Skip to main content

Snowflake Network Policies

ALTR must be able to communicate with Snowflake over the internet in order to apply and enforce data security policies. If your Snowflake account restricts IP traffic using network policies , you must create new network rules whitelisting ALTR's IP addresses before connecting an ALTR account. ALTR's IP addresses are:

  • 44.203.133.160/28

  • 3.145.219.176/28

  • 35.89.45.128/28

To create network policies in Snowflake:

  1. Verify you are using the ACCOUNTADMIN or the SECURITYADMIN role.

    USE ROLE ACCOUNTADMIN;
  2. Create a database and a schema to house the network rule. If you wish to use an existing database and schema to house the network rule, skip this step.

    CREATE DATABASE IF NOT EXISTS ALTR_DSAAS_DB;
    CREATE SCHEMA IF NOT EXISTS ALTR_DSAAS_DB.NETWORK_RULE_SCHEMA;
  3. Create a network rule that defines the IP addresses that ALTR uses to communicate with Snowflake. If you wish to create a network rule in a different schema, replace ALTR_DSAAS_DB.NETWORK_RULE_SCHEMA with the appropriate database and schema names.

    CREATE NETWORK RULE ALTR_DSAAS_DB.NETWORK_RULE_SCHEMA.ALLOW_ALTR_ACCESS
      MODE = INGRESS
      TYPE = IPV4
      VALUE_LIST = ('44.203.133.160/28', '3.145.219.176/28', '35.89.45.128/28');
  4. Create a network policy to allow the network rule. If you created the network rule in an existing schema, replace ALTR_DSAAS_DB.NETWORK_RULE_SCHEMA with the appropriate database and schema names.

    CREATE NETWORK POLICY ALLOW_ALTR_ACCESS
      ALLOWED_NETWORK_RULE_LIST = ('ALTR_DSAAS_DB.NETWORK_RULE_SCHEMA.ALLOW_ALTR_ACCESS');
  5. Assign network policies to ALTR's service user. If not using the PC_ALTR_USER username, specify the correct username for your ALTR service user.

    ALTER USER PC_ALTR_USER SET NETWORK_POLICY = ALLOW_ALTR_ACCESS;