Skip to content

Richard-Barrett/terraform-snowflake-network-policies

Repository files navigation

Terraform Snowflake Network Policies Module

CodeQL IaC Terraform Validate TFLint Trivy Scan

This Terraform module manages Snowflake network policies and their attachments.

Module Diagram
graph TD
    A[Terraform Snowflake Network Policies Module] --> B[Variables]
    A --> C[Resources]
    
    %% Variables
    B --> D[network_policy_name]
    B --> E[allowed_network_rule_list]
    B --> F[blocked_network_rule_list]
    B --> G[allowed_ip_list]
    B --> H[blocked_ip_list]
    B --> I[comment]
    B --> J[set_for_account]
    B --> K[users]
    
    %% Resources
    C --> L[create_network_policy]
    C --> M[create_network_policy_attachment]
    C --> N[snowflake_network_policy]
    C --> O[snowflake_network_policy_attachment]
    
    %% Linking Variables to Resources
    N --> D
    N --> E
    N --> F
    N --> G
    N --> H
    N --> I
    O --> J
    O --> K
    
    %% Optional: If the cycle is intended
    O --> N

Loading

Usage

module "snowflake_network_policies" {
  source = "git::https://github.com/Richard-Barrett/terraform-snowflake-network-policies.git?ref=0.10.0"

  network_policy_name            = "example_policy"
  allowed_network_rule_list      = ["rule1", "rule2"]
  blocked_network_rule_list      = ["rule3", "rule4"]
  allowed_ip_list                = ["192.168.1.1", "192.168.1.2"]
  blocked_ip_list                = ["10.0.0.1", "10.0.0.2"]
  comment                        = "Example network policy"
  set_for_account                = true
  users                          = ["user1", "user2"]
  create_network_policy          = true
  create_network_policy_attachment = true
}

Variables

Name Description Type Default Required
network_policy_name The name of the Snowflake network policy. string n/a yes
allowed_network_rule_list List of allowed network rules. list(string) n/a yes
blocked_network_rule_list List of blocked network rules. list(string) n/a yes
allowed_ip_list List of allowed IP addresses. list(string) n/a yes
blocked_ip_list List of blocked IP addresses. list(string) n/a yes
comment Comment for the network policy. string n/a yes
set_for_account Boolean to set the network policy for the account. bool n/a yes
users List of users to attach the network policy to. list(string) n/a yes
create_network_policy Boolean to control the creation of the network policy. bool true no
create_network_policy_attachment Boolean to control the creation of the network policy attachment. bool true no

The module defines several variables to customize the network policy and its attachment:

  • network_policy_name: The name of the Snowflake network policy.
  • allowed_network_rule_list: List of allowed network rules.
  • blocked_network_rule_list: List of blocked network rules.
  • allowed_ip_list: List of allowed IP addresses.
  • blocked_ip_list: List of blocked IP addresses.
  • comment: Comment for the network policy.
  • set_for_account: Boolean to set the network policy for the account.
  • users: List of users to attach the network policy to.
  • create_network_policy: Boolean to control the creation of the network policy.
  • create_network_policy_attachment: Boolean to control the creation of the network policy attachment.

Defaults

Name Default
create_network_policy true
create_network_policy_attachment true
  • create_network_policy: Default is true.
  • create_network_policy_attachment: Default is true.

Requirements

Name Version
terraform >= 1.5.7
snowflake ~> 0.90.0

Providers

Name Version
snowflake ~> 0.90.0

Modules

No modules.

Resources

Name Type
snowflake_network_policy.this resource
snowflake_network_policy_attachment.this resource

Inputs

Name Description Type Default Required
allowed_ip_list List of allowed IP addresses. list(string) n/a yes
allowed_network_rule_list List of allowed network rules. list(string) n/a yes
blocked_ip_list List of blocked IP addresses. list(string) n/a yes
blocked_network_rule_list List of blocked network rules. list(string) n/a yes
comment Comment for the network policy. string n/a yes
create_network_policy Boolean to control the creation of the Snowflake network policy. bool true no
create_network_policy_attachment Boolean to control the creation of the Snowflake network policy attachment. bool true no
network_policy_name The name of the Snowflake network policy. string n/a yes
set_for_account Boolean to set the network policy for the account. bool n/a yes
users List of users to attach the network policy to. list(string) n/a yes

Outputs

Name Description
attached_users The list of users to whom the network policy is attached.
network_policy_name The name of the created Snowflake network policy.

Licence

MIT License. See LICENSE for full details.