🐧
Yuki Documentation
  • Welcome to Yuki
  • 🤩Getting Started
  • 📦Yuki Proxy Terraform Installation Guide (AWS)
  • 📊Yuki Analyzer Installation Guide
  • ⁉️Common Issues and Troubleshooting
  • 👻Uninstalling Yuki and Cleaning Up Resources
  • 🔗Configure Meta Data Sharing
  • 🎓Configuring SSL Certificates for a Secure Proxy Service
  • 🔑Updating Service User Authentication to Keypair
Powered by GitBook
On this page

Getting Started

Follow these steps to set up and start using Yuki

PreviousWelcome to YukiNextYuki Proxy Terraform Installation Guide (AWS)

Last updated 3 days ago

Step 1: Create Your Yuki Account

  1. Go to

  2. Fill in your details, including the Key received via email. Don't have a key? Sign up to our Early Access Program:

  3. Sign in to the new account.

Step 2: Connect Your Snowflake Account

  1. Navigate to the Connection page using the left-hand menu.

  2. Create a network policy to allow access from specific IPs, run this if your Snowflake account is protected by a network policy:

-- Check the database_name and schema_name from the following command's result
SHOW NETWORK RULES;

-- Replace the command with the database and schema from the previous result
USE SCHEMA < DATABASE_NAME.schema_name>;

-- Create network rule with yuki's ips
CREATE NETWORK rule allow_yuki_ips
  MODE = INGRESS
  TYPE = IPV4
  VALUE_LIST = ('x.x.x.x', 'x.x.x.x') -- ask support for IPs
COMMENT = 'Allow access for YUKI_APPLICATION user from specific IPs';

-- Create network policy to allow yuki ips
CREATE NETWORK POLICY yuki_policy
    ALLOWED_NETWORK_RULE_LIST = ('allow_yuki_ips')
COMMENT = 'Network policy for YUKI_APPLICATION user';

  1. Add your Snowflake account details. You can either create a dedicated user for Yuki or use an existing user. If creating a new user, execute the following SQL commands in your Snowflake account, ensuring you have ACCOUNTADMIN role privileges:

  • For account locators with an underscore ('_'), change it to a hyphen ('-'). For example: Change: 'organization-my_snowflake_account' To: 'organization-my-snowflake-account'

----------------- Generate a Key-Pair in the Shell -----------------
# create a directory to store the key-pair
mkdir yuki_application_key_pair
cd yuki_application_key_pair
# enter a passphrase when asked
openssl genrsa 2048 | openssl pkcs8 -topk8 -v2 des3 -inform PEM -out rsa_key.p8
# enter the passphrase here again
openssl rsa -in rsa_key.p8 -pubout -out rsa_key.pub
# copy the private key and save it securely in a password manager
pbcopy rsa_key.p8
# copy the public key and save it securely in a password manager
pbcopy rsa_key.pub
-- Create a new role for the Yuki application
CREATE OR REPLACE ROLE yuki_application_role;

-- Grant the new role to the Yuki application user
CREATE OR REPLACE WAREHOUSE yuki_service_wh
    WAREHOUSE_SIZE = XSMALL
    AUTO_SUSPEND = 60
    INITIALLY_SUSPENDED = TRUE
    COMMENT = 'Yuki application service warehouse';
GRANT OWNERSHIP ON WAREHOUSE yuki_service_wh TO ROLE yuki_application_role;

-- Create a new user for the Yuki application
CREATE OR REPLACE USER yuki_application
    COMMENT = 'Yuki application user with key pair authentication'
    RSA_PUBLIC_KEY = '' -- without the `-----BEGIN PUBLIC KEY-----` and `-----END PUBLIC KEY-----` lines
    TYPE = SERVICE
--  NETWORK_POLICY = yuki_policy       -- Uncomment this line if you want to apply the network policy
    DEFAULT_ROLE = yuki_application_role
    DEFAULT_WAREHOUSE = yuki_service_wh;

GRANT ROLE yuki_application_role TO USER yuki_application;
GRANT ROLE yuki_application_role TO ROLE accountadmin;

GRANT MONITOR USAGE ON ACCOUNT TO ROLE yuki_application_role;
GRANT IMPORTED PRIVILEGES ON DATABASE snowflake TO ROLE yuki_application_role;
GRANT CREATE WAREHOUSE ON ACCOUNT TO ROLE yuki_application_role;
GRANT MANAGE WAREHOUSES ON ACCOUNT TO ROLE yuki_application_role;
GRANT EXECUTE TASK ON ACCOUNT TO ROLE yuki_application_role;

Step 3: Install the Yuki Proxy

  1. After adding a new connection, click on the Download button next to the new connection entry.

  2. A popup will appear with a Download Button for initiating the Terraform download. Click this button to start the download.

  4. Click the Save button next to the Proxy Host Address field to finalize the configuration.

Step 4: Define Your Warehouses

  1. Navigate to the Warehouses page via the left-hand menu.

  3. By default, your warehouses are disabled. This setup allows you to ensure that only the warehouses you want are handled by Yuki.

  4. Next to each warehouse, you have the option to test that the queries are sent to your warehouse and are correctly redirected to Yuki warehouses.

Step 5: Update Your Connection String

  1. Update the connection string in your application (IDE, BI tools, Python Connector, etc.) to ensure traffic is directed through Yuki. Note: Direct traffic from Snowflake UI will not pass through Yuki.

  2. Continue using your regular user, role, and warehouse settings. Yuki will dynamically select the optimal warehouse during runtime. For example, a connection to a warehouse named “BI_M_WH” will be automatically rerouted to an equivalent or better warehouse, such as “YUKI_M”.

Final Step: Test Your Setup

Send a query from your application. It should automatically be redirected to an optimal warehouse by Yuki during runtime.

If you need any assistance or have questions, don't hesitate to contact our support team. Welcome aboard, and we look forward to supporting your data management needs with Yuki!

The popup will also contain a Proxy Host Address text field. Enter the Proxy Host Address here after you have completed the Terraform installation. (see: )

Verify that all your warehouses are listed. If not, ensure the user has the required permissions as outlined in .

Note that enabling a warehouse is the first phase. You must change the connection string in your applications to the Proxy Host Address to ensure that queries are properly handled by Yuki. ()

🤩
https://app.yukicomputing.com/login
https://www.yukidata.com
Terraform Installation Guide
💜
Step 2
Step 5