Viewing docs for Snowflake v2.13.1
published on Thursday, Mar 26, 2026 by Pulumi
published on Thursday, Mar 26, 2026 by Pulumi
Viewing docs for Snowflake v2.13.1
published on Thursday, Mar 26, 2026 by Pulumi
published on Thursday, Mar 26, 2026 by Pulumi
!> Caution: Preview Feature This feature is considered a preview feature in the provider, regardless of the state of the resource in Snowflake. We do not guarantee its stability. It will be reworked and marked as a stable feature in future releases. Breaking changes are expected, even without bumping the major version. To use this feature, add the relevant feature name to preview_features_enabled field in the provider configuration. Please always refer to the Getting Help section in our Github repo to best determine how to get help for your questions.
Note This resource manages storage integrations for AWS, Azure, and GCS storage providers. Make sure you use only fields that are supported for the storage provider you are using, as they are not validated by the provider. In the future, we are planning to implement separate resources for each storage provider.
Note Currently,
describe_outputfield is not used in all the relevant fields (onlystorage_aws_external_idis supported). This will be addressed during the resource rework.
Deprecation This resource is deprecated and will be removed in a future major version release. Please use one of the new resources instead:
snowflake.StorageIntegrationAws|snowflake.StorageIntegrationAzure|snowflake.StorageIntegrationGcs.
Create StorageIntegration Resource
Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.
Constructor syntax
new StorageIntegration(name: string, args: StorageIntegrationArgs, opts?: CustomResourceOptions);@overload
def StorageIntegration(resource_name: str,
args: StorageIntegrationArgs,
opts: Optional[ResourceOptions] = None)
@overload
def StorageIntegration(resource_name: str,
opts: Optional[ResourceOptions] = None,
storage_allowed_locations: Optional[Sequence[str]] = None,
storage_provider: Optional[str] = None,
azure_tenant_id: Optional[str] = None,
comment: Optional[str] = None,
enabled: Optional[bool] = None,
name: Optional[str] = None,
storage_aws_external_id: Optional[str] = None,
storage_aws_object_acl: Optional[str] = None,
storage_aws_role_arn: Optional[str] = None,
storage_blocked_locations: Optional[Sequence[str]] = None,
type: Optional[str] = None,
use_privatelink_endpoint: Optional[str] = None)func NewStorageIntegration(ctx *Context, name string, args StorageIntegrationArgs, opts ...ResourceOption) (*StorageIntegration, error)public StorageIntegration(string name, StorageIntegrationArgs args, CustomResourceOptions? opts = null)
public StorageIntegration(String name, StorageIntegrationArgs args)
public StorageIntegration(String name, StorageIntegrationArgs args, CustomResourceOptions options)
type: snowflake:StorageIntegration
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
Parameters
- name string
- The unique name of the resource.
- args StorageIntegrationArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args StorageIntegrationArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args StorageIntegrationArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args StorageIntegrationArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args StorageIntegrationArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
Constructor example
The following reference example uses placeholder values for all input properties.
var storageIntegrationResource = new Snowflake.StorageIntegration("storageIntegrationResource", new()
{
StorageAllowedLocations = new[]
{
"string",
},
StorageProvider = "string",
AzureTenantId = "string",
Comment = "string",
Enabled = false,
Name = "string",
StorageAwsExternalId = "string",
StorageAwsObjectAcl = "string",
StorageAwsRoleArn = "string",
StorageBlockedLocations = new[]
{
"string",
},
Type = "string",
UsePrivatelinkEndpoint = "string",
});
example, err := snowflake.NewStorageIntegration(ctx, "storageIntegrationResource", &snowflake.StorageIntegrationArgs{
StorageAllowedLocations: pulumi.StringArray{
pulumi.String("string"),
},
StorageProvider: pulumi.String("string"),
AzureTenantId: pulumi.String("string"),
Comment: pulumi.String("string"),
Enabled: pulumi.Bool(false),
Name: pulumi.String("string"),
StorageAwsExternalId: pulumi.String("string"),
StorageAwsObjectAcl: pulumi.String("string"),
StorageAwsRoleArn: pulumi.String("string"),
StorageBlockedLocations: pulumi.StringArray{
pulumi.String("string"),
},
Type: pulumi.String("string"),
UsePrivatelinkEndpoint: pulumi.String("string"),
})
var storageIntegrationResource = new StorageIntegration("storageIntegrationResource", StorageIntegrationArgs.builder()
.storageAllowedLocations("string")
.storageProvider("string")
.azureTenantId("string")
.comment("string")
.enabled(false)
.name("string")
.storageAwsExternalId("string")
.storageAwsObjectAcl("string")
.storageAwsRoleArn("string")
.storageBlockedLocations("string")
.type("string")
.usePrivatelinkEndpoint("string")
.build());
storage_integration_resource = snowflake.StorageIntegration("storageIntegrationResource",
storage_allowed_locations=["string"],
storage_provider="string",
azure_tenant_id="string",
comment="string",
enabled=False,
name="string",
storage_aws_external_id="string",
storage_aws_object_acl="string",
storage_aws_role_arn="string",
storage_blocked_locations=["string"],
type="string",
use_privatelink_endpoint="string")
const storageIntegrationResource = new snowflake.StorageIntegration("storageIntegrationResource", {
storageAllowedLocations: ["string"],
storageProvider: "string",
azureTenantId: "string",
comment: "string",
enabled: false,
name: "string",
storageAwsExternalId: "string",
storageAwsObjectAcl: "string",
storageAwsRoleArn: "string",
storageBlockedLocations: ["string"],
type: "string",
usePrivatelinkEndpoint: "string",
});
type: snowflake:StorageIntegration
properties:
azureTenantId: string
comment: string
enabled: false
name: string
storageAllowedLocations:
- string
storageAwsExternalId: string
storageAwsObjectAcl: string
storageAwsRoleArn: string
storageBlockedLocations:
- string
storageProvider: string
type: string
usePrivatelinkEndpoint: string
StorageIntegration Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.
The StorageIntegration resource accepts the following input properties:
- Storage
Allowed List<string>Locations - Explicitly limits external stages that use the integration to reference one or more storage locations.
- Storage
Provider string - Specifies the storage provider for the integration. Valid options are:
S3|S3GOV|S3CHINA|GCS|AZURE - Azure
Tenant stringId - (Default: ``) Specifies the ID for your Office 365 tenant that the allowed and blocked storage accounts belong to.
- Comment string
- (Default: ``) Specifies a comment for the storage integration.
- Enabled bool
- (Default:
true) - Name string
- String that specifies the identifier (i.e. name) for the integration; must be unique in your account.
- Storage
Aws stringExternal Id - Optionally specifies an external ID that Snowflake uses to establish a trust relationship with AWS.
- Storage
Aws stringObject Acl - "bucket-owner-full-control" Enables support for AWS access control lists (ACLs) to grant the bucket owner full control.
- Storage
Aws stringRole Arn - (Default: ``) Specifies the Amazon Resource Name (ARN) of the AWS identity and access management (IAM) role that grants privileges on the S3 bucket containing your data files.
- Storage
Blocked List<string>Locations - Explicitly prohibits external stages that use the integration from referencing one or more storage locations.
- Type string
- (Default:
EXTERNAL_STAGE) Specifies the type of the storage integration. - Use
Privatelink stringEndpoint - (Default: fallback to Snowflake default - uses special value that cannot be set in the configuration manually (
default)) Specifies whether to use outbound private connectivity to harden the security posture. Supported for AWS S3 and Azure storage providers. Available options are: "true" or "false". When the value is not set in the configuration the provider will put "default" there which means to use the Snowflake default for this value.
- Storage
Allowed []stringLocations - Explicitly limits external stages that use the integration to reference one or more storage locations.
- Storage
Provider string - Specifies the storage provider for the integration. Valid options are:
S3|S3GOV|S3CHINA|GCS|AZURE - Azure
Tenant stringId - (Default: ``) Specifies the ID for your Office 365 tenant that the allowed and blocked storage accounts belong to.
- Comment string
- (Default: ``) Specifies a comment for the storage integration.
- Enabled bool
- (Default:
true) - Name string
- String that specifies the identifier (i.e. name) for the integration; must be unique in your account.
- Storage
Aws stringExternal Id - Optionally specifies an external ID that Snowflake uses to establish a trust relationship with AWS.
- Storage
Aws stringObject Acl - "bucket-owner-full-control" Enables support for AWS access control lists (ACLs) to grant the bucket owner full control.
- Storage
Aws stringRole Arn - (Default: ``) Specifies the Amazon Resource Name (ARN) of the AWS identity and access management (IAM) role that grants privileges on the S3 bucket containing your data files.
- Storage
Blocked []stringLocations - Explicitly prohibits external stages that use the integration from referencing one or more storage locations.
- Type string
- (Default:
EXTERNAL_STAGE) Specifies the type of the storage integration. - Use
Privatelink stringEndpoint - (Default: fallback to Snowflake default - uses special value that cannot be set in the configuration manually (
default)) Specifies whether to use outbound private connectivity to harden the security posture. Supported for AWS S3 and Azure storage providers. Available options are: "true" or "false". When the value is not set in the configuration the provider will put "default" there which means to use the Snowflake default for this value.
- storage
Allowed List<String>Locations - Explicitly limits external stages that use the integration to reference one or more storage locations.
- storage
Provider String - Specifies the storage provider for the integration. Valid options are:
S3|S3GOV|S3CHINA|GCS|AZURE - azure
Tenant StringId - (Default: ``) Specifies the ID for your Office 365 tenant that the allowed and blocked storage accounts belong to.
- comment String
- (Default: ``) Specifies a comment for the storage integration.
- enabled Boolean
- (Default:
true) - name String
- String that specifies the identifier (i.e. name) for the integration; must be unique in your account.
- storage
Aws StringExternal Id - Optionally specifies an external ID that Snowflake uses to establish a trust relationship with AWS.
- storage
Aws StringObject Acl - "bucket-owner-full-control" Enables support for AWS access control lists (ACLs) to grant the bucket owner full control.
- storage
Aws StringRole Arn - (Default: ``) Specifies the Amazon Resource Name (ARN) of the AWS identity and access management (IAM) role that grants privileges on the S3 bucket containing your data files.
- storage
Blocked List<String>Locations - Explicitly prohibits external stages that use the integration from referencing one or more storage locations.
- type String
- (Default:
EXTERNAL_STAGE) Specifies the type of the storage integration. - use
Privatelink StringEndpoint - (Default: fallback to Snowflake default - uses special value that cannot be set in the configuration manually (
default)) Specifies whether to use outbound private connectivity to harden the security posture. Supported for AWS S3 and Azure storage providers. Available options are: "true" or "false". When the value is not set in the configuration the provider will put "default" there which means to use the Snowflake default for this value.
- storage
Allowed string[]Locations - Explicitly limits external stages that use the integration to reference one or more storage locations.
- storage
Provider string - Specifies the storage provider for the integration. Valid options are:
S3|S3GOV|S3CHINA|GCS|AZURE - azure
Tenant stringId - (Default: ``) Specifies the ID for your Office 365 tenant that the allowed and blocked storage accounts belong to.
- comment string
- (Default: ``) Specifies a comment for the storage integration.
- enabled boolean
- (Default:
true) - name string
- String that specifies the identifier (i.e. name) for the integration; must be unique in your account.
- storage
Aws stringExternal Id - Optionally specifies an external ID that Snowflake uses to establish a trust relationship with AWS.
- storage
Aws stringObject Acl - "bucket-owner-full-control" Enables support for AWS access control lists (ACLs) to grant the bucket owner full control.
- storage
Aws stringRole Arn - (Default: ``) Specifies the Amazon Resource Name (ARN) of the AWS identity and access management (IAM) role that grants privileges on the S3 bucket containing your data files.
- storage
Blocked string[]Locations - Explicitly prohibits external stages that use the integration from referencing one or more storage locations.
- type string
- (Default:
EXTERNAL_STAGE) Specifies the type of the storage integration. - use
Privatelink stringEndpoint - (Default: fallback to Snowflake default - uses special value that cannot be set in the configuration manually (
default)) Specifies whether to use outbound private connectivity to harden the security posture. Supported for AWS S3 and Azure storage providers. Available options are: "true" or "false". When the value is not set in the configuration the provider will put "default" there which means to use the Snowflake default for this value.
- storage_
allowed_ Sequence[str]locations - Explicitly limits external stages that use the integration to reference one or more storage locations.
- storage_
provider str - Specifies the storage provider for the integration. Valid options are:
S3|S3GOV|S3CHINA|GCS|AZURE - azure_
tenant_ strid - (Default: ``) Specifies the ID for your Office 365 tenant that the allowed and blocked storage accounts belong to.
- comment str
- (Default: ``) Specifies a comment for the storage integration.
- enabled bool
- (Default:
true) - name str
- String that specifies the identifier (i.e. name) for the integration; must be unique in your account.
- storage_
aws_ strexternal_ id - Optionally specifies an external ID that Snowflake uses to establish a trust relationship with AWS.
- storage_
aws_ strobject_ acl - "bucket-owner-full-control" Enables support for AWS access control lists (ACLs) to grant the bucket owner full control.
- storage_
aws_ strrole_ arn - (Default: ``) Specifies the Amazon Resource Name (ARN) of the AWS identity and access management (IAM) role that grants privileges on the S3 bucket containing your data files.
- storage_
blocked_ Sequence[str]locations - Explicitly prohibits external stages that use the integration from referencing one or more storage locations.
- type str
- (Default:
EXTERNAL_STAGE) Specifies the type of the storage integration. - use_
privatelink_ strendpoint - (Default: fallback to Snowflake default - uses special value that cannot be set in the configuration manually (
default)) Specifies whether to use outbound private connectivity to harden the security posture. Supported for AWS S3 and Azure storage providers. Available options are: "true" or "false". When the value is not set in the configuration the provider will put "default" there which means to use the Snowflake default for this value.
- storage
Allowed List<String>Locations - Explicitly limits external stages that use the integration to reference one or more storage locations.
- storage
Provider String - Specifies the storage provider for the integration. Valid options are:
S3|S3GOV|S3CHINA|GCS|AZURE - azure
Tenant StringId - (Default: ``) Specifies the ID for your Office 365 tenant that the allowed and blocked storage accounts belong to.
- comment String
- (Default: ``) Specifies a comment for the storage integration.
- enabled Boolean
- (Default:
true) - name String
- String that specifies the identifier (i.e. name) for the integration; must be unique in your account.
- storage
Aws StringExternal Id - Optionally specifies an external ID that Snowflake uses to establish a trust relationship with AWS.
- storage
Aws StringObject Acl - "bucket-owner-full-control" Enables support for AWS access control lists (ACLs) to grant the bucket owner full control.
- storage
Aws StringRole Arn - (Default: ``) Specifies the Amazon Resource Name (ARN) of the AWS identity and access management (IAM) role that grants privileges on the S3 bucket containing your data files.
- storage
Blocked List<String>Locations - Explicitly prohibits external stages that use the integration from referencing one or more storage locations.
- type String
- (Default:
EXTERNAL_STAGE) Specifies the type of the storage integration. - use
Privatelink StringEndpoint - (Default: fallback to Snowflake default - uses special value that cannot be set in the configuration manually (
default)) Specifies whether to use outbound private connectivity to harden the security posture. Supported for AWS S3 and Azure storage providers. Available options are: "true" or "false". When the value is not set in the configuration the provider will put "default" there which means to use the Snowflake default for this value.
Outputs
All input properties are implicitly available as output properties. Additionally, the StorageIntegration resource produces the following output properties:
- Azure
Consent stringUrl - The consent URL that is used to create an Azure Snowflake service principle inside your tenant.
- Azure
Multi stringTenant App Name - This is the name of the Snowflake client application created for your account.
- Created
On string - Date and time when the storage integration was created.
- Describe
Outputs List<StorageIntegration Describe Output> - Outputs the result of
DESCRIBE STORAGE INTEGRATIONfor the given storage integration. - Fully
Qualified stringName - Fully qualified name of the resource. For more information, see object name resolution.
- Id string
- The provider-assigned unique ID for this managed resource.
- Storage
Aws stringIam User Arn - The Snowflake user that will attempt to assume the AWS role.
- Storage
Gcp stringService Account - This is the name of the Snowflake Google Service Account created for your account.
- Azure
Consent stringUrl - The consent URL that is used to create an Azure Snowflake service principle inside your tenant.
- Azure
Multi stringTenant App Name - This is the name of the Snowflake client application created for your account.
- Created
On string - Date and time when the storage integration was created.
- Describe
Outputs []StorageIntegration Describe Output - Outputs the result of
DESCRIBE STORAGE INTEGRATIONfor the given storage integration. - Fully
Qualified stringName - Fully qualified name of the resource. For more information, see object name resolution.
- Id string
- The provider-assigned unique ID for this managed resource.
- Storage
Aws stringIam User Arn - The Snowflake user that will attempt to assume the AWS role.
- Storage
Gcp stringService Account - This is the name of the Snowflake Google Service Account created for your account.
- azure
Consent StringUrl - The consent URL that is used to create an Azure Snowflake service principle inside your tenant.
- azure
Multi StringTenant App Name - This is the name of the Snowflake client application created for your account.
- created
On String - Date and time when the storage integration was created.
- describe
Outputs List<StorageIntegration Describe Output> - Outputs the result of
DESCRIBE STORAGE INTEGRATIONfor the given storage integration. - fully
Qualified StringName - Fully qualified name of the resource. For more information, see object name resolution.
- id String
- The provider-assigned unique ID for this managed resource.
- storage
Aws StringIam User Arn - The Snowflake user that will attempt to assume the AWS role.
- storage
Gcp StringService Account - This is the name of the Snowflake Google Service Account created for your account.
- azure
Consent stringUrl - The consent URL that is used to create an Azure Snowflake service principle inside your tenant.
- azure
Multi stringTenant App Name - This is the name of the Snowflake client application created for your account.
- created
On string - Date and time when the storage integration was created.
- describe
Outputs StorageIntegration Describe Output[] - Outputs the result of
DESCRIBE STORAGE INTEGRATIONfor the given storage integration. - fully
Qualified stringName - Fully qualified name of the resource. For more information, see object name resolution.
- id string
- The provider-assigned unique ID for this managed resource.
- storage
Aws stringIam User Arn - The Snowflake user that will attempt to assume the AWS role.
- storage
Gcp stringService Account - This is the name of the Snowflake Google Service Account created for your account.
- azure_
consent_ strurl - The consent URL that is used to create an Azure Snowflake service principle inside your tenant.
- azure_
multi_ strtenant_ app_ name - This is the name of the Snowflake client application created for your account.
- created_
on str - Date and time when the storage integration was created.
- describe_
outputs Sequence[StorageIntegration Describe Output] - Outputs the result of
DESCRIBE STORAGE INTEGRATIONfor the given storage integration. - fully_
qualified_ strname - Fully qualified name of the resource. For more information, see object name resolution.
- id str
- The provider-assigned unique ID for this managed resource.
- storage_
aws_ striam_ user_ arn - The Snowflake user that will attempt to assume the AWS role.
- storage_
gcp_ strservice_ account - This is the name of the Snowflake Google Service Account created for your account.
- azure
Consent StringUrl - The consent URL that is used to create an Azure Snowflake service principle inside your tenant.
- azure
Multi StringTenant App Name - This is the name of the Snowflake client application created for your account.
- created
On String - Date and time when the storage integration was created.
- describe
Outputs List<Property Map> - Outputs the result of
DESCRIBE STORAGE INTEGRATIONfor the given storage integration. - fully
Qualified StringName - Fully qualified name of the resource. For more information, see object name resolution.
- id String
- The provider-assigned unique ID for this managed resource.
- storage
Aws StringIam User Arn - The Snowflake user that will attempt to assume the AWS role.
- storage
Gcp StringService Account - This is the name of the Snowflake Google Service Account created for your account.
Look up Existing StorageIntegration Resource
Get an existing StorageIntegration resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
public static get(name: string, id: Input<ID>, state?: StorageIntegrationState, opts?: CustomResourceOptions): StorageIntegration@staticmethod
def get(resource_name: str,
id: str,
opts: Optional[ResourceOptions] = None,
azure_consent_url: Optional[str] = None,
azure_multi_tenant_app_name: Optional[str] = None,
azure_tenant_id: Optional[str] = None,
comment: Optional[str] = None,
created_on: Optional[str] = None,
describe_outputs: Optional[Sequence[StorageIntegrationDescribeOutputArgs]] = None,
enabled: Optional[bool] = None,
fully_qualified_name: Optional[str] = None,
name: Optional[str] = None,
storage_allowed_locations: Optional[Sequence[str]] = None,
storage_aws_external_id: Optional[str] = None,
storage_aws_iam_user_arn: Optional[str] = None,
storage_aws_object_acl: Optional[str] = None,
storage_aws_role_arn: Optional[str] = None,
storage_blocked_locations: Optional[Sequence[str]] = None,
storage_gcp_service_account: Optional[str] = None,
storage_provider: Optional[str] = None,
type: Optional[str] = None,
use_privatelink_endpoint: Optional[str] = None) -> StorageIntegrationfunc GetStorageIntegration(ctx *Context, name string, id IDInput, state *StorageIntegrationState, opts ...ResourceOption) (*StorageIntegration, error)public static StorageIntegration Get(string name, Input<string> id, StorageIntegrationState? state, CustomResourceOptions? opts = null)public static StorageIntegration get(String name, Output<String> id, StorageIntegrationState state, CustomResourceOptions options)resources: _: type: snowflake:StorageIntegration get: id: ${id}- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- resource_name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- Azure
Consent stringUrl - The consent URL that is used to create an Azure Snowflake service principle inside your tenant.
- Azure
Multi stringTenant App Name - This is the name of the Snowflake client application created for your account.
- Azure
Tenant stringId - (Default: ``) Specifies the ID for your Office 365 tenant that the allowed and blocked storage accounts belong to.
- Comment string
- (Default: ``) Specifies a comment for the storage integration.
- Created
On string - Date and time when the storage integration was created.
- Describe
Outputs List<StorageIntegration Describe Output> - Outputs the result of
DESCRIBE STORAGE INTEGRATIONfor the given storage integration. - Enabled bool
- (Default:
true) - Fully
Qualified stringName - Fully qualified name of the resource. For more information, see object name resolution.
- Name string
- String that specifies the identifier (i.e. name) for the integration; must be unique in your account.
- Storage
Allowed List<string>Locations - Explicitly limits external stages that use the integration to reference one or more storage locations.
- Storage
Aws stringExternal Id - Optionally specifies an external ID that Snowflake uses to establish a trust relationship with AWS.
- Storage
Aws stringIam User Arn - The Snowflake user that will attempt to assume the AWS role.
- Storage
Aws stringObject Acl - "bucket-owner-full-control" Enables support for AWS access control lists (ACLs) to grant the bucket owner full control.
- Storage
Aws stringRole Arn - (Default: ``) Specifies the Amazon Resource Name (ARN) of the AWS identity and access management (IAM) role that grants privileges on the S3 bucket containing your data files.
- Storage
Blocked List<string>Locations - Explicitly prohibits external stages that use the integration from referencing one or more storage locations.
- Storage
Gcp stringService Account - This is the name of the Snowflake Google Service Account created for your account.
- Storage
Provider string - Specifies the storage provider for the integration. Valid options are:
S3|S3GOV|S3CHINA|GCS|AZURE - Type string
- (Default:
EXTERNAL_STAGE) Specifies the type of the storage integration. - Use
Privatelink stringEndpoint - (Default: fallback to Snowflake default - uses special value that cannot be set in the configuration manually (
default)) Specifies whether to use outbound private connectivity to harden the security posture. Supported for AWS S3 and Azure storage providers. Available options are: "true" or "false". When the value is not set in the configuration the provider will put "default" there which means to use the Snowflake default for this value.
- Azure
Consent stringUrl - The consent URL that is used to create an Azure Snowflake service principle inside your tenant.
- Azure
Multi stringTenant App Name - This is the name of the Snowflake client application created for your account.
- Azure
Tenant stringId - (Default: ``) Specifies the ID for your Office 365 tenant that the allowed and blocked storage accounts belong to.
- Comment string
- (Default: ``) Specifies a comment for the storage integration.
- Created
On string - Date and time when the storage integration was created.
- Describe
Outputs []StorageIntegration Describe Output Args - Outputs the result of
DESCRIBE STORAGE INTEGRATIONfor the given storage integration. - Enabled bool
- (Default:
true) - Fully
Qualified stringName - Fully qualified name of the resource. For more information, see object name resolution.
- Name string
- String that specifies the identifier (i.e. name) for the integration; must be unique in your account.
- Storage
Allowed []stringLocations - Explicitly limits external stages that use the integration to reference one or more storage locations.
- Storage
Aws stringExternal Id - Optionally specifies an external ID that Snowflake uses to establish a trust relationship with AWS.
- Storage
Aws stringIam User Arn - The Snowflake user that will attempt to assume the AWS role.
- Storage
Aws stringObject Acl - "bucket-owner-full-control" Enables support for AWS access control lists (ACLs) to grant the bucket owner full control.
- Storage
Aws stringRole Arn - (Default: ``) Specifies the Amazon Resource Name (ARN) of the AWS identity and access management (IAM) role that grants privileges on the S3 bucket containing your data files.
- Storage
Blocked []stringLocations - Explicitly prohibits external stages that use the integration from referencing one or more storage locations.
- Storage
Gcp stringService Account - This is the name of the Snowflake Google Service Account created for your account.
- Storage
Provider string - Specifies the storage provider for the integration. Valid options are:
S3|S3GOV|S3CHINA|GCS|AZURE - Type string
- (Default:
EXTERNAL_STAGE) Specifies the type of the storage integration. - Use
Privatelink stringEndpoint - (Default: fallback to Snowflake default - uses special value that cannot be set in the configuration manually (
default)) Specifies whether to use outbound private connectivity to harden the security posture. Supported for AWS S3 and Azure storage providers. Available options are: "true" or "false". When the value is not set in the configuration the provider will put "default" there which means to use the Snowflake default for this value.
- azure
Consent StringUrl - The consent URL that is used to create an Azure Snowflake service principle inside your tenant.
- azure
Multi StringTenant App Name - This is the name of the Snowflake client application created for your account.
- azure
Tenant StringId - (Default: ``) Specifies the ID for your Office 365 tenant that the allowed and blocked storage accounts belong to.
- comment String
- (Default: ``) Specifies a comment for the storage integration.
- created
On String - Date and time when the storage integration was created.
- describe
Outputs List<StorageIntegration Describe Output> - Outputs the result of
DESCRIBE STORAGE INTEGRATIONfor the given storage integration. - enabled Boolean
- (Default:
true) - fully
Qualified StringName - Fully qualified name of the resource. For more information, see object name resolution.
- name String
- String that specifies the identifier (i.e. name) for the integration; must be unique in your account.
- storage
Allowed List<String>Locations - Explicitly limits external stages that use the integration to reference one or more storage locations.
- storage
Aws StringExternal Id - Optionally specifies an external ID that Snowflake uses to establish a trust relationship with AWS.
- storage
Aws StringIam User Arn - The Snowflake user that will attempt to assume the AWS role.
- storage
Aws StringObject Acl - "bucket-owner-full-control" Enables support for AWS access control lists (ACLs) to grant the bucket owner full control.
- storage
Aws StringRole Arn - (Default: ``) Specifies the Amazon Resource Name (ARN) of the AWS identity and access management (IAM) role that grants privileges on the S3 bucket containing your data files.
- storage
Blocked List<String>Locations - Explicitly prohibits external stages that use the integration from referencing one or more storage locations.
- storage
Gcp StringService Account - This is the name of the Snowflake Google Service Account created for your account.
- storage
Provider String - Specifies the storage provider for the integration. Valid options are:
S3|S3GOV|S3CHINA|GCS|AZURE - type String
- (Default:
EXTERNAL_STAGE) Specifies the type of the storage integration. - use
Privatelink StringEndpoint - (Default: fallback to Snowflake default - uses special value that cannot be set in the configuration manually (
default)) Specifies whether to use outbound private connectivity to harden the security posture. Supported for AWS S3 and Azure storage providers. Available options are: "true" or "false". When the value is not set in the configuration the provider will put "default" there which means to use the Snowflake default for this value.
- azure
Consent stringUrl - The consent URL that is used to create an Azure Snowflake service principle inside your tenant.
- azure
Multi stringTenant App Name - This is the name of the Snowflake client application created for your account.
- azure
Tenant stringId - (Default: ``) Specifies the ID for your Office 365 tenant that the allowed and blocked storage accounts belong to.
- comment string
- (Default: ``) Specifies a comment for the storage integration.
- created
On string - Date and time when the storage integration was created.
- describe
Outputs StorageIntegration Describe Output[] - Outputs the result of
DESCRIBE STORAGE INTEGRATIONfor the given storage integration. - enabled boolean
- (Default:
true) - fully
Qualified stringName - Fully qualified name of the resource. For more information, see object name resolution.
- name string
- String that specifies the identifier (i.e. name) for the integration; must be unique in your account.
- storage
Allowed string[]Locations - Explicitly limits external stages that use the integration to reference one or more storage locations.
- storage
Aws stringExternal Id - Optionally specifies an external ID that Snowflake uses to establish a trust relationship with AWS.
- storage
Aws stringIam User Arn - The Snowflake user that will attempt to assume the AWS role.
- storage
Aws stringObject Acl - "bucket-owner-full-control" Enables support for AWS access control lists (ACLs) to grant the bucket owner full control.
- storage
Aws stringRole Arn - (Default: ``) Specifies the Amazon Resource Name (ARN) of the AWS identity and access management (IAM) role that grants privileges on the S3 bucket containing your data files.
- storage
Blocked string[]Locations - Explicitly prohibits external stages that use the integration from referencing one or more storage locations.
- storage
Gcp stringService Account - This is the name of the Snowflake Google Service Account created for your account.
- storage
Provider string - Specifies the storage provider for the integration. Valid options are:
S3|S3GOV|S3CHINA|GCS|AZURE - type string
- (Default:
EXTERNAL_STAGE) Specifies the type of the storage integration. - use
Privatelink stringEndpoint - (Default: fallback to Snowflake default - uses special value that cannot be set in the configuration manually (
default)) Specifies whether to use outbound private connectivity to harden the security posture. Supported for AWS S3 and Azure storage providers. Available options are: "true" or "false". When the value is not set in the configuration the provider will put "default" there which means to use the Snowflake default for this value.
- azure_
consent_ strurl - The consent URL that is used to create an Azure Snowflake service principle inside your tenant.
- azure_
multi_ strtenant_ app_ name - This is the name of the Snowflake client application created for your account.
- azure_
tenant_ strid - (Default: ``) Specifies the ID for your Office 365 tenant that the allowed and blocked storage accounts belong to.
- comment str
- (Default: ``) Specifies a comment for the storage integration.
- created_
on str - Date and time when the storage integration was created.
- describe_
outputs Sequence[StorageIntegration Describe Output Args] - Outputs the result of
DESCRIBE STORAGE INTEGRATIONfor the given storage integration. - enabled bool
- (Default:
true) - fully_
qualified_ strname - Fully qualified name of the resource. For more information, see object name resolution.
- name str
- String that specifies the identifier (i.e. name) for the integration; must be unique in your account.
- storage_
allowed_ Sequence[str]locations - Explicitly limits external stages that use the integration to reference one or more storage locations.
- storage_
aws_ strexternal_ id - Optionally specifies an external ID that Snowflake uses to establish a trust relationship with AWS.
- storage_
aws_ striam_ user_ arn - The Snowflake user that will attempt to assume the AWS role.
- storage_
aws_ strobject_ acl - "bucket-owner-full-control" Enables support for AWS access control lists (ACLs) to grant the bucket owner full control.
- storage_
aws_ strrole_ arn - (Default: ``) Specifies the Amazon Resource Name (ARN) of the AWS identity and access management (IAM) role that grants privileges on the S3 bucket containing your data files.
- storage_
blocked_ Sequence[str]locations - Explicitly prohibits external stages that use the integration from referencing one or more storage locations.
- storage_
gcp_ strservice_ account - This is the name of the Snowflake Google Service Account created for your account.
- storage_
provider str - Specifies the storage provider for the integration. Valid options are:
S3|S3GOV|S3CHINA|GCS|AZURE - type str
- (Default:
EXTERNAL_STAGE) Specifies the type of the storage integration. - use_
privatelink_ strendpoint - (Default: fallback to Snowflake default - uses special value that cannot be set in the configuration manually (
default)) Specifies whether to use outbound private connectivity to harden the security posture. Supported for AWS S3 and Azure storage providers. Available options are: "true" or "false". When the value is not set in the configuration the provider will put "default" there which means to use the Snowflake default for this value.
- azure
Consent StringUrl - The consent URL that is used to create an Azure Snowflake service principle inside your tenant.
- azure
Multi StringTenant App Name - This is the name of the Snowflake client application created for your account.
- azure
Tenant StringId - (Default: ``) Specifies the ID for your Office 365 tenant that the allowed and blocked storage accounts belong to.
- comment String
- (Default: ``) Specifies a comment for the storage integration.
- created
On String - Date and time when the storage integration was created.
- describe
Outputs List<Property Map> - Outputs the result of
DESCRIBE STORAGE INTEGRATIONfor the given storage integration. - enabled Boolean
- (Default:
true) - fully
Qualified StringName - Fully qualified name of the resource. For more information, see object name resolution.
- name String
- String that specifies the identifier (i.e. name) for the integration; must be unique in your account.
- storage
Allowed List<String>Locations - Explicitly limits external stages that use the integration to reference one or more storage locations.
- storage
Aws StringExternal Id - Optionally specifies an external ID that Snowflake uses to establish a trust relationship with AWS.
- storage
Aws StringIam User Arn - The Snowflake user that will attempt to assume the AWS role.
- storage
Aws StringObject Acl - "bucket-owner-full-control" Enables support for AWS access control lists (ACLs) to grant the bucket owner full control.
- storage
Aws StringRole Arn - (Default: ``) Specifies the Amazon Resource Name (ARN) of the AWS identity and access management (IAM) role that grants privileges on the S3 bucket containing your data files.
- storage
Blocked List<String>Locations - Explicitly prohibits external stages that use the integration from referencing one or more storage locations.
- storage
Gcp StringService Account - This is the name of the Snowflake Google Service Account created for your account.
- storage
Provider String - Specifies the storage provider for the integration. Valid options are:
S3|S3GOV|S3CHINA|GCS|AZURE - type String
- (Default:
EXTERNAL_STAGE) Specifies the type of the storage integration. - use
Privatelink StringEndpoint - (Default: fallback to Snowflake default - uses special value that cannot be set in the configuration manually (
default)) Specifies whether to use outbound private connectivity to harden the security posture. Supported for AWS S3 and Azure storage providers. Available options are: "true" or "false". When the value is not set in the configuration the provider will put "default" there which means to use the Snowflake default for this value.
Supporting Types
StorageIntegrationDescribeOutput, StorageIntegrationDescribeOutputArgs
- Azure
Consent List<StorageUrls Integration Describe Output Azure Consent Url> - Azure
Multi List<StorageTenant App Names Integration Describe Output Azure Multi Tenant App Name> - Comments
List<Storage
Integration Describe Output Comment> - Enableds
List<Storage
Integration Describe Output Enabled> - Storage
Allowed List<StorageLocations Integration Describe Output Storage Allowed Location> - Storage
Aws List<StorageExternal Ids Integration Describe Output Storage Aws External Id> - Storage
Aws List<StorageIam User Arns Integration Describe Output Storage Aws Iam User Arn> - Storage
Aws List<StorageObject Acls Integration Describe Output Storage Aws Object Acl> - Storage
Aws List<StorageRole Arns Integration Describe Output Storage Aws Role Arn> - Storage
Blocked List<StorageLocations Integration Describe Output Storage Blocked Location> - Storage
Gcp List<StorageService Accounts Integration Describe Output Storage Gcp Service Account> - Storage
Providers List<StorageIntegration Describe Output Storage Provider> - Use
Privatelink List<StorageEndpoints Integration Describe Output Use Privatelink Endpoint>
- Azure
Consent []StorageUrls Integration Describe Output Azure Consent Url - Azure
Multi []StorageTenant App Names Integration Describe Output Azure Multi Tenant App Name - Comments
[]Storage
Integration Describe Output Comment - Enableds
[]Storage
Integration Describe Output Enabled - Storage
Allowed []StorageLocations Integration Describe Output Storage Allowed Location - Storage
Aws []StorageExternal Ids Integration Describe Output Storage Aws External Id - Storage
Aws []StorageIam User Arns Integration Describe Output Storage Aws Iam User Arn - Storage
Aws []StorageObject Acls Integration Describe Output Storage Aws Object Acl - Storage
Aws []StorageRole Arns Integration Describe Output Storage Aws Role Arn - Storage
Blocked []StorageLocations Integration Describe Output Storage Blocked Location - Storage
Gcp []StorageService Accounts Integration Describe Output Storage Gcp Service Account - Storage
Providers []StorageIntegration Describe Output Storage Provider - Use
Privatelink []StorageEndpoints Integration Describe Output Use Privatelink Endpoint
- azure
Consent List<StorageUrls Integration Describe Output Azure Consent Url> - azure
Multi List<StorageTenant App Names Integration Describe Output Azure Multi Tenant App Name> - comments
List<Storage
Integration Describe Output Comment> - enableds
List<Storage
Integration Describe Output Enabled> - storage
Allowed List<StorageLocations Integration Describe Output Storage Allowed Location> - storage
Aws List<StorageExternal Ids Integration Describe Output Storage Aws External Id> - storage
Aws List<StorageIam User Arns Integration Describe Output Storage Aws Iam User Arn> - storage
Aws List<StorageObject Acls Integration Describe Output Storage Aws Object Acl> - storage
Aws List<StorageRole Arns Integration Describe Output Storage Aws Role Arn> - storage
Blocked List<StorageLocations Integration Describe Output Storage Blocked Location> - storage
Gcp List<StorageService Accounts Integration Describe Output Storage Gcp Service Account> - storage
Providers List<StorageIntegration Describe Output Storage Provider> - use
Privatelink List<StorageEndpoints Integration Describe Output Use Privatelink Endpoint>
- azure
Consent StorageUrls Integration Describe Output Azure Consent Url[] - azure
Multi StorageTenant App Names Integration Describe Output Azure Multi Tenant App Name[] - comments
Storage
Integration Describe Output Comment[] - enableds
Storage
Integration Describe Output Enabled[] - storage
Allowed StorageLocations Integration Describe Output Storage Allowed Location[] - storage
Aws StorageExternal Ids Integration Describe Output Storage Aws External Id[] - storage
Aws StorageIam User Arns Integration Describe Output Storage Aws Iam User Arn[] - storage
Aws StorageObject Acls Integration Describe Output Storage Aws Object Acl[] - storage
Aws StorageRole Arns Integration Describe Output Storage Aws Role Arn[] - storage
Blocked StorageLocations Integration Describe Output Storage Blocked Location[] - storage
Gcp StorageService Accounts Integration Describe Output Storage Gcp Service Account[] - storage
Providers StorageIntegration Describe Output Storage Provider[] - use
Privatelink StorageEndpoints Integration Describe Output Use Privatelink Endpoint[]
- azure_
consent_ Sequence[Storageurls Integration Describe Output Azure Consent Url] - azure_
multi_ Sequence[Storagetenant_ app_ names Integration Describe Output Azure Multi Tenant App Name] - comments
Sequence[Storage
Integration Describe Output Comment] - enableds
Sequence[Storage
Integration Describe Output Enabled] - storage_
allowed_ Sequence[Storagelocations Integration Describe Output Storage Allowed Location] - storage_
aws_ Sequence[Storageexternal_ ids Integration Describe Output Storage Aws External Id] - storage_
aws_ Sequence[Storageiam_ user_ arns Integration Describe Output Storage Aws Iam User Arn] - storage_
aws_ Sequence[Storageobject_ acls Integration Describe Output Storage Aws Object Acl] - storage_
aws_ Sequence[Storagerole_ arns Integration Describe Output Storage Aws Role Arn] - storage_
blocked_ Sequence[Storagelocations Integration Describe Output Storage Blocked Location] - storage_
gcp_ Sequence[Storageservice_ accounts Integration Describe Output Storage Gcp Service Account] - storage_
providers Sequence[StorageIntegration Describe Output Storage Provider] - use_
privatelink_ Sequence[Storageendpoints Integration Describe Output Use Privatelink Endpoint]
- azure
Consent List<Property Map>Urls - azure
Multi List<Property Map>Tenant App Names - comments List<Property Map>
- enableds List<Property Map>
- storage
Allowed List<Property Map>Locations - storage
Aws List<Property Map>External Ids - storage
Aws List<Property Map>Iam User Arns - storage
Aws List<Property Map>Object Acls - storage
Aws List<Property Map>Role Arns - storage
Blocked List<Property Map>Locations - storage
Gcp List<Property Map>Service Accounts - storage
Providers List<Property Map> - use
Privatelink List<Property Map>Endpoints
StorageIntegrationDescribeOutputAzureConsentUrl, StorageIntegrationDescribeOutputAzureConsentUrlArgs
StorageIntegrationDescribeOutputAzureMultiTenantAppName, StorageIntegrationDescribeOutputAzureMultiTenantAppNameArgs
StorageIntegrationDescribeOutputComment, StorageIntegrationDescribeOutputCommentArgs
StorageIntegrationDescribeOutputEnabled, StorageIntegrationDescribeOutputEnabledArgs
StorageIntegrationDescribeOutputStorageAllowedLocation, StorageIntegrationDescribeOutputStorageAllowedLocationArgs
StorageIntegrationDescribeOutputStorageAwsExternalId, StorageIntegrationDescribeOutputStorageAwsExternalIdArgs
StorageIntegrationDescribeOutputStorageAwsIamUserArn, StorageIntegrationDescribeOutputStorageAwsIamUserArnArgs
StorageIntegrationDescribeOutputStorageAwsObjectAcl, StorageIntegrationDescribeOutputStorageAwsObjectAclArgs
StorageIntegrationDescribeOutputStorageAwsRoleArn, StorageIntegrationDescribeOutputStorageAwsRoleArnArgs
StorageIntegrationDescribeOutputStorageBlockedLocation, StorageIntegrationDescribeOutputStorageBlockedLocationArgs
StorageIntegrationDescribeOutputStorageGcpServiceAccount, StorageIntegrationDescribeOutputStorageGcpServiceAccountArgs
StorageIntegrationDescribeOutputStorageProvider, StorageIntegrationDescribeOutputStorageProviderArgs
StorageIntegrationDescribeOutputUsePrivatelinkEndpoint, StorageIntegrationDescribeOutputUsePrivatelinkEndpointArgs
Import
$ pulumi import snowflake:index/storageIntegration:StorageIntegration example name
To learn more about importing existing cloud resources, see Importing resources.
Package Details
- Repository
- Snowflake pulumi/pulumi-snowflake
- License
- Apache-2.0
- Notes
- This Pulumi package is based on the
snowflakeTerraform Provider.
Viewing docs for Snowflake v2.13.1
published on Thursday, Mar 26, 2026 by Pulumi
published on Thursday, Mar 26, 2026 by Pulumi
