ALTER SECURITY INTEGRATION (AWS IAM Authentication)¶
Modifies the properties of an existing security integration created for authenticating with AWS IAM.
For information about modifying other types of security integrations (such as Snowflake OAuth), see ALTER SECURITY INTEGRATION.
- See also:
CREATE SECURITY INTEGRATION (AWS IAM Authentication) , DESCRIBE INTEGRATION , DROP INTEGRATION , SHOW INTEGRATIONS
Syntax¶
ALTER [ SECURITY ] INTEGRATION [ IF EXISTS ] <name> SET
[ TYPE = AWS_IAM ]
[ AWS_ROLE_ARN = '<iam_role_arn>' ]
[ ENABLED = { TRUE | FALSE } ]
[ COMMENT = '<string_literal>' ]
ALTER [ SECURITY ] INTEGRATION <name> SET TAG <tag_name> = '<tag_value>' [ , <tag_name> = '<tag_value>' ... ]
ALTER [ SECURITY ] INTEGRATION <name> UNSET TAG <tag_name> [ , <tag_name> ... ]
Parameters¶
nameString that specifies the identifier (such as the name) for the integration.
SET ...Specifies one or more properties/parameters to set for the integration (separated by blank spaces, commas, or new lines):
TYPE = AWS_IAMSpecifies that the integration uses AWS IAM to authenticate to the external service.
ENABLED = { TRUE | FALSE }Specifies whether to enable or disable this security integration.
TRUEAllows the integration to run based on the parameters specified in the integration definition.
FALSESuspends the integration for maintenance. Any integration between Snowflake and a third-party service fails to work.
AWS_ROLE_ARN = 'iam_role_arn'Specifies the Amazon Resource Name (ARN) of the AWS identity and access management (IAM) role that grants privileges for AWS resources.
Access control requirements¶
A role used to execute this SQL command must have the following privileges at a minimum:
Privilege |
Object |
Notes |
|---|---|---|
OWNERSHIP |
Integration |
OWNERSHIP is a special privilege on an object that is automatically granted to the role that created the object, but can also be transferred using the GRANT OWNERSHIP command to a different role by the owning role (or any role with the MANAGE GRANTS privilege). |
For instructions on creating a custom role with a specified set of privileges, see Creating custom roles.
For general information about roles and privilege grants for performing SQL actions on securable objects, see Overview of Access Control.
Usage notes¶
Regarding metadata:
Attention
Customers should ensure that no personal data (other than for a User object), sensitive data, export-controlled data, or other regulated data is entered as metadata when using the Snowflake service. For more information, see Metadata fields in Snowflake.
Examples¶
The following example initiates operation of a suspended integration:
ALTER SECURITY INTEGRATION myint SET ENABLED = TRUE;