Skip to content

Instantly share code, notes, and snippets.

@onelharrison

onelharrison/tf-snowflake-s3-backups-snowflake-base.tf

Last active January 16, 2022 23:00
Show Gist options
  • Save onelharrison/c63eec6f70a71bc47a4a31eab5875aff to your computer and use it in GitHub Desktop.
Save onelharrison/c63eec6f70a71bc47a4a31eab5875aff to your computer and use it in GitHub Desktop.
Download ZIP
Raw
tf-snowflake-s3-backups-snowflake-base.tf
locals {
sys_admin_role = "SYSADMIN"
snowflake_user = "SANDBOX_USER"
}
resource "snowflake_database" "sandbox" {
provider = snowflake.sys_admin
name = "SANDBOX"
}
resource "snowflake_role" "sandbox_rw" {
provider = snowflake.security_admin
name = "SANDBOX_RW"
}
resource "snowflake_role_grants" "sandbox_rw" {
provider = snowflake.security_admin
role_name = snowflake_role.sandbox_rw.name
roles = [
local.sys_admin_role
]
users = [
local.snowflake_user
]
}
resource "snowflake_schema" "sandbox_activity" {
provider = snowflake.sys_admin
database = snowflake_database.sandbox.name
name = "ACTIVITY"
}
resource "snowflake_table" "sandbox_activity_users" {
provider = snowflake.sys_admin
database = snowflake_database.sandbox.name
schema = snowflake_schema.sandbox_activity.name
name = "USERS"
column {
name = "ID"
type = "STRING"
nullable = false
}
column {
name = "NAME"
type = "STRING"
nullable = false
}
}
resource "snowflake_table" "sandbox_activity_events" {
provider = snowflake.sys_admin
database = snowflake_database.sandbox.name
schema = snowflake_schema.sandbox_activity.name
name = "EVENTS"
column {
name = "ID"
type = "STRING"
nullable = false
}
column {
name = "USER_ID"
type = "STRING"
nullable = false
}
column {
name = "EVENT_TYPE"
type = "STRING"
nullable = false
}
column {
name = "EVENT_TS"
type = "TIMESTAMP"
nullable = false
}
}
resource "snowflake_database_grant" "usage_sandbox_database" {
provider = snowflake.security_admin
database_name = snowflake_database.sandbox.name
privilege = "USAGE"
roles = [
snowflake_role.sandbox_rw.name
]
}
resource "snowflake_schema_grant" "usage_sandbox_activity" {
provider = snowflake.security_admin
database_name = snowflake_database.sandbox.name
schema_name = snowflake_schema.sandbox_activity.name
privilege = "USAGE"
roles = [
snowflake_role.sandbox_rw.name
]
}
resource "snowflake_table_grant" "select_sandbox_tables" {
provider = snowflake.security_admin
database_name = snowflake_database.sandbox.name
privilege = "SELECT"
roles = [
snowflake_role.sandbox_rw.name
]
on_future = true
}
resource "snowflake_table_grant" "insert_sandbox_tables" {
provider = snowflake.security_admin
database_name = snowflake_database.sandbox.name
privilege = "INSERT"
roles = [
snowflake_role.sandbox_rw.name
]
on_future = true
}
resource "snowflake_table_grant" "update_sandbox_tables" {
provider = snowflake.security_admin
database_name = snowflake_database.sandbox.name
privilege = "UPDATE"
roles = [
snowflake_role.sandbox_rw.name
]
on_future = true
}
resource "snowflake_table_grant" "truncate_sandbox_tables" {
provider = snowflake.security_admin
database_name = snowflake_database.sandbox.name
privilege = "TRUNCATE"
roles = [
snowflake_role.sandbox_rw.name
]
on_future = true
}
resource "snowflake_table_grant" "delete_sandbox_tables" {
provider = snowflake.security_admin
database_name = snowflake_database.sandbox.name
privilege = "DELETE"
roles = [
snowflake_role.sandbox_rw.name
]
on_future = true
}
resource "snowflake_warehouse" "warehouse" {
provider = snowflake.sys_admin
name = "COMPUTE_WH"
warehouse_size = "XSMALL"
}
resource "snowflake_warehouse_grant" "usage_warehouse" {
provider = snowflake.security_admin
warehouse_name = snowflake_warehouse.warehouse.name
privilege = "USAGE"
roles = [
snowflake_role.sandbox_rw.name
]
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment