TechQA.

Snowflake: AWS IAM Role for notification integration

58 views Asked by At

I am trying to create multiple notification integrations in Snowflake. As per my knowledge, I will have to create a new role per notification integration as a different SF_AWS_EXTERNAL_ID is generated for each notification.

Is my understanding correct or do we have a way to utilize one role for all integrations?

amazon-web-services snowflake-cloud-data-platform snowflake-schema identity-management
Original Q&A
1

There are 1 answers

0
Simon P On BEST ANSWER

you should be able to list the snowflake external id in the policy like below, I have storage and notification integration using same policy.

{
"Version": "2012-10-17",
"Statement": [
    {
        "Effect": "Allow",
        "Principal": {
            "AWS": "${snowflake_storage_integration.integration.storage_aws_iam_user_arn}"
        },
        "Action": "sts:AssumeRole",
        "Condition": {
            "StringEquals": {
                "sts:ExternalId": [
                    "${snowflake_storage_integration.integration.storage_aws_external_id}",
                    "${snowflake_notification_integration.integration.aws_sns_external_id}"
                ]
            }
        }
    }
]

See the aws doc https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_condition-logic-multiple-context-keys-or-values.html

Related Questions in AMAZON-WEB-SERVICES

Related Questions in SNOWFLAKE-CLOUD-DATA-PLATFORM

Related Questions in SNOWFLAKE-SCHEMA

Related Questions in IDENTITY-MANAGEMENT

Popular Questions

Popular Tags

javascript python java c# php android html jquery c++ css ios sql mysql r reactjs node.js arrays c asp.net json

Trending Questions