Snowflake Integration

Snowflake Integraiton Guide

This document describes how to integrate the Rezonate product with Snowflake, which provides IAM observability to users, groups, roles, and resources as well as detection of different security risks and threats.

If your Snowflake tenant has an IP Restrictions policy, you will have to whitelist Rezonate's collector IP Address. More information available Collectors IP Ranges

Integration Steps (In Snowflake Side)

To integrate, please log-in with a privileged user and perform the following actions

  1. Create a new role for Rezonate integration

CREATE ROLE rezonate_integration
   COMMENT = 'Rezonate Integration Role';

  1. Create a new role for Rezonate to log in through to utilize the role. Please replace the PLEASE-PLEASE-PUT-YOUR-PASSWORD-HERE With a random string that will be used as the password. 

CREATE OR REPLACE USER rezonate_integration_user
   DISABLED = false
   MUST_CHANGE_PASSWORD = false
   DEFAULT_ROLE = rezonate_integration
   COMMENT ='rezonate_integration_user'
   LOGIN_NAME = 'rezonate_integration_user'
   PASSWORD = 'PLEASE-PUT-YOUR-PASSWORD-HERE'

In case of Certificate based authentication, Execute the following instead

CREATE OR REPLACE USER rezonate_integration_user
   DISABLED = false
   MUST_CHANGE_PASSWORD = false
   DEFAULT_ROLE = rezonate_integration
   COMMENT ='rezonate_integration_user'
   LOGIN_NAME = 'rezonate_integration_user'
   RSA_PUBLIC_KEY='MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAh5+IBytPTbsKs3ajcn7H
   Mhy5JpmQmiqMWKfiJCa1iFYBnEnOHS/ZzUpkZRXflWoOYGnKyPlqSFOW14EJvec2
   iBODm36nD6z7dFz3q9tBjzjjLRPDWwLSScBkIv5Zx5QzopcNoZDa0FyEe72Jk99+
   e5Xxr+Hy+zmX3+/Fv0HPbWmG6IQXCN6V1uLY5B4V2xo0PFDFUw7pnGzYTQhmn3VT
   +SJEJ9i3FY6ZPcjUjfz1UP+v1KJO7ZbQANqHLwDMv5j0ETvRNdj6MtAjRo9kwZl1
   PIXFbRYYtFAo2nf+qqmOtQc7NSqgT+uKcfnFjzyt9Salzf3ISSu2r6XXOh8+cBUg
   KwIDAQAB'

  1. Grant Rezonate the privileges to query against the information metadata db

GRANT imported privileges on database snowflake to role rezonate_integration;

  1. Grant Rezonate the privileges to "USAGE" a warehouse in the database. please replace $WAREHOUSE_NAME_HERE$ with one of the warehouses in the database.

GRANT USAGE ON WAREHOUSE $WAREHOUSE_NAME_HERE$ TO ROLE rezonate_integration;

  1. Grant Monitor Access (To support querying federation information and security settings)

USE DATABASE SNOWFLAKE;
GRANT MONITOR ON ACCOUNT TO  ROLE rezonate_integration;
GRANT APPLICATION ROLE TRUST_CENTER_VIEWER TO ROLE rezonate_integration;

  1. Grant Rezonate with the ability to use the Rezonate role

GRANT ROLE rezonate_integration TO USER rezonate_integration_user

  1. You will also need to provide the URL for your tenant ID. To extract its value please go to settings, tenant information and then click on the "Copy link" to show your URL

Integration of the Creation user to Rezonate

After creating the required privileges, go to the Rezonate integration screen. select Snowflake and fill in the following information:

Required Property
Value

username

created username (rezonate is default)

password

your selected password (If selected Certificate, you will need to fill the public key instead)

account

your snowflake id, in the following format: account.region

warehouse

the warehouse that was enabled for the user.

role

the created role name (default is rezonate_integration)

PreviousBambooHR IntegrationNextLastPass Integration

Last updated