Configure PrivateLink Connectivity for Snowflake (Direct Connect) Data Pipeline
Learn how to enable AWS PrivateLink between Reltio and your Snowflake account hosted on AWS for secure data export using the Snowflake (Direct Connect) Data Pipeline.
Reltio Data Pipeline for Snowflake writes data from Reltio Data Cloud directly to the Snowflake internal stage over JDBC. Snowflake secures data in transit using TLS 1.2 (or higher) encryption for all JDBC connections. This is enforced by default, all communication between the JDBC driver and Snowflake occurs over HTTPS, ensuring that data uploaded to internal stages is encrypted in transit without any additional configuration. For more information, see Understanding end-to-end encryption in Snowflake.
Use this configuration steps, only if you require private connectivity between a Reltio tenant on AWS and a Snowflake account on AWS.
Requirements for setting up PrivateLink connectivity
Before you begin, ensure that your Snowflake environment and user permissions meet the following requirements:
- Your Snowflake account is on Business Critical Edition (BCE) or higher.
- The Snowflake account and Reltio tenant must be hosted on AWS. Azure and GCP are not supported.
- All Reltio tenants must be hosted in the same AWS account.
- The user performing Snowflake steps has the 'ACCOUNTADMIN' role in Snowflake
Steps to configure Snowflake PrivateLink and provision the analytics pipeline
- Open a Reltio support ticket to request Snowflake Data Pipeline Private Link setup for your tenant and ask for the following details:
- The 12-digit AWS account ID associated with your Reltio tenant
- The private CIDR range (if IP whitelisting is required)
Also, include the following information in the support ticket.
- Your tenant ID
- Your Reltio environment name (for example,
reltio-prod-us-east-1)
- Raise a support case in the Snowflake Support Portal to enable AWS PrivateLink for your Snowflake account, and include the following details.
- Specify whether you plan to use separate Snowflake accounts for each Reltio tenant (dev, test, prod) or the same account for all tenants. If you use separate accounts, provide the locator and region for each account.
- Your Snowflake account locator.
- Cloud Provider: AWS
- The region where your Snowflake account is hosted.
- A statement confirming that the account uses Business Critical Edition.
- The 12-digit AWS account ID provided by Reltio.
- A request to enable AWS PrivateLink for the Snowflake account.
After Snowflake enables PrivateLink for your account, proceed to next step.
- Run the following command in your Snowflake account:
Capture and include the following details in your Reltio support ticket:SELECT SYSTEM$GET_PRIVATELINK_CONFIG();privatelink-vpce-id: Snowflake's AWS VPC endpoint service IDprivatelink-account-url: Private hostname for Snowflake access- AWS region
- Wait for Reltio's confirmation on successful PrivateLink connectivity.
- (Optional) Apply a network policy in Snowflake to restrict public internet access. For instructions, see CREATE NETWORK POLICY in the Snowflake documentation.
- After the above steps are done, open a second support ticket to configure the Snowflake Data Pipeline and include the following information.
- Warehouse name
- Database name
- Schema name
- Role with required permissions
- Internal stage name
Result
After completing these steps, PrivateLink connectivity between Reltio and your Snowflake account is established. The Snowflake Data Pipeline is configured to export data over a secure, private channel using AWS infrastructure.