Skip to main content

Setting Up a Snowflake User Network Policy IP Whitelist with Azure Data Factory

When setting up a Snowflake user network policy IP whitelist with Azure Data Factory in production, you are allowing secured traffic between Azure and Snowflake for a specific system user. This article explains step by step instructions and guidance to locate and input the IP addresses for your Azure Data Factory location.

Find your Availability Zone Location

On the Azure home page, you can locate your “Location”. Make sure you pay attention as there could be more than 1 AZ name like East US and East US 2.

Locate ADF Location

Download Azure IP Addresses by Service Tag

Download IP address listings by service tag from Microsoft Download Page

You will need to open this file in notepad and search for “DataFactory” and the Availability Zone location

Example Azure Availability Zone. I am showing US East 2 IP addresses.

Azure Data Factory IP range

Resulting IP addresses should be formatted as a comma separated list like this.

20.41.2.0/23,20.41.4.0/26,20.44.17.80/28,20.49.102.16/29,20.98.195.172/32,20.98.198.224/29,40.70.148.160/28,52.167.107.224/28

As you notice the IP addresses are inclusive of the digits after the “/” which is called CIDR notation.

Create the Snowflake Network Policy 

Toggle to the ACCOUNTADMIN role

Switch Snowflake User

Navigate to Admin > Security

Snowflake Security Tab

Click + Network Policy

Enter a Policy Name. In this example I added “ADF_SYSTEM”

Paste the Allowed IP Addresses

Add comment highlighting that the policy is user specific. In this case I highlight what the IP addresses to keep the future administrator aware what these IP addresses point to.

Click Create network policy

Important Note:

Do Not Activate the policy from this screen. This is intended to be a user and not Account level policy. The Snowflake UI (called Snowsight), does not provide the screen to add a policy to a user so we will write a little SQL to apply this policy to an individual policy.

Apply the Snowflake User Network Policy to your User

To complete this step you need to write a little SQL. Go to Snowflake Worksheets to write SQL that creates your network policy for an individual user:

Apply Snowflake Network Policy to a User

Enter the following SQL Code. In this example “SYSTEM_ADF_LOADING ” is the name of the Snowflake user and “ADF_SYSTEM” is the name of the policy you just created.

ALTER USER SYSTEM_ADF_LOADING SET NETWORK_POLICY = 'ADF_SYSTEM'

To Unset a network policy you can use the following SQL:

ALTER USER SYSTEM_ADF_LOADING UNSET NETWORK_POLICY

Troubleshooting

If you ware using ADF and get an error, it will provide you with the specific error.

Want to learn how to use Azure Data Factory with Snowflake? View our Tutorials page