β οΈ Please note: If you believe you have found a security issue, please responsibly disclose by contacting us at team-cloud-foundation-tools-dl@snowflake.com.
This is a terraform provider for managing Snowflake resources.
Table of contents
Getting started
If you're still using the chanzuckerberg/snowflake
source, see Upgrading from CZI Provider to upgrade to the current version.
Install the Snowflake Terraform provider by adding a requirement block and a provider block to your Terraform codebase:
terraform {
required_providers {
snowflake = {
source = "Snowflake-Labs/snowflake"
version = "~> 0.61"
}
}
}
provider "snowflake" {
account = "abc12345" # the Snowflake account identifier
user = "johndoe"
password = "v3ry$3cr3t"
role = "ACCOUNTADMIN"
}
For more information on provider configuration see the provider docs on the Terraform registry.
Don't forget to run terraform init
and you're ready to go! π
Start browsing the registry docs to find resources and data sources to use.
SDK migration table
This table represents the current state of SDK migration from pkg/snowflake to pkg/sdk package.
The goal of migration is to support every Snowflake feature with more type safe API and use it in every resource / datasource.
SDK migration status - indicates if given resource has been migrated into new SDK.
Integration status - indicates if given resource / datasource is using new SDK.
β
- done
β - not started
π¨βπ» - in progress
π¨ - partially done
Object Type |
SDK migration status |
Resource name |
Datasource name |
Integration status |
Account |
β
|
snowflake_account |
snowflake_account |
β
|
Managed Account |
β
|
snowflake_managed_account |
snowflake_managed_account |
π¨βπ» |
User |
β
|
snowflake_user |
snowflake_user |
β
|
Database Role |
β
|
snowflake_database_role |
snowflake_database_role |
β
|
Role |
β
|
snowflake_role |
snowflake_role |
π¨βπ» |
Grant Privilege to Application Role |
β
|
snowflake_grant_privileges_to_application_role |
snowflake_grants |
β |
Grant Privilege to Database Role |
β
|
snowflake_grant_privileges_to_database_role |
snowflake_grants |
β
|
Grant Privilege to Role |
β
|
snowflake_grant_privileges_to_role |
snowflake_grants |
β
|
Grant Role |
β
|
snowflake_grant_role |
snowflake_grants |
π¨βπ» |
Grant Database Role |
β
|
snowflake_grant_database_role |
snowflake_grants |
π¨βπ» |
Grant Application Role |
β
|
snowflake_grant_application_role |
snowflake_grants |
π¨βπ» |
Grant Privilege to Share |
β
|
snowflake_grant_privileges_to_share |
snowflake_grants |
π¨βπ» |
Grant Ownership |
β
|
snowflake_grant_ownership |
snowflake_grants |
π¨βπ» |
API Integration |
β |
snowflake_api_integration |
snowflake_integrations |
β |
Notification Integration |
β |
snowflake_notification_integration |
snowflake_integrations |
β |
Security Integration |
β |
snowflake_security_integration |
snowflake_integrations |
β |
Storage Integration |
β
|
snowflake_storage_integration |
snowflake_integrations |
β |
Network Policy |
β
|
snowflake_network_policy |
snowflake_network_policy |
β
|
Password Policy |
β
|
snowflake_password_policy |
snowflake_password_policy |
β
|
Session Policy |
β
|
snowflake_session_policy |
snowflake_session_policy |
β |
Replication Group |
β |
snowflake_replication_group |
snowflake_replication_group |
β |
Failover Group |
β
|
snowflake_failover_group |
snowflake_failover_group |
β
|
Connection |
β |
snowflake_connection |
snowflake_connection |
β |
Account Parameters |
β
|
snowflake_account_parameter |
snowflake_parameters |
β
|
Session Parameters |
β
|
snowflake_session_parameter |
snowflake_parameters |
β
|
Object Parameters |
β
|
snowflake_object_parameter |
snowflake_parameters |
β
|
Warehouse |
β
|
snowflake_warehouse |
snowflake_warehouse |
π¨ |
Resource Monitor |
β
|
snowflake_resource_monitor |
snowflake_resource_monitor |
β
|
Database |
β
|
snowflake_database |
snowflake_database |
β
|
Schema |
β
|
snowflake_schema |
snowflake_schema |
β
|
Share |
β
|
snowflake_share |
snowflake_share |
β
|
Table |
β
|
snowflake_table |
snowflake_table |
β |
Dynamic Table |
β
|
snowflake_dynamic_table |
snowflake_dynamic_table |
β
|
External Table |
β
|
snowflake_external_table |
snowflake_external_table |
β
|
Event Table |
β
|
snowflake_event_table |
snowflake_event_table |
β |
View |
β
|
snowflake_view |
snowflake_view |
β |
Materialized View |
β |
snowflake_materialized_view |
snowflake_materialized_view |
β |
Sequence |
β
|
snowflake_sequence |
snowflake_sequence |
β |
Function |
β
|
snowflake_function |
snowflake_function |
β |
External Function |
β
|
snowflake_external_function |
snowflake_external_function |
β |
Stored Procedure |
β
|
snowflake_stored_procedure |
snowflake_stored_procedure |
β |
Stream |
β
|
snowflake_stream |
snowflake_stream |
β
|
Task |
β
|
snowflake_task |
snowflake_task |
β
|
Masking Policy |
β
|
snowflake_masking_policy |
snowflake_masking_policy |
β
|
Row Access Policy |
β
|
snowflake_row_access_policy |
snowflake_row_access_policy |
β |
Tag |
β
|
snowflake_tag |
snowflake_tag |
β |
Secret |
β |
snowflake_secret |
snowflake_secret |
β |
Stage |
π¨ |
snowflake_stage |
snowflake_stage |
β |
File Format |
β
|
snowflake_file_format |
snowflake_file_format |
β
|
Pipe |
β
|
snowflake_pipe |
snowflake_pipe |
β
|
Alert |
β
|
snowflake_alert |
snowflake_alert |
β
|
Application |
β
|
snowflake_application |
snowflake_application |
β |
Application Package |
β
|
snowflake_application_package |
snowflake_application_package |
β |
Application Role |
β
|
snowflake_application_role |
snowflake_application_role |
β |
Streamlit |
β |
snowflake_streamlit |
snowflake_streamlit |
β |
Versioned Schema |
β |
snowflake_versioned_schema |
snowflake_versioned_schema |
β |
Tag Association |
β |
snowflake_tag_association |
snowflake_tag_association |
β |
Getting Help
Some links that might help you:
- The introductory tutorial shows how to set up your Snowflake account for Terraform (service user, role, authentication, etc) and how to create your first resources in Terraform.
- The docs on the Terraform registry are a complete reference of all resources and data sources supported and contain more advanced examples.
- The discussions area of this repo, we use this forum to discuss new features and changes to the provider.
- If you are an enterprise customer, reach out to your account team. This helps us prioritize issues.
- The issues section might already have an issue addressing your question.
Additional debug logs for snowflake_grant_privileges_to_role
resource
Set environment variable SF_TF_ADDITIONAL_DEBUG_LOGGING
to a non-empty value. Additional logs will be visible with sf-tf-additional-debug
prefix, e.g.:
2023/12/08 12:58:22.497078 sf-tf-additional-debug [DEBUG] Creating new client from db
Additional SQL Client configuration
Currently underlying sql gosnowflake driver is wrapped with instrumentedsql. In order to use raw gosnowflake driver, set environment variable SF_TF_NO_INSTRUMENTED_SQL
to a non-empty value.
By default, the underlying driver is set to error level logging. It can be changed by setting SF_TF_GOSNOWFLAKE_LOG_LEVEL
to one of:
panic
fatal
error
warn
warning
info
debug
trace
note: It's possible it will be one of the provider config parameters in the future provider versions.
Contributing
Cf. Contributing.