> ## Documentation Index
> Fetch the complete documentation index at: https://docs.omni.co/llms.txt
> Use this file to discover all available pages before exploring further.

# Connecting to Snowflake using AWS or Azure PrivateLink

> Connect Omni to your Snowflake instance over a private network using AWS PrivateLink or Azure Private Link endpoints.

Omni can connect to your Snowflake instance in Amazon Web Services (AWS) or Azure via PrivateLink. In this configuration, Omni establishes an encrypted connection from our network to the Snowflake network.

## Requirements

To follow the steps in this guide, you'll need:

* Snowflake Business Critical or higher (PrivateLink is not available on Standard or Enterprise editions)
* A Snowflake user with the `ACCOUNTADMIN` role

Additionally, your Snowflake account should be on the same cloud provider as your Omni instance. For example, if Omni is hosted on AWS, your Snowflake account should also be on AWS.

## Setup

The setup process is slightly different between AWS and Azure. Follow the section for your Snowflake account's cloud provider.

### AWS setup

Before Omni can provision anything, Snowflake must authorize Omni's connection at the AWS account level. You'll need to open a support ticket with Snowflake to start this process, as self-service `SYSTEM$AUTHORIZE_PRIVATELINK` is not available for third-party vendors like Omni on AWS.

<Steps>
  <Step noAnchor>
    Open a Snowflake support case asking them to add Omni's AWS account ID `767117061426` to your account's PrivateLink allow list.

    Reference [Snowflake's AWS PrivateLink documentation](https://docs.snowflake.com/en/user-guide/admin-security-privatelink#enable-aws-privatelink) for more information.
  </Step>

  <Step noAnchor>
    Once Snowflake confirms the authorization, as `ACCOUNTADMIN`, run the following in Snowflake and save the JSON output:

    ```sql theme={null}
    select SYSTEM$GET_PRIVATELINK_CONFIG();
    ```
  </Step>

  <Step noAnchor>
    Contact Omni support with:

    * The JSON output from step 2
    * Your Snowflake account's AWS region
  </Step>

  <Step noAnchor>
    Omni will create the AWS VPC endpoint and finish wiring up your Snowflake connection. Omni will notify you when the connection is ready to use.
  </Step>
</Steps>

### Azure setup

On Azure, Omni creates the Private Endpoint first, and you authorize it after the fact by running SQL commands that Omni provides.

<Steps>
  <Step noAnchor>
    As `ACCOUNTADMIN`, run the following in Snowflake and save the JSON output:

    ```sql theme={null}
    select SYSTEM$GET_PRIVATELINK_CONFIG();
    ```
  </Step>

  <Step noAnchor>
    Contact Omni support with:

    * The JSON output from step 1
    * Your Snowflake account's Azure region
  </Step>

  <Step noAnchor>
    Omni will create the Azure Private Endpoint.
  </Step>

  <Step noAnchor>
    Omni will also send you two SQL commands that look like the following:

    ```sql wrap theme={null}
    select SYSTEM$AUTHORIZE_PRIVATELINK('<pe-resource-id>', '<federated-token>');
    select SYSTEM$AUTHORIZE_STAGE_PRIVATELINK_ACCESS('<pe-resource-id>');
    ```

    Run both commands in Snowflake as `ACCOUNTADMIN`. The Private Endpoint connection will move from `Pending` to `Approved`.
  </Step>

  <Step noAnchor>
    Omni will finish wiring up your Snowflake connection. Omni will notify you when the connection is ready to use.
  </Step>
</Steps>

## References

* [Snowflake — AWS PrivateLink](https://docs.snowflake.com/en/user-guide/admin-security-privatelink)
* [Snowflake — Azure Private Link](https://docs.snowflake.com/en/user-guide/privatelink-azure)