snowflake

Snowflake

Connect Snowflake to WasteNot to pull data directly from your warehouse. Write simple queries to define exactly what data you need for building audiences.

Setting up Snowflake requires help from someone on your engineering or data team. Share this guide with them to get started.

Prerequisites

  • A Snowflake account
  • Someone with permission to create roles and users in Snowflake
  • Your Snowflake account identifier including organization (for example, myorg-myaccount)
  • A Snowflake warehouse WasteNot can use for query execution
  • A Snowflake database containing the schemas and tables you want WasteNot to read

Connecting Snowflake

Setup has two steps: creating the data source in WasteNot, then configuring access in your Snowflake account.

Step 1: Create the data source

  1. Add a new Snowflake data source in WasteNot
  2. Enter a Name
  3. Click Save

Step 2: Set up access and connect

After creating the data source, go to its detail page. You will see a form and setup instructions.

Fill in the following fields:

  • Snowflake Account Name — Your account identifier including organization (e.g., myorg-myaccount)
  • Snowflake Warehouse — The warehouse WasteNot should use to run queries
  • Snowflake Database — The database WasteNot should query
  • Snowflake Role — The role WasteNot will use for access (e.g., WASTENOT_ROLE)
  • Snowflake Username — The user WasteNot will log in as (e.g., WASTENOT_USER)

WasteNot authenticates to Snowflake using AWS workload identity federation. That means WasteNot does not store a Snowflake password or key pair for this connection.

Your engineering or data team should run the setup SQL shown in the app. It does four things:

  1. Creates a dedicated role for WasteNot
  2. Grants that role read access to your warehouse, database, schemas, and tables
  3. Creates a dedicated Snowflake service user and assigns the role
  4. Configures the user to trust WasteNot's AWS identity for login

The SQL in the app follows this pattern:

CREATE ROLE IF NOT EXISTS WASTENOT_ROLE;

GRANT USAGE ON WAREHOUSE <WAREHOUSE_NAME> TO ROLE WASTENOT_ROLE;
GRANT USAGE ON DATABASE <DATABASE_NAME> TO ROLE WASTENOT_ROLE;
GRANT USAGE ON ALL SCHEMAS IN DATABASE <DATABASE_NAME> TO ROLE WASTENOT_ROLE;
GRANT SELECT ON ALL TABLES IN DATABASE <DATABASE_NAME> TO ROLE WASTENOT_ROLE;
GRANT SELECT ON FUTURE TABLES IN DATABASE <DATABASE_NAME> TO ROLE WASTENOT_ROLE;

CREATE USER IF NOT EXISTS WASTENOT_USER
  DEFAULT_ROLE = WASTENOT_ROLE
  TYPE = SERVICE;

GRANT ROLE WASTENOT_ROLE TO USER WASTENOT_USER;

Then configure workload identity for the Snowflake user with the AWS ARN shown in the WasteNot app:

ALTER USER WASTENOT_USER
  SET WORKLOAD_IDENTITY = (
    TYPE = AWS
    ARN = '<ARN FROM WASTENOT SETUP SCREEN>'
  );

You can rename the role and user to match your conventions, as long as the same values are entered back into WasteNot.

If you want to scope access more tightly, you can replace the database-wide grants above with grants on specific schemas or tables, as long as every object referenced by your WasteNot queries remains readable.

Once Snowflake is set up and the fields are filled in, click Connect.

WasteNot connects to Snowflake without storing any passwords. The Snowflake setup screen in WasteNot includes the exact AWS ARN to use in the ALTER USER ... SET WORKLOAD_IDENTITY statement. If your team needs help, reach out to support@wastenot.io.

Custom streams

Once connected, you can create streams to define what data WasteNot pulls from Snowflake. Each stream is a SQL query that returns rows matching WasteNot's expected format.

See the Writing Custom Queries guide for full details on how to structure your queries, required columns, and event types.

  1. Go to your Snowflake data source detail page
  2. Click New Stream
  3. Give the stream a name, select an event type, and enter your SQL query
  4. Save the stream

WasteNot will run the query on a schedule and sync the results automatically.

Frequently asked questions

Who on my team should set this up?

Anyone with admin access to your Snowflake account who can create roles and users. This is typically someone on your engineering or data team.

Can I change the warehouse or database later?

Yes. Edit the data source from its detail page to update connection settings.

What permissions does the Snowflake role need?

At minimum, the role needs:

  • USAGE on the warehouse WasteNot will run on
  • USAGE on the database
  • USAGE on any schemas your queries reference
  • SELECT on the tables or views your queries reference

If new tables will be added over time, granting access to future tables helps avoid broken syncs.

Does WasteNot need write access in Snowflake?

No. WasteNot only needs read access to the data used by your stream queries.

My data source shows "Failed" status

Common causes include:

  • The Snowflake account name is wrong or does not include the organization prefix
  • The warehouse, database, role, or username in WasteNot does not match the Snowflake setup
  • The Snowflake user or role has been disabled
  • The workload identity ARN was not set correctly on the Snowflake user
  • The role does not have access to every schema or table referenced by your queries

Check with your data team, or reach out to support@wastenot.io for help.

Was this page helpful?