diff --git a/.github/workflows/steampipe-anywhere.yml b/.github/workflows/steampipe-anywhere.yml new file mode 100644 index 0000000..05092d6 --- /dev/null +++ b/.github/workflows/steampipe-anywhere.yml @@ -0,0 +1,12 @@ +name: Release Steampipe Anywhere Components + +on: + push: + tags: + - 'v*' + + +jobs: + anywhere_publish_workflow: + uses: turbot/steampipe-workflows/.github/workflows/steampipe-anywhere.yml@main + secrets: inherit diff --git a/README.md b/README.md index 5ed108b..76f5f49 100644 --- a/README.md +++ b/README.md @@ -32,6 +32,18 @@ where and last_success_login is not null; ``` +## Engines + +This plugin is available for the following engines: + +| Engine | Description +|---------------|------------------------------------------ +| [Steampipe](https://steampipe.io/docs) | The Steampipe CLI exposes APIs and services as a high-performance relational database, giving you the ability to write SQL-based queries to explore dynamic data. Mods extend Steampipe's capabilities with dashboards, reports, and controls built with simple HCL. The Steampipe CLI is a turnkey solution that includes its own Postgres database, plugin management, and mod support. +| [Postgres FDW](https://steampipe.io/docs/steampipe_postgres/index) | Steampipe Postgres FDWs are native Postgres Foreign Data Wrappers that translate APIs to foreign tables. Unlike Steampipe CLI, which ships with its own Postgres server instance, the Steampipe Postgres FDWs can be installed in any supported Postgres database version. +| [SQLite Extension](https://steampipe.io/docs//steampipe_sqlite/index) | Steampipe SQLite Extensions provide SQLite virtual tables that translate your queries into API calls, transparently fetching information from your API or service as you request it. +| [Export](https://steampipe.io/docs/steampipe_export/index) | Steampipe Plugin Exporters provide a flexible mechanism for exporting information from cloud services and APIs. Each exporter is a stand-alone binary that allows you to extract data using Steampipe plugins without a database. +| [Turbot Pipes](https://turbot.com/pipes/docs) | Turbot Pipes is the only intelligence, automation & security platform built specifically for DevOps. Pipes provide hosted Steampipe database instances, shared dashboards, snapshots, and more. + ## Developing Prerequisites: @@ -71,11 +83,17 @@ Further reading: - [Writing plugins](https://steampipe.io/docs/develop/writing-plugins) - [Writing your first table](https://steampipe.io/docs/develop/writing-your-first-table) -## Contributing +## Open Source & Contributing + +This repository is published under the [Apache 2.0](https://www.apache.org/licenses/LICENSE-2.0) (source code) and [CC BY-NC-ND](https://creativecommons.org/licenses/by-nc-nd/2.0/) (docs) licenses. Please see our [code of conduct](https://github.com/turbot/.github/blob/main/CODE_OF_CONDUCT.md). We look forward to collaborating with you! + +[Steampipe](https://steampipe.io) is a product produced from this open source software, exclusively by [Turbot HQ, Inc](https://turbot.com). It is distributed under our commercial terms. Others are allowed to make their own distribution of the software, but cannot use any of the Turbot trademarks, cloud services, etc. You can learn more in our [Open Source FAQ](https://turbot.com/open-source). + +## Get Involved -Please see the [contribution guidelines](https://github.com/turbot/steampipe/blob/main/CONTRIBUTING.md) and our [code of conduct](https://github.com/turbot/steampipe/blob/main/CODE_OF_CONDUCT.md). All contributions are subject to the [Apache 2.0 open source license](https://github.com/turbot/steampipe-plugin-snowflake/blob/main/LICENSE). +**[Join #steampipe on Slack →](https://turbot.com/community/join)** -`help wanted` issues: +Want to help but don't know where to start? Pick up one of the `help wanted` issues: - [Steampipe](https://github.com/turbot/steampipe/labels/help%20wanted) - [Snowflake Plugin](https://github.com/turbot/steampipe-plugin-snowflake/labels/help%20wanted) diff --git a/docs/index.md b/docs/index.md index 9815f33..3ddcff8 100644 --- a/docs/index.md +++ b/docs/index.md @@ -8,13 +8,14 @@ name: "snowflake" description: "Steampipe plugin for querying roles, databases, and more from Snowflake." og_description: "Query Snowflake with SQL! Open source CLI. No DB required." og_image: "/images/plugins/turbot/snowflake-social-graphic.png" +engines: ["steampipe", "sqlite", "postgres", "export"] --- # Snowflake + Steampipe [Snowflake](https://app.snowflake.com/) enables data storage, processing, and analytic solutions that are faster, easier to use, and far more flexible than traditional offerings. -[Steampipe](https://steampipe.io) is an open source CLI to instantly query cloud APIs using SQL. +[Steampipe](https://steampipe.io) is an open-source zero-ETL engine to instantly query cloud APIs using SQL. For example, to list inactive users: @@ -195,7 +196,4 @@ connection "snowflake" { } ``` -## Get involved -- Open source: https://github.com/turbot/steampipe-plugin-snowflake -- Community: [Join #steampipe on Slack →](https://turbot.com/community/join) diff --git a/docs/tables/snowflake_account_grant.md b/docs/tables/snowflake_account_grant.md index 4c3970f..9ef4deb 100644 --- a/docs/tables/snowflake_account_grant.md +++ b/docs/tables/snowflake_account_grant.md @@ -1,12 +1,34 @@ -# Table: snowflake_account_grant +--- +title: "Steampipe Table: snowflake_account_grant - Query Snowflake Account Grants using SQL" +description: "Allows users to query Snowflake Account Grants, specifically the grantee name, granted on date, and privilege details, providing insights into account-level access permissions." +--- -List all account-level, i.e., global, privileges that have been granted to roles. +# Table: snowflake_account_grant - Query Snowflake Account Grants using SQL + +Snowflake Account Grants are resources within Snowflake that allow you to manage and monitor permissions granted at the account level. These permissions can be granted to roles, users, or other entities within the Snowflake environment. The account grant includes details about the grantee, the granted on date, and the specific privilege granted. + +## Table Usage Guide + +The `snowflake_account_grant` table provides insights into account-level permissions within Snowflake. As a Security Analyst, explore grant-specific details through this table, including the grantee name, granted on date, and privilege details. Utilize it to uncover information about permissions, such as who has been granted what privileges, when the privileges were granted, and the specifics of the privileges. ## Examples ### Basic info +Explore the details of your Snowflake account's access permissions to understand who has been granted what privileges, by whom, and when. This can help in maintaining security and compliance by ensuring appropriate access levels are maintained. -```sql +```sql+postgres +select + name, + privilege, + grantee_name, + granted_to, + grant_option, + created_on +from + snowflake_account_grant; +``` + +```sql+sqlite select name, privilege, @@ -19,8 +41,9 @@ from ``` ### List privileges with the ACCOUNTADMIN role +Explore which privileges are associated with the account administrator role. This can be useful for understanding the level of access and permissions granted to this role within your Snowflake account. -```sql +```sql+postgres select privilege, grant_option, @@ -30,3 +53,14 @@ from where grantee_name = 'ACCOUNTADMIN'; ``` + +```sql+sqlite +select + privilege, + grant_option, + created_on +from + snowflake_account_grant +where + grantee_name = 'ACCOUNTADMIN'; +``` \ No newline at end of file diff --git a/docs/tables/snowflake_account_parameter.md b/docs/tables/snowflake_account_parameter.md index 5c72011..bf6a222 100644 --- a/docs/tables/snowflake_account_parameter.md +++ b/docs/tables/snowflake_account_parameter.md @@ -1,14 +1,32 @@ -# Table: snowflake_account_parameter +--- +title: "Steampipe Table: snowflake_account_parameter - Query Snowflake Account Parameters using SQL" +description: "Allows users to query Snowflake Account Parameters, specifically retrieving the current settings and defaults for various parameters in Snowflake accounts." +--- -Snowflake provides parameters that let you control the behavior of your account, individual user sessions, and objects. All the parameters have default values, which can be set and then overridden at different levels depending on the parameter type (Account, Session, or Object). +# Table: snowflake_account_parameter - Query Snowflake Account Parameters using SQL -Account parameters can be set only at the account level by users with the appropriate administrator role. +Snowflake Account Parameters are a collection of settings and defaults that govern the behavior of Snowflake accounts. These parameters include settings related to data storage, query processing, security, and other operational aspects of Snowflake accounts. They provide a way to customize and tune the behavior of Snowflake accounts to meet specific requirements or preferences. + +## Table Usage Guide + +The `snowflake_account_parameter` table provides insights into the settings and defaults of Snowflake Account Parameters. As a Database Administrator or Data Engineer, explore parameter-specific details through this table, including names, values, and descriptions. Utilize it to uncover information about parameters, such as their current settings, default values, and the impact of these parameters on the operation of Snowflake accounts. ## Examples ### Basic info +Explore which account parameters are set in your Snowflake account to understand and manage your account configurations better. This can be particularly useful when auditing your account settings or troubleshooting issues related to account parameters. + +```sql+postgres +select + key, + value, + level, + description +from + snowflake_account_parameter; +``` -```sql +```sql+sqlite select key, value, @@ -19,8 +37,21 @@ from ``` ### Check whether account allows MFA caching +Assess the elements within your account to understand if multi-factor authentication (MFA) caching is permitted. This is useful for enhancing security measures by managing how user authentication data is stored. + +```sql+postgres +select + key, + value, + level, + description +from + snowflake_account_parameter +where + key = 'ALLOW_CLIENT_MFA_CACHING'; +``` -```sql +```sql+sqlite select key, value, @@ -33,8 +64,9 @@ where ``` ### Get number of days Snowflake retains historical data for performing Time Travel actions (SELECT, CLONE, UNDROP) on the object +Analyze the settings to understand the duration for which Snowflake preserves historical data, which can be crucial for executing actions such as Time Travel on objects. This can be beneficial for data recovery and auditing purposes. -```sql +```sql+postgres select key, value, @@ -45,3 +77,15 @@ from where key = 'DATA_RETENTION_TIME_IN_DAYS'; ``` + +```sql+sqlite +select + key, + value, + level, + description +from + snowflake_account_parameter +where + key = 'DATA_RETENTION_TIME_IN_DAYS'; +``` \ No newline at end of file diff --git a/docs/tables/snowflake_database.md b/docs/tables/snowflake_database.md index e554748..e979e23 100644 --- a/docs/tables/snowflake_database.md +++ b/docs/tables/snowflake_database.md @@ -1,12 +1,34 @@ -# Table: snowflake_database +--- +title: "Steampipe Table: snowflake_database - Query Snowflake Databases using SQL" +description: "Allows users to query Snowflake Databases, providing detailed information about each database within the Snowflake data warehousing platform." +--- -All data in Snowflake is maintained in databases. Each database consists of one or more schemas, which are logical groupings of database objects, such as tables and views. +# Table: snowflake_database - Query Snowflake Databases using SQL + +Snowflake is a cloud-based data warehousing platform that provides comprehensive solutions for data storage, processing, and analysis. It supports a wide range of data types, including structured and semi-structured data, and allows for seamless scaling of resources to meet the demands of any size of data workload. Snowflake databases are a key resource within this platform, housing the data that is processed and analyzed. + +## Table Usage Guide + +The `snowflake_database` table provides insights into databases within the Snowflake data warehousing platform. As a data engineer or analyst, explore database-specific details through this table, including ownership, creation time, and associated metadata. Utilize it to uncover information about databases, such as their size, the number of tables they contain, and their overall usage statistics. ## Examples ### Basic info +Explore the creation dates, current status, origin, owner, and retention time of your databases in Snowflake to understand their management and maintenance history. This is useful to assess the operational aspects of your databases and for future planning. + +```sql+postgres +select + name, + created_on, + is_current, + origin, + owner, + retention_time +from + snowflake_database; +``` -```sql +```sql+sqlite select name, created_on, @@ -19,8 +41,9 @@ from ``` ### List databases with retention time greater than 1 day +Explore which databases have a retention time greater than a day. This is useful for understanding the longevity of your data and managing storage resources effectively. -```sql +```sql+postgres select name, created_on, @@ -33,3 +56,17 @@ from where retention_time > 1; ``` + +```sql+sqlite +select + name, + created_on, + is_current, + origin, + owner, + retention_time +from + snowflake_database +where + retention_time > 1; +``` \ No newline at end of file diff --git a/docs/tables/snowflake_database_grant.md b/docs/tables/snowflake_database_grant.md index c196ab8..0f555c6 100644 --- a/docs/tables/snowflake_database_grant.md +++ b/docs/tables/snowflake_database_grant.md @@ -1,14 +1,33 @@ -# Table: snowflake_database_grant +--- +title: "Steampipe Table: snowflake_database_grant - Query Snowflake Database Grants using SQL" +description: "Allows users to query Snowflake Database Grants, specifically providing insights into the permissions assigned to various roles and users." +--- -List privileges that have been granted on the database. +# Table: snowflake_database_grant - Query Snowflake Database Grants using SQL -**Note**: This table requires an '=' qualifier for the `database` column. +Snowflake Database Grant is a feature within Snowflake's data cloud platform that allows you to manage and assign permissions to roles and users. It is a crucial aspect of Snowflake's security model, enabling you to control who has access to your data and what they can do with it. Snowflake Database Grant helps you maintain a secure and compliant data environment by ensuring the right access levels are assigned to the right roles and users. + +## Table Usage Guide + +The `snowflake_database_grant` table provides insights into the database grants within Snowflake's data cloud platform. As a Database Administrator, you can explore grant-specific details through this table, including roles, users, and the specific permissions assigned to them. Utilize it to uncover information about database access levels, such as those with full permissions, the roles assigned to specific users, and the verification of user privileges. ## Examples ### Basic info +Explore which privileges have been granted to different users in a specific database. This can help in managing user access and maintaining database security. + +```sql+postgres +select + database, + privilege, + grantee_name, + granted_to, + grant_option +from + snowflake_database_grant where database = 'SNOWFLAKE'; +``` -```sql +```sql+sqlite select database, privilege, @@ -20,8 +39,9 @@ from ``` ### List grants for all databases +Explore which privileges have been granted to various users across all databases. This can be useful for assessing security measures and understanding user access levels in a Snowflake environment. -```sql +```sql+postgres select database, privilege, @@ -34,3 +54,17 @@ from snowflake_database on snowflake_database_grant.database = snowflake_database.name; ``` + +```sql+sqlite +select + database, + privilege, + grantee_name, + granted_to, + grant_option +from + snowflake_database_grant + inner join + snowflake_database + on snowflake_database_grant.database = snowflake_database.name; +``` \ No newline at end of file diff --git a/docs/tables/snowflake_login_history.md b/docs/tables/snowflake_login_history.md index 12c19f8..30d76d6 100644 --- a/docs/tables/snowflake_login_history.md +++ b/docs/tables/snowflake_login_history.md @@ -1,17 +1,32 @@ -# Table: snowflake_login_history +--- +title: "Steampipe Table: snowflake_login_history - Query Snowflake Login Histories using SQL" +description: "Allows users to query Snowflake Login Histories, specifically providing insights into user login events and activity patterns." +--- -This Account Usage view can be used to query login attempts by Snowflake users within the last 365 days (1 year). +# Table: snowflake_login_history - Query Snowflake Login Histories using SQL -**Notes:** +Snowflake Login History is a feature within Snowflake that allows you to monitor and track user login events across your Snowflake environment. It provides a comprehensive log of user login activity, including details such as user name, login time, IP address, and more. Snowflake Login History helps you stay informed about the login activities in your Snowflake environment and take appropriate actions when anomalies are detected. -- This table requires a [Snowflake warehouse](https://docs.snowflake.com/en/user-guide/warehouses.html) to query. You can specify it in the `warehouse` config argument, or if not specified, the user's default warehouse will be used. -- Latency for the view may be up to 120 minutes (2 hours). +## Table Usage Guide + +The `snowflake_login_history` table provides insights into user login events within Snowflake. As a Security Analyst, explore user-specific login details through this table, including user name, login time, IP address, and more. Utilize it to uncover information about user login activities, such as login frequency, login timings, and the source IP addresses of the logins. ## Examples ### Basic info +Analyze login history to understand the success rate of user authentications and pinpoint specific instances where the first authentication factor was used. This could be beneficial in assessing the security measures and identifying potential vulnerabilities. + +```sql+postgres +select + user_name, + first_authentication_factor, + is_success, + event_timestamp +from + snowflake_login_history; +``` -```sql +```sql+sqlite select user_name, first_authentication_factor, @@ -22,8 +37,9 @@ from ``` ### List all authentication methods used in the last 30 days +Explore the variety of successful authentication methods utilized by users in the past month. This can provide insights into user behaviour and security practices, aiding in the enhancement of system security protocols. -```sql +```sql+postgres select distinct user_name, first_authentication_factor @@ -35,3 +51,16 @@ where order by user_name; ``` + +```sql+sqlite +select distinct + user_name, + first_authentication_factor +from + snowflake_login_history +where + is_success = 'YES' + and event_timestamp > datetime('now', '-30 days') +order by + user_name; +``` \ No newline at end of file diff --git a/docs/tables/snowflake_network_policy.md b/docs/tables/snowflake_network_policy.md index 2f74069..02cd7aa 100644 --- a/docs/tables/snowflake_network_policy.md +++ b/docs/tables/snowflake_network_policy.md @@ -1,14 +1,33 @@ -# Table: snowflake_network_policy +--- +title: "Steampipe Table: snowflake_network_policy - Query OCI Snowflake Network Policies using SQL" +description: "Allows users to query Network Policies in Snowflake, providing insights into network access control configurations and potential vulnerabilities." +--- -Network policies enable restricting access to your account based on user IP address. +# Table: snowflake_network_policy - Query OCI Snowflake Network Policies using SQL -**Note**: Only the network policy owner, i.e., a role with the `OWNERSHIP` privilege on the network policy, or higher can query this table. +A Network Policy in Snowflake is a set of rules that govern the network access control for virtual warehouses. It allows administrators to define IP whitelisting rules to restrict access to the Snowflake account only from allowed IP addresses. Network Policies can be associated with individual users or the entire account. + +## Table Usage Guide + +The `snowflake_network_policy` table provides insights into Network Policies within OCI Snowflake. As a Network Administrator, explore policy-specific details through this table, including allowed IP addresses, blocked IP addresses, and associated metadata. Use it to uncover information about policies, such as those with unrestricted access, the IP address restrictions in place, and the verification of network control configurations. ## Examples ### Basic info +Explore which network policies have been implemented within Snowflake, focusing on when they were created and the number of entries in both the allowed and blocked IP lists. This can help identify potential security gaps and understand the overall network security posture. -```sql +```sql+postgres +select + name, + comment, + created_on, + entries_in_allowed_ip_list, + entries_in_blocked_ip_list +from + snowflake_network_policy; +``` + +```sql+sqlite select name, comment, @@ -20,8 +39,9 @@ from ``` ### Get blocked and allowed IP lists for a specific network policy +Analyze the settings to understand the blocked and allowed IP addresses associated with a specific network policy. This can help in assessing the security measures and identifying any potential vulnerabilities in the network access. -```sql +```sql+postgres select name, allowed_ip_list, @@ -31,3 +51,14 @@ from where name = 'np1'; ``` + +```sql+sqlite +select + name, + allowed_ip_list, + blocked_ip_list +from + snowflake_network_policy +where + name = 'np1'; +``` \ No newline at end of file diff --git a/docs/tables/snowflake_resource_monitor.md b/docs/tables/snowflake_resource_monitor.md index 366e101..c9ac0a4 100644 --- a/docs/tables/snowflake_resource_monitor.md +++ b/docs/tables/snowflake_resource_monitor.md @@ -1,12 +1,32 @@ -# Table: snowflake_resource_monitor +--- +title: "Steampipe Table: snowflake_resource_monitor - Query Snowflake Resource Monitors using SQL" +description: "Allows users to query Resource Monitors in Snowflake, specifically providing insights into the usage and limits of resources." +--- -A resource monitor can be used to monitor credit usage by user-managed virtual warehouses and virtual warehouses used by cloud services. +# Table: snowflake_resource_monitor - Query Snowflake Resource Monitors using SQL + +A Snowflake Resource Monitor is a tool within Snowflake that allows you to track and control the usage of resources within your Snowflake account. It provides a way to set up and manage alerts for various resources, including virtual warehouses, databases, and more. Snowflake Resource Monitor helps you stay informed about the health and performance of your Snowflake resources and take appropriate actions when predefined conditions are met. + +## Table Usage Guide + +The `snowflake_resource_monitor` table provides insights into Resource Monitors within Snowflake. As a Database Administrator, explore monitor-specific details through this table, including usage, limits, and associated metadata. Utilize it to uncover information about resources, such as those nearing their limits, the usage patterns, and the verification of resource usage. ## Examples ### Basic info +Analyze your Snowflake resource monitor to understand your warehouse's credit usage. This can help you manage your resources more efficiently by showing you how much credit quota is available, how much has been used, and what remains. -```sql +```sql+postgres +select + name as warehouse, + credit_quota, + used_credits, + remaining_credits +from + snowflake_resource_monitor; +``` + +```sql+sqlite select name as warehouse, credit_quota, @@ -17,8 +37,9 @@ from ``` ### List warehouses and % credit left +Determine the areas in which your warehouse's credit usage exceeds 75% of the total quota. This query helps in monitoring resource consumption, alerting you to potential overruns before they occur. -```sql +```sql+postgres select account, name as warehouse, credit_quota, @@ -38,9 +59,30 @@ order by used_credits/credit_quota desc; ``` +```sql+sqlite +select account, + name as warehouse, + credit_quota, + used_credits, + remaining_credits, + round((used_credits/credit_quota*100), 1) as percent_used, + case + when used_credits/credit_quota*100 > 90 then 'alert' + when used_credits/credit_quota*100 > 75 then 'warning' + else 'ok' + end as type +from + snowflake_resource_monitor +where + used_credits/credit_quota*100 > 75 +order by + used_credits/credit_quota desc; +``` + ### List warehouses which have used all their credits +The query is used to identify Snowflake warehouses that have exhausted their credit allocation. This is beneficial in managing resources effectively and avoiding potential disruptions in data processing tasks. -```sql +```sql+postgres select account, name as warehouse @@ -49,3 +91,13 @@ from where remaining_credits < 1; ``` + +```sql+sqlite +select + account, + name as warehouse +from + snowflake_resource_monitor +where + remaining_credits < 1; +``` \ No newline at end of file diff --git a/docs/tables/snowflake_role.md b/docs/tables/snowflake_role.md index b1be1c6..867791b 100644 --- a/docs/tables/snowflake_role.md +++ b/docs/tables/snowflake_role.md @@ -1,12 +1,32 @@ -# Tables: snowflake_role +--- +title: "Steampipe Table: snowflake_role - Query Snowflake Roles using SQL" +description: "Allows users to query Snowflake Roles, providing insights into the access and permissions assigned to each role in the Snowflake data warehousing service." +--- -The role is an entity to which privileges can be granted. Roles are in turn assigned to users. +# Table: snowflake_role - Query Snowflake Roles using SQL + +Snowflake Roles are a key component of the Snowflake data warehousing service's access control architecture. They dictate the level of access that a user has to Snowflake objects, such as databases, schemas, and warehouses. Roles can be assigned to users, other roles, and integration objects to facilitate granular, role-based access control. + +## Table Usage Guide + +The `snowflake_role` table provides insights into the roles within Snowflake's access control architecture. If you are a security analyst or administrator, you can use this table to explore role-specific details, including the permissions assigned to each role and the users and roles to which each role is assigned. This table can be particularly useful for auditing access controls, identifying overly permissive roles, and ensuring compliance with your organization's access policies. ## Examples ### Basic info +Explore the roles within your Snowflake environment, including when they were created and their associated permissions. This can help enhance security by ensuring only necessary permissions are granted. -```sql +```sql+postgres +select + name, + created_on, + granted_roles, + granted_to_roles +from + snowflake_role; +``` + +```sql+sqlite select name, created_on, @@ -17,8 +37,20 @@ from ``` ### List idle roles +Discover the roles that are currently idle, meaning they are not assigned to any users. This can be useful for identifying potential areas of resource optimization or unnecessary access permissions. + +```sql+postgres +select + name, + created_on, + assigned_to_users +from + snowflake_role +where + assigned_to_users = 0; +``` -```sql +```sql+sqlite select name, created_on, @@ -30,8 +62,9 @@ where ``` ### List roles with assigned users +Explore which roles have been assigned to users in Snowflake, allowing you to manage user access and permissions effectively. This is useful in maintaining security and ensuring only authorized users have certain privileges. -```sql +```sql+postgres select name as role_name, grantee_name @@ -44,3 +77,17 @@ where assigned_to_users > 0 and granted_to = 'USER'; ``` + +```sql+sqlite +select + name as role_name, + grantee_name +from + snowflake_role + inner join + snowflake_role_grant + on snowflake_role.name = snowflake_role_grant.role +where + assigned_to_users > 0 + and granted_to = 'USER'; +``` \ No newline at end of file diff --git a/docs/tables/snowflake_role_grant.md b/docs/tables/snowflake_role_grant.md index 79bd0f1..86bb2a8 100644 --- a/docs/tables/snowflake_role_grant.md +++ b/docs/tables/snowflake_role_grant.md @@ -1,14 +1,36 @@ -# Table: snowflake_role_grant +--- +title: "Steampipe Table: snowflake_role_grant - Query Snowflake Role Grants using SQL" +description: "Allows users to query Snowflake Role Grants, specifically providing details about the roles and the privileges granted to them." +--- -List all privileges and roles granted to a role. +# Table: snowflake_role_grant - Query Snowflake Role Grants using SQL -**Note**: This table requires an '=' qualifier for the `role` column. +Snowflake Role Grant is a feature within Snowflake that allows you to manage and control access to database objects. It provides a way to assign privileges to roles, which can then be granted to users or other roles. Snowflake Role Grant helps you ensure appropriate access levels and permissions across your Snowflake resources. + +## Table Usage Guide + +The `snowflake_role_grant` table provides insights into Role Grants within Snowflake. As a Database Administrator, you can use this table to explore details about roles and the privileges granted to them. This information can be used to manage access control, enforce security policies, and audit role-based permissions in your Snowflake environment. ## Examples ### List users granted the ACCOUNTADMIN role +Determine the users who have been granted the highest level of access within your system. This is useful for auditing security and managing permissions. -```sql +```sql+postgres +select + role, + granted_to, + grantee_name, + granted_by, + created_on +from + snowflake_role_grant +where + role = 'ACCOUNTADMIN' and + granted_to = 'USER'; +``` + +```sql+sqlite select role, granted_to, @@ -23,8 +45,9 @@ where ``` ### List roles granted the SYSADMIN role +Identify instances where the SYSADMIN role has been granted. This query is useful for understanding who has been given this high-level access and by whom, helping maintain security and manage permissions effectively. -```sql +```sql+postgres select role, granted_to, @@ -37,3 +60,17 @@ where role = 'SYSADMIN' and granted_to = 'ROLE'; ``` + +```sql+sqlite +select + role, + granted_to, + grantee_name, + granted_by, + created_on +from + snowflake_role_grant +where + role = 'SYSADMIN' and + granted_to = 'ROLE'; +``` \ No newline at end of file diff --git a/docs/tables/snowflake_schemata.md b/docs/tables/snowflake_schemata.md index 1242473..beba107 100644 --- a/docs/tables/snowflake_schemata.md +++ b/docs/tables/snowflake_schemata.md @@ -1,18 +1,33 @@ -# Table: snowflake_schemata +--- +title: "Steampipe Table: snowflake_schemata - Query Snowflake Schemata using SQL" +description: "Allows users to query Snowflake Schemata, specifically the database and schema information, providing insights into schema organization and associated metadata." +--- -This Information Schema view displays a row for each schema in the specified (or current) database, including the INFORMATION_SCHEMA schema itself. +# Table: snowflake_schemata - Query Snowflake Schemata using SQL -**Notes**: +Snowflake Schemata is a feature in Snowflake, a cloud-based data warehousing platform, that allows users to organize and manage data in logical groups. It provides a structure for storing, managing, and retrieving data, enabling efficient data operations. Snowflake Schemata helps users maintain control over their data, ensuring it is organized and easily accessible. -- This table requires a [Snowflake warehouse](https://docs.snowflake.com/en/user-guide/warehouses.html) to query. You can specify it in the `warehouse` config argument, or if not specified, the user's default warehouse will be used. -- The view only displays objects for which the current role for the session has been granted access privileges. -- Latency for the view may be up to 120 minutes (2 hours). +## Table Usage Guide + +The `snowflake_schemata` table provides insights into the organization and structure of data within Snowflake. As a Data Engineer or Data Analyst, explore schema-specific details through this table, including the database name, schema name, and associated metadata. Utilize it to uncover information about schemas, such as their organization, the data they contain, and how they are used in data operations. ## Examples ### Basic info +Analyze the settings to understand the ownership and access details of various databases within your Snowflake account. This can help in determining which databases have managed access, are transient, and identify their respective owners, aiding in better data management and security. + +```sql+postgres +select + schema_name, + catalog_name as database_name, + is_managed_access, + is_transient, + schema_owner +from + snowflake_schemata; +``` -```sql +```sql+sqlite select schema_name, catalog_name as database_name, @@ -24,8 +39,22 @@ from ``` ### List schemas that allow managed access +Explore which schemas in your Snowflake database are configured to allow managed access. This can help you maintain security and manageability of your data by identifying which schemas are under controlled access. + +```sql+postgres +select + schema_name, + catalog_name as database_name, + is_managed_access, + is_transient, + schema_owner +from + snowflake_schemata +where + is_managed_access = 'YES'; +``` -```sql +```sql+sqlite select schema_name, catalog_name as database_name, @@ -39,8 +68,22 @@ where ``` ### List transient schemas +Explore the Snowflake databases that are managed access to identify those that are transient. This can help in understanding the database structures that are temporary and managed by Snowflake, which is beneficial for maintaining data integrity and efficient resource usage. -```sql +```sql+postgres +select + schema_name, + catalog_name as database_name, + is_managed_access, + is_transient, + schema_owner +from + snowflake_schemata +where + is_managed_access = 'YES'; +``` + +```sql+sqlite select schema_name, catalog_name as database_name, @@ -54,8 +97,9 @@ where ``` ### List schemas with a retention time greater than 15 days +Explore which schemas in your database have a retention time exceeding 15 days. This is useful for understanding and managing data storage and lifecycle within your system. -```sql +```sql+postgres select schema_name, catalog_name as database_name, @@ -67,3 +111,16 @@ from where retention_time > 15; ``` + +```sql+sqlite +select + schema_name, + catalog_name as database_name, + is_managed_access, + retention_time, + schema_owner +from + snowflake_schemata +where + retention_time > 15; +``` \ No newline at end of file diff --git a/docs/tables/snowflake_session.md b/docs/tables/snowflake_session.md index c90cbf0..5fd2d9e 100644 --- a/docs/tables/snowflake_session.md +++ b/docs/tables/snowflake_session.md @@ -1,17 +1,22 @@ -# Table: snowflake_session +--- +title: "Steampipe Table: snowflake_session - Query Snowflake Sessions using SQL" +description: "Allows users to query Snowflake Sessions, providing detailed insights into session activities, user actions, and session-specific metadata." +--- -This Account Usage view provides information on the session, including information on the authentication method to Snowflake and the Snowflake login event. Snowflake returns one row for each session created over the last year. +# Table: snowflake_session - Query Snowflake Sessions using SQL -**Notes**: +Snowflake Sessions are an integral part of the Snowflake Data Cloud platform, which allows users to manage and execute SQL queries. Each session represents a connection from a client to the Snowflake service, and it is used to execute SQL statements. The sessions are ephemeral and are automatically terminated after a period of inactivity or when the client disconnects. -- This table requires a [Snowflake warehouse](https://docs.snowflake.com/en/user-guide/warehouses.html) to query. You can specify it in the `warehouse` config argument, or if not specified, the user's default warehouse will be used. -- Latency for the view may be up to 180 minutes (3 hours). +## Table Usage Guide + +The `snowflake_session` table provides comprehensive insights into Snowflake sessions. As a database administrator or data engineer, you can use this table to explore session-specific details, including user actions, session duration, and associated metadata. This can be particularly useful for monitoring user activity, optimizing session performance, and troubleshooting issues related to session connectivity. ## Examples ### Basic info +Explore which users have logged into your Snowflake environment and when, allowing you to monitor user activity and understand usage patterns. This information can be particularly useful for auditing and security purposes. -```sql +```sql+postgres select session_id, user_name, @@ -22,9 +27,31 @@ from snowflake_session; ``` +```sql+sqlite +select + session_id, + user_name, + authentication_method, + created_on, + json_extract(client_environment, '$.APPLICATION') as client_application +from + snowflake_session; +``` + ### List distinct authentication methods used in the last year +Explore which unique authentication methods have been used by different users in the past year. This can help in understanding user behavior and enhancing security measures. -```sql +```sql+postgres +select distinct + user_name, + authentication_method +from + snowflake_session +order by + user_name; +``` + +```sql+sqlite select distinct user_name, authentication_method @@ -35,8 +62,9 @@ order by ``` ### List sessions authenticated without Snowflake MFA with passsword in last 30 days +Explore which user sessions have been authenticated without the use of Snowflake multi-factor authentication (MFA) and with a password in the past 30 days. This query can help identify potential security risks and enforce stricter authentication methods. -```sql +```sql+postgres select distinct user_name, authentication_method, @@ -50,3 +78,7 @@ where order by user_name desc; ``` + +```sql+sqlite +Error: SQLite does not support split_part function. +``` \ No newline at end of file diff --git a/docs/tables/snowflake_session_policy.md b/docs/tables/snowflake_session_policy.md index 25df870..7775187 100644 --- a/docs/tables/snowflake_session_policy.md +++ b/docs/tables/snowflake_session_policy.md @@ -1,19 +1,33 @@ -# Table: snowflake_session_policy +--- +title: "Steampipe Table: snowflake_session_policy - Query Snowflake Session Policies using SQL" +description: "Allows users to query Snowflake Session Policies, specifically providing details about each session policy created in the Snowflake account." +--- -A session policy defines the idle session timeout period in minutes and provides the option to override the default idle timeout value of 4 hours. +# Table: snowflake_session_policy - Query Snowflake Session Policies using SQL -The session policy can be set for an account or user with configurable idle timeout periods to address compliance requirements. If a user is associated with both an account and user-level session policy, the user-level session policy takes precedence. +A Snowflake Session Policy is a feature in Snowflake that allows users to define and enforce specific settings or behaviors for a user session. These policies can include setting the time zone, date and time formats, and other session parameters. Snowflake Session Policies help in maintaining consistency and control over user sessions. -**Notes**: This table requires the role/user executing the command to have: +## Table Usage Guide -- The OWNERSHIP privilege on the session policy or the APPLY on SESSION POLICY privilege. -- The USAGE privilege on the schema. +The `snowflake_session_policy` table provides insights into session policies within Snowflake. As a database administrator, explore specific details about each session policy, including its name, comment, and the values of the parameters it sets. Utilize it to uncover information about session policies, such as their current state, and the specific settings or behaviors they enforce. ## Examples ### Basic info +Identify the policies regarding session timeouts within your Snowflake environment. This can help manage idle sessions and optimize resource usage. -```sql +```sql+postgres +select + name, + database_name, + schema_name, + session_idle_timeout_mins, + session_ui_idle_timeout_mins +from + snowflake_session_policy; +``` + +```sql+sqlite select name, database_name, @@ -25,8 +39,9 @@ from ``` ### List policies with idle timeout more than an hour +Explore the policies that have an idle timeout exceeding one hour. This query can be useful in identifying potential areas for improved resource allocation and efficiency. -```sql +```sql+postgres select name, database_name, @@ -39,3 +54,17 @@ where session_idle_timeout_mins > 60 or session_ui_idle_timeout_mins > 60; ``` + +```sql+sqlite +select + name, + database_name, + schema_name, + session_idle_timeout_mins, + session_ui_idle_timeout_mins +from + snowflake_session_policy +where + session_idle_timeout_mins > 60 or + session_ui_idle_timeout_mins > 60; +``` \ No newline at end of file diff --git a/docs/tables/snowflake_user.md b/docs/tables/snowflake_user.md index 868c4a5..3073bee 100644 --- a/docs/tables/snowflake_user.md +++ b/docs/tables/snowflake_user.md @@ -1,14 +1,36 @@ -# Table: snowflake_user +--- +title: "Steampipe Table: snowflake_user - Query OCI Snowflake Users using SQL" +description: "Allows users to query Snowflake Users, presenting detailed information about each user's properties, roles, and status." +--- -A user is an identity recognized by Snowflake and can be associated with a person or program. +# Table: snowflake_user - Query OCI Snowflake Users using SQL -**Note**: This table can only be queried by users with a role that has the `MANAGE GRANTS` global privilege. This privilege is usually granted to the `ACCOUNTADMIN` and `SECURITYADMIN` roles. +Snowflake is a cloud-based data warehousing platform that enables data storage, processing, and analytic solutions. It is designed to support and manage all aspects of data, analytics, and application integration. Snowflake is built on top of the Amazon Web Services (AWS) cloud infrastructure and is a scalable and elastic solution that can handle high volumes of data and concurrent workloads. + +## Table Usage Guide + +The `snowflake_user` table provides insights into users within the OCI Snowflake service. As a data analyst or database administrator, explore user-specific details through this table, including user properties, roles, and status. Utilize it to manage user access, track user activity, and ensure compliance with your organization's data usage policies. ## Examples ### Basic info +Explore user profiles on your Snowflake platform to understand their access level and recent activity. This aids in maintaining security by identifying unusual behavior or inactive accounts. + +```sql+postgres +select + name, + login_name, + disabled, + default_role, + default_warehouse, + has_password, + has_rsa_public_key, + last_success_login +from + snowflake_user; +``` -```sql +```sql+sqlite select name, login_name, @@ -23,8 +45,9 @@ from ``` ### List users that have passwords +Discover the segments that have passwords in the Snowflake user base to assess the elements within the user configuration. This can help in identifying instances where users may have potential security risks. -```sql +```sql+postgres select name, login_name, @@ -37,9 +60,23 @@ where has_password; ``` +```sql+sqlite +select + name, + login_name, + disabled, + default_role, + default_warehouse +from + snowflake_user +where + has_password = 1; +``` + ### List users whose passwords haven't been rotated in 90 days +Assess the elements within your user base to identify those who haven't updated their passwords in the past 90 days. This can be useful for enforcing security standards and ensuring regular password rotation. -```sql +```sql+postgres select name, login_name, @@ -55,9 +92,26 @@ where and password_last_set_time::timestamp < now() - interval '90 days'; ``` +```sql+sqlite +select + name, + login_name, + disabled, + default_role, + default_warehouse, + has_password, + datetime(password_last_set_time) +from + snowflake_user +where + has_password + and datetime(password_last_set_time) < datetime('now','-90 days'); +``` + ### List users using keypair authentication +Discover the segments that use keypair authentication to gain insights into the security measures in place for user access. This can be useful in assessing the strength and variety of authentication methods employed within your system. -```sql +```sql+postgres select name, login_name, @@ -72,9 +126,25 @@ where has_rsa_public_key; ``` +```sql+sqlite +select + name, + login_name, + disabled, + rsa_public_key, + rsa_public_key_fp, + rsa_public_key_2, + rsa_public_key_2_fp +from + snowflake_user +where + has_rsa_public_key = 1; +``` + ### List users that have not logged in for 30 days +Identify users who haven't engaged with your platform in the last month. This can help in tailoring re-engagement strategies and understanding user activity patterns. -```sql +```sql+postgres select name, email, @@ -86,3 +156,16 @@ where last_success_login is null or (last_success_login < now() - interval '30 days'); ``` + +```sql+sqlite +select + name, + email, + disabled, + last_success_login +from + snowflake_user +where + last_success_login is null + or (last_success_login < datetime('now', '-30 days')); +``` \ No newline at end of file diff --git a/docs/tables/snowflake_user_grant.md b/docs/tables/snowflake_user_grant.md index 68b9995..d317210 100644 --- a/docs/tables/snowflake_user_grant.md +++ b/docs/tables/snowflake_user_grant.md @@ -1,43 +1,12 @@ -# Table: snowflake_user_grant +--- +title: "Steampipe Table: snowflake_user_grant - Query Snowflake User Grants using SQL" +description: "Allows users to query User Grants in Snowflake, providing insights into user access and rights within the Snowflake data warehouse." +--- -Roles are granted to users, providing them with specific permissions. +# Table: snowflake_user_grant - Query Snowflake User Grants using SQL -**Notes** +A User Grant in Snowflake is a permission set that is assigned to a user, allowing them to access and manipulate data within the Snowflake data warehouse. These grants define the level of access a user has to database objects and are crucial for maintaining data security and integrity. User Grants in Snowflake include permissions to perform various operations such as SELECT, INSERT, UPDATE, DELETE, and more on Snowflake objects. -- The `PUBLIC` role, which is automatically available to every user, is not listed in this table -- This table requires an '=' qualifier for the `username` column +## Table Usage Guide -### List all grants for a specific user - -```sql -select - username, - role, - granted_by, - created_on -from - snowflake_user_grant -where - username = 'STEAMPIPE'; -``` - -### List all account-level privileges for a specific user - -```sql -select - privilege, - role, - username, - sug.created_on, - sug.granted_by -from - snowflake.snowflake_account_grant sag - inner join - snowflake.snowflake_user_grant sug - on sug.role = sag.grantee_name -where - sug.username = 'STEAMPIPE' - and sag.granted_to = 'ROLE' -order by - sag.grantee_name; -``` +The `snowflake_user_grant` table provides insights into User Grants within Snowflake. As a Database Administrator or Security Analyst, you can explore user-specific grant details through this table, including what operations a user can perform, on which database objects, and the scope of these permissions. Use it to monitor and manage user permissions, ensuring appropriate access levels and maintaining data security within your Snowflake data warehouse. \ No newline at end of file diff --git a/docs/tables/snowflake_view.md b/docs/tables/snowflake_view.md index 50b51c2..bf9f4e3 100644 --- a/docs/tables/snowflake_view.md +++ b/docs/tables/snowflake_view.md @@ -1,17 +1,34 @@ -# Table: snowflake_view +--- +title: "Steampipe Table: snowflake_view - Query Snowflake Views using SQL" +description: "Allows users to query views in Snowflake, specifically providing detailed information about the views, their structure, and other related metadata." +--- -A view is a named definition of a query. +# Table: snowflake_view - Query Snowflake Views using SQL -Snowflake supports two types of views: +Snowflake is a cloud-based data warehousing platform that provides a comprehensive solution for data storage, processing, and analytics. It offers a unique architecture that separates storage and compute resources, allowing each to scale independently. One of the key features of Snowflake is its support for views, which are virtual tables based on the result-set of an SQL statement. -- `Non-materialized views`: A non-materialized view’s results are created by executing the query at the time that the view is referenced in a query. -- `Materialized views`: A materialized view’s results are stored, almost as though the results were a table. This allows faster access but requires storage space and active maintenance, both of which incur additional costs. +## Table Usage Guide + +The `snowflake_view` table provides insights into views within Snowflake. As a data engineer, explore view-specific details through this table, including the view's definition, database, schema, and more. Utilize it to uncover information about views, such as their structure, the SQL statement used to create them, and other related metadata. ## Examples ### Basic info +Analyze the settings to understand the security status, creation date, and whether the views are materialized in your Snowflake database. This information can be useful for database management, particularly in maintaining security and optimizing performance. + +```sql+postgres +select + name, + database_name, + schema_name, + is_materialized, + is_secure, + created_on +from + snowflake_view; +``` -```sql +```sql+sqlite select name, database_name, @@ -24,8 +41,23 @@ from ``` ### List materialized views +Uncover the details of all materialized views within a Snowflake database, including their names, security status, and creation dates. This is useful for understanding the structure of your data and ensuring it is appropriately secured. + +```sql+postgres +select + name, + database_name, + schema_name, + is_materialized, + is_secure, + created_on +from + snowflake_view +where + is_materialized; +``` -```sql +```sql+sqlite select name, database_name, @@ -40,8 +72,9 @@ where ``` ### List secure views +Discover the segments that have secure views in your Snowflake database. This can help enhance security by identifying views that are configured to restrict data access. -```sql +```sql+postgres select name, database_name, @@ -54,3 +87,17 @@ from where is_secure; ``` + +```sql+sqlite +select + name, + database_name, + schema_name, + is_materialized, + is_secure, + created_on +from + snowflake_view +where + is_secure = 1; +``` \ No newline at end of file diff --git a/docs/tables/snowflake_view_grant.md b/docs/tables/snowflake_view_grant.md index d8785c6..b49d1ce 100644 --- a/docs/tables/snowflake_view_grant.md +++ b/docs/tables/snowflake_view_grant.md @@ -1,14 +1,37 @@ -# Table: snowflake_view_grant +--- +title: "Steampipe Table: snowflake_view_grant - Query Snowflake View Grants using SQL" +description: "Allows users to query Snowflake View Grants, providing insights into the permissions granted to specific views within a Snowflake database." +--- -List all privileges that have been granted on the view. +# Table: snowflake_view_grant - Query Snowflake View Grants using SQL -**Note**: This table requires an '=' qualifier for the `view_name`, `database_name` and `schema_name` columns. +Snowflake View Grants represent permissions that are granted to specific views within a Snowflake database. They are a crucial aspect of managing security and access control in Snowflake, ensuring that only authorized users or roles can access and manipulate specific views. They can be used to grant or revoke privileges such as SELECT, INSERT, UPDATE, DELETE, TRUNCATE, REFERENCES, or TRANSFER OWNERSHIP on a specific view to a specific role. + +## Table Usage Guide + +The `snowflake_view_grant` table provides insights into the permissions granted to specific views within a Snowflake database. As a database administrator or security officer, explore the details of these grants through this table, including the granted role, privilege type, and associated metadata. Utilize it to manage and monitor access control, ensuring that only authorized users or roles can access and manipulate specific views. ## Examples ### Basic info +Explore which privileges have been granted to specific users within the Snowflake database. This could be particularly useful for administrators looking to review access controls for security purposes. + +```sql+postgres +select + view_name, + privilege, + grantee_name, + granted_to, + grant_option +from + snowflake_view_grant +where + view_name = 'ROLES' + and database_name = 'SNOWFLAKE' + and schema_name = 'ACCOUNT_USAGE'; +``` -```sql +```sql+sqlite select view_name, privilege, @@ -24,8 +47,9 @@ where ``` ### List view grants for `ACCOUNT_USAGE` schema in `SNOWFLAKE` database +Discover the segments that have been granted access to view certain data in a specific Snowflake database schema. This query is useful for auditing and managing data access permissions in your organization. -```sql +```sql+postgres select view_name, snowflake_view.database_name, @@ -45,3 +69,24 @@ where snowflake_view_grant.database_name = 'SNOWFLAKE' and snowflake_view_grant.schema_name = 'ACCOUNT_USAGE'; ``` + +```sql+sqlite +select + view_name, + snowflake_view.database_name, + snowflake_view.schema_name, + privilege, + grantee_name, + granted_to, + grant_option +from + snowflake_view_grant + inner join + snowflake_view + on snowflake_view_grant.view_name = snowflake_view.name + and snowflake_view_grant.database_name = snowflake_view.database_name + and snowflake_view_grant.schema_name = snowflake_view.schema_name +where + snowflake_view_grant.database_name = 'SNOWFLAKE' + and snowflake_view_grant.schema_name = 'ACCOUNT_USAGE'; +``` \ No newline at end of file diff --git a/docs/tables/snowflake_warehouse.md b/docs/tables/snowflake_warehouse.md index ac7f563..740bae7 100644 --- a/docs/tables/snowflake_warehouse.md +++ b/docs/tables/snowflake_warehouse.md @@ -1,12 +1,32 @@ -# Table: snowflake_warehouse +--- +title: "Steampipe Table: snowflake_warehouse - Query Snowflake Warehouses using SQL" +description: "Allows users to query Snowflake Warehouses, providing insights into warehouse configurations and usage statistics." +--- -A warehouse is a cluster of compute resources in Snowflake. Warehouses provide the required resources, such as CPU, memory, and temporary storage, to perform queries. +# Table: snowflake_warehouse - Query Snowflake Warehouses using SQL + +A Snowflake Warehouse is a virtual warehouse in Snowflake, a cloud-based data warehousing platform. A warehouse is the computational resource that executes all data processing tasks, including loading data, executing transformations, and running queries. Each virtual warehouse is an independent compute resource that does not share compute resources with other virtual warehouses. + +## Table Usage Guide + +The `snowflake_warehouse` table provides insights into Snowflake Warehouses. As a data engineer or analyst, you can explore details about each warehouse, including its size, state, and usage statistics. Use this table to understand the performance of your warehouses and to identify potential areas for optimization. ## Examples ### Basic info +Analyze the settings to understand the status and characteristics of your Snowflake warehouses. This can be useful for capacity planning and resource allocation. -```sql +```sql+postgres +select + name, + size, + type, + state +from + snowflake_warehouse; +``` + +```sql+sqlite select name, size, @@ -17,8 +37,21 @@ from ``` ### List active warehouses +Explore which warehouses are currently active in your Snowflake environment. This can help in managing resources efficiently and ensuring optimal performance. -```sql +```sql+postgres +select + name, + size, + type, + state +from + snowflake_warehouse +where + state = 'STARTED'; +``` + +```sql+sqlite select name, size, @@ -31,8 +64,19 @@ where ``` ### Get a count of warehouses grouped by size +Determine the distribution of warehouse sizes within your infrastructure to better manage resources and planning. This query is useful for understanding the scale of your operations. + +```sql+postgres +select + count(*), + size +from + snowflake_warehouse +group by + size; +``` -```sql +```sql+sqlite select count(*), size @@ -43,8 +87,9 @@ group by ``` ### List warehouses with auto-resume disabled +Determine the areas in which warehouses have the auto-resume feature disabled to assess potential inefficiencies in warehouse management. -```sql +```sql+postgres select name, type, @@ -55,3 +100,15 @@ from where not auto_resume; ``` + +```sql+sqlite +select + name, + type, + size, + auto_resume +from + snowflake_warehouse +where + auto_resume = 0; +``` \ No newline at end of file diff --git a/docs/tables/snowflake_warehouse_metering_history.md b/docs/tables/snowflake_warehouse_metering_history.md index a8e3540..747386f 100644 --- a/docs/tables/snowflake_warehouse_metering_history.md +++ b/docs/tables/snowflake_warehouse_metering_history.md @@ -1,12 +1,35 @@ -# Table: snowflake_warehouse_metering_history +--- +title: "Steampipe Table: snowflake_warehouse_metering_history - Query Snowflake Warehouse Metering History using SQL" +description: "Allows users to query Snowflake Warehouse Metering History, specifically the consumption of Snowflake credits by virtual warehouses over time, providing insights into resource utilization and potential cost optimization." +--- -The `snowflake_warehouse_metering_history` table in the `ACCOUNT_USAGE` schema in Snowflake is a system-generated table that stores historical information about the usage and consumption of virtual warehouses in your Snowflake account. It provides detailed metrics related to the performance and resource utilization of the virtual warehouses over time. +# Table: snowflake_warehouse_metering_history - Query Snowflake Warehouse Metering History using SQL + +Snowflake Warehouse Metering History is a feature within Snowflake that tracks the consumption of Snowflake credits by virtual warehouses over time. It provides a detailed breakdown of resource utilization, enabling users to monitor and manage their Snowflake credit usage. This can aid in identifying patterns, optimizing costs, and managing resources more efficiently. + +## Table Usage Guide + +The `snowflake_warehouse_metering_history` table provides insights into the consumption of Snowflake credits by virtual warehouses over time. As a data analyst or a cloud cost manager, explore detailed breakdowns of resource utilization through this table, including the number of Snowflake credits consumed, the time period of consumption, and the specific warehouses involved. Utilize it to uncover information about credit consumption patterns, cost optimization opportunities, and efficient resource management. ## Examples ### Basic info +Discover the segments that have utilized resources in your Snowflake warehouse. This query is beneficial as it allows you to analyze the consumption of credits, providing insights into resource usage and aiding in efficient resource management. -```sql +```sql+postgres +select + warehouse_name, + warehouse_id, + start_time, + end_time, + credits_used, + credits_used_compute, + credits_used_cloud_services +from + snowflake_warehouse_metering_history; +``` + +```sql+sqlite select warehouse_name, warehouse_id, @@ -20,8 +43,24 @@ from ``` ### List the metering history for a particular warehouse +Gain insights into the usage history of a specific warehouse by analyzing its consumption of credits over time. This aids in cost management and optimization by tracking resource usage. + +```sql+postgres +select + warehouse_name, + warehouse_id, + start_time, + end_time, + credits_used, + credits_used_compute, + credits_used_cloud_services +from + snowflake_warehouse_metering_history +where + warehouse_name = 'COMPUTE_WH'; +``` -```sql +```sql+sqlite select warehouse_name, warehouse_id, @@ -37,8 +76,26 @@ where ``` ### List the metering history for the inactive warehouses +Explore the metering history of warehouses that are currently inactive. This can be useful to analyze past resource usage and expenditure for warehouses that are no longer in use. -```sql +```sql+postgres +select + warehouse_name, + warehouse_id, + start_time, + end_time, + credits_used, + credits_used_compute, + credits_used_cloud_services +from + snowflake_warehouse_metering_history as h, + snowflake_warehouse as w +where + h.warehouse_name = w.name + and state = 'SUSPENDED'; +``` + +```sql+sqlite select warehouse_name, warehouse_id, @@ -56,8 +113,9 @@ where ``` ### List the metering history for the last 10 days +Explore the credit usage of your warehouse in the last 10 days. This helps in understanding the resource consumption for better planning and management. -```sql +```sql+postgres select warehouse_name, warehouse_id, @@ -72,9 +130,40 @@ where start_time >= now() - interval '10' day; ``` +```sql+sqlite +select + warehouse_name, + warehouse_id, + start_time, + end_time, + credits_used, + credits_used_compute, + credits_used_cloud_services +from + snowflake_warehouse_metering_history +where + start_time >= datetime('now', '-10 days'); +``` + ### List the top 5 warehouses with the highest credits used for cloud services in a particular account +Explore the top five warehouses with the highest usage of credits for cloud services within a specific account. This can be beneficial in identifying potential areas of cost savings and optimizing resource allocation. + +```sql+postgres +select + warehouse_id, + warehouse_name, + account, + credits_used_cloud_services +from + snowflake_warehouse_metering_history +where + account = 'desired_account' +order by + credits_used_cloud_services desc +limit 5; +``` -```sql +```sql+sqlite select warehouse_id, warehouse_name, @@ -90,8 +179,21 @@ limit 5; ``` ### Calculate the average credits used per hour for each warehouse +Analyze the usage of each warehouse by calculating the average credits consumed per hour. This can help in cost optimization and efficient resource allocation. -```sql +```sql+postgres +select + warehouse_id, + warehouse_name, + AVG(credits_used) as avg_credits_per_hour +from + snowflake_warehouse_metering_history +group by + warehouse_id, + warehouse_name; +``` + +```sql+sqlite select warehouse_id, warehouse_name, @@ -104,8 +206,9 @@ group by ``` ### Calculate the percentage of cloud services credits used compared to total credits for each warehouse +Determine the proportion of cloud services credits utilized in relation to the total credits for each warehouse. This is useful for understanding the extent of cloud services usage and managing resource allocation effectively. -```sql +```sql+postgres select warehouse_id, warehouse_name, @@ -115,3 +218,14 @@ from where credits_used > 0; ``` + +```sql+sqlite +select + warehouse_id, + warehouse_name, + (credits_used_cloud_services / credits_used) * 100 as cloud_services_percentage +from + snowflake_warehouse_metering_history +where + credits_used > 0; +``` \ No newline at end of file