External network access limitations¶
This topic describes limitations for accessing external network locations from user-defined functions and procedures.
Currently, handlers written only in Java or Python may access network locations external to Snowflake.
External network locations not on the public internet are not supported for external access. For example, locations behind a virtual private network (VPN) or virtual network (VNet) can’t be reached from a UDF or procedure.
Wildcards are not supported for VALUE_LIST values in network rules.
Within handler code, you must access the secret API from the main thread of the procedure or UDF. If your handler code forks a new thread and attempts to use a secrets API from it, you will see an error such as the following:
Secrets can only be accessed from the main thread.
For example, the following Python code will generate an error:
with ThreadPoolExecutor(max_workers=1) as executor: futures = [executor.submit(function, get_generic_secret)]
This feature is currently available to accounts on all AWS and Azure regions except Gov.
For more information, see Supported Cloud Regions.
External access is not supported for trial accounts.