DOCUMENTATION
Getting Started
Guides
Developer
Reference
Releases
Status
Ctrl+K

Developer

  1. Overview
    • App and Extension Development
      • Snowpark API
        • Snowpark ML
          • Snowflake Native App Framework
            • Streamlit in Snowflake
              • Functions and Procedures
                • External Functions
                  • Introduction to External Functions
                    • Data Formats
                      • Request and Response Translators
                        • Performance
                          • Best Practices
                            • AWS
                              • Planning
                                • Creating Using AWS Management Console
                                  • Step 1: Create the Remote Service
                                    • Step 2: Create the Proxy Service
                                      • Step 3: Create the API Integration
                                        • Step 4: Link the API Integration
                                          • Step 5: Create the External Function
                                          • Creating Using AWS CloudFormation Template
                                            • Step 1: Create the Remote Service
                                              • Step 2: Get Gateway URL and Role ARN
                                                • Step 3: Create the API Integration
                                                  • Step 4: Link the API Integration
                                                    • Step 5: Create the External Function
                                                    • Calling
                                                      • Troubleshooting
                                                      • Google Cloud
                                                        • Azure
                                                          • Security
                                                          • Kafka and Spark Connectors
                                                            • Drivers
                                                              • Snowflake Scripting Developer Guide
                                                                • SQL REST API
                                                                  DeveloperExternal FunctionsAWSCreating Using AWS Management ConsoleStep 4: Link the API Integration

                                                                  Step 4: Link the API Integration for AWS to the Proxy Service in the Management Console¶

                                                                  This topic provides instructions for linking the API integration object in Snowflake to your proxy service (i.e. Amazon API Gateway). You do this by creating a trust relationship between Snowflake and the IAM (identity and access management) role you created earlier.

                                                                  The instructions are the same regardless of whether you are using the Management Console or the CloudFormation template.

                                                                  Previous Step¶

                                                                  Step 3: Create the API Integration for AWS in Snowflake

                                                                  Set Up the Trust Relationship(s) between Snowflake and the New IAM Role¶

                                                                  In the AWS Management Console:

                                                                  1. Select IAM.

                                                                  2. Select Roles.

                                                                  3. In the worksheet, look up the value in the New IAM Role Name field, then look for the same value (role name) in the AWS Management Console.

                                                                  4. Click on the Trust relationships tab, then click on the button Edit trust relationship.

                                                                    This should open the Policy Document into which you can add authentication information.

                                                                  5. In the Policy Document, find the Statement.Principal.AWS field and replace the value (not the key) with the value in the API_AWS_IAM_USER_ARN field of the worksheet.

                                                                  6. Find the Statement.Condition field. Initially, this should contain only curly braces (“{}”).

                                                                  7. Paste the following between the curly braces:

                                                                    "StringEquals": { "sts:ExternalId": "xxx" }

                                                                  8. Replace the xxx with the value for the API_AWS_EXTERNAL_ID field in the worksheet.

                                                                  9. After you are done editing the Policy Document for the trust relationship, it should look similar to the following:

                                                                    {
                                                                      "Version": "2012-10-17",
                                                                      "Statement": [
                                                                        {
                                                                          "Effect": "Allow",
                                                                          "Principal": {
                                                                            "AWS": "arn:aws:iam::1234567898012:user/development/development_user"
                                                                          },
                                                                          "Action": "sts:AssumeRole",
                                                                          "Condition": {"StringEquals": { "sts:ExternalId": "EXTERNAL_FUNCTIONS_SFCRole=3_8Hcmbi9halFOkt+MdilPi7rdgOv=" }}
                                                                        }
                                                                      ]
                                                                    }
                                                                    
                                                                    Copy
                                                                  10. Click on Update Trust Policy.

                                                                  Next Step¶

                                                                  Step 5: Create the External Function for AWS in Snowflake

                                                                  Was this page helpful?

                                                                  Snowflake logo
                                                                  Visit Snowflake
                                                                  Have feedback? Let us know
                                                                  Join the conversation in our community
                                                                  Read the latest on our blog
                                                                  Develop with Snowflake
                                                                  Get your Snowflake certification
                                                                  Privacy NoticeSite Terms© 2023 Snowflake, Inc. All Rights Reserved.
                                                                  1. Previous Step
                                                                  2. Set Up the Trust Relationship(s) between Snowflake and the New IAM Role
                                                                  3. Next Step
                                                                  Language: English
                                                                  • English
                                                                  • Français
                                                                  • Deutsch
                                                                  • 日本語
                                                                  • 한국어
                                                                  • Português