Snowflake v2.8.0, Oct 18 25

Snowflake v2.8.0 published on Saturday, Oct 18, 2025 by Pulumi

snowflake.StorageIntegration

Snowflake v2.8.0 published on Saturday, Oct 18, 2025 by Pulumi

Import

$ pulumi import snowflake:index/storageIntegration:StorageIntegration example name

Create StorageIntegration Resource

Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.

Constructor syntax

new StorageIntegration(name: string, args: StorageIntegrationArgs, opts?: CustomResourceOptions);

@overload
def StorageIntegration(resource_name: str,
                       args: StorageIntegrationArgs,
                       opts: Optional[ResourceOptions] = None)

@overload
def StorageIntegration(resource_name: str,
                       opts: Optional[ResourceOptions] = None,
                       storage_allowed_locations: Optional[Sequence[str]] = None,
                       storage_provider: Optional[str] = None,
                       azure_tenant_id: Optional[str] = None,
                       comment: Optional[str] = None,
                       enabled: Optional[bool] = None,
                       name: Optional[str] = None,
                       storage_aws_external_id: Optional[str] = None,
                       storage_aws_object_acl: Optional[str] = None,
                       storage_aws_role_arn: Optional[str] = None,
                       storage_blocked_locations: Optional[Sequence[str]] = None,
                       type: Optional[str] = None,
                       use_privatelink_endpoint: Optional[str] = None)

func NewStorageIntegration(ctx *Context, name string, args StorageIntegrationArgs, opts ...ResourceOption) (*StorageIntegration, error)

public StorageIntegration(string name, StorageIntegrationArgs args, CustomResourceOptions? opts = null)

public StorageIntegration(String name, StorageIntegrationArgs args)
public StorageIntegration(String name, StorageIntegrationArgs args, CustomResourceOptions options)

type: snowflake:StorageIntegration
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.

Parameters

name string: The unique name of the resource.
args StorageIntegrationArgs: The arguments to resource properties.
opts CustomResourceOptions: Bag of options to control resource's behavior.

resource_name str: The unique name of the resource.
args StorageIntegrationArgs: The arguments to resource properties.
opts ResourceOptions: Bag of options to control resource's behavior.

ctx Context: Context object for the current deployment.
name string: The unique name of the resource.
args StorageIntegrationArgs: The arguments to resource properties.
opts ResourceOption: Bag of options to control resource's behavior.

name string: The unique name of the resource.
args StorageIntegrationArgs: The arguments to resource properties.
opts CustomResourceOptions: Bag of options to control resource's behavior.

name String: The unique name of the resource.
args StorageIntegrationArgs: The arguments to resource properties.
options CustomResourceOptions: Bag of options to control resource's behavior.

Constructor example

The following reference example uses placeholder values for all input properties.

var storageIntegrationResource = new Snowflake.StorageIntegration("storageIntegrationResource", new()
{
    StorageAllowedLocations = new[]
    {
        "string",
    },
    StorageProvider = "string",
    AzureTenantId = "string",
    Comment = "string",
    Enabled = false,
    Name = "string",
    StorageAwsExternalId = "string",
    StorageAwsObjectAcl = "string",
    StorageAwsRoleArn = "string",
    StorageBlockedLocations = new[]
    {
        "string",
    },
    Type = "string",
    UsePrivatelinkEndpoint = "string",
});

example, err := snowflake.NewStorageIntegration(ctx, "storageIntegrationResource", &snowflake.StorageIntegrationArgs{
	StorageAllowedLocations: pulumi.StringArray{
		pulumi.String("string"),
	},
	StorageProvider:      pulumi.String("string"),
	AzureTenantId:        pulumi.String("string"),
	Comment:              pulumi.String("string"),
	Enabled:              pulumi.Bool(false),
	Name:                 pulumi.String("string"),
	StorageAwsExternalId: pulumi.String("string"),
	StorageAwsObjectAcl:  pulumi.String("string"),
	StorageAwsRoleArn:    pulumi.String("string"),
	StorageBlockedLocations: pulumi.StringArray{
		pulumi.String("string"),
	},
	Type:                   pulumi.String("string"),
	UsePrivatelinkEndpoint: pulumi.String("string"),
})

var storageIntegrationResource = new StorageIntegration("storageIntegrationResource", StorageIntegrationArgs.builder()
    .storageAllowedLocations("string")
    .storageProvider("string")
    .azureTenantId("string")
    .comment("string")
    .enabled(false)
    .name("string")
    .storageAwsExternalId("string")
    .storageAwsObjectAcl("string")
    .storageAwsRoleArn("string")
    .storageBlockedLocations("string")
    .type("string")
    .usePrivatelinkEndpoint("string")
    .build());

storage_integration_resource = snowflake.StorageIntegration("storageIntegrationResource",
    storage_allowed_locations=["string"],
    storage_provider="string",
    azure_tenant_id="string",
    comment="string",
    enabled=False,
    name="string",
    storage_aws_external_id="string",
    storage_aws_object_acl="string",
    storage_aws_role_arn="string",
    storage_blocked_locations=["string"],
    type="string",
    use_privatelink_endpoint="string")

const storageIntegrationResource = new snowflake.StorageIntegration("storageIntegrationResource", {
    storageAllowedLocations: ["string"],
    storageProvider: "string",
    azureTenantId: "string",
    comment: "string",
    enabled: false,
    name: "string",
    storageAwsExternalId: "string",
    storageAwsObjectAcl: "string",
    storageAwsRoleArn: "string",
    storageBlockedLocations: ["string"],
    type: "string",
    usePrivatelinkEndpoint: "string",
});

type: snowflake:StorageIntegration
properties:
    azureTenantId: string
    comment: string
    enabled: false
    name: string
    storageAllowedLocations:
        - string
    storageAwsExternalId: string
    storageAwsObjectAcl: string
    storageAwsRoleArn: string
    storageBlockedLocations:
        - string
    storageProvider: string
    type: string
    usePrivatelinkEndpoint: string

StorageIntegration Resource Properties

To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

Inputs

In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.

The StorageIntegration resource accepts the following input properties:

StorageAllowedLocations List<string>: Explicitly limits external stages that use the integration to reference one or more storage locations.
StorageProvider string: Specifies the storage provider for the integration. Valid options are: S3 | S3GOV | S3CHINA | GCS | AZURE
AzureTenantId string: (Default: ``) Specifies the ID for your Office 365 tenant that the allowed and blocked storage accounts belong to.
Comment string: (Default: ``) Specifies a comment for the storage integration.
Enabled bool: (Default: true)
Name string: String that specifies the identifier (i.e. name) for the integration; must be unique in your account.
StorageAwsExternalId string: Optionally specifies an external ID that Snowflake uses to establish a trust relationship with AWS.
StorageAwsObjectAcl string: "bucket-owner-full-control" Enables support for AWS access control lists (ACLs) to grant the bucket owner full control.
StorageAwsRoleArn string: (Default: ``) Specifies the Amazon Resource Name (ARN) of the AWS identity and access management (IAM) role that grants privileges on the S3 bucket containing your data files.
StorageBlockedLocations List<string>: Explicitly prohibits external stages that use the integration from referencing one or more storage locations.
Type string: (Default: EXTERNAL_STAGE) Specifies the type of the storage integration.
UsePrivatelinkEndpoint string: (Default: fallback to Snowflake default - uses special value that cannot be set in the configuration manually (default)) Specifies whether to use outbound private connectivity to harden the security posture. Supported for AWS S3 and Azure storage providers. Available options are: "true" or "false". When the value is not set in the configuration the provider will put "default" there which means to use the Snowflake default for this value.

StorageAllowedLocations []string: Explicitly limits external stages that use the integration to reference one or more storage locations.
StorageProvider string: Specifies the storage provider for the integration. Valid options are: S3 | S3GOV | S3CHINA | GCS | AZURE
AzureTenantId string: (Default: ``) Specifies the ID for your Office 365 tenant that the allowed and blocked storage accounts belong to.
Comment string: (Default: ``) Specifies a comment for the storage integration.
Enabled bool: (Default: true)
Name string: String that specifies the identifier (i.e. name) for the integration; must be unique in your account.
StorageAwsExternalId string: Optionally specifies an external ID that Snowflake uses to establish a trust relationship with AWS.
StorageAwsObjectAcl string: "bucket-owner-full-control" Enables support for AWS access control lists (ACLs) to grant the bucket owner full control.
StorageAwsRoleArn string: (Default: ``) Specifies the Amazon Resource Name (ARN) of the AWS identity and access management (IAM) role that grants privileges on the S3 bucket containing your data files.
StorageBlockedLocations []string: Explicitly prohibits external stages that use the integration from referencing one or more storage locations.
Type string: (Default: EXTERNAL_STAGE) Specifies the type of the storage integration.
UsePrivatelinkEndpoint string: (Default: fallback to Snowflake default - uses special value that cannot be set in the configuration manually (default)) Specifies whether to use outbound private connectivity to harden the security posture. Supported for AWS S3 and Azure storage providers. Available options are: "true" or "false". When the value is not set in the configuration the provider will put "default" there which means to use the Snowflake default for this value.

storageAllowedLocations List<String>: Explicitly limits external stages that use the integration to reference one or more storage locations.
storageProvider String: Specifies the storage provider for the integration. Valid options are: S3 | S3GOV | S3CHINA | GCS | AZURE
azureTenantId String: (Default: ``) Specifies the ID for your Office 365 tenant that the allowed and blocked storage accounts belong to.
comment String: (Default: ``) Specifies a comment for the storage integration.
enabled Boolean: (Default: true)
name String: String that specifies the identifier (i.e. name) for the integration; must be unique in your account.
storageAwsExternalId String: Optionally specifies an external ID that Snowflake uses to establish a trust relationship with AWS.
storageAwsObjectAcl String: "bucket-owner-full-control" Enables support for AWS access control lists (ACLs) to grant the bucket owner full control.
storageAwsRoleArn String: (Default: ``) Specifies the Amazon Resource Name (ARN) of the AWS identity and access management (IAM) role that grants privileges on the S3 bucket containing your data files.
storageBlockedLocations List<String>: Explicitly prohibits external stages that use the integration from referencing one or more storage locations.
type String: (Default: EXTERNAL_STAGE) Specifies the type of the storage integration.
usePrivatelinkEndpoint String: (Default: fallback to Snowflake default - uses special value that cannot be set in the configuration manually (default)) Specifies whether to use outbound private connectivity to harden the security posture. Supported for AWS S3 and Azure storage providers. Available options are: "true" or "false". When the value is not set in the configuration the provider will put "default" there which means to use the Snowflake default for this value.

storageAllowedLocations string[]: Explicitly limits external stages that use the integration to reference one or more storage locations.
storageProvider string: Specifies the storage provider for the integration. Valid options are: S3 | S3GOV | S3CHINA | GCS | AZURE
azureTenantId string: (Default: ``) Specifies the ID for your Office 365 tenant that the allowed and blocked storage accounts belong to.
comment string: (Default: ``) Specifies a comment for the storage integration.
enabled boolean: (Default: true)
name string: String that specifies the identifier (i.e. name) for the integration; must be unique in your account.
storageAwsExternalId string: Optionally specifies an external ID that Snowflake uses to establish a trust relationship with AWS.
storageAwsObjectAcl string: "bucket-owner-full-control" Enables support for AWS access control lists (ACLs) to grant the bucket owner full control.
storageAwsRoleArn string: (Default: ``) Specifies the Amazon Resource Name (ARN) of the AWS identity and access management (IAM) role that grants privileges on the S3 bucket containing your data files.
storageBlockedLocations string[]: Explicitly prohibits external stages that use the integration from referencing one or more storage locations.
type string: (Default: EXTERNAL_STAGE) Specifies the type of the storage integration.
usePrivatelinkEndpoint string: (Default: fallback to Snowflake default - uses special value that cannot be set in the configuration manually (default)) Specifies whether to use outbound private connectivity to harden the security posture. Supported for AWS S3 and Azure storage providers. Available options are: "true" or "false". When the value is not set in the configuration the provider will put "default" there which means to use the Snowflake default for this value.

storage_allowed_locations Sequence[str]: Explicitly limits external stages that use the integration to reference one or more storage locations.
storage_provider str: Specifies the storage provider for the integration. Valid options are: S3 | S3GOV | S3CHINA | GCS | AZURE
azure_tenant_id str: (Default: ``) Specifies the ID for your Office 365 tenant that the allowed and blocked storage accounts belong to.
comment str: (Default: ``) Specifies a comment for the storage integration.
enabled bool: (Default: true)
name str: String that specifies the identifier (i.e. name) for the integration; must be unique in your account.
storage_aws_external_id str: Optionally specifies an external ID that Snowflake uses to establish a trust relationship with AWS.
storage_aws_object_acl str: "bucket-owner-full-control" Enables support for AWS access control lists (ACLs) to grant the bucket owner full control.
storage_aws_role_arn str: (Default: ``) Specifies the Amazon Resource Name (ARN) of the AWS identity and access management (IAM) role that grants privileges on the S3 bucket containing your data files.
storage_blocked_locations Sequence[str]: Explicitly prohibits external stages that use the integration from referencing one or more storage locations.
type str: (Default: EXTERNAL_STAGE) Specifies the type of the storage integration.
use_privatelink_endpoint str: (Default: fallback to Snowflake default - uses special value that cannot be set in the configuration manually (default)) Specifies whether to use outbound private connectivity to harden the security posture. Supported for AWS S3 and Azure storage providers. Available options are: "true" or "false". When the value is not set in the configuration the provider will put "default" there which means to use the Snowflake default for this value.

storageAllowedLocations List<String>: Explicitly limits external stages that use the integration to reference one or more storage locations.
storageProvider String: Specifies the storage provider for the integration. Valid options are: S3 | S3GOV | S3CHINA | GCS | AZURE
azureTenantId String: (Default: ``) Specifies the ID for your Office 365 tenant that the allowed and blocked storage accounts belong to.
comment String: (Default: ``) Specifies a comment for the storage integration.
enabled Boolean: (Default: true)
name String: String that specifies the identifier (i.e. name) for the integration; must be unique in your account.
storageAwsExternalId String: Optionally specifies an external ID that Snowflake uses to establish a trust relationship with AWS.
storageAwsObjectAcl String: "bucket-owner-full-control" Enables support for AWS access control lists (ACLs) to grant the bucket owner full control.
storageAwsRoleArn String: (Default: ``) Specifies the Amazon Resource Name (ARN) of the AWS identity and access management (IAM) role that grants privileges on the S3 bucket containing your data files.
storageBlockedLocations List<String>: Explicitly prohibits external stages that use the integration from referencing one or more storage locations.
type String: (Default: EXTERNAL_STAGE) Specifies the type of the storage integration.
usePrivatelinkEndpoint String: (Default: fallback to Snowflake default - uses special value that cannot be set in the configuration manually (default)) Specifies whether to use outbound private connectivity to harden the security posture. Supported for AWS S3 and Azure storage providers. Available options are: "true" or "false". When the value is not set in the configuration the provider will put "default" there which means to use the Snowflake default for this value.

Outputs

All input properties are implicitly available as output properties. Additionally, the StorageIntegration resource produces the following output properties:

AzureConsentUrl string: The consent URL that is used to create an Azure Snowflake service principle inside your tenant.
AzureMultiTenantAppName string: This is the name of the Snowflake client application created for your account.
CreatedOn string: Date and time when the storage integration was created.
DescribeOutputs List<StorageIntegrationDescribeOutput>: Outputs the result of DESCRIBE STORAGE INTEGRATION for the given storage integration.
FullyQualifiedName string: Fully qualified name of the resource. For more information, see object name resolution.
Id string: The provider-assigned unique ID for this managed resource.
StorageAwsIamUserArn string: The Snowflake user that will attempt to assume the AWS role.
StorageGcpServiceAccount string: This is the name of the Snowflake Google Service Account created for your account.

AzureConsentUrl string: The consent URL that is used to create an Azure Snowflake service principle inside your tenant.
AzureMultiTenantAppName string: This is the name of the Snowflake client application created for your account.
CreatedOn string: Date and time when the storage integration was created.
DescribeOutputs []StorageIntegrationDescribeOutput: Outputs the result of DESCRIBE STORAGE INTEGRATION for the given storage integration.
FullyQualifiedName string: Fully qualified name of the resource. For more information, see object name resolution.
Id string: The provider-assigned unique ID for this managed resource.
StorageAwsIamUserArn string: The Snowflake user that will attempt to assume the AWS role.
StorageGcpServiceAccount string: This is the name of the Snowflake Google Service Account created for your account.

azureConsentUrl String: The consent URL that is used to create an Azure Snowflake service principle inside your tenant.
azureMultiTenantAppName String: This is the name of the Snowflake client application created for your account.
createdOn String: Date and time when the storage integration was created.
describeOutputs List<StorageIntegrationDescribeOutput>: Outputs the result of DESCRIBE STORAGE INTEGRATION for the given storage integration.
fullyQualifiedName String: Fully qualified name of the resource. For more information, see object name resolution.
id String: The provider-assigned unique ID for this managed resource.
storageAwsIamUserArn String: The Snowflake user that will attempt to assume the AWS role.
storageGcpServiceAccount String: This is the name of the Snowflake Google Service Account created for your account.

azureConsentUrl string: The consent URL that is used to create an Azure Snowflake service principle inside your tenant.
azureMultiTenantAppName string: This is the name of the Snowflake client application created for your account.
createdOn string: Date and time when the storage integration was created.
describeOutputs StorageIntegrationDescribeOutput[]: Outputs the result of DESCRIBE STORAGE INTEGRATION for the given storage integration.
fullyQualifiedName string: Fully qualified name of the resource. For more information, see object name resolution.
id string: The provider-assigned unique ID for this managed resource.
storageAwsIamUserArn string: The Snowflake user that will attempt to assume the AWS role.
storageGcpServiceAccount string: This is the name of the Snowflake Google Service Account created for your account.

azure_consent_url str: The consent URL that is used to create an Azure Snowflake service principle inside your tenant.
azure_multi_tenant_app_name str: This is the name of the Snowflake client application created for your account.
created_on str: Date and time when the storage integration was created.
describe_outputs Sequence[StorageIntegrationDescribeOutput]: Outputs the result of DESCRIBE STORAGE INTEGRATION for the given storage integration.
fully_qualified_name str: Fully qualified name of the resource. For more information, see object name resolution.
id str: The provider-assigned unique ID for this managed resource.
storage_aws_iam_user_arn str: The Snowflake user that will attempt to assume the AWS role.
storage_gcp_service_account str: This is the name of the Snowflake Google Service Account created for your account.

azureConsentUrl String: The consent URL that is used to create an Azure Snowflake service principle inside your tenant.
azureMultiTenantAppName String: This is the name of the Snowflake client application created for your account.
createdOn String: Date and time when the storage integration was created.
describeOutputs List<Property Map>: Outputs the result of DESCRIBE STORAGE INTEGRATION for the given storage integration.
fullyQualifiedName String: Fully qualified name of the resource. For more information, see object name resolution.
id String: The provider-assigned unique ID for this managed resource.
storageAwsIamUserArn String: The Snowflake user that will attempt to assume the AWS role.
storageGcpServiceAccount String: This is the name of the Snowflake Google Service Account created for your account.

Look up Existing StorageIntegration Resource

Get an existing StorageIntegration resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

public static get(name: string, id: Input<ID>, state?: StorageIntegrationState, opts?: CustomResourceOptions): StorageIntegration

@staticmethod
def get(resource_name: str,
        id: str,
        opts: Optional[ResourceOptions] = None,
        azure_consent_url: Optional[str] = None,
        azure_multi_tenant_app_name: Optional[str] = None,
        azure_tenant_id: Optional[str] = None,
        comment: Optional[str] = None,
        created_on: Optional[str] = None,
        describe_outputs: Optional[Sequence[StorageIntegrationDescribeOutputArgs]] = None,
        enabled: Optional[bool] = None,
        fully_qualified_name: Optional[str] = None,
        name: Optional[str] = None,
        storage_allowed_locations: Optional[Sequence[str]] = None,
        storage_aws_external_id: Optional[str] = None,
        storage_aws_iam_user_arn: Optional[str] = None,
        storage_aws_object_acl: Optional[str] = None,
        storage_aws_role_arn: Optional[str] = None,
        storage_blocked_locations: Optional[Sequence[str]] = None,
        storage_gcp_service_account: Optional[str] = None,
        storage_provider: Optional[str] = None,
        type: Optional[str] = None,
        use_privatelink_endpoint: Optional[str] = None) -> StorageIntegration

func GetStorageIntegration(ctx *Context, name string, id IDInput, state *StorageIntegrationState, opts ...ResourceOption) (*StorageIntegration, error)

public static StorageIntegration Get(string name, Input<string> id, StorageIntegrationState? state, CustomResourceOptions? opts = null)

public static StorageIntegration get(String name, Output<String> id, StorageIntegrationState state, CustomResourceOptions options)

resources:  _:    type: snowflake:StorageIntegration    get:      id: ${id}

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

resource_name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

The following state arguments are supported:

AzureConsentUrl string: The consent URL that is used to create an Azure Snowflake service principle inside your tenant.
AzureMultiTenantAppName string: This is the name of the Snowflake client application created for your account.
AzureTenantId string: (Default: ``) Specifies the ID for your Office 365 tenant that the allowed and blocked storage accounts belong to.
Comment string: (Default: ``) Specifies a comment for the storage integration.
CreatedOn string: Date and time when the storage integration was created.
DescribeOutputs List<StorageIntegrationDescribeOutput>: Outputs the result of DESCRIBE STORAGE INTEGRATION for the given storage integration.
Enabled bool: (Default: true)
FullyQualifiedName string: Fully qualified name of the resource. For more information, see object name resolution.
Name string: String that specifies the identifier (i.e. name) for the integration; must be unique in your account.
StorageAllowedLocations List<string>: Explicitly limits external stages that use the integration to reference one or more storage locations.
StorageAwsExternalId string: Optionally specifies an external ID that Snowflake uses to establish a trust relationship with AWS.
StorageAwsIamUserArn string: The Snowflake user that will attempt to assume the AWS role.
StorageAwsObjectAcl string: "bucket-owner-full-control" Enables support for AWS access control lists (ACLs) to grant the bucket owner full control.
StorageAwsRoleArn string: (Default: ``) Specifies the Amazon Resource Name (ARN) of the AWS identity and access management (IAM) role that grants privileges on the S3 bucket containing your data files.
StorageBlockedLocations List<string>: Explicitly prohibits external stages that use the integration from referencing one or more storage locations.
StorageGcpServiceAccount string: This is the name of the Snowflake Google Service Account created for your account.
StorageProvider string: Specifies the storage provider for the integration. Valid options are: S3 | S3GOV | S3CHINA | GCS | AZURE
Type string: (Default: EXTERNAL_STAGE) Specifies the type of the storage integration.
UsePrivatelinkEndpoint string: (Default: fallback to Snowflake default - uses special value that cannot be set in the configuration manually (default)) Specifies whether to use outbound private connectivity to harden the security posture. Supported for AWS S3 and Azure storage providers. Available options are: "true" or "false". When the value is not set in the configuration the provider will put "default" there which means to use the Snowflake default for this value.

AzureConsentUrl string: The consent URL that is used to create an Azure Snowflake service principle inside your tenant.
AzureMultiTenantAppName string: This is the name of the Snowflake client application created for your account.
AzureTenantId string: (Default: ``) Specifies the ID for your Office 365 tenant that the allowed and blocked storage accounts belong to.
Comment string: (Default: ``) Specifies a comment for the storage integration.
CreatedOn string: Date and time when the storage integration was created.
DescribeOutputs []StorageIntegrationDescribeOutputArgs: Outputs the result of DESCRIBE STORAGE INTEGRATION for the given storage integration.
Enabled bool: (Default: true)
FullyQualifiedName string: Fully qualified name of the resource. For more information, see object name resolution.
Name string: String that specifies the identifier (i.e. name) for the integration; must be unique in your account.
StorageAllowedLocations []string: Explicitly limits external stages that use the integration to reference one or more storage locations.
StorageAwsExternalId string: Optionally specifies an external ID that Snowflake uses to establish a trust relationship with AWS.
StorageAwsIamUserArn string: The Snowflake user that will attempt to assume the AWS role.
StorageAwsObjectAcl string: "bucket-owner-full-control" Enables support for AWS access control lists (ACLs) to grant the bucket owner full control.
StorageAwsRoleArn string: (Default: ``) Specifies the Amazon Resource Name (ARN) of the AWS identity and access management (IAM) role that grants privileges on the S3 bucket containing your data files.
StorageBlockedLocations []string: Explicitly prohibits external stages that use the integration from referencing one or more storage locations.
StorageGcpServiceAccount string: This is the name of the Snowflake Google Service Account created for your account.
StorageProvider string: Specifies the storage provider for the integration. Valid options are: S3 | S3GOV | S3CHINA | GCS | AZURE
Type string: (Default: EXTERNAL_STAGE) Specifies the type of the storage integration.
UsePrivatelinkEndpoint string: (Default: fallback to Snowflake default - uses special value that cannot be set in the configuration manually (default)) Specifies whether to use outbound private connectivity to harden the security posture. Supported for AWS S3 and Azure storage providers. Available options are: "true" or "false". When the value is not set in the configuration the provider will put "default" there which means to use the Snowflake default for this value.

azureConsentUrl String: The consent URL that is used to create an Azure Snowflake service principle inside your tenant.
azureMultiTenantAppName String: This is the name of the Snowflake client application created for your account.
azureTenantId String: (Default: ``) Specifies the ID for your Office 365 tenant that the allowed and blocked storage accounts belong to.
comment String: (Default: ``) Specifies a comment for the storage integration.
createdOn String: Date and time when the storage integration was created.
describeOutputs List<StorageIntegrationDescribeOutput>: Outputs the result of DESCRIBE STORAGE INTEGRATION for the given storage integration.
enabled Boolean: (Default: true)
fullyQualifiedName String: Fully qualified name of the resource. For more information, see object name resolution.
name String: String that specifies the identifier (i.e. name) for the integration; must be unique in your account.
storageAllowedLocations List<String>: Explicitly limits external stages that use the integration to reference one or more storage locations.
storageAwsExternalId String: Optionally specifies an external ID that Snowflake uses to establish a trust relationship with AWS.
storageAwsIamUserArn String: The Snowflake user that will attempt to assume the AWS role.
storageAwsObjectAcl String: "bucket-owner-full-control" Enables support for AWS access control lists (ACLs) to grant the bucket owner full control.
storageAwsRoleArn String: (Default: ``) Specifies the Amazon Resource Name (ARN) of the AWS identity and access management (IAM) role that grants privileges on the S3 bucket containing your data files.
storageBlockedLocations List<String>: Explicitly prohibits external stages that use the integration from referencing one or more storage locations.
storageGcpServiceAccount String: This is the name of the Snowflake Google Service Account created for your account.
storageProvider String: Specifies the storage provider for the integration. Valid options are: S3 | S3GOV | S3CHINA | GCS | AZURE
type String: (Default: EXTERNAL_STAGE) Specifies the type of the storage integration.
usePrivatelinkEndpoint String: (Default: fallback to Snowflake default - uses special value that cannot be set in the configuration manually (default)) Specifies whether to use outbound private connectivity to harden the security posture. Supported for AWS S3 and Azure storage providers. Available options are: "true" or "false". When the value is not set in the configuration the provider will put "default" there which means to use the Snowflake default for this value.

azureConsentUrl string: The consent URL that is used to create an Azure Snowflake service principle inside your tenant.
azureMultiTenantAppName string: This is the name of the Snowflake client application created for your account.
azureTenantId string: (Default: ``) Specifies the ID for your Office 365 tenant that the allowed and blocked storage accounts belong to.
comment string: (Default: ``) Specifies a comment for the storage integration.
createdOn string: Date and time when the storage integration was created.
describeOutputs StorageIntegrationDescribeOutput[]: Outputs the result of DESCRIBE STORAGE INTEGRATION for the given storage integration.
enabled boolean: (Default: true)
fullyQualifiedName string: Fully qualified name of the resource. For more information, see object name resolution.
name string: String that specifies the identifier (i.e. name) for the integration; must be unique in your account.
storageAllowedLocations string[]: Explicitly limits external stages that use the integration to reference one or more storage locations.
storageAwsExternalId string: Optionally specifies an external ID that Snowflake uses to establish a trust relationship with AWS.
storageAwsIamUserArn string: The Snowflake user that will attempt to assume the AWS role.
storageAwsObjectAcl string: "bucket-owner-full-control" Enables support for AWS access control lists (ACLs) to grant the bucket owner full control.
storageAwsRoleArn string: (Default: ``) Specifies the Amazon Resource Name (ARN) of the AWS identity and access management (IAM) role that grants privileges on the S3 bucket containing your data files.
storageBlockedLocations string[]: Explicitly prohibits external stages that use the integration from referencing one or more storage locations.
storageGcpServiceAccount string: This is the name of the Snowflake Google Service Account created for your account.
storageProvider string: Specifies the storage provider for the integration. Valid options are: S3 | S3GOV | S3CHINA | GCS | AZURE
type string: (Default: EXTERNAL_STAGE) Specifies the type of the storage integration.
usePrivatelinkEndpoint string: (Default: fallback to Snowflake default - uses special value that cannot be set in the configuration manually (default)) Specifies whether to use outbound private connectivity to harden the security posture. Supported for AWS S3 and Azure storage providers. Available options are: "true" or "false". When the value is not set in the configuration the provider will put "default" there which means to use the Snowflake default for this value.

azure_consent_url str: The consent URL that is used to create an Azure Snowflake service principle inside your tenant.
azure_multi_tenant_app_name str: This is the name of the Snowflake client application created for your account.
azure_tenant_id str: (Default: ``) Specifies the ID for your Office 365 tenant that the allowed and blocked storage accounts belong to.
comment str: (Default: ``) Specifies a comment for the storage integration.
created_on str: Date and time when the storage integration was created.
describe_outputs Sequence[StorageIntegrationDescribeOutputArgs]: Outputs the result of DESCRIBE STORAGE INTEGRATION for the given storage integration.
enabled bool: (Default: true)
fully_qualified_name str: Fully qualified name of the resource. For more information, see object name resolution.
name str: String that specifies the identifier (i.e. name) for the integration; must be unique in your account.
storage_allowed_locations Sequence[str]: Explicitly limits external stages that use the integration to reference one or more storage locations.
storage_aws_external_id str: Optionally specifies an external ID that Snowflake uses to establish a trust relationship with AWS.
storage_aws_iam_user_arn str: The Snowflake user that will attempt to assume the AWS role.
storage_aws_object_acl str: "bucket-owner-full-control" Enables support for AWS access control lists (ACLs) to grant the bucket owner full control.
storage_aws_role_arn str: (Default: ``) Specifies the Amazon Resource Name (ARN) of the AWS identity and access management (IAM) role that grants privileges on the S3 bucket containing your data files.
storage_blocked_locations Sequence[str]: Explicitly prohibits external stages that use the integration from referencing one or more storage locations.
storage_gcp_service_account str: This is the name of the Snowflake Google Service Account created for your account.
storage_provider str: Specifies the storage provider for the integration. Valid options are: S3 | S3GOV | S3CHINA | GCS | AZURE
type str: (Default: EXTERNAL_STAGE) Specifies the type of the storage integration.
use_privatelink_endpoint str: (Default: fallback to Snowflake default - uses special value that cannot be set in the configuration manually (default)) Specifies whether to use outbound private connectivity to harden the security posture. Supported for AWS S3 and Azure storage providers. Available options are: "true" or "false". When the value is not set in the configuration the provider will put "default" there which means to use the Snowflake default for this value.

azureConsentUrl String: The consent URL that is used to create an Azure Snowflake service principle inside your tenant.
azureMultiTenantAppName String: This is the name of the Snowflake client application created for your account.
azureTenantId String: (Default: ``) Specifies the ID for your Office 365 tenant that the allowed and blocked storage accounts belong to.
comment String: (Default: ``) Specifies a comment for the storage integration.
createdOn String: Date and time when the storage integration was created.
describeOutputs List<Property Map>: Outputs the result of DESCRIBE STORAGE INTEGRATION for the given storage integration.
enabled Boolean: (Default: true)
fullyQualifiedName String: Fully qualified name of the resource. For more information, see object name resolution.
name String: String that specifies the identifier (i.e. name) for the integration; must be unique in your account.
storageAllowedLocations List<String>: Explicitly limits external stages that use the integration to reference one or more storage locations.
storageAwsExternalId String: Optionally specifies an external ID that Snowflake uses to establish a trust relationship with AWS.
storageAwsIamUserArn String: The Snowflake user that will attempt to assume the AWS role.
storageAwsObjectAcl String: "bucket-owner-full-control" Enables support for AWS access control lists (ACLs) to grant the bucket owner full control.
storageAwsRoleArn String: (Default: ``) Specifies the Amazon Resource Name (ARN) of the AWS identity and access management (IAM) role that grants privileges on the S3 bucket containing your data files.
storageBlockedLocations List<String>: Explicitly prohibits external stages that use the integration from referencing one or more storage locations.
storageGcpServiceAccount String: This is the name of the Snowflake Google Service Account created for your account.
storageProvider String: Specifies the storage provider for the integration. Valid options are: S3 | S3GOV | S3CHINA | GCS | AZURE
type String: (Default: EXTERNAL_STAGE) Specifies the type of the storage integration.
usePrivatelinkEndpoint String: (Default: fallback to Snowflake default - uses special value that cannot be set in the configuration manually (default)) Specifies whether to use outbound private connectivity to harden the security posture. Supported for AWS S3 and Azure storage providers. Available options are: "true" or "false". When the value is not set in the configuration the provider will put "default" there which means to use the Snowflake default for this value.

Supporting Types

StorageIntegrationDescribeOutput, StorageIntegrationDescribeOutputArgs

AzureConsentUrls List<StorageIntegrationDescribeOutputAzureConsentUrl>
AzureMultiTenantAppNames List<StorageIntegrationDescribeOutputAzureMultiTenantAppName>
Comments List<StorageIntegrationDescribeOutputComment>
Enableds List<StorageIntegrationDescribeOutputEnabled>
StorageAllowedLocations List<StorageIntegrationDescribeOutputStorageAllowedLocation>
StorageAwsExternalIds List<StorageIntegrationDescribeOutputStorageAwsExternalId>
StorageAwsIamUserArns List<StorageIntegrationDescribeOutputStorageAwsIamUserArn>
StorageAwsObjectAcls List<StorageIntegrationDescribeOutputStorageAwsObjectAcl>
StorageAwsRoleArns List<StorageIntegrationDescribeOutputStorageAwsRoleArn>
StorageBlockedLocations List<StorageIntegrationDescribeOutputStorageBlockedLocation>
StorageGcpServiceAccounts List<StorageIntegrationDescribeOutputStorageGcpServiceAccount>
StorageProviders List<StorageIntegrationDescribeOutputStorageProvider>
UsePrivatelinkEndpoints List<StorageIntegrationDescribeOutputUsePrivatelinkEndpoint>

AzureConsentUrls []StorageIntegrationDescribeOutputAzureConsentUrl
AzureMultiTenantAppNames []StorageIntegrationDescribeOutputAzureMultiTenantAppName
Comments []StorageIntegrationDescribeOutputComment
Enableds []StorageIntegrationDescribeOutputEnabled
StorageAllowedLocations []StorageIntegrationDescribeOutputStorageAllowedLocation
StorageAwsExternalIds []StorageIntegrationDescribeOutputStorageAwsExternalId
StorageAwsIamUserArns []StorageIntegrationDescribeOutputStorageAwsIamUserArn
StorageAwsObjectAcls []StorageIntegrationDescribeOutputStorageAwsObjectAcl
StorageAwsRoleArns []StorageIntegrationDescribeOutputStorageAwsRoleArn
StorageBlockedLocations []StorageIntegrationDescribeOutputStorageBlockedLocation
StorageGcpServiceAccounts []StorageIntegrationDescribeOutputStorageGcpServiceAccount
StorageProviders []StorageIntegrationDescribeOutputStorageProvider
UsePrivatelinkEndpoints []StorageIntegrationDescribeOutputUsePrivatelinkEndpoint

azureConsentUrls List<StorageIntegrationDescribeOutputAzureConsentUrl>
azureMultiTenantAppNames List<StorageIntegrationDescribeOutputAzureMultiTenantAppName>
comments List<StorageIntegrationDescribeOutputComment>
enableds List<StorageIntegrationDescribeOutputEnabled>
storageAllowedLocations List<StorageIntegrationDescribeOutputStorageAllowedLocation>
storageAwsExternalIds List<StorageIntegrationDescribeOutputStorageAwsExternalId>
storageAwsIamUserArns List<StorageIntegrationDescribeOutputStorageAwsIamUserArn>
storageAwsObjectAcls List<StorageIntegrationDescribeOutputStorageAwsObjectAcl>
storageAwsRoleArns List<StorageIntegrationDescribeOutputStorageAwsRoleArn>
storageBlockedLocations List<StorageIntegrationDescribeOutputStorageBlockedLocation>
storageGcpServiceAccounts List<StorageIntegrationDescribeOutputStorageGcpServiceAccount>
storageProviders List<StorageIntegrationDescribeOutputStorageProvider>
usePrivatelinkEndpoints List<StorageIntegrationDescribeOutputUsePrivatelinkEndpoint>

azureConsentUrls StorageIntegrationDescribeOutputAzureConsentUrl[]
azureMultiTenantAppNames StorageIntegrationDescribeOutputAzureMultiTenantAppName[]
comments StorageIntegrationDescribeOutputComment[]
enableds StorageIntegrationDescribeOutputEnabled[]
storageAllowedLocations StorageIntegrationDescribeOutputStorageAllowedLocation[]
storageAwsExternalIds StorageIntegrationDescribeOutputStorageAwsExternalId[]
storageAwsIamUserArns StorageIntegrationDescribeOutputStorageAwsIamUserArn[]
storageAwsObjectAcls StorageIntegrationDescribeOutputStorageAwsObjectAcl[]
storageAwsRoleArns StorageIntegrationDescribeOutputStorageAwsRoleArn[]
storageBlockedLocations StorageIntegrationDescribeOutputStorageBlockedLocation[]
storageGcpServiceAccounts StorageIntegrationDescribeOutputStorageGcpServiceAccount[]
storageProviders StorageIntegrationDescribeOutputStorageProvider[]
usePrivatelinkEndpoints StorageIntegrationDescribeOutputUsePrivatelinkEndpoint[]

azure_consent_urls Sequence[StorageIntegrationDescribeOutputAzureConsentUrl]
azure_multi_tenant_app_names Sequence[StorageIntegrationDescribeOutputAzureMultiTenantAppName]
comments Sequence[StorageIntegrationDescribeOutputComment]
enableds Sequence[StorageIntegrationDescribeOutputEnabled]
storage_allowed_locations Sequence[StorageIntegrationDescribeOutputStorageAllowedLocation]
storage_aws_external_ids Sequence[StorageIntegrationDescribeOutputStorageAwsExternalId]
storage_aws_iam_user_arns Sequence[StorageIntegrationDescribeOutputStorageAwsIamUserArn]
storage_aws_object_acls Sequence[StorageIntegrationDescribeOutputStorageAwsObjectAcl]
storage_aws_role_arns Sequence[StorageIntegrationDescribeOutputStorageAwsRoleArn]
storage_blocked_locations Sequence[StorageIntegrationDescribeOutputStorageBlockedLocation]
storage_gcp_service_accounts Sequence[StorageIntegrationDescribeOutputStorageGcpServiceAccount]
storage_providers Sequence[StorageIntegrationDescribeOutputStorageProvider]
use_privatelink_endpoints Sequence[StorageIntegrationDescribeOutputUsePrivatelinkEndpoint]

StorageIntegrationDescribeOutputAzureConsentUrl, StorageIntegrationDescribeOutputAzureConsentUrlArgs

Default string
Name string
Type string
Value string

Default string
Name string
Type string
Value string

default_ String
name String
type String
value String

default string
name string
type string
value string

default str
name str
type str
value str

default String
name String
type String
value String

StorageIntegrationDescribeOutputAzureMultiTenantAppName, StorageIntegrationDescribeOutputAzureMultiTenantAppNameArgs

Default string
Name string
Type string
Value string

Default string
Name string
Type string
Value string

default_ String
name String
type String
value String

default string
name string
type string
value string

default str
name str
type str
value str

default String
name String
type String
value String

StorageIntegrationDescribeOutputComment, StorageIntegrationDescribeOutputCommentArgs

Default string
Name string
Type string
Value string

Default string
Name string
Type string
Value string

default_ String
name String
type String
value String

default string
name string
type string
value string

default str
name str
type str
value str

default String
name String
type String
value String

StorageIntegrationDescribeOutputEnabled, StorageIntegrationDescribeOutputEnabledArgs

Default string
Name string
Type string
Value string

Default string
Name string
Type string
Value string

default_ String
name String
type String
value String

default string
name string
type string
value string

default str
name str
type str
value str

default String
name String
type String
value String

StorageIntegrationDescribeOutputStorageAllowedLocation, StorageIntegrationDescribeOutputStorageAllowedLocationArgs

Default string
Name string
Type string
Value string

Default string
Name string
Type string
Value string

default_ String
name String
type String
value String

default string
name string
type string
value string

default str
name str
type str
value str

default String
name String
type String
value String

StorageIntegrationDescribeOutputStorageAwsExternalId, StorageIntegrationDescribeOutputStorageAwsExternalIdArgs

Default string
Name string
Type string
Value string

Default string
Name string
Type string
Value string

default_ String
name String
type String
value String

default string
name string
type string
value string

default str
name str
type str
value str

default String
name String
type String
value String

StorageIntegrationDescribeOutputStorageAwsIamUserArn, StorageIntegrationDescribeOutputStorageAwsIamUserArnArgs

Default string
Name string
Type string
Value string

Default string
Name string
Type string
Value string

default_ String
name String
type String
value String

default string
name string
type string
value string

default str
name str
type str
value str

default String
name String
type String
value String

StorageIntegrationDescribeOutputStorageAwsObjectAcl, StorageIntegrationDescribeOutputStorageAwsObjectAclArgs

Default string
Name string
Type string
Value string

Default string
Name string
Type string
Value string

default_ String
name String
type String
value String

default string
name string
type string
value string

default str
name str
type str
value str

default String
name String
type String
value String

StorageIntegrationDescribeOutputStorageAwsRoleArn, StorageIntegrationDescribeOutputStorageAwsRoleArnArgs

Default string
Name string
Type string
Value string

Default string
Name string
Type string
Value string

default_ String
name String
type String
value String

default string
name string
type string
value string

default str
name str
type str
value str

default String
name String
type String
value String

StorageIntegrationDescribeOutputStorageBlockedLocation, StorageIntegrationDescribeOutputStorageBlockedLocationArgs

Default string
Name string
Type string
Value string

Default string
Name string
Type string
Value string

default_ String
name String
type String
value String

default string
name string
type string
value string

default str
name str
type str
value str

default String
name String
type String
value String

StorageIntegrationDescribeOutputStorageGcpServiceAccount, StorageIntegrationDescribeOutputStorageGcpServiceAccountArgs

Default string
Name string
Type string
Value string

Default string
Name string
Type string
Value string

default_ String
name String
type String
value String

default string
name string
type string
value string

default str
name str
type str
value str

default String
name String
type String
value String

StorageIntegrationDescribeOutputStorageProvider, StorageIntegrationDescribeOutputStorageProviderArgs

Default string
Name string
Type string
Value string

Default string
Name string
Type string
Value string

default_ String
name String
type String
value String

default string
name string
type string
value string

default str
name str
type str
value str

default String
name String
type String
value String

StorageIntegrationDescribeOutputUsePrivatelinkEndpoint, StorageIntegrationDescribeOutputUsePrivatelinkEndpointArgs

Default string
Name string
Type string
Value string

Default string
Name string
Type string
Value string

default_ String
name String
type String
value String

default string
name string
type string
value string

default str
name str
type str
value str

default String
name String
type String
value String

Package Details

Repository: Snowflake pulumi/pulumi-snowflake
License: Apache-2.0
Notes: This Pulumi package is based on the snowflake Terraform Provider.

Snowflake v2.8.0 published on Saturday, Oct 18, 2025 by Pulumi

pulumi/pulumi-snowflake

snowflake.StorageIntegration

On this page

On this page

Import

Create StorageIntegration Resource

Constructor syntax

Parameters

Constructor example

StorageIntegration Resource Properties

Inputs

Outputs

Look up Existing StorageIntegration Resource

Supporting Types

StorageIntegrationDescribeOutput, StorageIntegrationDescribeOutputArgs

StorageIntegrationDescribeOutputAzureConsentUrl, StorageIntegrationDescribeOutputAzureConsentUrlArgs

StorageIntegrationDescribeOutputAzureMultiTenantAppName, StorageIntegrationDescribeOutputAzureMultiTenantAppNameArgs

StorageIntegrationDescribeOutputComment, StorageIntegrationDescribeOutputCommentArgs

StorageIntegrationDescribeOutputEnabled, StorageIntegrationDescribeOutputEnabledArgs

StorageIntegrationDescribeOutputStorageAllowedLocation, StorageIntegrationDescribeOutputStorageAllowedLocationArgs

StorageIntegrationDescribeOutputStorageAwsExternalId, StorageIntegrationDescribeOutputStorageAwsExternalIdArgs

StorageIntegrationDescribeOutputStorageAwsIamUserArn, StorageIntegrationDescribeOutputStorageAwsIamUserArnArgs

StorageIntegrationDescribeOutputStorageAwsObjectAcl, StorageIntegrationDescribeOutputStorageAwsObjectAclArgs

StorageIntegrationDescribeOutputStorageAwsRoleArn, StorageIntegrationDescribeOutputStorageAwsRoleArnArgs

StorageIntegrationDescribeOutputStorageBlockedLocation, StorageIntegrationDescribeOutputStorageBlockedLocationArgs

StorageIntegrationDescribeOutputStorageGcpServiceAccount, StorageIntegrationDescribeOutputStorageGcpServiceAccountArgs

StorageIntegrationDescribeOutputStorageProvider, StorageIntegrationDescribeOutputStorageProviderArgs

StorageIntegrationDescribeOutputUsePrivatelinkEndpoint, StorageIntegrationDescribeOutputUsePrivatelinkEndpointArgs

Package Details

On this page

On this page