Managing Cross-Cloud Auto-Fulfillment in Snowflake Data Clean Rooms¶
About Cross-Cloud Auto-Fulfillment¶
In the default clean room environment, a clean room can be shared only with accounts in the same cloud region. That is, the provider and consumer must be in the same cloud region.
If you want to collaborate with a collaborator whose account is in a different region than your account, you must enable Cross-Cloud Auto-Fulfillment for your clean room environment and your clean room as shown on this page.
You can determine your own cloud region by running SELECT CURRENT_REGION();
Note
Cross-Cloud Auto-Fulfillment is sometimes referred to as LAF, which stands for listings auto-fulfillment.
Enabling Cross-Cloud Auto-Fulfillment¶
You can enable Cross-Cloud Auto-Fulfillment using either the API or the UI. However, note the limitations for cross-region collaboration.
Prerequisites¶
In order to enable Cross-Cloud Auto-Fulfillment for an account, an org admin must first enable it on the account by calling SYSTEM$ENABLE_GLOBAL_DATA_SHARING_FOR_ACCOUNT. This is for both providers and consumers.
Learn more about auto-fulfillment and managing auto-fulfillment privileges.
Enable Cross-Cloud Auto-Fulfillment in the UI¶
A clean rooms administrator enables Cross-Cloud Auto-Fulfillment at the account level for all new and existing clean rooms by following these steps:
Sign in to the clean rooms UI with your administrator account.
Browse to Admin > Snowflake Admin.
Toggle on Cross-Cloud Auto-Fulfillment.
No additional steps are required by the provider or consumer when creating or joining a clean room in the UI. However, if you later create or join a clean room in the API, you must follow the API instructions for providers and consumers.
Enable Cross-Cloud Auto-Fulfillment in the API¶
Follow these instructions to create or install a clean room in the API, even if you have already enabled Cross-Cloud Auto-Fulfillment in the UI.
Account administrators¶
To enable Cross-Cloud Auto-Fulfillment for an account using the API, administrators in both the provider and consumer accounts must run the following example code using the ACCOUNTADMIN role. You need to run this only once per account.
USE ROLE ACCOUNTADMIN;
-- Optionally check first to see if cross-cloud is enabled on the account.
CALL samooha_by_snowflake_local_db.library.is_laf_enabled_on_account();
-- If not, enable it.
CALL samooha_by_snowflake_local_db.library.enable_laf_on_account();
Providers and consumers¶
After Cross-Cloud Auto-Fulfillment is enabled for an account, here is how to enable Cross-Cloud Auto-Fulfillment when creating or installing a clean room:
The provider publishes the clean room in the normal way by calling
provider.create_or_update_cleanroom_listing.The consumer installs the clean room by calling
consumer.install_cleanroom. If the consumer is in a different cloud region from the provider,consumer.install_cleanroomfails with a message that Cross-Cloud Auto-Fulfillment replication is being installed.The consumer continues to call
consumer.install_cleanroomuntil it returns success. Installation takes several minutes.
At this point, the consumer has basic clean room functionality. If the consumer wants support for client template requests, provider-run analyses, and provider activation, follow these additional steps:
The provider tests whether a cross-region consumer has successfully installed the clean room by calling
provider.request_laf_cleanroom_requestsuntil the procedure returns a success message.The provider then calls
provider.mount_laf_cleanroom_requests_shareto enable request-based actions between the consumer and provider in that clean room.
Full setup code example:
Provider: The provider creates, shares, and publishes a clean room in the standard way.
USE WAREHOUSE APP_WH; USE ROLE SAMOOHA_APP_ROLE; SET cleanroom_name = 'LAF example'; SET consumer_locator = '<CONSUMER_LOCATOR>'; SET consumer_account_name = '<CONSUMER_DATA_SHARING_ACCOUNT_ID>'; CALL SAMOOHA_BY_SNOWFLAKE_LOCAL_DB.provider.cleanroom_init($cleanroom_name); CALL SAMOOHA_BY_SNOWFLAKE_LOCAL_DB.provider.set_default_release_directive( $cleanroom_name, 'V1_0', '0'); CALL SAMOOHA_BY_SNOWFLAKE_LOCAL_DB.provider.add_consumers( $cleanroom_name, $consumer_locator, $consumer_account_name); CALL SAMOOHA_BY_SNOWFLAKE_LOCAL_DB.provider.create_or_update_cleanroom_listing($cleanroom_name);
Consumer: The consumer installs the clean room.
USE WAREHOUSE APP_WH; USE ROLE samooha_app_role; SET cleanroom_name = 'LAF example'; SET provider_locator = '<PROVIDER_LOCATOR>'; -- Initial call starts the process and returns a cross-cloud/region replication failure. -- Continue to call this procedure until it returns a success message. CALL SAMOOHA_BY_SNOWFLAKE_LOCAL_DB.consumer.install_cleanroom( $cleanroom_name, $provider_locator); -- Continue with standard clean room configuration and use. -- Consumer can run analyses, but requests to submit a template aren't -- supported until the provider calls provider.mount_laf_cleanroom_requests_share. ...
Provider: After the consumer installs the clean room, the provider must mount the requests share if they want to enable request-based actions between the provider and consumer. Request-based actions include provider requests to run an analysis and consumer requests to add a template to the clean room.
-- Call request_laf_cleanroom_requests until it reports success. -- Success means that the consumer has installed the clean room. CALL samooha_by_snowflake_local_db.provider.request_laf_cleanroom_requests( $cleanroom_name, $consumer_locator); -- After success, mount the shares to enable request-based actions between the -- provider and consumer. CALL samooha_by_snowflake_local_db.provider.mount_laf_cleanroom_requests_share( $cleanroom_name, $consumer_locator);
Full provider/consumer functionality is now available.
Refresh frequency for cross-region accounts¶
Requests and data between the provider and consumer when on different cloud regions are subject to replication frequency settings.
Requests and data from the provider to the consumer
All data and requests from the provider to the consumer are refreshed at the account refresh rate (every 24 hours, by default). This includes creating or updating a clean room, changing provider data, requests for permission (such as provider-run analyses), and approvals for requests (such as consumer templates).
The request frequency from provider to consumer is controlled by your account’s replication refresh schedule.
Requests and data from consumer to provider
The following table shows the refresh frequency for data and requests from the consumer to the provider:
Data |
Refresh rate |
|---|---|
|
|
Provider activation data |
|
You can change the refresh frequency for consumer-to-provider requests and data.
Costs associated with cross-region collaboration¶
There are additional costs associated with collaborators who are in a different region. For more information about how these costs are incurred, see Auto-fulfillment costs.
Limitations on cross-region collaboration¶
The following limitations exist on cross-region collaboration:
When using the clean rooms UI, collaborators must share the same UI hosting region. For example, if the UI host region for one account is “Amazon Web Services: US East (N. Virginia),” and the UI host region for another account is “Amazon Web Services: Asia Pacific (Mumbai),” then these accounts cannot collaborate in the UI. However, they can collaborate using the API, if both accounts and the clean room are configured for Cross-Cloud Auto-Fulfillment as described on this page.
A provider cannot use differential privacy in the clean room.
Collaborators cannot link external tables and iceberg tables in clean rooms.
A consumer cannot run a multi-provider analysis.
Collaborators cannot use masking policies or row access policies.