Quickstart for Ascend on Snowflake
Introduction​
In this quickstart guide, you'll learn how to use Ascend with Snowflake. You'll be guided through these processes:
- Connecting Ascend to Snowflake
- Creating required Snowflake resources
- Setting up your Instance Vault
- Setting up your Instance Store
- Setting up your Environment Vault(s)
- Creating an Ascend Project using Snowflake as the Data Plane
- Setting up a Repository
- Creating your developer Workspace
- Setting up your Profile and Connection to use Snowflake
- Building & running your first Flow
This quickstart grants elevated permissions for the sake of simplicity. We recommend isolating your Ascend Instance and each Environment's resources in separate Snowflake resources based on your security requirements.
Prerequisites​
To complete this quickstart, you'll need:
- An Ascend Instance
- A Snowflake account
- The ability to create Snowflake resources (may require elevated permissions for some steps)
- A Snowflake user with both SYSADMIN and SECURITYADMIN roles to run the setup scripts
Set up Snowflake as an Ascend Instance Store​
You can leverage existing Snowflake resources, but if you're starting with a new Snowflake account, this section will guide you through the setup process step by step.
Follow along to use the provided scripts, which will automatically create the necessary resources for you.
You need to create a set of resources for the Ascend Instance Store. In Snowflake, you'll create the following:
- a User
- a Database
- a Schema
- a Warehouse
- a Role
Start in the Snowflake UI and sign into the account you will use with Ascend. Click Create toward the top left of the screen and select SQL Worksheet. You'll run SQL commands to create the required Snowflake resources for Ascend.
Now, navigate to the Ascend UI and click into Settings toward the top right of the screen. Navigate to the Instance settings. You'll need to store the password for the Snowflake user in the Instance Vault to allow Ascend to access Snowflake resources. Click Manage Secrets under the Instance Vault section and add a secret with the Snowflake user password.
For this quickstart, we'll use the secret name snowflake-password, although you can feel free to use any name you like.
Store the password you use here. You will need it to set up the Snowflake User in the next step.
Use a password manager to generate a secure password. On MacOS (or Linux) you can use openssl to generate a random password in your terminal as follows:
openssl rand -base64 32
Head back to the Instance settings in the Ascend UI and scroll toward the bottom to Edit Instance Store. Select Snowflake and fill out the details. Then, click Get Setup Script. This will populate a SQL script using the values you entered.
Paste the script into the Snowflake SQL Worksheet, and make sure to update the password to match the value in your Instance Vault.
The password is not filled in for you in the script. After copying it to the Snowflake UI, ensure you update the password with the secret value you used above.
You can run the entire script all at once or execute each line individually to better understand the purpose of each command.
Now that you've created the necessary resources, return to the Ascend UI and click Check and Update Instance Store.
Congratulations! You successfully set up Snowflake as an Ascend Instance Store.
Set Up Snowflake as an Ascend Data Plane​
To use Snowflake as an Ascend Data Plane, you'll need to create specific resources. Ensure that each Environment has its own dedicated Data Plane setup by creating the following for each one:
- a User
- a Database
- a Schema
- a Warehouse
- a Role
Note that these resources should be separate from the Instance Store resources. You should also create isolated resources for each Environment you use. The setup will be similar to the above, but with different values for the resources.
Change the password in the script below. Do not use the same password as the Instance Store user.
USE ROLE SYSADMIN;
SET ENV_DEV_DB='ASCEND_ENV_DEV';
SET WAREHOUSE='ASCEND_ENV_DEV';
CREATE DATABASE identifier($ENV_DEV_DB);
CREATE WAREHOUSE identifier($WAREHOUSE) WAREHOUSE_SIZE='XSMALL' WAREHOUSE_TYPE='STANDARD' AUTO_SUSPEND=60 AUTO_RESUME=TRUE INITIALLY_SUSPENDED=TRUE;
USE ROLE SECURITYADMIN;
SET ENV_DEV_USER='ASCEND_ENV_DEV';
SET ENV_DEV_ROLE='ASCEND_ENV_DEV';
CREATE ROLE identifier($ENV_DEV_ROLE);
CREATE USER identifier($ENV_DEV_USER) PASSWORD='<CHANGE_ME>' DEFAULT_ROLE=$ENV_DEV_ROLE; -- MUST_CHANGE_PASSWORD=TRUE;
/* Store this password in your environment vault under the key "snowflake-password" *
You will need this key later when configuring your connection in Ascend */
GRANT ROLE identifier($ENV_DEV_ROLE) TO USER identifier($ENV_DEV_USER);
GRANT ALL ON WAREHOUSE identifier($WAREHOUSE) TO ROLE identifier($ENV_DEV_ROLE);
GRANT ALL ON DATABASE identifier($ENV_DEV_DB) TO ROLE identifier($ENV_DEV_ROLE);
Run this SQL script in a Snowflake SQL worksheet after updating the password, similarly to the previous step.
Now, you'll need to add the password as a secret in your Environment Vault. In the Ascend UI, navigate to the Environments settings and edit the Dev environment.
Click Manage Secrets and add a secret containing the Snowflake user password.
Using the same password as in the SQL script above, create a secret in the Environment Vault (Dev). You can choose any name for the secret, but for this quickstart, we recommend using snowflake-password to align with the default values in the code for running your first Flow below.
This secret name matches the one in the Instance Vault, which is fine since the Instance Vault and Environment Vault (Dev) are separate and serve different purposes.
Congratulations! You're ready to use Snowflake as an Ascend Data Plane.
Set up a Git Repository​
- GitHub
- GitLab
- BitBucket
- Other Git providers
Any Git provider that supports access via SSH should work. You need a public/private key pair, with the private key stored in an Ascend Vault. We recommend following one of the other guides and adjusting as needed for your Git provider.
Create your developer Workspace​
Now, let's create a Workspace where we can develop.
- In the Ascend UI, navigate to the instance settings by clicking on the button in the top right with your instance name and your user icon.
- Click on the Workspaces settings tab.
- Click the Add Workspace button.
- Set Title to
<your-name>(e.g.Sean) - Select Environment as
Development - Set Project to the project you created above (
Otto's Expeditions) - Set Git Branch to
<your-name>/dev(you can type the branch name and click "New Branch:my-first-branch" to create it if it doesn't already exist) - Set Profile as
workspace_template - Click Save.
Build and run your first Flow​
-
In the Ascend UI, navigate to the workspace you created above and open the Files view toward the top left of the screen. Copy the
profiles/workspace_template.yamlto one with your name, update your Workspace to use this new Profile, and update the following parameters:- snowflake:
- account:
<your-snowflake-account>(the Snowflake account for the Data Plane) - any other values if you used different names from the quickstart above
- account:
- snowflake:
-
If you used secrets names in your Environment Vault other than
snowflake-password, update theconnections/data_plane_snowflake.yamlfile with the correct secret name. -
Finally, go into the quickstart Flow and hit Run Flow!
🎉 Congratulations! You've successfully set up your first Ascend Flow!
Next steps​
Now that you have your first Flow running, consider:
- Setting up Deployments to implement software engineering best practices