ht
Documentation
WelcomeConcepts

Get Started

OverviewCreate a sourceCreate a modelCreate a destinationCreate a sync

Sources

Amazon AthenaAmazon RedshiftDatabricksGoogle BigQueryGoogle SheetsLookerMySQLPostgreSQLRocksetSnowflakeSQL ServerTrino
Documentation/Sources/Snowflake
ht
Documentation

Snowflake

Table of Contents
Create the Warehouse connection in Hightouch
Snowflake is a data warehouse built on top of the Amazon Web Services, Google Cloud Platform, and Microsoft Azure cloud infrastructure.

Create the Warehouse connection in Hightouch

Hightouch will always connect to your warehouse from 54.196.30.169 or 52.72.201.213. You may allow-list this IP address in your VPC security groups.
To connect Hightouch to your Snowflake Warehouse, we recommend creating a user specifically provisioned with read-only access to the tables and schemas required.The method used will vary depending on your particular implementation details, but the instructions below should serve as a decent starting point.To create a role, run the following code in Snowflake. If you already have a valid role with read-only access skip this step.
CREATE ROLE IF NOT EXISTS ht_readonly_role
COMMENT = "Read only access to select tables for Hightouch";
To create a user, run the following code in Snowflake, replacing all the values wrapped in <> with actual values:
CREATE USER ht_user
password = '<a_very_secure_password>'
first_name = 'Hightouch'
last_name = 'User'
default_warehouse = '<warehouse>'
default_namespace = '<database.schema>'
default_role = '<ht_readonly_role>'
comment = 'Used for Hightouch integrations'
Next, you'll need to grant the apporpriate permissions to the role. At minimum, the role will need access to the warehouse, database, schema, and tables. If you're using permifrost, you can define the role permissions there, otherwise, you can grant the permissions directly in Snowflake:
GRANT ROLE ht_readonly_role TO ROLE SYSADMIN;
GRANT USAGE ON WAREHOUSE <warehouse> TO ROLE ht_readonly_role;
GRANT ROLE ht_readonly_role TO USER ht_user;
GRANT USAGE ON DATABASE "<database>" TO ROLE ht_readonly_role;
GRANT USAGE ON SCHEMA "<database>"."<schema>" TO ROLE ht_readonly_role;
GRANT SELECT ON ALL TABLES IN SCHEMA "<database>"."<schema>" TO ROLE ht_readonly_role;
GRANT SELECT ON FUTURE TABLES IN SCHEMA "<database>"."<schema>" TO ROLE ht_readonly_role;
GRANT SELECT ON ALL VIEWS IN SCHEMA "<database>"."<schema>" TO ROLE ht_readonly_role;
GRANT SELECT ON FUTURE VIEWS IN SCHEMA "<database>"."<schema>" TO ROLE ht_readonly_role;
Or, if using permifrost.
roles:
- ht_readonly_role:
warehouses:
- <warehouse>
privileges:
databases:
read:
- <database>
schemas:
read:
- <database>.*
tables:
read:
- <database>.*.*
users:
- ht_user:
can_login: yes
member_of:
- ht_readonly_role
If you are using permifrost, check out our CircleCI orb to make running permifrost from a Github repo easy.Once you have your role and user provisioned, you can add them to Hightouch:
  1. In Hightouch, go to Sources or click https://app.hightouch.io/sources
  2. Click "Create Source"
  3. Select Snowflake
  4. For Account, enter your Snowflake account. Usually, this is in the format <identifier>.<region>.<cloud provider>, e.g. abc123.us-east-2.aws). See the Snowflake docs for more information.
  5. For Database, enter your Snowflake database name.
  6. For Username, enter your Snowflake username, e.g. ht_user
  7. For Password, enter your Snowflake user's password.
  8. For Role, enter the Role that Hightouch should use for queries, e.g. ht_readonly_role. Use DEFAULT to use the default role.
  9. Click "Test" to test the connection. Hightouch is able to successfully connect, click the "Complete" button at the bottom of the page