- Categories:
System functions (System Control)
SYSTEM$DEPROVISION_
Deprovisions a private connectivity endpoint in the Snowflake VPC or VNet to prevent Snowflake from connecting to an external key management service (KMS) resource using private connectivity. The endpoint can be a service endpoint or a resource endpoint depending on the cloud platform that hosts your Snowflake account.
If you call this function and mistakenly remove an endpoint, call the SYSTEM$RESTORE_PRIVATELINK_ENDPOINT_TSS system function to restore the endpoint within seven days. After seven days, the endpoint is deleted and can’t be recovered; you will need to recreate the endpoint with the SYSTEM$PROVISION_PRIVATELINK_ENDPOINT_TSS.
Syntax¶
AWS:
Azure:
Google Cloud:
Arguments¶
AWS:
provider_service_nameSpecifies the external KMS resource endpoint.
Azure:
provider_resource_idSpecifies the fully-qualified identifier for the resource in your VPC or VNet.
Google Cloud:
target_service_idSpecifies the service attachment ID or regional Google API endpoint.
Returns¶
Returns a status message stating that the endpoint, with its identifier, is deprovisioned successfully.
Access control requirements¶
Only users granted the MODIFY privilege on the account can call this function. The MODIFY privilege is typically granted only to the ACCOUNTADMIN role.
Usage notes¶
An error message occurs if a private connectivity endpoint is not associated with the specified arguments.
Examples¶
AWS:
Deprovision a private endpoint with external access to the AWS KMS:
Azure:
Deprovision a private endpoint to prevent Snowflake from connecting to an external key vault on Microsoft Azure for Tri-Secret Secure:
Google Cloud: