- 类别:
:doc:`/sql-reference/functions-system`(系统控制)
SYSTEM$PROVISION_PRIVATELINK_ENDPOINT¶
预置 Snowflake VPC 或 VNet 中的专用连接端点,以支持 Snowflake 通过使用专用连接来连接到外部服务。端点可以是服务端点或资源端点,具体取决于托管 Snowflake 账户的云平台。
备注
如果 Snowflake 账户位于 Azure 政府区域中,则提供商资源 ID 必须是政府订阅中资源的 ID。有关 Snowflake 客户的政府区域的更多信息,请参阅 美国 SnowGov 区域。
语法¶
AWS:
SYSTEM$PROVISION_PRIVATELINK_ENDPOINT( '<provider_service_name>', '<host_name>' )
Azure:
SYSTEM$PROVISION_PRIVATELINK_ENDPOINT( '<provider_resource_id>', '<host_name>', [, '<subresource>' ] )Google Cloud:
SYSTEM$PROVISION_PRIVATELINK_ENDPOINT( '<target_service_id>', '<host_name>' )
实参¶
AWS:
'provider_service_name'指定要连接的外部服务或资源。例如,
com.amazonaws.us-west-2.execute-apifor the Amazon API Gateway 或com.amazonaws.us-west-2.s3for Amazon S3。有关从 AWS 中检索此值的信息,请参阅 提供专用连接端点。
'host_name'Specifies the fully-qualified host name to access the resource in your VPC or VNet.
此值不包含任何端口号,并且必须与您在 Snowflake 对象中指定的内容匹配,以便您能够连接到外部服务。
示例包括
bedrock-runtime.us-west-2.amazonaws.com和*.s3.us-west-2.amazonaws.com:当对外部暂存区和外部卷使用专用连接时,
host_name必须使用通配符,而不是指定具体的 AWS S3 桶。有关从 AWS 中检索此值的信息,请参阅 提供专用连接端点。
Azure:
'provider_resource_id'指定 VPC 或 VNet 中资源的完全限定标识符。
'host_name'Specifies the fully qualified host name to access the resource in your VPC or VNet.
For examples of the host name for outbound private connectivity for external functions, see the following topics:
'subresource'指定 Azure 资源的子资源的名称。
Azure 专用链接服务 (https://learn.microsoft.com/en-us/azure/private-link/private-link-service-overview) 和 Azure API 管理服务不需要此实参。
有关所有支持的值,请参阅 子资源表 (https://learn.microsoft.com/en-us/azure/private-link/private-endpoint-overview#private-link-resource)。
Google Cloud:
'target_service_id'指定服务附件 ID(自定义服务)或要连接到的区域性 Google API 端点。
'host_name'Specifies the fully qualified host name to access the resource.
备注
当目标服务 ID 为区域性 Google API 端点时,主机名值应与目标服务 ID 值相匹配。
返回¶
返回端点已成功配置的状态信息,或返回端点未成功配置的详细信息和说明。
访问控制要求¶
只有账户管理员(具有 ACCOUNTADMIN 角色的用户)才能调用此函数。
使用说明¶
You can modify only the host name of an existing private connectivity endpoint. To modify any other properties, you must deprovision the endpoint, then provision a new one. For more information about changing a host name, see SYSTEM$SET_PRIVATELINK_ENDPOINT_HOSTNAME.
执行该功能可能需要大约 5 分钟,因为它取决于在云平台(Snowflake 外部)中配置专用连接端点的流程。
有关专用端点限制的详细信息,请参阅 扩展注意事项。
示例¶
- AWS:选择使用 时默认使用的角色和仓库。
设置到外部 S3 服务的出站专用连接:
SELECT SYSTEM$PROVISION_PRIVATELINK_ENDPOINT( 'com.amazonaws.us-west-2.s3', '*.s3.us-west-2.amazonaws.com' );
有关更多 AWS 示例,请参阅以下指南:
- Microsoft Azure:选择使用 时默认使用的角色和仓库。
设置专用端点,以允许 Snowflake on Microsoft Azure 连接到 Microsoft Azure VNet 中的 Microsoft Azure API 管理服务:
SELECT SYSTEM$PROVISION_PRIVATELINK_ENDPOINT( '/subscriptions/f4b00c5f-f6bf-41d6-806b-e1cac4f1f36f/resourceGroups/aztest1-external-function-rg/providers/Microsoft.ApiManagement/service/aztest1-external-function-api', 'aztest1-external-function-api.azure.net', 'Gateway' );
Private endpoint with ID "/subscriptions/e48379a7-2fc4-473e-b071-f94858cc83f5/resourcegroups/test_rg/providers/microsoft.network/privateendpoints/32bd3122-bfbd-417d-8620-1a02fd68fcf8" to resource "/subscriptions/f4b00c5f-f6bf-41d6-806b-e1cac4f1f36f/resourceGroups/aztest1-external-function-rg/providers/Microsoft.ApiManagement/service/aztest1-external-function-api" has been provisioned successfully. Please note down the endpoint ID and approve the connection from it on the Azure portal.提供一个专用端点,允许 Snowflake on Microsoft Azure 使用外部网络访问连接到外部服务:
SELECT SYSTEM$PROVISION_PRIVATELINK_ENDPOINT( '/subscriptions/11111111-2222-3333-4444-5555555555/resourceGroups/leorg1/providers/Microsoft.Sql/servers/myserver', 'testdb.database.windows.net', 'sqlServer' );
"Resource Endpoint with id "/subscriptions/f0abb333-1b05-47c6-8c31-dd36d2512fd1/resourceGroups/privatelink-test/providers/Microsoft.Network/privateEndpoints/external-network-access-pe" provisioned successfully"配置专用端点,以允许 Snowflake 连接到 Microsoft Azure 的外部暂存区:
SELECT SYSTEM$PROVISION_PRIVATELINK_ENDPOINT( '/subscriptions/cc2909f2-ed22-4c89-8e5d-bdc40e5eac26/resourceGroups/mystorage/providers/Microsoft.Storage/storageAccounts/storagedemo', 'storagedemo.blob.core.windows.net', 'blob' );
"Resource Endpoint with id "/subscriptions/57faea9a-20c2-4d35-b283-9c0c1e9593d8/resourceGroups/privatelink-test/providers/Microsoft.Network/privateEndpoints/external-network-access-pe" provisioned successfully"- Google Cloud:选择使用 时默认使用的角色和仓库。
连接到已发布的服务:
SELECT SYSTEM$PROVISION_PRIVATELINK_ENDPOINT( 'projects/my-project/regions/us-west2/serviceAttachments/my-http-server', 'my-http-server.com' );
创建端点后,资源提供者必须在 Google Cloud 上接受连接。
配置专用端点以允许 Google Cloud 上的 Snowflake 连接到 Google Cloud VPC 网络中的服务附件:
SELECT SYSTEM$PROVISION_PRIVATELINK_ENDPOINT( 'projects/my-project/regions/us-east4/serviceAttachments/my-service-attachment', 'my-service.com' );
Private endpoint with ID "abcd0000000000000001" to resource "projects/my-project/regions/us-east4/serviceAttachments/my-service-attachment" was provisioned successfully. Please note the Private Endpoint ID and approve the corresponding connection request in the cloud provider console.
配置专用端点以允许 Google Cloud 上的 Snowflake 连接到区域性 Cloud Key Management Service (Cloud KMS) 端点:
SELECT SYSTEM$PROVISION_PRIVATELINK_ENDPOINT( 'cloudkms.us-east4.rep.googleapis.com', 'cloudkms.us-east4.rep.googleapis.com' );
Private endpoint with ID "abcd0000000000000001" to resource "cloudkms.us-east4.rep.googleapis.com" was provisioned successfully. Please note the Private Endpoint ID and approve the corresponding connection request in the cloud provider console.
配置专用端点,以允许 Snowflake 连接到 Google Cloud 的外部暂存区:
SELECT SYSTEM$PROVISION_PRIVATELINK_ENDPOINT( 'storage.us-east4.rep.googleapis.com', 'storage.us-east4.rep.googleapis.com' );
Private endpoint with ID "abcd0000000000000001" to resource "storage.us-east4.rep.googleapis.com" was provisioned successfully. Please note the Private Endpoint ID and approve the corresponding connection request in the cloud provider console.