Iceberg Tables

PreviousEncrypt user passwords NextCLI interface

Last updated 5 months ago

Iceberg Tables

At this moment SnowDDL supports UNMANAGED Iceberg tables using external catalog only.

If you are looking for MANAGED Iceberg tables support, please leave a comment in this thread describing the use case:

How to create unmanaged Iceberg table with SnowDDL

Step 1: Create permission model which includes permissions for Iceberg tables

Example of custom :

iceberg:
  inherit_from: default
  owner_create_grants:
    - ICEBERG_TABLE
  owner_future_grants:
    ICEBERG_TABLE: [OWNERSHIP]
  write_future_grants:
    ICEBERG_TABLE: [INSERT, UPDATE, DELETE, TRUNCATE]
  read_future_grants:
    ICEBERG_TABLE: [SELECT, REFERENCES]

Iceberg tables are not included in default permission model, since adding it to all schemas seems to introduce noticeable additional overhead during schema role creation.

Step 2: Create external volume

Example:

SET STORAGE_BASE_URL = 's3://my-bucket/iceberg_glue/';
SET STORAGE_ROLE_ARN = 'arn:aws:iam::123:role/snowflake_role';
SET STORAGE_EXTERNAL_ID = '...';

CREATE OR REPLACE EXTERNAL VOLUME TEST_EXTERNAL_VOLUME_GLUE
STORAGE_LOCATIONS =
(
    (
        NAME = 'iceberg_glue'
        STORAGE_PROVIDER = 'S3'
        STORAGE_BASE_URL = $STORAGE_BASE_URL
        STORAGE_AWS_ROLE_ARN = $STORAGE_ROLE_ARN
        STORAGE_AWS_EXTERNAL_ID = $STORAGE_EXTERNAL_ID
    )
)
ALLOW_WRITES = FALSE;

Step 3: Create catalog

Example:

SET GLUE_CATALOG_NAMESPACE = 'iceberg_glue'
SET GLUE_ROLE_ARN = 'arn:aws:iam::123:role/snowflake_glue';
SET GLUE_CATALOG_ID = '123';
SET GLUE_REGION = 'us-east-1';

CREATE OR REPLACE CATALOG INTEGRATION TEST_CATALOG_GLUE
CATALOG_SOURCE = GLUE
CATALOG_NAMESPACE = $GLUE_CATALOG_NAMESPACE
TABLE_FORMAT = ICEBERG
GLUE_AWS_ROLE_ARN = $GLUE_ROLE_ARN
GLUE_CATALOG_ID = $GLUE_CATALOG_ID
GLUE_REGION = $GLUE_REGION
ENABLED = TRUE;

Step 4: Create schema with references to EXTERNAL VOLUME and CATALOG

permission_model: iceberg
external_volume: text_external_volume_iceberg
catalog: test_catalog_glue

At this moment one schema may contain tables from one EXTERNAL VOLUME and one CATALOG only. If you have more external volumes and catalogs, please create more schemas.

Step 5: Create Iceberg tables

Example 1:

catalog_table_name: test_iceberg_table_1

Example 2:

metadata_file_path: test_iceberg_table_1/metadata/00001-cc112050-1448-4c2a-9e03-504e7f5fc62a.metadata.json
replace_invalid_characters: true

Rationale: Why is it not possible to specify EXTERNAL VOLUME and CATALOG individually for each table?

By specifying EXTERNAL VOLUME and CATALOG on schema level, we achieve two goals:

Usage on EXTERNAL VOLUME and CATALOG are granted to schema owner role automatically.
Each schema contains objects from one EXTERNAL VOLUME and one CATALOG, which helps to keep things clear and prevents mixture of various Iceberg table sub-types within one schema.

PreviousEncrypt user passwords NextCLI interface

Last updated 5 months ago

At this moment SnowDDL supports UNMANAGED Iceberg tables using external catalog only.

If you are looking for MANAGED Iceberg tables support, please leave a comment in this thread describing the use case:

How to create unmanaged Iceberg table with SnowDDL

Step 1: Create permission model which includes permissions for Iceberg tables

Example of custom :

iceberg:
  inherit_from: default
  owner_create_grants:
    - ICEBERG_TABLE
  owner_future_grants:
    ICEBERG_TABLE: [OWNERSHIP]
  write_future_grants:
    ICEBERG_TABLE: [INSERT, UPDATE, DELETE, TRUNCATE]
  read_future_grants:
    ICEBERG_TABLE: [SELECT, REFERENCES]

Iceberg tables are not included in default permission model, since adding it to all schemas seems to introduce noticeable additional overhead during schema role creation.

Step 2: Create external volume

Similar to objects, EXTERNAL VOLUME should be created by ACCOUNTADMIN.

Documentation:

Example:

SET STORAGE_BASE_URL = 's3://my-bucket/iceberg_glue/';
SET STORAGE_ROLE_ARN = 'arn:aws:iam::123:role/snowflake_role';
SET STORAGE_EXTERNAL_ID = '...';

CREATE OR REPLACE EXTERNAL VOLUME TEST_EXTERNAL_VOLUME_GLUE
STORAGE_LOCATIONS =
(
    (
        NAME = 'iceberg_glue'
        STORAGE_PROVIDER = 'S3'
        STORAGE_BASE_URL = $STORAGE_BASE_URL
        STORAGE_AWS_ROLE_ARN = $STORAGE_ROLE_ARN
        STORAGE_AWS_EXTERNAL_ID = $STORAGE_EXTERNAL_ID
    )
)
ALLOW_WRITES = FALSE;

Step 3: Create catalog

Similar to objects, CATALOG should be created by ACCOUNTADMIN.

Documentation:

Example:

SET GLUE_CATALOG_NAMESPACE = 'iceberg_glue'
SET GLUE_ROLE_ARN = 'arn:aws:iam::123:role/snowflake_glue';
SET GLUE_CATALOG_ID = '123';
SET GLUE_REGION = 'us-east-1';

CREATE OR REPLACE CATALOG INTEGRATION TEST_CATALOG_GLUE
CATALOG_SOURCE = GLUE
CATALOG_NAMESPACE = $GLUE_CATALOG_NAMESPACE
TABLE_FORMAT = ICEBERG
GLUE_AWS_ROLE_ARN = $GLUE_ROLE_ARN
GLUE_CATALOG_ID = $GLUE_CATALOG_ID
GLUE_REGION = $GLUE_REGION
ENABLED = TRUE;

Step 4: Create schema with references to EXTERNAL VOLUME and CATALOG

Add parameters to config of which is supposed to contain Iceberg tables:

permission_model: iceberg
external_volume: text_external_volume_iceberg
catalog: test_catalog_glue

At this moment one schema may contain tables from one EXTERNAL VOLUME and one CATALOG only. If you have more external volumes and catalogs, please create more schemas.

Step 5: Create Iceberg tables

Create .

Example 1:

catalog_table_name: test_iceberg_table_1

Example 2:

metadata_file_path: test_iceberg_table_1/metadata/00001-cc112050-1448-4c2a-9e03-504e7f5fc62a.metadata.json
replace_invalid_characters: true

Rationale: Why is it not possible to specify EXTERNAL VOLUME and CATALOG individually for each table?

SnowDDL has built-in . It includes special "owner" roles which are created automatically for each schema. Objects in schema are supposed to be "owned" by schema owner role.

By specifying EXTERNAL VOLUME and CATALOG on schema level, we achieve two goals:

Usage on EXTERNAL VOLUME and CATALOG are granted to schema owner role automatically.
Each schema contains objects from one EXTERNAL VOLUME and one CATALOG, which helps to keep things clear and prevents mixture of various Iceberg table sub-types within one schema.