Skip to content

getindata/terraform-snowflake-shared-database

BranchesTags

Repository files navigation

Snowflake Database Terraform Module

Snowflake Terraform

License Release

We help companies turn their data into assets

Terraform module for Snowflake Shared Database management.

  • Creates Snowflake Shared database
  • Can create custom Snowflake account roles with role-to-role assignments
  • Can create a set of default account roles to simplify access management:
    • READONLY - granted IMPORTED_PRIVILEGES privilege on the database

Breaking changes in v2.x of the module

  • Due to rename of Snowflake terraform provider source, all versions.tf files were updated accordingly.

    Please keep in mind to mirror this change in your own repos also.

    For more information about provider rename, refer to Snowflake documentation.

USAGE

module "snowflake_shared_database" {
  source = "getindata/shared-database/snowflake"
  # version  = "x.x.x"

  name       = "SHARED_DATABASE"
  from_share = "<orgname.accountname.sharename>"

  create_default_roles = true
}

EXAMPLES

  • Simple - Basic usage of the module
  • Complete - Advanced usage of the module

Inputs

Name Description Type Default Required
catalog The database parameter that specifies the default catalog to use for Iceberg tables string null no
comment Specifies a comment for the database string null no
context_templates Map of context templates used for naming conventions - this variable supersedes naming_scheme.properties and naming_scheme.delimiter configuration map(string) {} no
create_default_roles Whether the default roles should be created bool false no
default_ddl_collation Specifies a default collation specification for all schemas and tables added to the database. string null no
enable_console_output If true, enables stdout/stderr fast path logging for anonymous stored procedures bool null no
external_volume The database parameter that specifies the default external volume to use for Iceberg tables string null no
from_share A fully qualified path to a share from which the database will be created. A fully qualified path follows the format of <organization_name>.<account_name>.<share_name> string n/a yes
log_level Specifies the severity level of messages that should be ingested and made available in the active event table. Valid options are: [TRACE DEBUG INFO WARN ERROR FATAL OFF] string null no
name Name of the resource string n/a yes
name_scheme Naming scheme configuration for the resource. This configuration is used to generate names using context provider:
- properties - list of properties to use when creating the name - is superseded by var.context_templates
- delimiter - delimited used to create the name from properties - is superseded by var.context_templates
- context_template_name - name of the context template used to create the name
- replace_chars_regex - regex to use for replacing characters in property-values created by the provider - any characters that match the regex will be removed from the name
- extra_values - map of extra label-value pairs, used to create a name
- uppercase - convert name to uppercase		 
object({
    properties            = optional(list(string), ["environment", "name"])
    delimiter             = optional(string, "_")
    context_template_name = optional(string, "snowflake-shared-database")
    replace_chars_regex   = optional(string, "[^a-zA-Z0-9_]")
    extra_values          = optional(map(string))
    uppercase             = optional(bool, true)
  })
 {} no
quoted_identifiers_ignore_case If true, the case of quoted identifiers is ignored bool null no
replace_invalid_characters If true, invalid characters are replaced with the replacement character bool null no
roles Account roles created on the Shared Database level 
map(object({
    name_scheme = optional(object({
      properties            = optional(list(string))
      delimiter             = optional(string)
      context_template_name = optional(string)
      replace_chars_regex   = optional(string)
      extra_labels          = optional(map(string))
      uppercase             = optional(bool)
    }))
    comment              = optional(string)
    role_ownership_grant = optional(string)
    granted_roles        = optional(list(string))
    granted_to_roles     = optional(list(string))
    granted_to_users     = optional(list(string))
    database_grants = optional(object({
      privileges = optional(list(string))
    }))
  }))
 {} no
storage_serialization_policy The storage serialization policy for Iceberg tables that use Snowflake as the catalog. Valid options are: [COMPATIBLE OPTIMIZED] string null no
suspend_task_after_num_failures How many times a task must fail in a row before it is automatically suspended. 0 disables auto-suspending number null no
task_auto_retry_attempts Maximum automatic retries allowed for a user task number null no
trace_level Controls how trace events are ingested into the event table. Valid options are: [ALWAYS ON_EVENT OFF] string null no
user_task_managed_initial_warehouse_size The initial size of warehouse to use for managed warehouses in the absence of history string null no
user_task_minimum_trigger_interval_in_seconds Minimum amount of time between Triggered Task executions in seconds number null no
user_task_timeout_ms User task execution timeout in milliseconds number null no

Modules

Name Source Version
roles_deep_merge Invicton-Labs/deepmerge/null 0.1.5
snowflake_custom_role getindata/role/snowflake 4.0.0
snowflake_default_role getindata/role/snowflake 4.0.0

Outputs

Name Description
catalog The database parameter that specifies the default catalog to use for Iceberg tables
comment The comment for the database
default_ddl_collation Specifies a default collation specification for all schemas and tables added to the database.
enable_console_output If true, enables stdout/stderr fast path logging for anonymous stored procedures
external_volume The database parameter that specifies the default external volume to use for Iceberg tables
from_share The name of the share from which the database is created
log_level Specifies the severity level of messages that should be ingested and made available in the active event table. Valid options are: [TRACE DEBUG INFO WARN ERROR FATAL OFF]
name Name of the database
quoted_identifiers_ignore_case If true, the case of quoted identifiers is ignored
roles Snowflake Roles
storage_serialization_policy The storage serialization policy for Iceberg tables that use Snowflake as the catalog. Valid options are: [COMPATIBLE OPTIMIZED]
suspend_task_after_num_failures How many times a task must fail in a row before it is automatically suspended. 0 disables auto-suspending
task_auto_retry_attempts Maximum automatic retries allowed for a user task
trace_level Controls how trace events are ingested into the event table. Valid options are: [ALWAYS ON_EVENT OFF]
user_task_managed_initial_warehouse_size The initial size of warehouse to use for managed warehouses in the absence of history
user_task_minimum_trigger_interval_in_seconds Minimum amount of time between Triggered Task executions in seconds
user_task_timeout_ms User task execution timeout in milliseconds

Providers

Name Version
context >=0.4.0
snowflake >= 0.94.0

Requirements

Name Version
terraform >= 1.3
context >=0.4.0
snowflake >= 0.94.0

Resources

Name Type
snowflake_shared_database.this resource
context_label.this data source

CONTRIBUTING

Contributions are very welcomed!

Start by reviewing contribution guide and our code of conduct. After that, start coding and ship your changes by creating a new PR.

LICENSE

Apache 2 Licensed. See LICENSE for full details.

AUTHORS

Made with contrib.rocks.

About

Terraform module for managing Shared Databases in Snowflake

Resources

Readme

License

Apache-2.0 license

Code of conduct

Code of conduct

Contributing

Contributing
Activity
Custom properties

Stars

1 star

Watchers

5 watching

Forks

0 forks
Report repository

Releases 7

Version v2.0.0 Latest
Aug 21, 2025
+ 6 releases

Packages

No packages published

Contributors 2

  •  
  •  

Languages