Categories:

System functions (System Control)

SYSTEM$PROVISION_PRIVATELINK_ENDPOINT_TSS

预置 Snowflake VPC 或 VNet 中的专用连接端点,以支持 Snowflake 通过使用专用连接来连接到密钥管理服务 (KMS)。端点可以是服务端点或资源端点,具体取决于托管 Snowflake 账户的云平台。

Note

If the Snowflake account is in an Azure government region, the provider resource ID must be the ID of a resource in a government subscription. For more information about government regions for Snowflake customers, see U.S. SnowGov Regions.

语法

AWS:

SYSTEM$PROVISION_PRIVATELINK_ENDPOINT_TSS(
  '<provider_service_name>',
  '<host_name>'
  )

Azure:

SYSTEM$PROVISION_PRIVATELINK_ENDPOINT_TSS(
  '<provider_resource_id>',
  '<host_name>'
  )

Google Cloud:

SYSTEM$PROVISION_PRIVATELINK_ENDPOINT_TSS(
  '<target_service_id>',
  '<host_name>'
  )

实参

AWS:

provider_service_name

在 AWS 中指定要连接的 KMS 服务。

For information about retrieving this value from AWS, see Provision private connectivity endpoints.

Azure:

provider_resource_id

在您的 VPC 或 VNet 中指定 Azure Key Vault 的完全限定标识符。

Google Cloud:

target_service_id

Specifies the KMS service in Google Cloud to connect to.

host_name

Specifies the fully-qualified hostname to access the KMS resource in your VPC, VNet, or PSC network.

此值不包含任何端口号,并且必须与您在 Snowflake 对象中指定的内容匹配,以便您能够连接到 KMS。

返回

返回端点已成功配置的状态信息,或返回端点未成功配置的详细信息和说明。

访问控制要求

只有被授予该账户 MODIFY 权限的用户才能调用此函数。MODIFY 权限通常仅授予该 ACCOUNTADMIN 角色。

使用说明

  • You cannot modify an existing private connectivity endpoint; you must deprovision the endpoint, then provision a new one. To deprovision the endpoint, call the SYSTEM$DEPROVISION_PRIVATELINK_ENDPOINT_TSS system function.
  • This function can take approximately 5 minutes to execute because it depends on the process to provision the private connectivity endpoint in the cloud platform (outside of Snowflake).
  • For details about private endpoint limits, see Scaling considerations.

示例

AWS:

设置到外部 KMS 资源的出站专用连接:

SELECT SYSTEM$PROVISION_PRIVATELINK_ENDPOINT_TSS(
  'com.amazonaws.us-west-2.kms',
  'kms.us-west-2.amazonaws.com'
);
Private endpoint with ID "vpce-0123456789abcdef0" to resource "com.amazonaws.us-west-2.kms" has been provisioned successfully.
Please note the Private Endpoint ID and approve the corresponding connection request in the cloud provider console.

Azure:

Provision a private endpoint on Microsoft Azure for TSS

SELECT SYSTEM$PROVISION_PRIVATELINK_ENDPOINT_TSS(
  '/subscriptions/12345678-90ab-cdef-1234-567890abcdef/resourceGroups/myvault/providers/Microsoft.KeyVault/vaults/TriSecretVault',
  'trisecretvault.vault.azure.net'
);
Private endpoint with ID "/subscriptions/12345678-90ab-cdef-1234-567890abcdef/resourceGroups/prod-snowplex-rg/providers/Microsoft.Network/privateEndpoints/12345678-90ab-cdef-1234-567890abcdef"
to resource "/subscriptions/12345678-90ab-cdef-1234-567890abcdef/resourceGroups/myvault/providers/Microsoft.KeyVault/vaults/TriSecretVault"
has been provisioned successfully.

 Please note the Private Endpoint ID and approve the corresponding connection request in the cloud provider console.

Google Cloud:

SELECT SYSTEM$PROVISION_PRIVATELINK_ENDPOINT_TSS(
  'cloudkms.us-west2.rep.googleapis.com',
  'cloudkms.us-west2.rep.googleapis.com'
);
Private endpoint with ID "abcd0000000000001234" to resource "cloudkms.us-west2.rep.googleapis.com" has been provisioned successfully.
Please note the Private Endpoint ID and approve the corresponding connection request in the cloud provider console.