Tellius
Tellius 5.5
Tellius 5.5
  • 🚩Getting Started
    • 👋Say Hello to Tellius
      • Glossary
      • Tellius 101
      • Navigating around Tellius
    • ⚡Quick Start Guides
      • Search
      • Vizpads (Explore)
      • Insights (Discover)
    • ✅Best Practices
      • Search
      • Vizpads (Explore)
      • Insights (Discover)
      • Predict
      • Data
    • ⬇️Initial Setup
      • Tellius architecture
      • System requirements
      • Installation steps for Tellius
      • Customizing Tellius
    • Universal Search
    • 🏠Tellius Home Page
    • ❓FAQs
      • Kaiya Conversational AI
      • Data Preparation FAQs
      • Environment FAQs
      • Search FAQs
      • Vizpads FAQs
      • Data Caching FAQs
      • Embedding FAQs
      • Insights FAQs
  • Kaiya
    • ♟️Understanding AI Agents & Agentic Flows
      • Glossary
      • Composer
      • 🗝️Triggering an agentic workflow
      • The art of possible
    • 🤹Kaiya conversational AI
      • Triggering Insights with "Why" questions
      • Mastering Kaiya conversational AI
      • 📒Kaiya Learnings
      • Kaiya Terms of Service
      • Best practices
  • 🔍Search
    • 👋Get familiar with our Search interface
    • 🤔Understanding Tellius Search
    • 📍Search Guide
    • 🚀Executing a search query
      • Selecting a Business View
      • Typing a search query
      • Constructing effective search queries
      • Marketshare queries
    • 🔑Analyzing search results
      • Understanding search results
      • Search Inspector
      • Time taken to execute a query
      • Interacting with the resulting chart
    • 📊Know your charts in Tellius
      • Understanding Tellius charts
      • Variations of a chart type
      • Building charts from Configuration pane
      • List of chart-specific fields
      • Adding columns to fields in Configuration pane
      • Absolute and percentage change aggregations
      • Requirements of charts
      • Switching to another chart
      • Formatting charts
      • Advanced Analytics
      • Cumulative line chart
    • 🧑‍🏫Help Tellius learn
    • 🕵️‍♂️Search history
    • 🎙️Voice-driven search
    • 🔴Live Query mode
  • 📈Vizpads (Explore)
    • 🙋Meet Vizpads!
    • 👋Get familiar with our Vizpads
    • #️⃣Measures, dimensions, date columns
    • ✨Creating Vizpads
    • 🌐Applying global filters
      • Filters in multi-BV Vizpads
      • Filters using common columns
    • 📌Applying local filters
    • 📅Date picker in filters
      • Customizing the calendar view
    • ✅Control filters
      • Multi-select list
      • Single-select list
      • Range slider
      • Dropdown list
    • 👁️Actions in View mode
      • Interacting with the charts
      • Exporting tables
    • 📝Actions in Edit mode
      • 🗨️Viz-level actions
      • Copy to Clipboard
    • 🔧Anomaly management for line charts
      • Instance level
      • Vizpad level
      • Chart level
    • ⏳Time taken to load a chart
      • Instance level
      • Vizpad level
      • Chart level
    • ♟️Working with sample datasets
    • 🔁Swapping Business View of charts
      • Swapping only the current Vizpad
      • Swapping multiple objects
      • Configuring the time of swap
    • 🤖Explainable AI charts
  • 💡Insights (Discover)
    • 👋Get familiar with our Insights
    • ❓Understanding the types of Insights
    • 🕵️‍♂️Discovery Insights
      • Impact Calculation for Top Contributors
    • ➕How to create new Insights
      • 🔛Creating Discovery Insight
      • 🔑Creating Key Driver Insights
      • 〰️Creating Trend Insights
      • 👯Creating Comparison Insights
    • 🧮The art of selecting columns for Insights
      • ➡️How to include/exclude columns?
  • 🔢Data
    • 👋Get familiar with our Data module
    • 🥂Connect
    • 🪹Create new datasource
      • Connecting to Oracle database
      • Connecting to MySQL database
      • Connecting to MS SQL database
      • Connecting to Postgres SQL database
      • Connecting to Teradata
      • Connecting to Redshift
        • Access S3 Data with Redshift Spectrum
      • Connecting to Hive
      • Connecting to Azure Blob Storage
      • Connecting to Spark SQL
      • Connecting to generic JDBC
      • Connecting to Salesforce
      • Connecting to Google cloud SQL
        • Connecting to a PostgreSQL cloud SQL instance
        • Connecting to an MSSQL cloud SQL instance
        • Connecting to a MySQL Cloud SQL Instance
      • Connecting to Amazon S3
      • Connecting to Google BigQuery
        • Steps to connect to a Google BigQuery database
      • Connecting to Snowflake
        • OAuth support for Snowflake
        • Integrating Snowflake with Azure AD via OAuth
        • Integrating Snowflake with Okta via OAuth
        • Azure PrivateLink
        • AWS PrivateLink
        • Best practices
      • Connecting to Databricks
      • Connecting to Databricks Delta Lake
      • Connecting to an AlloyDB Cluster
      • Connecting to HDFS
      • Connecting to Looker SQL Interface
      • Loading Excel sheets
      • 🚧Understanding partitioning your data
    • ⏳Time-to-Live (TTL) and Caching
    • 🌷Refreshing a datasource
    • 🪺Managing your datasets
      • Swapping datasources
    • 🐣Preparing your datasets
      • 🤾Actions that can be done on a dataset
      • Data Pipeline
      • SQL code snippets
      • ✍️Writeback window
      • 🧩Editing Prepare → Data
      • Handling null or mismatched values
      • Metadata view
      • List of icons and their actions
        • Functions
        • SQL Transform
        • Python Transform
        • Standard Aggregation
        • Creating Hierarchies
      • Dataset Scripting
      • Fusioning your datasets
      • Scheduling refresh for datasets
    • 🐥Preparing your Business Views
      • 🌟Create a new Business View
      • Creating calculated columns
      • Creating dynamic parameters
      • Scheduling refresh for Business Views
      • Setting up custom calendars
      • Custom Calendars for Live Connections
    • Tellius Engine: Comparison of In-Memory vs. Live Mode
    • User roles and permissions
    • Refresh pipeline
  • Feed
    • 📩What is a Feed in Tellius?
    • ❗Alerts on the detection of anomalies
    • 📥Actions done on a tracking Feed
    • 🖲️Track a new metric
  • Assistant
    • 💁Introducing Tellius Assistant
    • 🎤Voice-based Assistant
    • 💬Interacting with Assistant
    • ↖️Selecting Business View
  • Embedding Tellius
    • What you should know before embedding
    • Embedding URL
      • 📊Embedding Vizpads
        • Apply and delete filters
        • Vizpad-related actionTypes
        • Edit, save, and share a Vizpad
        • Keep, remove, drill sections
        • Adding a Viz to a Vizpad
        • Row-level policy filters
      • 💡Embedding Insights
        • Creating and Viewing Insights
      • 🔎Embedding Search
        • Search query execution
      • Embedding Assistant
      • 🪄Embedding Kaiya
      • Embedding Feed
  • API
    • Insights APIs
    • Search APIs
    • Authentication API (Login API)
  • ✨What's New
    • Release 5.5
    • Release 5.4
      • Patches 5.4.0.1 to 5.4.0.4
      • Patch 5.4.0.5
      • Patch 5.4.1
      • Patches 5.4.1.1 and 5.4.1.2
    • Release 5.3
      • Patch 5.3.1
      • Patch 5.3.2
      • Patch 5.3.3
    • Release 5.2
      • Patch 5.2.1
      • Patch 5.2.2
    • Release 5.1
      • Patch 5.1.1
      • Patch 5.1.2
      • Patch 5.1.3
    • Release 5.0
      • Patch 5.0.1
      • Patch 5.0.2
      • Patch 5.0.3
      • Patch 5.0.4
      • Patch 5.0.5
    • Release 4.3 (Fall 2023)
      • Patch 4.3.1
      • Patch 4.3.2
      • Patch 4.3.3
      • Patch 4.3.4
    • Release 4.2
      • Patch 4.2.1
      • Patch 4.2.2
      • Patch 4.2.3
      • Patch 4.2.4
      • Patch 4.2.5
      • Patch 4.2.6
      • Patch 4.2.7
    • Release 4.1
      • Patch 4.1.1
      • Patch 4.1.2
      • Patch 4.1.3
      • Patch 4.1.4
      • Patch 4.1.5
    • Release 4.0
Powered by GitBook

© 2025 Tellius

On this page
  • What is an Azure PrivateLink?
  • Pre-requisites
  • Setting up Snowflake
  • Create a Private endpoint in Azure
  • Obtain accessToken for Private Endpoint from Azure CLI
  • Authorize Private Link in Snowflake
  • Approve Private Endpoint in Azure
  • Create Private DNS Zone in Azure
  • Add Record Sets to Private DNS Zone
  • Test the Private Link Connection
  • Add the Virtual Network links to the Private DNS Zone
  • Reference

Was this helpful?

  1. Data
  2. Create new datasource
  3. Connecting to Snowflake

Azure PrivateLink

What is an Azure PrivateLink?

Azure Private Link is a feature in Microsoft Azure that enables customers to access Azure services, such as Snowflake, over a private endpoint within their virtual network.

By leveraging Azure Private Link, Snowflake users can access their data warehouse without going over the public internet, improving data security and reducing latency. With this setup, users can establish a private endpoint for Snowflake within their Azure virtual network and connect to Snowflake using private IP addresses.

Pre-requisites

  • An Azure subscription with permission to create a virtual network.

  • An existing virtual network in Azure with a subnet that can be dedicated to the Snowflake Private Link endpoint.

  • A Snowflake account with a virtual private cloud (VPC) enabled and network policies configured.

  • A Snowflake user account with the ACCOUNTADMIN role or equivalent privileges to create a private link endpoint.

  • A virtual machine or client machine with connectivity to the Azure virtual network and the ability to access the Snowflake account using a private IP address.

Please note that if Tellius is hosting the infrastructure, then the Tellius team will take care of all the steps on the Azure side. Contact support@tellius.com for further assistance.

Setting up Snowflake

Obtain PrivateLink resource ID and accessToken from Snowflake console

  1. Log in to the Snowflake Console as the admin user

  2. Open a blank worksheet and run the following command:

select SYSTEM$GET_PRIVATELINK_CONFIG() using role ACCOUNTADMIN;
  1. Save the JSON output to be used later

  2. Note down the resourceId and accessToken values from the JSON output

use role accountadmin;
select system$authorize_privatelink (
  '<resourceId>',
  '<accessToken>'
  );

Create a Private endpoint in Azure

  1. Log in to the Azure Portal.

  2. Search for Private Link service and open it.

  1. Click on Private endpoints and then on Create.

  1. Enter the resource group name of the Kubernetes cluster for which it needs to be linked (for example, POC9).

  2. Enter a name for the private endpoint and click on Next.

  1. Choose the option Connect to an Azure resource by resource ID or alias.

  2. Open the saved Snowflake JSON output and copy the privatelink-pls-id value for Resource ID/Alias.

  1. Click on Next and choose the virtual network as the same network as that of the Kubernetes cluster. The subnet will be auto-populated for the subnet of the cluster/vnet.

  1. Click on Next until you reach the Review and Create page. Then click on Create.

  2. Since the Private Endpoint is in a “Pending” state, and to move it to the “Approved” state, the following needs to be executed on Azure CLI. Note down the resource ID output from the Azure CLI command:

az network private-endpoint show --resource-group <resource-group-name> --name <private-endpoint-name>

Obtain accessToken for Private Endpoint from Azure CLI

  1. Run the following Azure CLI command to get the accessToken, and the same will be used as federated_token in the next step.

az account get-access-token --subscription <subscription-id>
  1. The output looks similar to the following:

{
  "accessToken": “eyJ…<token>",
  "expiresOn": "2023-01-25 12:33:15.000000",
  "subscription": "ceb13d30-0708-43e3-bbfa-6451fa0a8b0af",
  "tenant": "da57d934d-5051-4297-89d7-af436b226ab3",
  "tokenType": "Bearer"
}
  1. Save the JSON output to be used later. Also, note down the accessToken value from the JSON output.

Authorize Private Link in Snowflake

  1. Log in to the Snowflake Console as the admin user.

  2. Open a blank worksheet and run the following command:

use role accountadmin;
select system$authorize_privatelink (
'<resourceId>',
'<accessToken>'
);
  1. Replace <resourceId> and <accessToken> with the values obtained in steps 1 and 3.

  2. Once done, “Private Link is authorized” message will be displayed.

Approve Private Endpoint in Azure

  1. Run the following Azure CLI command to approve the Private Endpoint:

az network private-endpoint update --id <private-endpoint-id> --set manualApproval=Approved
  1. Replace <private-endpoint-id> with the value obtained in step 2

  2. Now, the Private Endpoint is in "Approved" state in the Azure Portal.

  3. Copy the private endpoint IP as it is needed to route requests via Private DNS. (e.g., 10.240.0.5).

Create Private DNS Zone in Azure

  1. Go to Private DNS Zones in the Azure Portal and click on Create.

  2. Enter the name "privatelink.snowflakecomputing.com" and click on Create.

Add Record Sets to Private DNS Zone

  1. Open the created Private DNS Zone and click on Create record set.

  2. Enter the following details for the first record set:

  • Record type: A

  • Name: <privatelink-account-url> (from the saved Snowflake JSON output)

  • IPv4 address: <private-endpoint-IP> (note down from the Azure Portal)

  • TTL: 30 seconds

  1. Create another record set for OCSP Cache Server using the same process

  • Record type: A

  • Name: <privatelink-ocsp-url> (from the saved Snowflake JSON output)

  • IPv4 address: <private-endpoint-IP> (note down from the Azure Portal)

  • TTL: 30 seconds

Test the Private Link Connection

  1. Use the Snowflake console to test the private link connection by running queries.

  2. Verify whether the queries are running successfully.

Add the Virtual Network links to the Private DNS Zone

  1. Go to the Private DNS Zone and click on Virtual network links. Click on Add.

  2. Populate the name and choose the same virtual network as that of the Kubernetes cluster that needs to be linked with. Click on Okay to create.

  1. Finally, navigate to the private endpoint that you had created earlier, in the DNS Configuration section. Click on Add configuration.

  2. Populate the values for the Private DNS Zone that has been created and click on Add.

Users can now test the data source connection to their snowflake account.

Reference

PreviousIntegrating Snowflake with Okta via OAuthNextAWS PrivateLink

Last updated 5 months ago

Was this helpful?

🔢
🪹
https://docs.snowflake.com/en/user-guide/privatelink-azure.html
https://community.snowflake.com/s/article/How-To-Set-up-Private-DNS-zone-for-Azure-Private-Link-with-Snowflake
Private Link
Private endpoints
Creating a private endpoint -> Basics
Creating a private endpoint -> Resource
Creating a private endpoint -> Virtual network
“Private Link is authorized” message
Private endpoint IP
Creating private DNS
Adding record sets
Adding virtual network link
Private DNS zone