Retrieve the AWS IAM user and external ID
Learn how to find your Amazon Resource Name (ARN) user and external ID in Snowflake.
To retrieve the ARN role and external ID values from Snowflake:
- Locate the STORAGE_AWS_IAM_USER_ARN and STORAGE_AWS_EXTERNAL_ID properties in Snowflake. The STORAGE_AWS_IAM_USER_ARN property indicates the AWS Identity and Access Management( IAM) user created for your Snowflake account. For example: arn:aws:iam::123456789001:user/abc1-b-self1234. All S3 storage integrations use the same IAM user. The STORAGE_AWS_EXTERNAL_ID property indicates the external ID that is needed to establish a trust relationship in the AWS IAM policy.
- Run the DESC INTEGRATION s3_integration; command in Snowflake. This displays the fields in the following image:
- Make a note of the STORAGE_AWS_IAM_USER_ARN and STORAGE_AWS_EXTERNAL_ID property values. You’ll need it when you Grant the IAM user S3 bucket access.