External network access limitations

This topic describes limitations for accessing external network locations from user-defined functions and procedures.

Limitations

  • Currently, handlers written only in Java or Python may access network locations external to Snowflake.

  • External network locations not on the public internet are not supported for external access. For example, locations behind a virtual private network (VPN) or virtual network (VNet) can’t be reached from a UDF or procedure.

  • Wildcards are not supported for VALUE_LIST values in network rules.

  • When using a secret of the PASSWORD type, the colon character (:) is not supported in the USERNAME or PASSWORD parameters.

  • Within handler code, you must access the secret API from the main thread of the procedure or UDF. If your handler code forks a new thread and attempts to use a secrets API from it, you will see an error such as the following:

    Secrets can only be accessed from the main thread.

    For example, the following Python code will generate an error:

    with ThreadPoolExecutor(max_workers=1) as executor:
  futures = [executor.submit(function, get_generic_secret)]
    Copy

  • This feature is currently available to accounts on all AWS and Azure regions except Gov.

    For more information, see Supported Cloud Regions.

  • By default, Snowflake does not enable external access for trial accounts. Contact your account representative to get external access enabled for a trial account.

Language: English