No matter how you like to participate in developer communities, Pulumi wants to meet you there. If you want to meet other Pulumi users to share use-cases and best practices, contribute code or documentation, see us at an event, or just tell a story about something cool you did with Pulumi, you are part of our community.

Pulumi Community

Hey guys!

I’m a Data Engineer/Consultant working with a client that is moving into Snowflake, where we will not own the whole account ourselves, but will manage our own databases, roles etc. As we currently make extensive use of pulumi to manage our AWS infra, it would be really nice if we could manage Snowflake with the same codebase.

The big problem we are facing is that there is no full separation between “environments”/stacks in snowflake, i.e. users roles and grants are visible for the whole account, while database-level objects like schemas and tables are naturally separated.

Any tips, ideas or pointers are welcome in how to best solve this!

For the interested: After some internal deliberation, we have opted to go the “namespace” route, where all sf resources visible throughout the accounts vill be suffixet with the stack name, such that roles vill be named like: `ROLE_(DEV|PRE|PROD)` depending on what “environment”/stack it belongs to.