Updating Manual Snowflake Connection
Non us-east-1 Snowflake Connections
If you have configured a non us-east-1 Snowflake billing connection with CloudZero, you may need to reapply the Trust Relationship between the CloudZero cross account role and your Snowflake instance. This relationship allows your Snowflake instance to drop files into the appropriate S3 bucket for CloudZero to ingest.
- Run the following in your Snowflake instance:
DESC INTEGRATION CLOUDZERO_BILLING_DATA_S3_ACCESS;
- From the output, copy the values for
STORAGE_AWS_EXTERNAL_ID
andSTORAGE_AWS_IAM_USER_ARN
. You will need these for your Trust Policy. - Open the IAM Role Console in the appropriate AWS Account.
- Find the Cross Account Role with a trust relationship with CloudZero.
- You can do this by searching your Roles for 'cloudzero'. Select the one with
Trusted entities
containingAccount: 061190967865
. - Click on the role name hyperlink.
- You can do this by searching your Roles for 'cloudzero'. Select the one with
- Click the Trust Relationships tab, and then the Edit trust relationship button.
- Switch the view to JSON. You will see a single statement that includes any cross-account permissions already applied (if any).
- Add an additional statement to the policy to allow Snowflake cross-account access by copying this JSON object under the key Statements. Remember to replace the <STORAGE_AWS_IAM_USER_ARN> and <STORAGE_AWS_EXTERNAL_ID> place holders with the values you copied in step 1!
Updated 7 months ago