Snowflake logo
Getting Started
Guides
Developer
Reference
Releases
Status
Ctrl+K

Developer

  1. App and Extension Development
    • Snowpark API
      • Functions and Procedures
        • External Functions
          • Introduction to External Functions
            • Data Formats
              • Request and Response Translators
                • Performance
                  • Best Practices
                    • AWS
                      • Planning
                        • Creating Using AWS Management Console
                          • Create the Remote Service
                            • Create the Proxy Service
                              • Create the API Integration
                                • Link the API Integration
                                  • Create the External Function
                                  • Creating Using AWS CloudFormation Template
                                    • Create the Remote Service
                                      • Get Gateway URL and Role ARN
                                        • Create the API Integration
                                          • Link the API Integration
                                            • Create the External Function
                                            • Calling
                                              • Troubleshooting
                                              • Google Cloud
                                                • Azure
                                                  • Security
                                                  • Kafka and Spark Connectors
                                                    • Drivers
                                                      • Snowflake Scripting Developer Guide
                                                        • SQL REST API
                                                          DeveloperExternal FunctionsAWSCreating Using AWS Management Console Link the API Integration

                                                          Step 4: Link the API Integration for AWS to the Proxy Service in the Management Console¶

                                                          This topic provides instructions for linking the API integration object in Snowflake to your proxy service (i.e. Amazon API Gateway). You do this by creating a trust relationship between Snowflake and the IAM (identity and access management) role you created earlier.

                                                          The instructions are the same regardless of whether you are using the Management Console or the CloudFormation template.

                                                          Previous Step¶

                                                          Step 3: Create the API Integration for AWS in Snowflake

                                                          Set Up the Trust Relationship(s) between Snowflake and the New IAM Role¶

                                                          In the AWS Management Console:

                                                          1. Select IAM.

                                                          2. Select Roles.

                                                          3. In the worksheet, look up the value in the New IAM Role Name field, then look for the same value (role name) in the AWS Management Console.

                                                          4. Click on the Trust relationships tab, then click on the button Edit trust relationship.

                                                            This should open the Policy Document into which you can add authentication information.

                                                          5. In the Policy Document, find the Statement.Principal.AWS field and replace the value (not the key) with the value in the API_AWS_IAM_USER_ARN field of the worksheet.

                                                          6. Find the Statement.Condition field. Initially, this should contain only curly braces (“{}”).

                                                          7. Paste the following between the curly braces:

                                                            "StringEquals": { "sts:ExternalId": "xxx" }

                                                          8. Replace the xxx with the value for the API_AWS_EXTERNAL_ID field in the worksheet.

                                                          9. After you are done editing the Policy Document for the trust relationship, it should look similar to the following:

                                                            {
                                                              "Version": "2012-10-17",
                                                              "Statement": [
                                                                {
                                                                  "Effect": "Allow",
                                                                  "Principal": {
                                                                    "AWS": "arn:aws:iam::1234567898012:user/development/development_user"
                                                                  },
                                                                  "Action": "sts:AssumeRole",
                                                                  "Condition": {"StringEquals": { "sts:ExternalId": "EXTERNAL_FUNCTIONS_SFCRole=3_8Hcmbi9halFOkt+MdilPi7rdgOv=" }}
                                                                }
                                                              ]
                                                            }
                                                            
                                                            Copy
                                                          10. Click on Update Trust Policy.

                                                          Next Step¶

                                                          Step 5: Create the External Function for AWS in Snowflake

                                                          Was this page helpful?

                                                          Snowflake logo
                                                          Visit Snowflake
                                                          Have feedback? Let us know
                                                          Join the conversation in our community
                                                          Read the latest on our blog
                                                          Develop with Snowflake
                                                          Get your Snowflake certification
                                                          Privacy NoticeSite Terms© 2023 Snowflake, Inc. All Rights Reserved.
                                                          1. Previous Step
                                                          2. Set Up the Trust Relationship(s) between Snowflake and the New IAM Role
                                                          3. Next Step
                                                          Language: English
                                                          English
                                                          Français
                                                          Deutsch
                                                          日本語
                                                          한국어
                                                          Português