name) | Name of the Snowflake account, used to create regionless privatelink fqdns | `string` | `null` | no |

|  [additional\_dns\_records](#input\_additional\_dns\_records) | List of additional Route53 records to be added to local `privatelink.snowflakecomputing.com` hosted zone that points to Snowflake VPC endpoint. | `list(string)` | `[]` | no |

|  [allow\_vpc\_cidr](#input\_allow\_vpc\_cidr) | Whether allow access to the Snowflake PrivateLink endpoint from the whole VPC | `bool` | `true` | no |

|  [allowed\_cidrs](#input\_allowed\_cidrs) | List of subnet CIDRs that will be allowed to access Snowflake endpoint via PrivateLink | `list(string)` | `[]` | no |

|  [context\_templates](#input\_context\_templates) | Map of context templates used for naming conventions - this variable supersedes `naming_scheme.properties` and `naming_scheme.delimiter` configuration | `map(string)` | `{}` | no |

|  [name](#input\_name) | Name of the resource | `string` | n/a | yes |

|  [name\_scheme](#input\_name\_scheme) | Naming scheme configuration for the resource. This configuration is used to generate names using context provider:
    - `properties` - list of properties to use when creating the name - is superseded by `var.context_templates`
    - `delimiter` - delimited used to create the name from `properties` - is superseded by `var.context_templates`
    - `context_template_name` - name of the context template used to create the name
    - `replace_chars_regex` - regex to use for replacing characters in property-values created by the provider - any characters that match the regex will be removed from the name
    - `extra_values` - map of extra label-value pairs, used to create a name
    - `uppercase` - convert name to uppercase | 
object({
    properties            = optional(list(string), ["environment", "name"])
    delimiter             = optional(string, "_")
    context_template_name = optional(string, "snowflake-privatelink")
    replace_chars_regex   = optional(string, "[^a-zA-Z0-9_]")
    extra_values          = optional(map(string))
    uppercase             = optional(bool, false)
  })
 | `{}` | no |

|  [organisation\_name](#input\_organisation\_name) | Name of the organisation, where the Snowflake account is created, used to create regionless privatelink fqdns | `string` | `null` | no |

|  [subnet\_ids](#input\_subnet\_ids) | List of AWS Subnet IDs where Snowflake AWS PrivateLink Endpoint interfaces will be created | `list(string)` | n/a | yes |

|  [vpc\_id](#input\_vpc\_id) | VPC ID where the AWS PrivateLink VPC Endpoint will be created | `string` | n/a | yes |



## Modules



No modules.



## Outputs



| Name | Description |

|------|-------------|

|  [dns\_private\_zone](#output\_dns\_private\_zone) | Details of Route53 private hosted zone created for Snowflake PrivateLink |

|  [security\_group](#output\_security\_group) | Details of security group assigned to Snowflake AWS PrivateLink VPC Endpoint |

|  [snowflake\_additional\_dns\_records](#output\_snowflake\_additional\_dns\_records) | List of additional DNS records added to `.privatelink.snowflakecomputing.com` hosted zone |

|  [snowflake\_privatelink\_ocsp\_url](#output\_snowflake\_privatelink\_ocsp\_url) | URL to access Snowflake OCSP endpont using AWS PrivateLink |

|  [snowflake\_privatelink\_url](#output\_snowflake\_privatelink\_url) | URL to access Snowflake using AWS PrivateLink |

|  [snowflake\_regionless\_private\_link\_account\_url](#output\_snowflake\_regionless\_private\_link\_account\_url) | URL to access Snowflake account using AWS PrivateLink without specifying AWS region |

|  [snowflake\_regionless\_private\_link\_snowsight\_url](#output\_snowflake\_regionless\_private\_link\_snowsight\_url) | URL to access Snowsight UI using AWS PrivateLink without specifying AWS region |

|  [vpc\_endpoint](#output\_vpc\_endpoint) | Details created Snowflake AWS PrivateLink VPC Endpoint |



## Providers



| Name | Version |

|------|---------|

|  [aws](#provider\_aws) | ~> 4.0 |

|  [context](#provider\_context) | >=0.4.0 |

|  [snowflake](#provider\_snowflake) | >= 0.47 |



## Requirements



| Name | Version |

|------|---------|

|  [terraform](#requirement\_terraform) | >= 1.3 |

|  [aws](#requirement\_aws) | ~> 4.0 |

|  [context](#requirement\_context) | >=0.4.0 |

|  [snowflake](#requirement\_snowflake) | >= 0.47 |



## Resources



| Name | Type |

|------|------|

| [aws_route53_record.snowflake_additional_dns_records](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/route53_record) | resource |

| [aws_route53_record.snowflake_private_link_ocsp_url](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/route53_record) | resource |

| [aws_route53_record.snowflake_private_link_url](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/route53_record) | resource |

| [aws_route53_record.snowflake_regionless_private_link_account_url](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/route53_record) | resource |

| [aws_route53_record.snowflake_regionless_private_link_snowsight_url](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/route53_record) | resource |

| [aws_route53_zone.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/route53_zone) | resource |

| [aws_security_group.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/security_group) | resource |

| [aws_vpc_endpoint.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/vpc_endpoint) | resource |

| [aws_vpc.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/vpc) | data source |

| [context_label.this](https://registry.terraform.io/providers/cloudposse/context/latest/docs/data-sources/label) | data source |

| [context_tags.this](https://registry.terraform.io/providers/cloudposse/context/latest/docs/data-sources/tags) | data source |

| [snowflake_system_get_privatelink_config.this](https://registry.terraform.io/providers/snowflakedb/snowflake/latest/docs/data-sources/system_get_privatelink_config) | data source |



## CONTRIBUTING



Contributions are very welcomed!



Start by reviewing [contribution guide](CONTRIBUTING.md) and our [code of conduct](CODE_OF_CONDUCT.md). After that, start coding and ship your changes by creating a new PR.



## LICENSE



Apache 2 Licensed. See [LICENSE](LICENSE) for full details.



## AUTHORS





  




Made with [contrib.rocks](https://contrib.rocks).