Snowflake Cloud Provider Integration

Snowflake provides deep integration with all major cloud providers, enabling seamless connectivity, security, and performance optimization for cloud-native workloads.

Architecture Overview

<svg width="800" height="500" viewBox="0 0 800 500" xmlns="http://www.w3.org/2000/svg">
  <defs>
    <linearGradient id="awsGrad" x1="0%" y1="0%" x2="100%" y2="0%">
      <stop offset="0%" style="stop-color:#FF9900;stop-opacity:1" />
      <stop offset="100%" style="stop-color:#FFAD33;stop-opacity:1" />
    </linearGradient>
    <linearGradient id="azureGrad" x1="0%" y1="0%" x2="100%" y2="0%">
      <stop offset="0%" style="stop-color:#0078D4;stop-opacity:1" />
      <stop offset="100%" style="stop-color:#50A0E0;stop-opacity:1" />
    </linearGradient>
    <linearGradient id="gcpGrad" x1="0%" y1="0%" x2="100%" y2="0%">
      <stop offset="0%" style="stop-color:#4285F4;stop-opacity:1" />
      <stop offset="100%" style="stop-color:#7BAAF7;stop-opacity:1" />
    </linearGradient>
    <linearGradient id="sfGrad" x1="0%" y1="0%" x2="100%" y2="0%">
      <stop offset="0%" style="stop-color:#29B5E8;stop-opacity:1" />
      <stop offset="100%" style="stop-color:#5DD3F0;stop-opacity:1" />
    </linearGradient>
  </defs>

  <text x="400" y="30" text-anchor="middle" font-size="18" font-weight="bold" fill="#333">Snowflake Multi-Cloud Architecture</text>
  <rect x="300" y="60" width="200" height="100" rx="15" fill="url(#sfGrad)" opacity="0.9"/>
  <text x="400" y="90" text-anchor="middle" font-size="14" fill="white" font-weight="bold">Snowflake</text>
  <text x="400" y="110" text-anchor="middle" font-size="10" fill="white">Data Cloud</text>
  <text x="400" y="130" text-anchor="middle" font-size="10" fill="white">Multi-Region</text>
  <rect x="30" y="200" width="220" height="130" rx="10" fill="url(#awsGrad)" opacity="0.9"/>
  <text x="140" y="225" text-anchor="middle" font-size="14" fill="white" font-weight="bold">AWS</text>
  <text x="140" y="250" text-anchor="middle" font-size="10" fill="white">S3 Storage</text>
  <text x="140" y="265" text-anchor="middle" font-size="10" fill="white">VPC Peering</text>
  <text x="140" y="280" text-anchor="middle" font-size="10" fill="white">PrivateLink</text>
  <text x="140" y="295" text-anchor="middle" font-size="10" fill="white">IAM Roles</text>
  <text x="140" y="310" text-anchor="middle" font-size="10" fill="white">KMS Encryption</text>
  <rect x="290" y="200" width="220" height="130" rx="10" fill="url(#azureGrad)" opacity="0.9"/>
  <text x="400" y="225" text-anchor="middle" font-size="14" fill="white" font-weight="bold">Azure</text>
  <text x="400" y="250" text-anchor="middle" font-size="10" fill="white">Blob Storage</text>
  <text x="400" y="265" text-anchor="middle" font-size="10" fill="white">VNet Integration</text>
  <text x="400" y="280" text-anchor="middle" font-size="10" fill="white">Private Link</text>
  <text x="400" y="295" text-anchor="middle" font-size="10" fill="white">Managed Identity</text>
  <text x="400" y="310" text-anchor="middle" font-size="10" fill="white">Key Vault</text>
  <rect x="550" y="200" width="220" height="130" rx="10" fill="url(#gcpGrad)" opacity="0.9"/>
  <text x="660" y="225" text-anchor="middle" font-size="14" fill="white" font-weight="bold">GCP</text>
  <text x="660" y="250" text-anchor="middle" font-size="10" fill="white">Cloud Storage</text>
  <text x="660" y="265" text-anchor="middle" font-size="10" fill="white">VPC peering</text>
  <text x="660" y="280" text-anchor="middle" font-size="10" fill="white">Private Google Access</text>
  <text x="660" y="295" text-anchor="middle" font-size="10" fill="white">Service Accounts</text>
  <text x="660" y="310" text-anchor="middle" font-size="10" fill="white">Cloud KMS</text>
  <path d="M350 160 L140 200" stroke="#333" stroke-width="2" fill="none" stroke-dasharray="5,5"/>
  <path d="M400 160 L400 200" stroke="#333" stroke-width="2" fill="none" stroke-dasharray="5,5"/>
  <path d="M450 160 L660 200" stroke="#333" stroke-width="2" fill="none" stroke-dasharray="5,5"/>
  <rect x="30" y="360" width="740" height="120" rx="10" fill="#27AE60" opacity="0.85"/>
  <text x="400" y="385" text-anchor="middle" font-size="14" fill="white" font-weight="bold">Integration Features</text>

  <rect x="50" y="405" width="170" height="60" rx="8" fill="white"/>
  <text x="135" y="425" text-anchor="middle" font-size="10" fill="#333" font-weight="bold">Networking</text>
  <text x="135" y="445" text-anchor="middle" font-size="9" fill="#666">PrivateLink, VPC peering</text>

  <rect x="240" y="405" width="170" height="60" rx="8" fill="white"/>
  <text x="325" y="425" text-anchor="middle" font-size="10" fill="#333" font-weight="bold">Security</text>
  <text x="325" y="445" text-anchor="middle" font-size="9" fill="#666">IAM, KMS, encryption</text>

  <rect x="430" y="405" width="170" height="60" rx="8" fill="white"/>
  <text x="515" y="425" text-anchor="middle" font-size="10" fill="#333" font-weight="bold">Storage</text>
  <text x="515" y="445" text-anchor="middle" font-size="9" fill="#666">S3, Blob, GCS</text>

  <rect x="620" y="405" width="140" height="60" rx="8" fill="white"/>
  <text x="690" y="425" text-anchor="middle" font-size="10" fill="#333" font-weight="bold">Compute</text>
  <text x="690" y="445" text-anchor="middle" font-size="9" fill="#666">Lambda, Functions</text>
</svg>

AWS Integration

S3 External Stage

-- Create storage integration
CREATE OR REPLACE STORAGE INTEGRATION s3_integration
  TYPE = EXTERNAL_STAGE
  ENABLED = TRUE
  STORAGE_PROVIDER = S3
  STORAGE_AWS_ROLE_ARN = 'arn:aws:iam::123456789:role/snowflake-role'
  STORAGE_ALLOWED_LOCATIONS = ('s3://my-bucket/data/');

-- Create external stage
CREATE OR REPLACE STAGE s3_stage
  URL = 's3://my-bucket/data/'
  STORAGE_INTEGRATION = s3_integration
  FILE_FORMAT = (TYPE = 'PARQUET');

AWS PrivateLink

-- Configure PrivateLink
CREATE OR REPLACE ACCOUNT LEVEL PARAMETERS
SET PRIVATE_ENDPOINT = 'vpce-1234567890abcdef0.snowflake.us-east-1.vpce.amazonaws.com';

-- Verify connection
SELECT SYSTEM$TYPE_OF_CONNECTION();

Azure Integration

Blob Storage Stage

CREATE OR REPLACE STORAGE INTEGRATION azure_integration
  TYPE = EXTERNAL_STAGE
  ENABLED = TRUE
  STORAGE_PROVIDER = AZURE
  AZURE_TENANT_ID = 'your-tenant-id'
  AZURE_STORAGE_ALLOWED_LOCATIONS = ('azure://myaccount.blob.core.windows.net/mycontainer/');

CREATE OR REPLACE STAGE azure_stage
  URL = 'azure://myaccount.blob.core.windows.net/mycontainer/data/'
  STORAGE_INTEGRATION = azure_integration;

Azure Private Link

CREATE OR REPLACE ACCOUNT LEVEL PARAMETERS
SET PRIVATE_ENDPOINT = 'privatelink.snf-abc123.database.windows.net';

GCP Integration

GCS Stage

CREATE OR REPLACE STORAGE INTEGRATION gcs_integration
  TYPE = EXTERNAL_STAGE
  ENABLED = TRUE
  STORAGE_PROVIDER = GCS
  GCS_STORAGE_ALLOWED_LOCATIONS = ('gcs://my-bucket/data/');

CREATE OR REPLACE STAGE gcs_stage
  URL = 'gcs://my-bucket/data/'
  STORAGE_INTEGRATION = gcs_integration;

Cross-Cloud Data Sharing

-- Share data across clouds
CREATE SHARE cross_cloud_share;
GRANT USAGE ON DATABASE my_db TO SHARE cross_cloud_share;
GRANT USAGE ON SCHEMA my_schema TO SHARE cross_cloud_share;
GRANT SELECT ON TABLE my_table TO SHARE cross_cloud_share;

-- Consumer account (different cloud)
CREATE DATABASE shared_data FROM SHARE provider_account.cross_cloud_share;
SELECT * FROM shared_data.my_schema.my_table;

Security Integration

Key Management

-- AWS KMS encryption
CREATE OR REPLACE STORAGE INTEGRATION encrypted_s3
  TYPE = EXTERNAL_STAGE
  STORAGE_PROVIDER = S3
  STORAGE_AWS_ROLE_ARN = 'arn:aws:iam::role/snowflake-role'
  STORAGE_AWS_KMS_KEY_ARN = 'arn:aws:kms:us-east-1:123456789:key/12345678-1234-1234-1234-123456789012';

-- Azure Key Vault
CREATE OR REPLACE STORAGE INTEGRATION encrypted_azure
  TYPE = EXTERNAL_STAGE
  STORAGE_PROVIDER = AZURE
  AZURE_TENANT_ID = 'tenant-id'
  AZURE_ENCRYPTION_TYPE = 'AZURE_KEY_VAULT'
  AZURE_KEY_URL = 'https://mykeyvault.vault.azure.net/keys/mykey';

Network Security

-- IP restrictions
ALTER ACCOUNT SET NETWORK_POLICY = 'restricted_policy';

-- Network policy
CREATE OR REPLACE NETWORK POLICY restricted_policy
  ALLOWED_IP_LIST = ('203.0.113.0/24', '198.51.100.0/24')
  BLOCKED_IP_LIST = ('192.0.2.0/24');

Always use PrivateLink for production workloads. It provides encrypted, private connectivity that doesn't traverse the public internet. Combine with network policies for defense in depth.

Cloud Provider Comparison

Feature	AWS	Azure	GCP
Storage	S3	Blob	GCS
Networking	VPC Peering	VNet	VPC Peering
Private Access	PrivateLink	Private Link	Private Google Access
IAM	IAM Roles	Managed Identity	Service Accounts
KMS	KMS	Key Vault	Cloud KMS
CDN	CloudFront	Azure CDN	Cloud CDN

Snowflake supports multi-cloud with consistent APIs across providers
PrivateLink provides secure, private connectivity
Storage integrations enable seamless data sharing
Cross-cloud data sharing without data movement
Enterprise security with KMS encryption and IAM integration

Snowflake Cloud Provider Integration

Snowflake Cloud Provider Integration

Architecture Overview

AWS Integration

S3 External Stage

AWS PrivateLink

Azure Integration

Blob Storage Stage

Azure Private Link

GCP Integration

GCS Stage

Cross-Cloud Data Sharing

Security Integration

Key Management

Network Security

Cloud Provider Comparison

Need Expert Snowflake Help?