Pulumi Snowflake

2.14.0 · active · verified Thu Apr 16

Pulumi Snowflake is a Pulumi package that enables users to create and manage Snowflake cloud resources using Python and other supported languages. It wraps the underlying Terraform Snowflake provider and allows for declarative infrastructure-as-code management of Snowflake objects like databases, warehouses, roles, and grants. The library maintains an active development status with a generally fast release cadence, frequently updating its core `pulumi-terraform-bridge` and `terraform-provider-snowflake` dependencies.

Common errors

```
Error: Missing required argument. "account": one of `account`, `profile` must be specified
```
cause The Pulumi Snowflake provider requires authentication credentials, typically `account`, `username`, and `password` (or `privateKeyPath`). These were not provided via Pulumi configuration or environment variables.

fix Ensure `SNOWFLAKE_ACCOUNT`, `SNOWFLAKE_USER`, and `SNOWFLAKE_PASSWORD` (or `SNOWFLAKE_PRIVATE_KEY_PATH`) environment variables are set, or configure them using `pulumi config set snowflake:account <value>` (use `--secret` for sensitive values like passwords/private keys).
```
error: snowflake:index/grantPrivilegesToAccountRole:GrantPrivilegesToAccountRole resource '...' has a problem: Invalid combination of arguments. "on_schema_object.0.future": one of `on_schema_object.0.all,on_schema_object.0.future,on_schema_object.0.object_name` must be specified.
```
cause This error typically occurs with `GrantPrivilegesToAccountRole` (and similar grant resources) when the `on_schema_object` arguments are incorrectly combined or `fully_qualified_name` is unexpectedly null, particularly during upgrades from older provider versions.

fix Carefully review the `on_schema_object` configuration. Ensure that only one of `all`, `future`, or `object_name` is specified within `on_schema_object`. If `fully_qualified_name` is the issue, manually construct the full identifier rather than relying on it being implicitly available.
```
FileFormat resource always shows changes and fails on update
```
cause This is a known issue where the `snowflake.FileFormat` resource may exhibit persistent diffs or update failures, indicating a problem in how the provider reconciles its state with the actual Snowflake configuration.

fix This issue often stems from the underlying `terraform-provider-snowflake`. Check the Pulumi Snowflake GitHub repository for open issues and potential workarounds. If a fix isn't available, manual state manipulation might be necessary, but exercise extreme caution.

Warnings

breaking Upgrading from `pulumi-snowflake` v0.62.0 to v1.0.0 or above may cause issues when updating existing Account resources, as they might fail to update. This is a known issue from the upstream Terraform provider.
Fix: Review the GitHub issues for potential workarounds or consider recreating the affected Account resources carefully, if feasible, after backing up your state. Consult the `pulumi-terraform-bridge` and `terraform-provider-snowflake` documentation for further details.
gotcha Some features are considered 'preview features' within the provider. Breaking changes are expected for these features even without a major version bump. They are disabled by default and must be explicitly enabled in the provider configuration (e.g., `preview_features_enabled` field).
Fix: Always check the official documentation for specific resources to identify if they are preview features. If using them, understand the implications of potential breaking changes and enable them by adding the relevant feature name to `previewFeaturesEnabled` in your Pulumi Snowflake provider configuration.
gotcha Certain sensitive fields, such as `procedure_definition` and `arguments_raw` for `snowflake.ProcedurePython` or configuration for tasks, are not explicitly marked as sensitive by the provider. This means their values might appear in logs or state files without automatic encryption.
Fix: Exercise extreme caution when using these fields. Manually mark them as secrets using `pulumi config set --secret` or ensure that Pulumi ESC is used for managing credentials. Implement robust logging and access restrictions for your Pulumi state files and logs to prevent sensitive data exposure.
gotcha When importing existing resources like Python procedures or authentication policies, external changes to certain fields (e.g., `is_secure`, `null_input_behavior` for procedures; `mfa_policy`, `pat_policy`, `workload_identity_policy` for authentication policies) are not reliably detected. This can lead to unexpected diffs or resource recreation.
Fix: For Python procedures, ensure `snowflake-snowpark-python` version is explicitly set in Snowflake before import. For all affected resources, manually set these fields to their correct values in your Pulumi code during the import operation to avoid drift and forced replacements. Consult the specific resource documentation for details.

Install

pip install pulumi_snowflake Install with pip

Imports

snowflake
```
import pulumi_snowflake as snowflake
```

Quickstart

This quickstart program creates a basic Snowflake database named 'MY_PULUMI_DB'. Ensure your Snowflake account credentials (account name, username, and password or other authentication methods) are configured via Pulumi configuration secrets or environment variables (SNOWFLAKE_ACCOUNT, SNOWFLAKE_USER, SNOWFLAKE_PASSWORD).

import pulumi
import pulumi_snowflake as snowflake
import os

# Configure Snowflake provider using environment variables
# pulumi config set snowflake:account <your-snowflake-account>
# pulumi config set snowflake:username <your-snowflake-username>
# pulumi config set snowflake:password --secret <your-snowflake-password>
# Alternatively, set SNOWFLAKE_ACCOUNT, SNOWFLAKE_USER, SNOWFLAKE_PASSWORD environment variables.

# Create a Snowflake Database
my_database = snowflake.Database("my-pulumi-database",
    name="MY_PULUMI_DB",
    comment="Managed by Pulumi")

# Export the database name
pulumi.export("database_name", my_database.name)

view raw JSON →