September 18-19, 2023 — 7.33 Release Notes¶
New Features¶
Network Rules — Preview¶
With this release, we are pleased to announce the preview of network rules, which group related network identifiers into logical units. When a Snowflake feature needs to restrict network traffic based on the origin or destination of a request, it can allow or block a network rule that contains the identifiers that should be permitted or denied.
Network rules make possible the following preview features:
For general information about network rules, see Network rules.
Enhanced Network Security — Preview¶
With this release, we are pleased to announce the preview of enhanced security when using network policies to restrict access to Snowflake. When combined with network rules, network policies can now:
Restrict access to the internal stage of a Snowflake account on AWS.
Restrict access based on the identifier of an AWS S3 endpoint.
For more information about using network rules with a network policy, see About network rules.
Network Isolation to Internal Stages Using AWS PrivateLink — Preview¶
With this release, we are pleased to announce the preview of the ability to isolate network traffic to Snowflake internal stages when connecting to them over AWS PrivateLink for Amazon S3. Snowflake recommends this approach for organizations that use AWS PrivateLink to access the internal stages of multiple Snowflake accounts.
In this approach, an AWS administrator creates multiple S3 interface endpoints, one for each internal stage. Then the Snowflake administrator uses the new S3_STAGE_VPCE_DNS_NAME parameter to associate an internal stage with its dedicated S3 interface endpoint.
Benefits of isolating private connectivity traffic include simplified DNS management, the ability to chargeback costs to a specific Snowflake account, and the ability to implement different security requirements for each Snowflake account.
For more details, see Accessing Internal stages with dedicated interface endpoints.
Data Loading Updates¶
Cross-platform Support for Snowpipe Auto-Ingest — General Availability¶
With this release, we are pleased to announce the general availability of the cross-platform support for Snowpipe auto-ingest. Triggering automated Snowpipe data loads using S3 event messages, GCS Pub/Sub event messages, and Azure Event Grid messages are now supported by Snowflake accounts hosted on any supported cloud platforms.
For more information, see Automating continuous data loading using cloud messaging.
Amazon EventBridge Support for Snowpipe Auto-Ingest — General Availability¶
With this release, we are pleased to announce the general availability of Amazon EventBridge support for Snowpipe auto-ingest. You can set up Amazon EventBridge for Snowpipe auto-ingest by following the steps in Automating Snowpipe for Amazon S3 with SNS.
Data Governance Updates¶
Tag-based Masking Policy: Support for Database & Schema — General Availability¶
With this release, we are pleased to announce the general availability of setting a tag-based masking policy on a database and schema. This update enables data engineers to protect all columns in a schema or database when the data type of the column matches the data type of the policy set on the tag. Additionally, a new column is protected when its data type matches the data type of the policy set on the tag. Setting the tag-based masking policy on the database or schema simplifies data protection management because you can set the tag-based policy once and not have to set a masking policy on every column in the database or schema.
For more information, see Tag-based masking policies.