Exclusive Content:

Haiper steps out of stealth mode, secures $13.8 million seed funding for video-generative AI

Haiper Emerges from Stealth Mode with $13.8 Million Seed...

Running Your ML Notebook on Databricks: A Step-by-Step Guide

A Step-by-Step Guide to Hosting Machine Learning Notebooks in...

“Revealing Weak Infosec Practices that Open the Door for Cyber Criminals in Your Organization” • The Register

Warning: Stolen ChatGPT Credentials a Hot Commodity on the...

Amazon QuickSight Introduces Key Pair Authentication for Snowflake Data Source

Enhancing Security with Key Pair Authentication: Connecting Amazon QuickSight and Snowflake

Navigating the Challenges of Cloud Data Integration with Modern Authentication Methods

Unlocking Secure Data Connectivity: Key Pair Authentication for Amazon QuickSight and Snowflake

Modern enterprises are increasingly challenged to connect their business intelligence platforms with cloud data warehouses while preserving seamless automation. Password-based authentication methods not only introduce security vulnerabilities but also create operational friction and compliance gaps—issues that become even more critical as platforms like Snowflake move towards deprecating username/password systems.

An Enhanced Solution: Key Pair Authentication

Amazon QuickSight, part of the Amazon Quick Suite, has recently adopted key pair authentication for integrations with Snowflake. Utilizing asymmetric cryptography, RSA key pairs now substitute traditional passwords. This pivotal enhancement not only addresses vulnerabilities associated with password-based systems but also aligns with Snowflake’s shift towards more secure authentication methodologies.

This blog post will guide you step-by-step on establishing secure data source connectivity between Amazon QuickSight and Snowflake using this new key pair authentication feature.

Prerequisites

Before diving into the configurations, ensure you have the following:

  1. Amazon QuickSight Account: Ensure you have administrative access to create and manage data sources and grant permissions.
  2. Snowflake Account: You need roles like ACCOUNTADMIN, SECURITYADMIN, or USERADMIN to modify user accounts and grant necessary permissions.
  3. OpenSSL Installed: Required for RSA key pair generation. Most systems come with OpenSSL pre-installed.
  4. (Optional) AWS Secrets Manager Access: If you plan to set up programmatically, IAM permissions will be necessary.

Solution Walkthrough

We will break down the essential steps needed to establish secure key pair authentication between Amazon QuickSight and Snowflake:

  1. Generate an RSA Key Pair
  2. Configure Your Snowflake User
  3. Establish Data Source Connectivity

Step 1: Generate RSA Key Pair

Open AWS CloudShell in the AWS Management Console and run the following command to generate your RSA private key:

openssl genrsa 2048 | openssl pkcs8 -topk8 -inform PEM -out rsa_key.p8

Next, create your public key:

openssl rsa -in rsa_key.p8 -pubout -out rsa_key.pub

To extract your private key content, display it as follows:

cat rsa_key.p8

Copy the entire output, including the header and footer.

Now, format the public key to meet Snowflake’s specifications:

grep -v KEY rsa_key.pub | tr -d '\n' | awk '{print $1}' > pub.Key
cat pub.Key

Note: Copy the formatted public key; you will use it in the next step.

Step 2: Assign Public Key to Snowflake User

Log in to your Snowflake account and execute:

ALTER USER <username> SET RSA_PUBLIC_KEY='<your_public_key>';

Verify the key assignment:

DESCRIBE USER <username>;

Step 3: Establishing Your Data Source in Amazon QuickSight

Using Amazon QuickSight UI

  1. Navigate to the Datasets section in the AWS Management Console, then select the Data sources tab.
  2. Choose “Create data source”.
  3. Select “Snowflake” and click Next.
  4. Enter the required fields such as host name, database name, and authentication type as "KeyPair".
  5. Paste the private key and passphrase (if used).
  6. Validate and create the data source.

Using Amazon QuickSight API (AWS CLI)

To create the data source programmatically, execute the following command:

aws quicksight create-data-source \
  --aws-account-id 123456789 \
  --data-source-id awsclikeypairtest \
  --name "awsclikeypairtest" \
  --type SNOWFLAKE \
  --data-source-parameters '{
    "SnowflakeParameters": {
      "Host": "hostname.snowflakecomputing.com",
      "Database": "DB_NAME",
      "Warehouse": "WH_NAME",
      "AuthenticationType": "KEYPAIR"
    }
  }' \
  --credentials '{
    "KeyPairCredentials": {
      "KeyPairUsername": "SNOWFLAKE_USERNAME",
      "PrivateKey": "-----BEGIN ENCRYPTED PRIVATE KEY-----\nPRIVATE_KEY\n-----END ENCRYPTED PRIVATE KEY-----",
      "PrivateKeyPassphrase": "******"
    }
  }' \
  --permissions '[{
    "Principal": "arn:aws:quicksight:us-east-1:123456789:user/default/Admin/username",
    "Actions": ["quicksight:DescribeDataSource", "quicksight:UpdateDataSource"]
  }]' \
  --region us-east-1

Check the status of your data source:

aws quicksight describe-data-source --region us-east-1 --aws-account-id 123456789 --data-source-id awsclikeypairtest

Once your data source transitions from CREATION_IN_PROGRESS to CREATION_SUCCESSFUL, your connection is ready to use!

Cleanup

To avoid incurring additional charges:

  1. Delete the created secret in AWS Secrets Manager.
  2. Remove the data source connection in Amazon QuickSight.

Conclusion

Key pair authentication is a significant step forward in securing data connectivity between Amazon QuickSight and Snowflake. By eliminating password vulnerabilities, organizations can improve their security posture and streamline automated workflows. Whether you prefer the user-friendly Amazon QuickSight UI or the flexibility of AWS CLI, securing your connections with key pairs represents a best practice in today’s evolving data landscape.

Embrace these innovations to enable your business intelligence teams to extract actionable insights faster and with less authentication complexity.

For further reading on Snowflake Key-Pair Authentication, check out the official documentation.


About the Authors

Vignessh Baskaran – Sr. Technical Product Manager at Amazon Quick, with expertise in large-scale data analytics solutions.

Chinnakanu Sai Janakiram – Software Development Engineer at Amazon Quick, specializing in cloud infrastructure automation.

Nithyashree Alwarsamy – Partner Solutions Architect at AWS, focusing on data analytics solutions.

Andries Engelbrecht – Principal Partner Solutions Engineer at Snowflake, with vast experience in data and analytics.

Latest

Create a Scalable Test Suite with Dataset Management in Amazon Bedrock AgentCore

Optimizing Agent Performance: The Role of Versioned Datasets in...

Expedia Unveils ChatGPT-Enhanced Travel Planning: Here’s How to Get Started.

Revolutionizing Travel: Expedia Integrates ChatGPT for Personalized Trip Planning Let...

2 Leading AI Robotics Stocks to Consider Over Tesla

Exploring Robotics Stocks: Two Promising Alternatives to Tesla The Evolution...

Centre Introduces AI Voice Chatbot for Addressing Grievances

Launch of Samadhan Didi: AI Chatbot to Empower Citizens...

Don't miss

Haiper steps out of stealth mode, secures $13.8 million seed funding for video-generative AI

Haiper Emerges from Stealth Mode with $13.8 Million Seed...

Running Your ML Notebook on Databricks: A Step-by-Step Guide

A Step-by-Step Guide to Hosting Machine Learning Notebooks in...

VOXI UK Launches First AI Chatbot to Support Customers

VOXI Launches AI Chatbot to Revolutionize Customer Services in...

Investing in digital infrastructure key to realizing generative AI’s potential for driving economic growth | articles

Challenges Hindering the Widescale Deployment of Generative AI: Legal,...

Create a Scalable Test Suite with Dataset Management in Amazon Bedrock...

Optimizing Agent Performance: The Role of Versioned Datasets in Agent Evaluation Introduction to Agent Evaluation The Importance of Stable Inputs and Ground Truth Workflow: An Example with...

Enhance Access to Amazon SageMaker MLflow with a REST API Proxy

Building a Secure Flask Proxy Service for Amazon SageMaker MLflow This guide explores how to create a secure Flask-based proxy service that facilitates HTTPS access...

Create a Tailored Portal Featuring Embedded Amazon SageMaker AI and MLflow...

Scalable Access Management for MLflow with Amazon SageMaker: A Custom Portal Solution Introduction to Efficient Access Management for ML Teams Solution Overview: Building a Custom Portal Architecture...