Private connectivity for inbound network traffic

Your connection to Snowflake can be routed over the public Internet or through a private IP address associated with the cloud platform that hosts your Snowflake account. By using your cloud platform’s private connectivity solution to create private endpoints, you can harden your security posture so that inbound network traffic uses private connectivity when accessing the following features:

To the Snowflake Service

When the routing is through a private IP address from your VPC or VNET to the Snowflake VPC or VNet, that is private connectivity to the Snowflake Service. These connections use AWS PrivateLink, Azure Private Link, or Google Cloud Private Service Connect. The service depends on the cloud platform that hosts your Snowflake account.

To Snowsight

To use private connectivity to access Snowsight, see Configuring private connectivity for Snowsight.

After private connectivity is configured, users can sign in using private connectivity.

To Streamlit in Snowflake

To access Streamlit in Snowflake with AWS PrivateLink, see AWS PrivateLink and Streamlit in Snowflake.

To internal stages

You can use private connectivity to connect to Snowflake internal stages for accounts on AWS and Azure. For information, see the following: