1. Whitelist Bigeye IP Address
Bigeye will make calls to your warehouse from one of the following static IPs:
By default, Snowflake instances are open to every IP address, so no action is required. However, if you've set up network policies to restrict the IP addresses communicating with your Snowflake instance, you'll need to modify these policies to allow the Bigeye IP address.
There are two types of network policies you might have set up on your Snowflake instance: account level and user level. Account level policies apply to all users unless the policy is overridden by a user level policy. User level policies only apply to the users that the policy is assigned and user level policies will override account level policies.
If you’ve configured account level network policies, you’ll need to edit your network policy to allow incoming connections from Bigeye's IP address. Please refer to the Snowflake documentation for more information on modifying account level network policies.
If your organization uses user level network policies, you’ll need to create a new policy to apply to the read-only user you create, allowing incoming connections from Bigeye's IP address. Please refer to the Snowflake documentation for more information on modifying user level network policies.
2. Create Dedicated User for Bigeye
Before connecting Bigeye, we strongly recommend you create a dedicated, read-only user for Bigeye and grant permissions on the tables you want Bigeye to monitor.
To do this in Snowflake, open your Snowflake Worksheets page to run the statements below in the console:
Watch out for the TODO's in the script -- they indicate places where placeholder variables need to be replaced with real values.
set role_name = 'BIGEYE_ROLE'; set user_name = 'BIGEYE_USER'; -- TODO - replace password set user_password = 'password123'; set warehouse_name = 'BIGEYE_WAREHOUSE'; -- change role to securityadmin for user / role steps use role securityadmin; -- create role for Bigeye create role if not exists identifier($role_name); grant role identifier($role_name) to role SYSADMIN; grant imported privileges on database "SNOWFLAKE" to role identifier($role_name); -- create a user for Bigeye create user if not exists identifier($user_name) password = $user_password default_role = $role_name default_warehouse = $warehouse_name; grant role identifier($role_name) to user identifier($user_name); -- change role to sysadmin for warehouse / database steps use role sysadmin; -- TODO - optional, uncomment if you want to have a separate database for Bigeye -- set database_name = 'BIGEYE_DATABASE'; -- create database if not exists identifier($database_name); -- grant USAGE on database identifier($database_name) to role identifier($role_name); -- grant Bigeye role access to warehouse grant USAGE on warehouse identifier($warehouse_name) to role identifier($role_name); commit; -- TODO - repeat for every database, schema, table you want -- grant USAGE on database <database> to role identifier($role_name); -- grant USAGE on schema <database>.<schema> to role identifier($role_name); -- grant select on future tables in schema <database>.<schema> to role identifier($role_name); -- grant select on all tables in schema <database>.<schema> to role identifier($role_name);
3. Gather connection details from Snowflake
You'll want to gather the following connection details from Snowflake
|Warehouse||Click Warehouses from within your Snowflake console to view a list of warehouses. Any warehouse in your account will work.|
|Username||user_name that you created in the script above|
|Password||user_password that you created in the script above|
There is no need to use a dedicated warehouse for Bigeye.
4. Add Snowflake as data source in Bigeye
From the Catalog page click Add source. On the modal that appears, select Snowflake.
To connect a database, you will need to input the following information:
- Alias - Enter any name, this is how your source will appear in the Bigeye Catalog
- Vendor - Snowflake
- Hostname - Hostname from step 3
- Port - leave empty for default port; default port is 443
- Warehouse name - warehouse from step 3
- Username - username from step 3
- Password - password from step 3
- Timeout - timeout for queries run by Bigeye to monitor your data, defaults to 600 seconds.
Note that the username will use its default role in Snowflake. Please make sure that role has the permissions it needs to see and query your tables.
Note that the username you specify will use its default role in Snowflake. Please make sure that role has the permissions it needs to see and query your tables.
Once filled out, the form should look something like this
5. Test connection
This step will query your warehouse to ensure that the user you provided has the permissions necessary to read data and run all Bigeye metric types. If an error is returned, return to step 2 above to ensure the user is permissinned correctly in snowflake.
6. Add metrics
If test connection is successful, you will have the option to deploy Metadata Metrics on your schemas. We recommend broad coverage of these metrics across your warehouse to detect the most common data quality issues.
Once you’ve added your source, Bigeye will start profiling your data to recommend autometrics. It can take up to 24 hours for this process to complete. Proceed to the Getting Started for next steps.
Updated 6 months ago