Azure Privatelink provides private connectivity from an Azure Virtual Network to Azure PaaS such as Snowflake. This secures the connection between client endpoint and Snowflake account endpoint and eliminates public internet based connection. The below steps outlines the configuration of Snowflake to Azure using privatelink.

• Disable Privatelink Service Nework Policies & Private Endpoint Network Policies

• Contact Snowflake support team to whitelist your Azure subscription ID for privatelink
• Run SYSTEM$GET_PRIVATELINK_CONFIG() on snowflake and copy the query result

• Copy the privatelink-pls-id value from the above query result

• In Azure Privatelink, create new private endpoint

• Populate resource group, private endpoint name and region

• In the next step, select “Connect to an Azure resource by resource ID or alias“
• Enter the privatelink-pls-id value in the Resource ID or alias field

• Complete the create steps and

• Make sure the private end “Connection State” is Approved state

• Update the Snowflake Private DNS Zone (privatelink.snowflakecomputing.com) with the SYSTEM$WHITELIST_PRIVATELINK() values using the Private IP address

• In a browser open the privatelink URL as per the DNS name entry
  • csolvt-kb19283.privatelink.snowflakecomputing.com
  • oe18558.canada-central.privatelink.snowflakecomputing.com
  • ocsp.oe18558.canada-central.privatelink.snowflakecomputing.com

• Update the Azure AD Integration in snowflake with the Privatelink URL
  • alter security integration AZUREAD_INTEGRATION SET saml2_snowflake_acs_url = ‘csolvt-kb19283.privatelink.snowflakecomputing.com/fed/login’;
  • alter security integration AZUREAD_INTEGRATION SET saml2_snowflake_issuer_url = ‘csolvt-kb19283.privatelink.snowflakecomputing.com’;

• Add the privatelink URL to Azure AD SAML configuration as default identifier

• Download and Install SnowSQL in your desktop
• Run SnowSQL from command line to login

• If successful, SnowSQL command line will start

• To exit the session, type !quit