Skip to main content

Network Policy

Configuration can be provided to Snowflake Object Lifecycle Engine for the following operation with Network Policy:

  • Manage the lifecycle of new and existing Network Policies.

Supported Parameters

The engine supports the parameters listed below.

  • ALLOWED_IP_LIST: Specifies one or more IPv4 addresses (CIDR notation) that are allowed access to your Snowflake account.
    • REQUIRED
    • Configuration key: allowed_ip_list
    • Data Type: String
  • BLOCKED_IP_LIST: Specifies one or more IPv4 addresses (CIDR notation) that are denied access to your Snowflake account.
    • Configuration key: blocked_ip_list
    • Data Type: Map/list of String
      note

      Values 0.0.0.0/0 and 0.0.0.0 are not allowed in BLOCKED_IP_LIST

  • COMMENT: Specifies a comment for the network policy.
    • Configuration key: comment
    • Data Type: String
  • MANAGE_MODE: Configures what properties to manage for the network policy.
    • Configuration key: manage_mode
    • Data type: String
    • Possible Values:
      • none
      • all (Default)
  • NAMESPACING: Specify whether Prefix or Suffix or both are to be added to Network Policy name.
    • Configuration key: namespacing
    • Data Type: String
    • Possible values:
      • none
      • prefix
      • suffix
      • both(Default)
  • ENVIRONMENT: Specify the environment in which the Network Policy is managed. Regex can be provided as well.
    • Configuration key: environment
    • Data Type: String
Multiple Network Policies

There is a known issue if multiple network policies are present within the configuration. Depending on the order the network policies are processed, the active network policy may not be attached to the account. This will be rectified in an upcoming release.

We currently recommend that Network Policies are managed manually.

Basic Syntax

network_policies:
<network-policy-name>:
<configuration-key>: <value>

Examples

This first code snippet demonstrates the network policy configuration for a single IP address:

network_policies:
NETWORK_POLICY_1:
comment: "test policy 1"
allowed_ip_list:
- "212.102.142.146/32"
blocked_ip_list:
- "212.102.136.122/32"

The following example shows the construction of the network policy configuration for multiple IP addresses:

network_policies:
NETWORK_POLICY_2:
comment: "test policy 2"
allowed_ip_list:
- "10.1.1.1/32"
- "10.2.1.0/24"
- "10.3.0.1/24"