Snowflake
Visualize Snowflake cloud resources, map Snowflake users to employees, and monitor changes through queries and alerts.
- Installation guide
- Snowflake data model
Installation
This integration ingests resources from tables in the Snowflake system using SHOW commands. Ensure that the credentials provided to JupiterOne are configured with the necessary read permissions to perform these commands.
Configuration in Snowflake
This integration supports two authentication methods:
- Basic Authentication
- Key-Pair Authentication (Recommended)
For Key-Pair Authentication:
- The user must generate a private and public key pair.
- Upload the public key to your Snowflake account and use the private key in the integration configuration.
- Follow the Snowflake documentation on key-pair authentication to generate the keys.
- Store the private key securely, as you will need it to complete the integration setup.
Configuration in JupiterOne
To configure the Snowflake integration in JupiterOne:
- Navigate to the Integrations tab and select Snowflake.
- Click New Instance to begin the setup.
Authentication Methods
Key-Pair Authentication (Recommended)
Requires the following parameters:
- Snowflake Account Name: The full name of your Snowflake account.
- Username: The Snowflake username for authentication.
- Private Key File: The private key file (either encrypted or unencrypted; encryption is strongly recommended). Refer to the Snowflake documentation for instructions on generating the key pair.
Basic Authentication
Requires the following parameters:
Snowflake Account Name: The full name of your Snowflake account.
Username and Password: Credentials of the Snowflake user for authentication.
Role: The default security role for the session after authentication.
Note: If ingesting the
ADMINdatabase:- You must grant ACCOUNTADMIN privileges to access the
ADMINdatabase. - Alternatively, use the SECURITYADMIN role. Learn more about roles.
- You must grant ACCOUNTADMIN privileges to access the
General Settings
- Account Name: Used to identify the Snowflake account in JupiterOne. Ingested entities will be tagged with this value as
tag.AccountName. - Description: An optional field to help identify the integration instance.
- Polling Interval: Set the desired frequency for data updates. You can leave this as
DISABLEDand manually trigger the integration.
Once all the values are provided, click Create to complete the integration setup.
Next Steps
With your integration instance configured, it will start running based on the polling interval you selected, ingesting data into JupiterOne. For further details on managing your integration instance, refer to our Instance Management Guide.
Data Model
Entities
The following entities are created:
| Resources | Entity _type | Entity _class |
|---|---|---|
| Account | snowflake_account | Account |
| Database | snowflake_database | DataStore, Database |
| Organization | snowflake_organization | Account |
| Role | snowflake_role | AccessRole |
| Schema | snowflake_schema | DataStore, Database |
| Table | snowflake_table | DataStore, Database |
| User | snowflake_user | User |
| Warehouse | snowflake_warehouse | DataStore, Database |
Relationships
The following relationships are created:
Source Entity _type | Relationship _class | Target Entity _type |
|---|---|---|
snowflake_account | HAS | snowflake_user |
snowflake_database | ALLOWS | snowflake_role |
snowflake_database | HAS | snowflake_schema |
snowflake_organization | HAS | snowflake_account |
snowflake_schema | HAS | snowflake_table |
snowflake_user | ASSIGNED | snowflake_role |
snowflake_warehouse | HAS | snowflake_database |