Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

AWS_STAGE_CREDENTIALS information available as output from snowflake_stage resource #1087

Closed
ndavies-om1 opened this issue Jun 29, 2022 · 3 comments
Closed

AWS_STAGE_CREDENTIALS information available as output from snowflake_stage resource #1087

ndavies-om1 opened this issue Jun 29, 2022 · 3 comments
Assignees
@sfc-gh-jcieslak
Labels
category:documentation docs Used to mark issues with documentation remark/questions resource:stage Issue connected to the snowflake_stage resource

Comments

@ndavies-om1
Copy link
Contributor

Is your feature request related to a problem? Please describe.

When writing Terraform code to integrate Snowflake and AWS S3 buckets, I need to create both IAM policies and Snowflake stages. However, I cannot get the SNOWFLAKE_IAM_USER and AWS_EXTERNAL_ID from the Snowflake Stage when I create it using this Terraform provider, which I need to ensure the role used by Snowflake can be assumed by Snowflake as I create a statement in the policy like

  statement {
    effect  = "Allow"
    actions = ["sts:AssumeRole"]

    principals {
      type        = "AWS"
      identifiers = ["SNOWFLAKE_IAM_USER"]
    }

    condition {
      test     = "StringLike"
      values   = ["AWS_EXTERNAL_ID"]
      variable = "sts:ExternalId"
    }
  }

with the SNOWFLAKE_IAM_USER and AWS_EXTERNAL_ID values above taken from running the following query

DESCRIBE STAGE MY_NEW_STAGE;
SELECT "property_value", "property" from table(result_scan(last_query_id())) where "property" = 'AWS_EXTERNAL_ID' OR "property" = 'SNOWFLAKE_IAM_USER';

Describe the solution you'd like

The ability to have the above parameters SNOWFLAKE_IAM_USER and AWS_EXTERNAL_ID as outputs from the snowflake_stage resource. Maybe an object such as

aws_stage_credentials {
  role = AWS_ROLE
  external_id = AWS_EXTERNAL_ID
  iam_user = SNOWFLAKE_IAM_USER
}

Describe alternatives you've considered

I create two code changes, one to create the resources and the second to hard code the values in the AWS Assume role policy. Then I try not to throw up.

Additional context

Add any other context or screenshots about the feature request here.
@ndavies-om1 ndavies-om1 added the feature-request Used to mark issues with provider's missing functionalities label Jun 29, 2022
@ndavies-om1
Copy link
Contributor Author

This feature request can be ignored because it has already been implemented!! 🥳

However, it has not been documented and I only discovered this by inspecting the source code 😭 😡

Any change we can get Outputs to automatically document correctly? It seems like none of them do

@sfc-gh-jcieslak sfc-gh-jcieslak added docs Used to mark issues with documentation remark/questions and removed feature-request Used to mark issues with provider's missing functionalities labels May 7, 2024
@sfc-gh-jcieslak sfc-gh-jcieslak self-assigned this May 7, 2024
@sfc-gh-jcieslak sfc-gh-jcieslak mentioned this issue May 7, 2024
Merged
sfc-gh-jcieslak added a commit that referenced this issue May 7, 2024
@sfc-gh-jcieslak
chore: Add missing documentation (#2781)
cc0a6a7 
Add missing documentation that should resolve
- #1087 - added descriptions for the `SNOWFLAKE_IAM_USER` and
`AWS_EXTERNAL_ID` fields in stage
- #2181 - added simple example and custom description with links for the
snowflake_system_get_aws_sns_iam_policy to show how it could be used
with AWS
- Add missing parts for the Issue creating guide + FAQ
- Pull out the SDK error to common package + usage in places where
errors were compared with string instead of predefined error
@sfc-gh-jcieslak sfc-gh-jcieslak added category:documentation resource:stage Issue connected to the snowflake_stage resource labels May 20, 2024
@sfc-gh-jcieslak
Copy link
Collaborator

Hey @ndavies-om1
The documentation fix was published some time ago, could you take a look (here) and close the ticket if you're ok with the current description?

@sfc-gh-dszmolka
Copy link
Collaborator

closing it out per above comment. Do let us know if you see something not working per the documentation.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@sfc-gh-jcieslak sfc-gh-jcieslak

Labels
category:documentation docs Used to mark issues with documentation remark/questions resource:stage Issue connected to the snowflake_stage resource
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@ndavies-om1 @sfc-gh-dszmolka @sfc-gh-jcieslak