I am trying to create multiple notification integrations in Snowflake. As per my knowledge, I will have to create a new role per notification integration as a different SF_AWS_EXTERNAL_ID is generated for each notification.
Is my understanding correct or do we have a way to utilize one role for all integrations?
you should be able to list the snowflake external id in the policy like below, I have storage and notification integration using same policy.
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"AWS": "${snowflake_storage_integration.integration.storage_aws_iam_user_arn}"
},
"Action": "sts:AssumeRole",
"Condition": {
"StringEquals": {
"sts:ExternalId": [
"${snowflake_storage_integration.integration.storage_aws_external_id}",
"${snowflake_notification_integration.integration.aws_sns_external_id}"
]
}
}
}
]
See the aws doc https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_condition-logic-multiple-context-keys-or-values.html