SYSTEM$UNREGISTER_PRIVATELINK_ENDPOINT¶

Unregisters a private connectivity endpoint to route your connection to the Snowflake service.

Syntax¶

AWS

SYSTEM$UNREGISTER_PRIVATELINK_ENDPOINT(
  '<aws_private_endpoint_vpce_id>',
  '<aws_account_id>',
  '<token>',
  )

Copy

Azure

SYSTEM$UNREGISTER_PRIVATELINK_ENDPOINT(
  '<azure_private_endpoint_link_id>',
  '<azure_private_endpoint_resource_id>',
  '<token>',
  )

Copy

Arguments¶

AWS

aws_private_endpoint_vpce_id

Specifies the identifier for your Amazon Web Services (AWS) virtual private cloud endpoint (AWS VPCEID).

To obtain the AWS VPCEID value, navigate through the AWS console or use the following command:

aws ec2 describe-vpc-endpoints

Copy

aws_account_id

The 12-digit identifier that uniquely identifies your Amazon Web Services (AWS) account, as a string.

To obtain the AWS account ID value, navigate through the AWS console or use the following command:

aws sts get-caller-identity

Copy

Azure

azure_private_endpoint_link_id

Specifies the identifier for your Microsoft Azure (Azure) virtual private cloud endpoint link (Azure LinkID).

To obtain the Azure LinkID value:

Run the SYSTEM$GET_PRIVATELINK_AUTHORIZED_ENDPOINTS system function.

azure_private_endpoint_resource_id

The identifier that uniquely identifies your Snowflake account in Microsoft Azure (Azure) as a string.

To obtain the Azure private endpoint resource Id, use the following command:

az network private-endpoint list --resource-group my_resource_group

Copy

token

Specifies an access token to verify ownership of the private connectivity endpoint.

To obtain the token, you must have the corresponding read or describe privilege on the private connectivity endpoint at a minimum. For more information, see:

To obtain the token, use the following commands:

For Snowflake on AWS:

aws sts get-federation-token --name snowflake --policy '{ "Version": "2012-10-17", "Statement"
: [ { "Effect": "Allow", "Action": ["ec2:DescribeVpcEndpoints"], "Resource": ["*"] } ] }'

Copy

For Snowflake on Azure:

az account get-access-token --subscription <subscription_id>

Copy

For more information about limiting the scope of an access token, see:

For Snowflake on AWS: Managing access token scope on Amazon Web Services
For Snowflake on Azure: Managing access token scope on Microsoft Azure

Returns¶

Returns a status message about the registration of the private connectivity endpoint.

Usage notes¶

Only account administrators (users with the ACCOUNTADMIN role) can call this function.

Examples¶

Unregister a VPC endpoint for your Snowflake account. Note that the AccessKeyId, SecretAccessKey, and SessionToken values are truncated:

AWS

SELECT SYSTEM$UNREGISTER_PRIVATELINK_ENDPOINT(
  'vpce-0c1...',
  '174...',
  '{
    "Credentials": {
      "AccessKeyId": "ASI...",
      "SecretAccessKey": "aFP...",
      "SessionToken": "Fwo...",
      "Expiration": "2024-04-26 05:49:09+00:00"
    },
    "FederatedUser": {
      "FederatedUserId": "0123...:snowflake",
      "Arn": "arn:aws:sts::174...:federated-user/sam"
    },
    "PackedPolicySize": 9,
  }'
);

Copy

Azure

SELECT SYSTEM$UNREGISTER_PRIVATELINK_ENDPOINT(
  '123...',
  '/subscriptions/0cc51670-.../resourceGroups/dbsec_test_rg/providers/Microsoft.Network/
  privateEndpoints/...',
  'eyJ...',
  );

Copy