GCP Private Service Connect

If your Sigma organization runs on Google Cloud Platform (GCP), and uses Snowflake as a data platform, you can securely connect to your data using GCP's Private Service Connect. Private Service Connect (PSC) allows users to access managed services privately from their own virtual private cloud (VPC) network, ensuring that traffic does not leave the Google Cloud network. See the GCP documentation on Private Service Connect.

📘

Configuring GCP Private Service Connect is only supported for Snowflake connections.

This document covers how to set up Private Service Connect connections from Sigma to Snowflake.

System and user requirements

In Sigma:

• You must be assigned the Admin account type in Sigma. See User account types.
• Your Sigma organization must run in the GCP Kingdom of Saudi Arabia region. See Supported regions, data platforms, and features.
• Confirm your organization’s eligibility with your Sigma Account Executive.

In Snowflake:

• Snowflake requires Business Critical edition (or higher) for Private Service Connect.
• You must be a Snowflake account administrator (your system role should be ACCOUNTADMIN).
• Your GCP Snowflake region must be me-central2.

Configure Private Service Connect for Snowflake

1. In your Snowflake console, call SYSTEM$GET_PRIVATELINK_CONFIG and record the following values:

   • privatelink-gcp-service-attachment: This is your Snowflake’s service attachment ID, formatted similarly to projects/gcp<region>-xxxx/regions/<region>/serviceAttachments/snowflake-<region>-psc.

   • privatelink-account-url: This is your regional Snowflake account URL, formatted similarly to <account-name>.<region>.privatelink.snowflakecomputing.com.

   • regionless-privatelink-account-url: This is your regionless Snowflake account URL, formatted similarly to <regionless-account>.privatelink.snowflakecomputing.com.

See the Snowflake documentation on SYSTEM$GET_PRIVATELINK_CONFIG for more information.

2. Contact your Sigma Account Executive to install your Private Service Connect connection and provide:

   • The privatelink-gcp-service-attachment value.
   • The privatelink-account-url value.
   • The regionless-privatelink-account-url value. Your Account Executive will contact you once installation is complete.

3. In Sigma, update your connection to use Private Service Connect.

   • For existing connections to Snowflake:

     1. Go to Home > Administration > Connections.
     2. Select the connection you want to use Private Service Connect for, then select Edit.
     3. In the Account field, enter the privatelink-account-url or regionless-privatelink-account-urlyou recorded from your Snowflake console, following the format <account-name>.<region>.privatelink. or <regionless-account>.privatelink..
     4. Select Save.

   • For new connections to Snowflake:

     • Create a new connection using the steps in Connect to Snowflake. When filling out the Account field, enter the privatelink-account-url or regionless-privatelink-account-urlyou recorded from your Snowflake console, following the format <account-name>.<region>.privatelink. or <regionless-account>.privatelink..