ALTER SECURITY INTEGRATION(AWS IAM 身份验证)¶
修改为使用 AWS IAM 进行身份验证创建的现有安全集成的属性。
For information about modifying other types of security integrations (such as Snowflake OAuth), see ALTER SECURITY INTEGRATION.
语法
参数
name指定集成标识符(例如名称)的字符串。
SET ...指定要为集成设置的一个或多个属性/参数(用空格、逗号或新行分隔):
TYPE = AWS_IAM指定集成使用 AWS IAM 对外部服务进行身份验证。
ENABLED = { TRUE | FALSE }指定是启用还是禁用此安全集成。
TRUE允许集成基于集成定义中指定的参数运行。
FALSE暂停集成以进行维护。Snowflake 与第三方服务之间的任何集成都无法正常工作。
AWS_ROLE_ARN = 'iam_role_arn'指定授予 AWS 资源权限的 AWS Identity and Access Management (IAM) 角色的 Amazon 资源名称 (ARN)。
访问控制要求
A role used to execute this operation must have the following privileges at a minimum:
| 权限 | 对象 | 备注 |
|---|---|---|
| OWNERSHIP | 集成 | OWNERSHIP is a special privilege on an object that is automatically granted to the role that created the object, but can also be transferred using the [GRANT OWNERSHIP](/sql-reference/sql/grant-ownership) command to a different role by the owning role (or any role with the MANAGE GRANTS privilege). |
For instructions on creating a custom role with a specified set of privileges, see Creating custom roles.
For general information about roles and privilege grants for performing SQL actions on securable objects, see Overview of Access Control.
使用说明
-
关于元数据:
Attention
Customers should ensure that no personal data (other than for a User object), sensitive data, export-controlled data, or other regulated data is entered as metadata when using the Snowflake service. For more information, see Metadata fields in Snowflake.
示例
以下示例启动了已暂停的集成的操作: