Table: snowflake_network_policy - Query OCI Snowflake Network Policies using SQL
A Network Policy in Snowflake is a set of rules that govern the network access control for virtual warehouses. It allows administrators to define IP whitelisting rules to restrict access to the Snowflake account only from allowed IP addresses. Network Policies can be associated with individual users or the entire account.
Table Usage Guide
The snowflake_network_policy
table provides insights into Network Policies within OCI Snowflake. As a Network Administrator, explore policy-specific details through this table, including allowed IP addresses, blocked IP addresses, and associated metadata. Use it to uncover information about policies, such as those with unrestricted access, the IP address restrictions in place, and the verification of network control configurations.
Examples
Basic info
Explore which network policies have been implemented within Snowflake, focusing on when they were created and the number of entries in both the allowed and blocked IP lists. This can help identify potential security gaps and understand the overall network security posture.
select name, comment, created_on, entries_in_allowed_ip_list, entries_in_blocked_ip_listfrom snowflake_network_policy;
select name, comment, created_on, entries_in_allowed_ip_list, entries_in_blocked_ip_listfrom snowflake_network_policy;
Get blocked and allowed IP lists for a specific network policy
Analyze the settings to understand the blocked and allowed IP addresses associated with a specific network policy. This can help in assessing the security measures and identifying any potential vulnerabilities in the network access.
select name, allowed_ip_list, blocked_ip_listfrom snowflake_network_policywhere name = 'np1';
select name, allowed_ip_list, blocked_ip_listfrom snowflake_network_policywhere name = 'np1';
Control examples
Schema for snowflake_network_policy
Name | Type | Operators | Description |
---|---|---|---|
_ctx | jsonb | Steampipe context in JSON form. | |
account | text | =, !=, ~~, ~~*, !~~, !~~* | The Snowflake account ID. |
allowed_ip_list | text | Comma-separated list of one or more IPv4 addresses that are allowed access to your Snowflake account. | |
blocked_ip_list | text | Comma-separated list of one or more IPv4 addresses that are denied access to your Snowflake account. | |
comment | text | Specifies a comment for the network policy. | |
created_on | timestamp with time zone | Date and time when the policy was created. | |
entries_in_allowed_ip_list | bigint | No of entries in the allowed IP list. | |
entries_in_blocked_ip_list | bigint | No of entries in the blocked IP list. | |
name | text | Identifier for the network policy. | |
region | text | The Snowflake region in which the account is located. | |
sp_connection_name | text | =, !=, ~~, ~~*, !~~, !~~* | Steampipe connection name. |
sp_ctx | jsonb | Steampipe context in JSON form. |
Export
This table is available as a standalone Exporter CLI. Steampipe exporters are stand-alone binaries that allow you to extract data using Steampipe plugins without a database.
You can download the tarball for your platform from the Releases page, but it is simplest to install them with the steampipe_export_installer.sh
script:
/bin/sh -c "$(curl -fsSL https://steampipe.io/install/export.sh)" -- snowflake
You can pass the configuration to the command with the --config
argument:
steampipe_export_snowflake --config '<your_config>' snowflake_network_policy