Enabling an AWS PrivateLink between ThoughtSpot Cloud and your Snowflake data warehouse

Learn how to deploy an AWS PrivateLink between your Snowflake data warehouse and the ThoughtSpot Cloud tenant.

AWS PrivateLink is only available to Enterprise Edition users.

Your data’s security is important. ThoughtSpot encrypts all your data by default. For an additional layer of security and network reliability, you can use an AWS PrivateLink. This option is currently available for your Amazon Aurora MySQL, Amazon Aurora PostgreSQL, Amazon RDS MySQL, Amazon RDS PostgreSQL, Amazon Redshift, Databricks, Denodo, Dremio, Oracle, PostgreSQL, SAP HANA, Snowflake, SQL Server, Starburst, or Teradata data warehouse connections.

ThoughtSpot supports a maximum of five PrivateLinks in your environment, in any combination of supported cloud data warehouses. For example, you could have a PrivateLink for Denodo, one for Databricks, and one for Starburst in the same environment.

This article details how to enable a PrivateLink for Snowflake; to enable it for other data warehouses, refer to:

You can enable a maximum of five PrivateLinks in your environment.

To deploy an AWS PrivateLink, you must work with ThoughtSpot Support and follow the procedure in this article.

Prerequisites

To deploy an AWS PrivateLink between your Snowflake data warehouse and the ThoughtSpot Cloud tenant, follow these steps.

Request Snowflake PrivateLink configuration

  1. Send a support request to Snowflake, asking them to configure an AWS PrivateLink. You must provide the following information:

    Snowflake support must configure the AWS PrivateLink. Snowflake’s self-service PrivateLink feature does not support third-party PrivateLink integrations, including the integration with ThoughtSpot.
  2. After Snowflake completes the PrivateLink configuration on the Snowflake side, run the following command in your Snowflake environment. This command retrieves the VPC Endpoint Service Name and Private DNS records required for Snowflake clients that you must send to ThoughtSpot Support.

    select system$get_privatelink_config();

    Refer to the Snowflake documentation for additional information on the specific URLs you need: AWS PrivateLink & Snowflake.

For Snowflake PrivateLink connections using JDBC drivers 3.13.25 or later, Snowflake no longer supports account names containing underscores. If your account name contains an underscore, you can either make changes in your DNS or in your application to set the default value of allowUnderscoresInHost to true. For more information on how to allow this property, refer to Behaviour Change Release information associated with Snowflake JDBC driver version 3.13.25.

Exchange AWS and ThoughtSpot information with ThoughtSpot Support

  1. Send the account name from the DNS records and the Service name to ThoughtSpot Support. You gathered this information from Snowflake in step 2 of Request Snowflake PrivateLink configuration.

  2. After ThoughtSpot Support configures the AWS PrivateLink in ThoughtSpot, ask them to send you the PrivateLink Snowflake account name.