Storage Integration needs a clear understanding and remains fundamental to a scalable and secure Snowflake Data Warehouse. A slight misconception about the Storage Integration layer can lead to confusion, wasted effort, and even data security issues. In this blog post, I provide a basic description of Storage Integration and provide AWS Cloud Formation templates to build the connection between an AWS account and a Snowflake account.
Components of a Storage Integration
Storage Integration requires three components.
- An AWS S3 bucket to bring in your data
- A Storage Integration object in Snowflake to build stages
- An IAM role to assign to your Snowflake Storage Integration
The AWS S3 Bucket for your Data
The AWS S3 Bucket should be a bucket dedicated to holding your data and should be private and encrypted. Create the bucket with private access control and block all public access. AWS uses default server-side encryption (SSE-S3) for new buckets. As of January 5, 2023, you can track the encryption status across all regions, including the US GovCloud (See AWS User Guide Encryption FAQ).
