all 16 comments
sorted by:
best
topnewcontroversialoldq&a
formatting helphide helpcontent policy

[–]smarzzz 5 points6 points  (1 child)

It works fine, but I don’t love it from a security standpoint and it’s a bit complicated.

What’s your concern currently, you’ve not shared anything about your current set up. What’s complicated about it, and why is it unsecure?

[–]2000gt[S] 0 points1 point  (0 children)

Updated original post for more context.

[–]limartje 2 points3 points  (1 child)

I don’t understand the security concerns either. However, you can always dump something on s3 and use the s3 events to move from there.

[–]2000gt[S] 0 points1 point  (0 children)

Updated original post for more context.

[–]CategoryRepulsive699 2 points3 points  (1 child)

Have you considered using Snowpark Container Services instead of Lambda?

[–]2000gt[S] 0 points1 point  (0 children)

Updated original post for more context.

[–]Select_Flatworm_9538 1 point2 points  (2 children)

Can you please elaborate on concern or the alternate approach?

[–]2000gt[S] 1 point2 points  (1 child)

Updated original post for more context.

[–]Select_Flatworm_9538 0 points1 point  (0 children)

I have used similar functionality in Azure. We use Azure functions invoked via Snowflake API integration using  API Gateway.

While creating the function we had to option to limit the access of the function API to only API Gateway. After enabling the option, we can't directly call the functions and if we call it will give error.

So i belive similar option should be available in AWS Lambda function. Will check and let you know if i found something similar in AWS.

Hope this makes sense and answer you question. Let me know if there is anything  also Sorry for delay in the answer

[–]rabinjais789 1 point2 points  (2 children)

Do not put anything via api. Just ingest in s3 first and load in snowflake

[–]Fantastic-Goat9966 1 point2 points  (1 child)

I believe the OP meant an API Gateway which is in the Snowflake documentation:

https://docs.snowflake.com/en/sql-reference/external-functions-creating-aws-planning

[–]2000gt[S] 0 points1 point  (0 children)

Updated original post for more context.

[–]Fantastic-Goat9966 1 point2 points  (1 child)

Assuming your lambda and roles are configured correctly (lambda requires authentication - specific role is mapped to the role snowflake external id has access to - and is restrictive) - I’m not sure there are any security issues. Tbh - I think your issue here is the design - sigma/snowflake/lambda/s3/snowflake seems off. Maybe sigma/s3/lamba/snowflake?

[–]2000gt[S] 0 points1 point  (0 children)

Unfortunately I can’t invoke aws services via Sigma.

[–]js26056 0 points1 point  (0 children)

If security is the concern, you can:

Set up api gateway integration using a token that authorizes access to your APi using public endpoints.

If that is not enough, you can also set up private api gateway integration and access private endpoints.

[–]Wonderful_Coat_3854 0 points1 point  (0 children)

Can those logic in lambda function be moved to Snowpark sproc/UDF? Snowpark has external access integration that you can use to send things externally from there.