CloudZero Academy
Guides
CloudZero Status
  1. Connect Your Cost Data
  2. SaaS Platforms
  3. Connecting to Snowflake

Update a Legacy Snowflake Connection

Non us-east-1 Snowflake connections that use the legacy S3-based ingestion method require a trust relationship between the CloudZero cross-account role and your Snowflake instance. If this trust relationship is removed or needs to be reapplied, follow the steps below.

Step 1: Get the trust policy values from Snowflake

  1. In your Snowflake account, run the following command. For full details, see Snowflake's DESC INTEGRATION reference.

    DESC INTEGRATION CLOUDZERO_BILLING_DATA_S3_ACCESS;

  2. From the output, copy the values for STORAGE_AWS_EXTERNAL_ID and STORAGE_AWS_IAM_USER_ARN.

Step 2: Update the IAM trust policy in AWS

For full details on trust policies, see AWS' IAM trust policy documentation.

  1. In the AWS IAM console, navigate to Roles.
  2. Search for cloudzero and select the role with Trusted entities containing Account 061190967865.
  3. Click the Trust relationships tab, then Edit trust policy.
  4. Add an additional statement to the policy by copying this JSON template into the Statement array.
  5. Replace <STORAGE_AWS_IAM_USER_ARN> and <STORAGE_AWS_EXTERNAL_ID> with the values you copied in Step 1.
  6. Save the trust policy.

Step 3: Verify the connection

Return to Settings > Cloud Connections in CloudZero. The Snowflake connection status returns to Healthy within an hour.

ℹ️

Have questions or feedback? Reach out to your account manager.

Updated 28 days ago