API Integration
Configuration can be provided to Snowflake Object Lifecycle Engine for the following operation with API Integration:
- Manage Lifecycle of new and existing API Integrations
- Manage Grants of API Integrations
Supported Parameters
The engine supports the parameters listed below.
- API_ALLOWED_PREFIXES: Explicitly limits external functions that use the integration to reference one or more HTTPS proxy service endpoints and resources within those proxies.
- REQUIRED
- Configuration key:
api_allowed_prefixes
- Data Type: List of String
- API_PROVIDER: Specifies the HTTPS proxy service type.
- REQUIRED
- Configuration key:
api_provider
- Data Type: Stringcaution
The API_PROVIDER cannot be changed. Please refer to Snowflake documentation.
- API_AWS_ROLE_ARN: ARN of a cloud platform role.
- Configuration key:
api_aws_role_arn
- Data Type: String
- Configuration key:
- API_BLOCKED_PREFIXES: Lists the endpoints and resources in the HTTPS proxy service that are not allowed to be called from Snowflake.
- Configuration key:
api_blocked_prefixes
- Data Type: List of String
- Configuration key:
- AZURE_AD_APPLICATION_ID: The 'Application (client) id' of the Azure AD app for your remote service.
- Configuration key:
azure_ad_application_id
- Data Type: String
- Configuration key:
- AZURE_TENANT_ID: Specifies the ID for your Office 365 tenant that all Azure API Management instances belong to.
- Configuration key:
azure_tenant_id
- Data Type: String
- Configuration key:
- ENABLED: Specifies whether this API integration is enabled or disabled. If the API integration is disabled, any external function that relies on it will not work.
- Configuration key:
enabled
- Data Type: Boolean
- Configuration key:
- NAMESPACING: Specify whether Prefix or Suffix or both are to be added to API Integration Name.
- Configuration key:
namespacing
- Data Type: String
- Possible Values:
none
prefix
suffix
both
(Default)
- Configuration key:
- ENVIRONMENT: Specify the environment in which the API Integration is managed. Regex can be provided as well.
- Configuration key:
environment
- Data Type: String
- Configuration key:
- MANAGE_MODE: Configures what properties to manage for the API Integration.
- Configuration key:
manage_mode
- Data Type: String
- Possible Values:
none
grants
all
(Default)
- Configuration key:
- GRANTS: List of Privileges and Roles to which privileges are granted to on the current API Integration.
- Configuration key:
grants
- Data Type: Map
- Configuration key:
Basic syntax
api_integrations:
<api_integration-name>:
<configuration-key>: <value>
grants:
<privilege>:
- <role-name>
- <role-name>
Supported API Integration Grants to Roles
Following is the list of Privileges Grant to Roles that can be specified in the database definition
- USAGE
- OWNERSHIP
Examples
api_integrations:
API_INTEGRATION_1:
grants:
USAGE:
- ROLE_1
api_provider: aws_api_gateway
api_aws_role_arn: arn:aws:iam::000000000001:/role/test
api_allowed_prefixes:
["https://123456.execute-api.us-west-2.amazonaws.com/prod/"]