Snowflake DNS whitelisting

Question

We are using snowflake enterprise edition.

One of the client systems wants to access our snowflake account to consume the data. We have created user and password and share with them to connect to snowflake.

Now we want to add extra security to this user by whitelisting the DNS name, so that username created for this client will not be misused.

Is there anyway that we can whitelist DNS in enterprise edition. I read that VPC version have this feature by setup some firewall behind the snowflake.

We can achieve this using IP Mapping in Enterprise but client using dynamic IP which will keep change.

Regards, Srinivas.

Answer 1

The network policy feature is IP address or range only so you won't be able to do name resolution with this currently (i.e., would be a feature request). I don't think there's one perfect solution to your request.

If the changing IPs are all part of a CIDR range, you could use that, or a proxy solution would have a stable IP. VPN could be another alternative and include the VPN-issued IP addresses in the Snowflake Network Policy.

I'm sure there's other methods too and worth a discussion with your security team for more ideas. Welcome others to comment with their ideas as well.