# base/snowflake/
## snowflake/
This module creates the necessary Snowflake resources for the data platform:
* Database and schemas
* Warehouse
* Technical user with appropriate permissions (used typically by dbt)
### Example Usage
```hcl
module "snowflake" {
source = "git::https://github.com/boringdata/boringdata-template-aws-snowflake.git//base/snowflake"
environment = "dev"
}
```
### Filetree
```
base/
└── snowflake/
├── data.tf # Snowflake account data sources
├── db.tf # Database definition
├── locals.tf
├── outputs.tf
├── schema.tf # Schema definitions
├── tech_user.tf # Technical user and permissions
├── variables.tf
├── versions.tf # Snowflake provider versions
└── warehouse.tf # Warehouse configuration
```
### Diagram
{% @mermaid/diagram content="%%{init: {'theme':'dark'}}%%
graph TD
%% Variables
env\[input: environment]
```
%% Data Sources
accounts[data: snowflake_accounts]
%% Resources
db[snowflake_database]
warehouse[snowflake_warehouse]
schemas[snowflake_schema]
%% Tech User Resources
tech_role[snowflake_account_role
tech_user_role]
tech_user[snowflake_user
tech_user]
private_key[tls_private_key
tech_user_private_key]
%% Grants
grant_role_admin[snowflake_grant_account_role
tech_user_role_grant_accountadmin]
grant_role_user[snowflake_grant_account_role
tech_user_grant_tech_user_role]
grant_db[snowflake_grant_privileges_to_account_role
tech_user_db_access]
grant_schema[snowflake_grant_privileges_to_account_role
tech_user_schema_access]
grant_warehouse[snowflake_grant_privileges_to_account_role
tech_user_warehouse_access]
grant_objects[snowflake_grant_privileges_to_account_role
grant_tech_user_objects_all]
grant_future[snowflake_grant_privileges_to_account_role
grant_tech_user_objects_all_future]
%% Outputs
out_secrets[output: secrets]
out_ssm[output: ssm_parameters]
%% Relationships
env --> db
env --> warehouse
env --> schemas
env --> tech_role
env --> tech_user
accounts --> db
tech_role --> grant_role_admin
tech_role --> grant_role_user
tech_role --> grant_db
tech_role --> grant_schema
tech_role --> grant_warehouse
tech_role --> grant_objects
tech_role --> grant_future
private_key --> tech_user
tech_user --> out_secrets
tech_user --> out_ssm
db --> grant_db
schemas --> grant_schema
warehouse --> grant_warehouse
classDef variable fill:#e1f5fe,stroke:#01579b
classDef resource fill:#e8f5e9,stroke:#2e7d32
classDef output fill:#fce4ec,stroke:#880e4f
classDef datasource fill:#fff3e0,stroke:#e65100
class env variable
class out_secrets,out_ssm output
class accounts datasource
class db,warehouse,schemas,tech_role,tech_user,private_key,grant_role_admin,grant_role_user,grant_db,grant_schema,grant_warehouse,grant_objects,grant_future resource" %}
```
## Requirements
| Name | Version |
| ----------------------------------- | ------- |
| [terraform](#requirement_terraform) | >=1.5.7 |
| [snowflake](#requirement_snowflake) | >=1.0.0 |
## Providers
| Name | Version |
| -------------------------------- | ------- |
| [snowflake](#provider_snowflake) | 1.0.4 |
| [tls](#provider_tls) | 4.0.6 |
## Modules
No modules.
## Resources
| Name | Type |
| -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ----------- |
| [snowflake\_account\_role.tech\_user\_role](https://registry.terraform.io/providers/Snowflake-Labs/snowflake/latest/docs/resources/account_role) | resource |
| [snowflake\_database.snowflake\_database](https://registry.terraform.io/providers/Snowflake-Labs/snowflake/latest/docs/resources/database) | resource |
| [snowflake\_database\_role.snowflake\_database\_role](https://registry.terraform.io/providers/Snowflake-Labs/snowflake/latest/docs/resources/database_role) | resource |
| [snowflake\_grant\_account\_role.tech\_user\_grant\_tech\_user\_role](https://registry.terraform.io/providers/Snowflake-Labs/snowflake/latest/docs/resources/grant_account_role) | resource |
| [snowflake\_grant\_account\_role.tech\_user\_role\_grant\_accountadmin](https://registry.terraform.io/providers/Snowflake-Labs/snowflake/latest/docs/resources/grant_account_role) | resource |
| [snowflake\_grant\_database\_role.grant\_db\_role\_to\_accountadmin](https://registry.terraform.io/providers/Snowflake-Labs/snowflake/latest/docs/resources/grant_database_role) | resource |
| [snowflake\_grant\_database\_role.grant\_tech\_user\_role\_to\_db\_role](https://registry.terraform.io/providers/Snowflake-Labs/snowflake/latest/docs/resources/grant_database_role) | resource |
| [snowflake\_grant\_privileges\_to\_account\_role.tech\_user\_warehouse\_access](https://registry.terraform.io/providers/Snowflake-Labs/snowflake/latest/docs/resources/grant_privileges_to_account_role) | resource |
| [snowflake\_grant\_privileges\_to\_database\_role.grant\_tech\_user\_objects\_all](https://registry.terraform.io/providers/Snowflake-Labs/snowflake/latest/docs/resources/grant_privileges_to_database_role) | resource |
| [snowflake\_grant\_privileges\_to\_database\_role.grant\_tech\_user\_objects\_all\_future](https://registry.terraform.io/providers/Snowflake-Labs/snowflake/latest/docs/resources/grant_privileges_to_database_role) | resource |
| [snowflake\_grant\_privileges\_to\_database\_role.tech\_user\_db\_access](https://registry.terraform.io/providers/Snowflake-Labs/snowflake/latest/docs/resources/grant_privileges_to_database_role) | resource |
| [snowflake\_grant\_privileges\_to\_database\_role.tech\_user\_schema\_access](https://registry.terraform.io/providers/Snowflake-Labs/snowflake/latest/docs/resources/grant_privileges_to_database_role) | resource |
| [snowflake\_schema.snowflake\_schemas](https://registry.terraform.io/providers/Snowflake-Labs/snowflake/latest/docs/resources/schema) | resource |
| [snowflake\_user.tech\_user](https://registry.terraform.io/providers/Snowflake-Labs/snowflake/latest/docs/resources/user) | resource |
| [snowflake\_warehouse.snowflake\_warehouse](https://registry.terraform.io/providers/Snowflake-Labs/snowflake/latest/docs/resources/warehouse) | resource |
| [tls\_private\_key.tech\_user\_private\_key](https://registry.terraform.io/providers/hashicorp/tls/latest/docs/resources/private_key) | resource |
| [snowflake\_accounts.account](https://registry.terraform.io/providers/Snowflake-Labs/snowflake/latest/docs/data-sources/accounts) | data source |
## Inputs
| Name | Description | Type | Default | Required |
| --------------------------------- | -------------------------------------------------------------------- | -------- | ------- | :------: |
| [environment](#input_environment) | The environment to deploy to - will prefix the name of all resources | `string` | n/a | yes |
## Outputs
| Name | Description |
| ----------------------------------------- | ----------- |
| [secrets](#output_secrets) | n/a |
| [ssm\_parameters](#output_ssm_parameters) | n/a |