NETWORK POLICY

Config path: /network_policy.yaml

Example:

test_network_policy_1:
  allowed_ip_list:
    - 0.0.0.0/0
  blocked_ip_list:
    - 1.1.1.1
    - 8.8.8.8

test_network_policy_2:
  allowed_network_rule_list:
    - my_db.my_schema.my_rule_1
    - my_db.my_schema.my_rule_2
  blocked_network_rule_list:
    - my_db.my_schema.my_rule_3
    - my_db.my_schema.my_rule_4

Schema

• {key} (ident) - name of network policy

• {value} (dict)

  • allowed_network_rule_list (list)

    • {items} (ident) - network rules allowing access to Snowflake account

  • blocked_network_rule_list (list)

    • {items} (ident) - network rules blocking access to Snowflake account

  • allowed_ip_list (list)

    • {items} (str) - IPv4 addresses that are allowed access to Snowflake account

  • blocked_ip_list (list)

    • {items} (str) - IPv4 addresses that are denied access to Snowflake account

  • comment (str)

Usage notes

1. It is recommended to review and apply changes to NETWORK POLICIES manually due to high security risk.

2. Since NETWORK POLICIES are account-level objects and NETWORK RULES are schema-level objects, names of network rules should be fully qualified <database>.<schema>.<name>.

Links

• CREATE NETWORK POLICY

• ALTER NETWORK POLICY

• DESC NETWORK POLICY

• Parser & JSON Schema (GitHub)