ALTER SECURITY INTEGRATION (AWS IAM Authentication)¶

Modifies the properties of an existing security integration created for authenticating with AWS IAM.

For information about modifying other types of security integrations (such as Snowflake OAuth), see ALTER SECURITY INTEGRATION.

See also:

CREATE SECURITY INTEGRATION (AWS IAM Authentication) , DESCRIBE INTEGRATION , DROP INTEGRATION , SHOW INTEGRATIONS

Syntax¶

ALTER [ SECURITY ] INTEGRATION [ IF EXISTS ] <name> SET
  [ TYPE = AWS_IAM ]
  [ AWS_ROLE_ARN = '<iam_role_arn>' ]
  [ ENABLED = { TRUE | FALSE } ]
  [ COMMENT = '<string_literal>' ]

ALTER [ SECURITY ] INTEGRATION <name> SET TAG <tag_name> = '<tag_value>' [ , <tag_name> = '<tag_value>' ... ]

ALTER [ SECURITY ] INTEGRATION <name> UNSET TAG <tag_name> [ , <tag_name> ... ]
Copy

Parameters¶

name

String that specifies the identifier (such as the name) for the integration.

SET ...

Specifies one or more properties/parameters to set for the integration (separated by blank spaces, commas, or new lines):

TYPE = AWS_IAM

Specifies that the integration uses AWS IAM to authenticate to the external service.

ENABLED = { TRUE | FALSE }

Specifies whether to enable or disable this security integration.

TRUE

Allows the integration to run based on the parameters specified in the integration definition.

FALSE

Suspends the integration for maintenance. Any integration between Snowflake and a third-party service fails to work.

AWS_ROLE_ARN = 'iam_role_arn'

Specifies the Amazon Resource Name (ARN) of the AWS identity and access management (IAM) role that grants privileges for AWS resources.

Access control requirements¶

A role used to execute this SQL command must have the following privileges at a minimum:

Privilege

Object

Notes

OWNERSHIP

Integration

OWNERSHIP is a special privilege on an object that is automatically granted to the role that created the object, but can also be transferred using the GRANT OWNERSHIP command to a different role by the owning role (or any role with the MANAGE GRANTS privilege).

For instructions on creating a custom role with a specified set of privileges, see Creating custom roles.

For general information about roles and privilege grants for performing SQL actions on securable objects, see Overview of Access Control.

Usage notes¶

  • Regarding metadata:

    Attention

    Customers should ensure that no personal data (other than for a User object), sensitive data, export-controlled data, or other regulated data is entered as metadata when using the Snowflake service. For more information, see Metadata fields in Snowflake.

Examples¶

The following example initiates operation of a suspended integration:

ALTER SECURITY INTEGRATION myint SET ENABLED = TRUE;
Copy