Guide to connect Snowflake & AWS S3

Snowflake Wiki
5 min readFeb 6, 2023

--

Here is the step by step guide for beginners to connect Snowflake with AWS S3 bucket using storage integration. The snowflake documentation currently is not updated with the new AWS screens and if you are confused there, you are at a right place here.

1)Login to AWS account

2) Load the files in AWS S3 Bucket

Navigate to S3 service

Create a bucket with unique name

Note: AWS will not allow if bucket name already exists and also take a look at the bucket. You can leave rest of the options to defaults.

Once you create the bucket by navigating to the end, you will have the below screen

Click on the bucket and create a folder with any name

Within the folder upload the files you want to process to Snowflake

Once successfully loaded and closed, you can see the files in the bucket folder

Make a note of the S3 URL and here it is s3://snowflake-datademo/load/

3) Create IAM policy to give access permissions to the S3 Bucket

Navigate to IAM service

Click on Policies and create a policy going to JSON tab and add below:

{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"s3:PutObject",
"s3:GetObject",
"s3:GetObjectVersion",
"s3:DeleteObject",
"s3:DeleteObjectVersion"
],
"Resource": "arn:aws:s3:::<bucket>/<prefix>/*"
},
{
"Effect": "Allow",
"Action": [
"s3:ListBucket",
"s3:GetBucketLocation"
],
"Resource": "arn:aws:s3:::<bucket>",
"Condition": {
"StringLike": {
"s3:prefix": [
"<prefix>/*"
]
}
}
}
]
}

Replace <prefix> to folder created that is load and <bucket> to bucket name created that is snowflake-datademo

On review, give name to the policy: snowflake_access and create policy

4) Create IAM Role to grant privilege's on S3 bucket

Click on the roles and create a role

Select the trusted entity as AWS account.

Following it allow entities to the existing AWS account and select Require external ID mentioning it as ‘0000’.

Note: The above options are for temporary purpose, which we would later replace in the later steps.

Next add permissions by selecting the policy snowflake_access created in step 3)

create the role as mysnowflakerole and

Click on the role, and copy role ARN. Here it is arn:aws:iam::479359098877:role/mysnowflakerole

5) Create storage integration in Snowflake

Create storage integration named s3_int in Snowflake using the S3 bucket created in Step 2) and role arn copied in step 4)

create storage integration s3_int
type = external_stage
storage_provider = 'S3'
enabled = true
storage_aws_role_arn = 'arn:aws:iam::001234567890:role/myrole'
storage_allowed_locations = ('s3://snowflake-datademo/load/')
;

Describe the integration created and make a note of below 2 properties -

STORAGE_AWS_IAM_USER_ARN: arn:aws:iam::687054681301:user/0qa40000-s
STORAGE_AWS_EXTERNAL_ID: EO73983_SFCRole=2_Eft8RJSyj/ECr0axXKWgJJnFxK4=

6) Update the AWS role with snowflake user details

Back in AWS access the role created and edit trust policy with the 2 properties noted in Step5) and update the policy.

7) Create stage in Snowflake

Create external stage in snowflake using the storage integration name created in step5) and S3 bucket url created in step2)

create stage my_s3_stage
storage_integration = s3_int
url = 's3://snowflake-datademo/load/'
;

List the stage to see if the files are present, thus completing the integration between Snowflake & AWS.

8) Copy files from S3 to Snowflake Table

8a) Using the stage:

copy into mycsvtable
from @my_s3_stage
file_format = (type = csv skip_header = 1 field_delimiter = '|');

8b) Using the url:

copy into mycsvtable
from 's3://snowflake-datademo/load/'
storage_integration = azure_int
file_format = (type = csv skip_header = 1 field_delimiter = '|');

References: https://docs.snowflake.com/en/user-guide/data-load-s3-config-storage-integration.html

Follow and Clap if you like the content and feel free to ask if you have any questions in the comments. I will be more than happy to assist and guide you.

--

--

Snowflake Wiki
Snowflake Wiki

Written by Snowflake Wiki

Snowflake Basics | Features | New releases | Tricks & Tips | SnowPro Certifications | Solutions | Knowledge Sharing | ~~~ By satitiru (Snowflake DataSuperHero)

No responses yet