Updating Manual Snowflake Connection

Non us-east-1 Snowflake Connections

If you have configured a non us-east-1 Snowflake billing connection with CloudZero, you may need to reapply the Trust Relationship between the CloudZero cross account role and your Snowflake instance. This relationship allows your Snowflake instance to drop files into the appropriate S3 bucket for CloudZero to ingest.

  1. Run the following in your Snowflake instance:
  1. From the output, copy the values for STORAGE_AWS_EXTERNAL_ID and STORAGE_AWS_IAM_USER_ARN. You will need these for your Trust Policy.
  2. Open the IAM Role Console in the appropriate AWS Account.
  3. Find the Cross Account Role with a trust relationship with CloudZero.
    1. You can do this by searching your Roles for 'cloudzero'. Select the one with Trusted entities containing Account: 061190967865.
    2. Click on the role name hyperlink.
  4. Click the Trust Relationships tab, and then the Edit trust relationship button.
  5. Switch the view to JSON. You will see a single statement that includes any cross-account permissions already applied (if any).
  6. Add an additional statement to the policy to allow Snowflake cross-account access by copying this JSON object under the key Statements. Remember to replace the <STORAGE_AWS_IAM_USER_ARN> and <STORAGE_AWS_EXTERNAL_ID> place holders with the values you copied in step 1!