API Integration
You can provide configuration to Snowflake Object Lifecycle Engine for the following operations with API integration:
- Manage the lifecycle of new and existing API integrations
- Manage grants of API integration
Usage
- Classic Configuration
- Data Products Configuration
api_integrations:
<api_integration-name>:
<configuration-key>: <value>
grants:
<privilege>:
- <role-name>
- <role-name>
- api_integration:
name: <api_integration-name>
<configuration-key>: <value>
roles:
- rel(role.<role-name>)
- rel(role.<role-name>)
Supported parameters
The engine supports the parameters listed below.
| Configuration Key | Required/Optional | Data Types and Values | Description |
|---|---|---|---|
api_allowed_prefixes | Required | List of String | Limits external functions that use the integration to reference one or more HTTPS proxy service endpoints and resources within those proxies |
api_provider | Required | String | Specifies the HTTPS proxy service type. Caution: api_provider cannot be changed. See Snowflake documentation. |
api_aws_role_arn | Optional | String | ARN of a cloud platform role |
api_blocked_prefixes | Optional | List of String | Lists the endpoints and resources in the HTTPS proxy service that are not allowed to be called from Snowflake |
azure_ad_application_id | Optional | String | The 'Application (client) ID' of the Azure AD app for your remote service |
azure_tenant_id | Optional | String | Specifies the ID for your Office 365 tenant that all Azure API management instances belong to |
comment | Optional | String | Specifies a comment for the API integration |
deleted | Optional | Boolean: True enables deletion prevention, False does nothing | Specifies what objects are allowed to be deleted |
depends_on | Optional | List of String: See Object Dependencies for a definition of depends_on | List of SOLE-managed objects that this API integration depends on. Objects defined in the list will be added to the generated HCL dependencies list to ensure proper creation order. |
enabled | Optional | Boolean | Specifies whether this API integration is enabled or disabled. If the API integration is disabled, any external function that relies on it will not work. |
environment | Optional | String | Specifies the environment in which the API integration is managed. Regex can be provided as well. |
grants | Optional | Map: See Supported API Integration Grants to Roles | Lists Privileges and Roles to which privileges are granted on the current API integration |
manage_mode | Optional | String: all (default), none, grants | Configures what properties to manage for the API integration. See Changing Manage Mode before changing the value. |
namespacing | Optional | String: both (default), prefix, suffix, none | Specifies whether a prefix or a suffix or both are to be added to the API integration name |
Supported API integration grants to roles
Following are the privileges you can grant to roles in the API integration definition:
- USAGE
- OWNERSHIP
Examples
- Classic Configuration
- Data Products Configuration
api_integrations:
API_INTEGRATION_1:
grants:
USAGE:
- ROLE_1
api_provider: aws_api_gateway
api_aws_role_arn: arn:aws:iam::000000000001:/role/test
comment: comment for API integration
api_allowed_prefixes:
["https://123456.execute-api.us-west-2.amazonaws.com/prod/"]
- api_integration:
name: API_INTEGRATION_1
grants:
USAGE:
- rel(role.ROLE_1)
api_provider: aws_api_gateway
api_aws_role_arn: arn:aws:iam::000000000001:/role/test
api_allowed_prefixes:
["https://123456.execute-api.us-west-2.amazonaws.com/prod/"]