Getting Started

Getting Started with Yuki

Welcome! This guide explains how to begin using Yuki to optimize your Snowflake environment.

Note: You don’t need to run these steps manually - Yuki’s onboarding wizard will walk you through each step.

Who should use this guide?

This guide is intended for Snowflake administrators with the required privileges (e.g., ACCOUNTADMIN) to execute SQL commands and apply configuration. All SQL snippets provided must be executed directly in your organization’s Snowflake environment.

Before You Begin: Create Your Yuki Account

  1. Go to https://app.yukicomputing.com/login.

  2. Enter your details, including the Key you received via email.

  3. If you don’t yet have a key, sign up through our Early Access Program.

  4. Sign in to your new Yuki account.

Step 1: Grant Yuki Access to Your Snowflake Account

1.1 Network Policy (Optional)

If your Snowflake account uses a network policy, create one that allows Yuki’s IPs.

USE SCHEMA DATABASE_NAME.SCHEMA_NAME;
CREATE NETWORK POLICY yuki_policy
ALLOWED_NETWORK_RULE_LIST = ('allow_yuki_ips')
COMMENT = 'Network policy for YUKI_APPLICATION user';
CREATE NETWORK rule allow_yuki_ips
MODE = INGRESS
TYPE = IPV4
VALUE_LIST = (WAITING FOR IPS FROM BACKEND)
COMMENT = 'Allow access for YUKI_APPLICATION user from specific IPs';

1.2 Key-Pair

Generate an RSA key pair locally. This is required to authenticate Yuki against Snowflake.

# Generate private key
openssl genrsa -out yuki_snowflake_key.pem 2048
# Extract public key
openssl rsa -in yuki_snowflake_key.pem -pubout -out yuki_snowflake_key.pub

1.3 User & Role

Create a dedicated role, a lightweight warehouse, and a service user with the required permissions.

-- Create a dedicated role for Yuki
CREATE OR REPLACE ROLE yuki_application_role;

-- Create a small service warehouse (auto-suspends after 60s)
CREATE OR REPLACE WAREHOUSE yuki_service_wh
  WAREHOUSE_SIZE = XSMALL
  AUTO_SUSPEND = 60
  INITIALLY_SUSPENDED = TRUE
  COMMENT = 'Yuki application service warehouse';

-- Assign ownership of the warehouse to the role
GRANT OWNERSHIP ON WAREHOUSE yuki_service_wh TO ROLE yuki_application_role;

-- Create the Yuki service user (key pair auth)
CREATE OR REPLACE USER yuki_application
  COMMENT = 'Yuki application user with key pair authentication'
  RSA_PUBLIC_KEY = ''  -- insert public key here
  TYPE = SERVICE
  DEFAULT_ROLE = yuki_application_role
  DEFAULT_WAREHOUSE = yuki_service_wh;

-- Grant the role to the new user and to ACCOUNTADMIN (for visibility)
GRANT ROLE yuki_application_role TO USER yuki_application;
GRANT ROLE yuki_application_role TO ROLE accountadmin;

-- Permissions required by Yuki
GRANT MONITOR USAGE ON ACCOUNT TO ROLE yuki_application_role;
GRANT IMPORTED PRIVILEGES ON DATABASE snowflake TO ROLE yuki_application_role;
GRANT CREATE WAREHOUSE ON ACCOUNT TO ROLE yuki_application_role;
GRANT MANAGE WAREHOUSES ON ACCOUNT TO ROLE yuki_application_role;
GRANT EXECUTE TASK ON ACCOUNT TO ROLE yuki_application_role;

1.4 Data Share

Create a dedicated database and secure share so Yuki can access metadata.

DROP SHARE IF EXISTS share_queries_with_yuki;

1.5 Snowflake Account Details

Enter the following details:

  • Account Identifier, Cloud Provider, Region, Edition

  • Cost per Snowflake Credit

  • User, Role, Private Key

Click Test & Save.

Step 2: Deploy the Optimization Proxy

Yuki can be deployed in three different ways. Choose the method that matches your infrastructure:

2.1 Fully Hosted

No infrastructure setup required. Yuki provides a PROXY_HOST.

2.2 Helm Chart

Add the Yuki Helm Repository and create a configuration file:

helm repo add yuki https://yuki-ai.github.io/helm-charts/
helm repo update

Create yuki-values.yaml:

app:
  container:
    env:
      REDIS_HOST: <REDIS_HOST>
      PROXY_HOST: <PROXY_HOST>
      COMPANY_GUID: <COMPANY_GUID>
      ORG_GUID: <ORG_GUID>
      ACCOUNT_GUID: <ACCOUNT_GUID>
hpa:
  enabled: true
  minReplicas: 5
  maxReplicas: 15
  targetCPUUtilizationPercentage: 40
  targetMemoryUtilizationPercentage: 40
affinity: {}
tolerations: []

Apply:

helm install yuki-proxy yuki/proxy -f yuki-values.yaml

2.3 Terraform

Use the Terraform module for AWS deployments:

module "yuki-proxy" {
  source = "github.com/YukiTechnologies/yuki-proxy-tf?ref=v0.0.29"

  aws = {
    profile = "<aws_profile>"
    region  = "<aws_region>"
  }

  vpc_config = {
    name            = "yuki-proxy"
    azs             = ["<az_1>", "<az_2>"]
    cidr            = "<vpc_cidr>"
    private_subnets = ["<private_cidr_1>", "<private_cidr_2>"]
    public_subnets  = ["<public_cidr_1>", "<public_cidr_2>"]
  }

  create_vpc_peering = false

  public_domain = {
    name            = "app.<your-domain>.com"
    route53_zone_id = "<route53_zone_id>"
    certificate_arn = "<acm_certificate_arn>"
  }

  eks_cluster_name = "<eks_cluster_name>"

  container_image  = "<account_id>.dkr.ecr.<aws_region>.amazonaws.com/yuki-proxy:<version>"

  dd_api_key = "<DATADOG_API_KEY>"

  proxy_environment_variables = {
    PROXY_HOST   = "https://<snowflake_account>.snowflakecomputing.com"
    COMPUTE_HOST = "https://prod.yukicomputing.com"
    SYSTEM_HOST  = "https://prod.yukicomputing.com"
    COMPANY_GUID = "<COMPANY_GUID>"
    ORG_GUID     = "<ORG_GUID>"
    ACCOUNT_GUID = "<ACCOUNT_GUID>"
  }
}

Apply:

terraform init
terraform apply

Step 3: Configure Security Settings (Optional)

3.1 Add Key Pair Authentication for Applicative Users

You can add key-pair auth for tools like dbt, Looker, Tableau, or any non-SSO users.Alternatively, integrate with your organization’s Secret Manager (see guide).

For more details, see our guide: Grant Yuki Proxy Access to Snowflake Key Pairs Stored in Your AWS.

3.2 Restrict allowed IPs

Restrict Yuki access by applying a network policy:

ALTER USER <USER> SET NETWORK_POLICY = yuki_policy;

Step 4: Enable Warehouses & Update Connections

4.1 Enable Warehouses

ALTER WAREHOUSE my_wh SET TAG optimize_with_yuki = TRUE;

4.2 Update Client Connection Strings

Update the connection string in your application (BI tools, IDEs, Python connectors, etc.) so traffic is routed through Yuki. Direct queries from the Snowflake UI will not pass through Yuki.

Continue using your regular user, role, and warehouse settings. Yuki automatically selects the optimal warehouse at runtime.

Example: A connection to BI_M_WH may be rerouted to an equivalent or better warehouse such as YUKI_M.

Rollback: if needed, point your host back to the native Snowflake URL.

Step 5: Test Your Setup

Send a query from your application. It should automatically be redirected to an optimal warehouse by Yuki during runtime.

Support

If you need any assistance or have questions, don't hesitate to contact our support team at [email protected]. Welcome aboard, and we look forward to supporting your data management needs with Yuki!

PreviousWelcome to YukiNextService User Authentication

Last updated