Managing Cross-Cloud Auto-Fulfillment in Snowflake Data Clean Rooms¶
About Cross-Cloud Auto-Fulfillment¶
In the default clean room environment, a clean room can be shared only with accounts in the same cloud region. That is, the provider and consumer must be in the same cloud region.
If you want to collaborate with a collaborator whose account is in a different region than your account, you must enable Cross-Cloud Auto-Fulfillment for your clean room environment and your clean room as shown on this page.
You can determine your own cloud region by running SELECT CURRENT_REGION();
Enabling Cross-Cloud Auto-Fulfillment¶
To allow collaborators from a different region:
The clean room administrator must enable Cross-Cloud Auto-Fulfillment for the clean room account in both the provider and and consumer accounts.
The next step depends on your environment:
When creating or joining a clean room in the UI, no additional steps are needed.
When creating a clean room with the API, the provider and consumer must take additional steps described below to enable cross-cloud usage.
Enable Cross-Cloud Auto-Fulfillment for a clean room account¶
A clean rooms administrator must take the following steps in the UI or API to enable Cross-Cloud Auto-Fulfillment for a clean room account:
Navigate to the Snowflake Data Clean Rooms login page.
Enter your email address, and select Continue.
Enter your password.
If you are associated with multiple clean room environments, select the Snowflake account that you are configuring.
Select Admin > Snowflake Admin.
Select Login to Snowflake, and authenticate as a Snowflake user with the ACCOUNTADMIN role.
Toggle on Cross-Cloud Auto-Fulfillment.
No additional steps are required by the provider or consumer when creating or joining a clean room.
Administrator
The administrator in both the provider and consumer must enable Cross-Cloud Auto-Fulfillment for their Snowflake account. This can be done either in the clean room UI, or using the following API procedure:
USE ROLE ACCOUNTADMIN; CALL SAMOOHA_BY_SNOWFLAKE_LOCAL_DB.library.enable_laf_on_account();
Provider and consumer
After Cross-Cloud Auto-Fulfillment is enabled for an account, both the provider and consumer must enable Cross-Cloud Auto-Fulfillment for the clean room whenever they create or join a clean room across cloud regions.
For basic clean room usage, the consumer needs to call only
consumer.request_laf_cleanroom.To support full functionality described below, both sides must take these additional steps:
The consumer calls
consumer.setup_cleanroom_request_share_for_laf.The provider then calls
provider.request_laf_cleanroom_requestsandprovider.mount_laf_cleanroom_requests_share.For provider activation, the consumer calls
consumer.setup_activation_share_to_laf_consumer.When full setup is complete, the following additional functionality can be implemented the same way as same-region collaborators:
Request logging
Client template requests
Provider-run analyses
Provider activation
Full setup example:
Provider: The provider creates, shares, and publishes a clean room in the standard way.
USE ROLE SAMOOHA_APP_ROLE; USE WAREHOUSE APP_WH; SET cleanroom_name = 'LAF example'; CALL SAMOOHA_BY_SNOWFLAKE_LOCAL_DB.provider.cleanroom_init($cleanroom_name); CALL samooha_by_snowflake_local_db.provider.link_datasets($cleanroom_name, ['SAMOOHA_SAMPLE_DATABASE.DEMO.CUSTOMERS']); CALL SAMOOHA_BY_SNOWFLAKE_LOCAL_DB.provider.set_default_release_directive($cleanroom_name, 'V1_0', '0'); CALL SAMOOHA_BY_SNOWFLAKE_LOCAL_DB.provider.add_consumers($cleanroom_name, $consumer_locator, $consumer_account_name); CALL SAMOOHA_BY_SNOWFLAKE_LOCAL_DB.provider.create_or_update_cleanroom_listing($cleanroom_name);Consumer: The consumer installs the clean room and sets up full functionality for a cross-region clean room.
-- Async request to set up Cross-Cloud Auto-Fulfillment. -- This must be done before installing the clean room. -- Continue calling until it returns status FULFILLED. This can take 10 minutes. CALL SAMOOHA_BY_SNOWFLAKE_LOCAL_DB.consumer.request_laf_cleanroom( $cleanroom_name,$provider_locator); -- Consumer can now install and use the clean room in a limited fashion. -- However, if they want full functionality they must take the following steps. CALL SAMOOHA_BY_SNOWFLAKE_LOCAL_DB.consumer.install_cleanroom( $cleanroom_name, $provider_locator); -- Set up cross-region sharing. CALL SAMOOHA_BY_SNOWFLAKE_LOCAL_DB.consumer.setup_cleanroom_request_share_for_laf( $cleanroom_name, $provider_data_sharing_account_locator); -- Continue with clean room configuration, but don't use full functionality until -- the provider has completed the next section.Provider: After the consumer has set cross-region functionality for the clean room, the provider must set it up on their end.
USE ROLE SAMOOHA_APP_ROLE; -- Call request_laf_cleanroom_requests until it reports the status as FULFILLED, -- then call mount_laf_cleanroom_requests_share. These steps can take 10 minutes -- or more to complete. CALL samooha_by_snowflake_local_db.provider.request_laf_cleanroom_requests( $cleanroom_name, $consumer_locator); CALL samooha_by_snowflake_local_db.provider.mount_laf_cleanroom_requests_share( $cleanroom_name, $consumer_locator);Full functionality is now available.
Costs associated with cross-region collaboration¶
There are additional costs associated with collaborators who are in a different region. For more information about how these costs are incurred, see Understand Cross-Cloud Auto-Fulfillment costs.
Limitations on cross-region collaboration¶
The following limitations exist on cross-region collaboration:
Collaborators must share the same web app hosting region. For example, if the web app hosting region for one account is Amazon Web Services: US East (N. Virginia) and the web hosting region for another account is Amazon Web Services: Asia Pacific (Mumbai), then the two Snowflake customers cannot collaborate. To determine whether two collaborators share the same web app hosting region, see Web app hosting.
A provider cannot use differential privacy in the clean room.
Collaborators cannot link external tables and iceberg tables in clean rooms.
A consumer cannot run a multi-provider analysis.
Collaborators cannot use masking policies or row access policies.