Terraform Module for Managing Snowflake Administrative Policies like MFA, Network Policies, and Password Policies
This Terraform module is designed to manage various Snowflake account parameters and resources. Here's an overview of what each resource does:
snowflake_email_notification_integration
: This resource manages an email notification integration in Snowflake. The integration is named "notification" and is enabled to send notifications to the email address "john.doe@gmail.com".snowflake_account_parameter
: This resource manages various account parameters in Snowflake. The parameters include:
ALLOW_CLIENT_MFA_CACHING
ALLOW_ID_TOKEN
ALLOW_EXTERNAL_OAUTH_TOKENS
ALLOW_INSECURE_CONNECTIONS
LOG_LEVEL
TRACE_LEVEL
CLIENT_MEMORY_LIMIT
CLIENT_SESSION_KEEP_ALIVE
Each of these parameters is set to a value provided through a variable (e.g., var.allow_client_mfa_caching
, var.allow_id_token
, etc.).
To use this module, you would need to provide values for these variables when calling the module from your Terraform configuration. The module will then use these values to set the corresponding account parameters in Snowflake.
Example CICD with BitBucket
and Codefresh
:
To use this Terraform module, you would need to call it from another Terraform configuration file. Here's an example of how you might do that:
module "my_module" {
source = "git::https://github.com/Richard-Barrett/terraform-snowflake-administrative-policies.git?ref=0.0.1"
allow_client_mfa_caching = "true"
allow_external_oauth_tokens = "true"
allow_id_token = "true"
client_memory_limit = "500"
client_session_keep_alive = "1100"
log_level = "ERROR"
trace_level = "ALWAYS"
}
Here are some considerations when using this Terraform module:
Provider Versions
: Ensure you have the correct versions of the hashicorp/null and Snowflake-Labs/snowflake providers installed. This module requires specific versions of these providers.Variable Values
: You need to provide appropriate values for all the variables used in this module. These values will be used to set the Snowflake account parameters.Email Notification Integration
: The email notification integration is set to send notifications to a specific email address. Make sure to replace this with the desired email address.Permissions
: Ensure you have the necessary permissions in your Snowflake account to create and manage these resources.Idempotency
: Terraform is idempotent, meaning running the same configuration multiple times will result in the same state. Ensure your configurations are correct before applying to avoid unwanted changes.Sensitive Data
: Be careful with sensitive data like email addresses or IP addresses. Consider using Terraform's sensitive variables to protect these values.Error Handling
: Be prepared to handle errors during the creation or modification of resources. Terraform will provide error messages that can help you troubleshoot.
This Terraform module manages Snowflake resources and account parameters, including a network policy, an email notification integration, and various account settings like MFA caching, ID token allowance, log level, and more.
Name | Version |
---|---|
terraform | >= 1.5.6 |
snowflake | ~> 0.90.0 |
Name | Version |
---|---|
snowflake | 0.90.0 |
No modules.
Name | Description | Type | Default | Required |
---|---|---|---|---|
allow_client_mfa_caching | Allow client MFA caching | string |
false |
no |
allow_external_oauth_tokens | Allow external OAuth tokens | string |
false |
no |
allow_id_token | Allow ID token | string |
n/a | yes |
allow_insecure_connections | Allow insecure connections | string |
false |
no |
allowed_recipients | 'value' is a list of allowed email addresses for the integration. The list must be in the format ['email1', 'email2', ...]. Default is '[] | list(string) |
[] |
no |
client_memory_limit | Client memory limit | string |
"1000" |
no |
client_session_keep_alive | Client session keep alive | string |
"3600" |
no |
enabled | value is a boolean that enables or disables the integration. Default is 'true' | bool |
true |
no |
log_level | Log level | string |
"INFO" |
no |
trace_level | Trace level | string |
"ON_EVENT" |
no |
No outputs.