turbot/snowflake_compliance

GitHub
Loading controls...

Control: Use network policies to allow 'known' client locations (IP ranges)

Description

Use network policies to allow known client locations (IP ranges) to connect to your Snowflake account while blocking others. Additionally, if you’re using service account users to connect from a client application, SCIM, or Snowflake OAuth integrations, check if you need to configure different network policies (SCIM network policy, OAuth network policy) that overrides the account level network policy.

Usage

Run the control in your terminal:

steampipe check snowflake_compliance.control.security_overview_network_security_network_policy_allowed_list_set

Snapshot and share results via Steampipe Cloud:

steampipe login
steampipe check --share snowflake_compliance.control.security_overview_network_security_network_policy_allowed_list_set

SQL

This control uses a named query:

network_policy_allowed_list_set

Params

ArgsNameDefaultDescriptionVariable
$1allowed_ips
["192.168.1.0/24"]