Connect Yuki to Snowflake (Business Critical) via AWS PrivateLink

Connectivity via AWS PrivateLink using Yuki Full SaaS (Customer Guide)

This document describes how to connect Yuki Full SaaS (Yuki proxy hosted in Yuki’s AWS account) privately to your environment and to Snowflake (Business Critical) using AWS PrivateLink. Traffic stays on AWS private networking — no public internet paths.

What this enables

  • A private connection between your AWS VPC and Yuki’s proxy (Interface VPC Endpoint → Yuki Endpoint Service).

  • A private connection from Yuki’s AWS VPC to your Snowflake account (Interface VPC Endpoint → Snowflake PrivateLink service).

If you operate in a Hybrid model, use the relevant hybrid instructions instead. This guide is for Full SaaS.

Integration with Snowflake via PrivateLink

Prerequisites

  • Your Snowflake edition is Business Critical (or higher).

  • Your Snowflake account and the PrivateLink endpoints are in the same AWS region. If you need cross‑region access, plan a Transit Gateway architecture and appropriate routing.

Configure the connection to Snowflake

  1. Ask Snowflake Support to enable AWS PrivateLink on your Snowflake account. In your request, include:

    • Yuki’s AWS Account ID (this will be shared with you by Yuki Support, use xxxxx as a placeholder in internal notes until then).

    • Your Snowflake account identifier.

  2. In Snowflake, run:

    SELECT SYSTEM$GET_PRIVATELINK_CONFIG();

  3. Share the full JSON output from the above query with the Yuki Support (securely).

  4. Yuki will establish a PrivateLink interface endpoint to your Snowflake service in Yuki’s AWS and validate connectivity.

  5. Yuki will confirm availability and provide/confirm the PrivateLink host address to use for your Yuki→Snowflake traffic.

  6. In Yuki, create or update the Snowflake connection to use that PrivateLink host so that all Snowflake-bound traffic remains private.

Connectivity from your AWS VPC to Yuki (PrivateLink)

You can enable a private path from your workloads (EKS, EC2, etc.) to the Yuki proxy via AWS PrivateLink by creating a VPC Interface Endpoint to Yuki’s Endpoint Service.

Prerequisites

  • a VPC - you can use an existing one.

  • 2 private subnets in different AZs.

  • a security group for the endpoint ENIs with inbound TCP 443.

  • VPC DNS enabled (DNS hostnames & DNS resolution = true).

Configure the connection from your VPC to Yuki

  1. Contact Yuki Support to request that PrivateLink be enabled on your Yuki account and provide:

    • Your AWS account id.

  2. Create a VPC Endpoint and associate it with Yuki's service which will be provided to you after step one. private dns needs to be enabled.

  3. Contact Yuki Support for approval of your endpoint connection.

PreviousUpdating Service User Authentication to KeypairNextGrant Yuki Proxy Access to Snowflake Key Pairs Stored in Your AWS

Last updated