Your data’s security is important. To ensure a secure two-way data exchange between your cloud data warehouse and the ThoughtSpot Cloud tenant, you can use an AWS PrivateLink. This option is currently available for your Snowflake or Redshift data warehouse connections. This article details how to enable a PrivateLink for Snowflake; you can also enable it for Redshift.
To deploy an AWS PrivateLink, you must work with ThoughtSpot Support and follow the procedure in this article.
- You must have a Snowflake account
- The ThoughtSpot cluster must be in the same AWS region as your Snowflake account
- You must obtain the ThoughtSpot AWS Account ID from ThoughtSpot Support. You may need a separate Account ID for staging or dev environments.
Enable an AWS PrivateLink for Snowflake
To deploy an AWS PrivateLink between your Snowflake data warehouse and the ThoughtSpot Cloud tenant, follow these steps.
Request Snowflake PrivateLink configuration
- Send a support request to Snowflake, asking them to configure an AWS PrivateLink. You must provide the following information:
- Snowflake provides the following details with their response:
- VPC Endpoint Service Name
- Private DNS records required for Snowflake clients
Exchange AWS and ThoughtSpot information with ThoughtSpot Support
Send the account name from the DNS records and the Service name to ThoughtSpot Support. You gathered this information from Snowflake in step 2 of Request Snowflake PrivateLink configuration.
After ThoughtSpot Support configures the AWS PrivateLink in ThoughtSpot, ask them to send you the PrivateLink Snowflake account name.
Configure Embrace for Snowflake, using the PrivateLink Snowflake account name from ThoughtSpot Support.