Enabling an AWS PrivateLink between ThoughtSpot Cloud and your Snowflake data warehouse

Your data’s security is important. ThoughtSpot encrypts all your data by default. For an additional layer of security and network reliability, you can use an AWS PrivateLink. This option is currently available for your Amazon Redshift, Databricks, Denodo, Dremio, Oracle, SAP HANA, Snowflake, Starburst, or Teradata data warehouse connections.

This article details how to enable a PrivateLink for Snowflake; to enable it for other data warehouses, refer to:

You can only enable one PrivateLink for each cluster.

To deploy an AWS PrivateLink, you must work with ThoughtSpot Support and follow the procedure in this article.

Prerequisites

To deploy an AWS PrivateLink between your Snowflake data warehouse and the ThoughtSpot Cloud tenant, follow these steps.

Request Snowflake PrivateLink configuration

  1. Send a support request to Snowflake, asking them to configure an AWS PrivateLink. You must provide the following information:

    Snowflake support must configure the AWS PrivateLink. Snowflake’s self-service PrivateLink feature does not support third-party PrivateLink integrations, including the integration with ThoughtSpot.
  2. After Snowflake completes the PrivateLink configuration on the Snowflake side, run the following command in your Snowflake environment. This command retrieves the VPC Endpoint Service Name and Private DNS records required for Snowflake clients that you must send to ThoughtSpot Support.

    select system$get_privatelink_config();

    Refer to the Snowflake documentation for additional information on the specific URLs you need: AWS PrivateLink & Snowflake.

Exchange AWS and ThoughtSpot information with ThoughtSpot Support

  1. Send the account name from the DNS records and the Service name to ThoughtSpot Support. You gathered this information from Snowflake in step 2 of Request Snowflake PrivateLink configuration.

  2. After ThoughtSpot Support configures the AWS PrivateLink in ThoughtSpot, ask them to send you the PrivateLink Snowflake account name.

Configure Connections

Configure Connections for Snowflake, using the PrivateLink Snowflake account name from ThoughtSpot Support for the Account name field. For example, xyz99999.us-west-2.privatelink.