Step 3: Create the API Integration for AWS in Snowflake¶
This topic provides instructions for creating an API integration object in Snowflake to work with your proxy service (i.e. Amazon API Gateway). The instructions are the same regardless of whether you are using the Management Console or the CloudFormation template.
- AWS Management Console
Step 2: Create the Proxy Service (Amazon API Gateway) in the AWS Management Console
- AWS CloudFormation template
Step 2: Record the Amazon API Gateway URL and the New IAM Role ARN
You need the following information to create the API integration for AWS in Snowflake:
New IAM Role ARN(from your tracking worksheet).
Resource Invocation URL(from your tracking worksheet).
Create the API Integration Object¶
Open a Snowflake session, typically a Snowflake web interface session.
Use a Snowflake role with ACCOUNTADMIN privileges or the CREATE INTEGRATION privilege, for example:
use role <has_accountadmin_privileges>;
Type the CREATE API INTEGRATION command to create an API integration. The command should look similar to the following:
CREATE OR REPLACE API INTEGRATION my_api_integration_01 api_provider = aws_api_gateway api_aws_role_arn = '<new_IAM_role_ARN>' api_allowed_prefixes = ('https://') enabled = true;
Customize the command:
api_providerclause should be set based on the type of endpoint:
If you are using a private endpoint, the api_provider clause should be set to
If you are using a U.S. government GovCloud endpoint, the api_provider clause should be set to
For most other users, the api_provider clause should be set to
<new_IAM_role_ARN>should be the value in the
New IAM Role ARNfield in the tracking worksheet.
The api_allowed_prefixes field should contain the resource invocation URL that you recorded earlier.
Below is an example of a complete CREATE API INTEGRATION statement:
create or replace api integration demonstration_external_api_integration_01 api_provider=aws_api_gateway api_aws_role_arn='arn:aws:iam::123456789012:role/my_cloud_account_role' api_allowed_prefixes=('https://xyz.execute-api.us-west-2.amazonaws.com/production/') enabled=true;
In the tracking worksheet field titled
API Integration Name, record the name of the API integration that you created. You need the API integration name when you execute the CREATE EXTERNAL FUNCTION command later.
Execute the CREATE API INTEGRATION command you typed above.
Record the API_AWS_IAM_USER_ARN and API_AWS_EXTERNAL_ID¶
Execute the DESCRIBE INTEGRATION command.
DESCRIBE INTEGRATION <my_integration_name>;
DESCRIBE INTEGRATION my_api_integration_01;
Look for the property named API_AWS_IAM_USER_ARN and then record that property’s property_value in the tracking worksheet.
Find the property named API_AWS_EXTERNAL_ID and record that property’s property_value in the tracking worksheet.
Note that the property_value of the API_AWS_EXTERNAL_ID often ends with an equals sign (“=”). That equals sign is part of the value; make sure that you cut and paste it along with the rest of the property_value.
For the next few steps, you return to your AWS administration window. Do not close your Snowflake administration window now; you must return to it later.