mysterious-hairdresser-82060
06/12/2023, 9:24 PMStackReference
, or will that break? I am trying to Create a Snowflake External Storage Integration using an AWS IAM Role, and they need to reference each other. Ideally, we would keep our Snowflake and AWS resources in separate stacks. Thanks!little-cartoon-10569
06/12/2023, 11:14 PMsalmon-account-74572
06/13/2023, 2:18 PMmysterious-hairdresser-82060
06/15/2023, 10:17 PMlittle-cartoon-10569
06/15/2023, 11:20 PMpulumi up
twice: when you run it the first time, the variable won't have a value (because the Snowflake integration hasn't been created), so the role will have the dummy ID in the trust policy. All subsequent runs will work correctly, as the value output from Snowflake will be available from the stack's outputs.
2. Use the wildcard trust:
If you require a trust policy with a less secure set of restrictions (i.e. a policy that supports all external stages in your account), replace random_id in the external ID with a wildcard character (*):
snowflake_account_SFCRole=snowflake_role_id_*, e.g. MYACCOUNT_SFCRole=2_* in the current example.(See https://docs.snowflake.com/en/user-guide/data-load-s3-config-aws-iam-role)
mysterious-hairdresser-82060
06/16/2023, 12:19 AMsalmon-account-74572
06/20/2023, 5:26 PM