Snowflake

Introduction

Snowflake is a multi-cloud data warehouse optimized for analytics workloads, requiring minimal maintenance.

Telmai integrates with Snowflake to monitor data, identifying anomalies such as outliers and drifts while processing data outside of your data warehouse (DW) architecture to reduce the monitoring load on your Snowflake DW.

This guide outlines the steps for integrating Telmai with Snowflake.

Authentication Options

Snowflake offers following authentication options (Reference)

1. Basic authentication using username and passcode

2. Key pair authentication

3. Multi-Factor Authentication (MFA)

4. Federated Authentication and Single Sign-On (SSO)

Telmai supports key pair-based connectivity to Snowflake, offering enhanced security compared to basic authentication. Below are the detailed steps to integrate Snowflake with Telmai using this method.

Setting up Authentication

1. Role and User Creation: If you have an existing user with the necessary permissions to access the database, schema, table, or view, skip to Step 2. However, the best practice is to create a separate role and user specifically for Telmai.

   • Role: Telmai requires permissions for database connections, schema and table listings, metadata retrieval, and data selection in tables and views. These are managed through SELECT, USAGE, and MONITOR privileges in Snowflake. For references on creating roles and assigning appropriate privileges, please refer to 1, 2, and 3

   • User: Create a user account for Telmai to access Snowflake. Assign the user to the role created above. Detailed steps for creating a user can be found here.

2. Generate an unencrypted key pair and assign it to the user following the instructions here

3. Assign the default role and warehouse for the user as described here

4. Once the role, user, and key pair are configured, enter the following parameters in the Telmai Connection Wizard:

   • Snowflake Account

   • Snowflake Warehouse

   • Snowflake Database

   • Snowflake Schema

   • Snowflake Username

   • Snowflake Private Key

Snowflake Configuration Template Script To simplify configuration, you can use a Telmai Template Script, enter your parameters, and execute in the Snowflake console.

1. Generate key pair as described here (Step 2)

2. Download the template script (download)

3. Modify the parameters in the script

set user_password = '4556-$%%-oooo-#@'; -- Change this password
set warehouse_name = 'COMPUTE_WH'; -- Change to your warehouse name
set database_name = 'TESTDB'; -- Change this database name to your database
set db_schema_name = 'TESTSCHEMA'; -- Change this schema name to your schema
set db_table_name = 'SUPPLIER'; -- Change this table name to your table
alter user identifier($user_name) set rsa_public_key = 'MII...'; -- Change to the public key to one generated in step 1 above

4. Run the updated script in your Snowflake console.

Whitelisting Telmai IP’s

In some cases, Snowflake's security requires whitelisting the IPs from which connection to the database is allowed. For this purpose, Telmai provides a list of static IPs from which connections can be made. Please refer to Telmai IP list.

Please make sure you are whitelisting those IP addresses. These IPs are for the SaaS version of the product, which is running in the US West. They will be provided separately upon request for the private cloud or deployment in other regions.

Snowflake instances are open to every IP address by default, so no action is required. However, if you have set up network policies to restrict the IP addresses communicating with the Snowflake instance, you'll need to modify these policies to allow the Telmai IP address. There are two types of network policies:

• Account level: Apply to all users unless overridden by a user-level policy.

• User level: Apply only to specific users and override account-level policies.

Please refer to the Snowflake documentation for more information on modifying network policies.