First-Time User Flow Requirements
This guide will walk you through the steps you need to complete prior to starting your First-Time User Flow.
Create Your Vaults
You will first need to configure your Instance and Environment vaults.
- Azure Key Vault
- GCP Secret Manager
- You will need a Resource Group where you will create your vaults.
- You will need to create two separate Azure Key Vaults (follow these instructions to set up a vault in Azure):
- An Instance Azure Key Vault to store secrets related to your Ascend Instance, such as credentials to your Instance Store.
- An Environment Azure Key Vault to store secrets related to running your Ascend Flows, such as your data plane credentials and data source secrets.
- You will need a Google Cloud Project with the Secret Manager API is enabled (follow these instructions to enable Secret Manager in your Google Cloud Project).
- You will need to decide on two prefixes to use for storing your secrets in Secret Manager:
- An Instance Secrets Name Prefix. Secrets with this prefix will be used to store secrets related to your Ascend Instance, such as credentials to your Instance Store.
- An Environment Secrets Name Prefix. Secrets with this prefix will be used to store secrets related to running your Ascend Flows, such as your data plane credentials and data source secrets.
(Optional) Create Your Instance Store
You will also need to provide details on your Instance Store. The Instance Store is where Ascend will store metadata about your instance, such as such as run logs, errors and statistics. Your Instance store should write to a separate location than your Data Plane where you will be processing data. For Snowflake, this should be a separate Database and Schema. For BigQuery, this should be a separate Dataset.
Below are the steps to creating the Instance store in your chosen warehouse.
The following steps are not required for the First-Time user flow, as we will walk you through the set up of an instance store during the flow.
- Snowflake
- BigQuery
- Within your Snowflake Console, open a new worksheet and run the following commands to set up your warehouse, database, schema, user, and role:
SET WAREHOUSE=<your_warehouse>;
-- Below we are creating a dedicated database, user, and role for storing your instance information in Snowflake
SET INSTANCE_DB=<your_database>;
SET INSTANCE_FULL_SCHEMA=$INSTANCE_DB||.||<your_schema>;
SET INSTANCE_USER=<your_username>;
SET INSTANCE_ROLE=<your_password>;
- Create your role, user, and database, replacing
<password>with the password you would like to use for your Snowflake user:
CREATE ROLE identifier($INSTANCE_ROLE);
-- change the below password and store it in your vault with key undefined
CREATE USER identifier($INSTANCE_USER) PASSWORD=<password> DEFAULT_ROLE=$INSTANCE_ROLE; -- MUST_CHANGE_PASSWORD=TRUE;
GRANT ROLE identifier($INSTANCE_ROLE) TO USER identifier($INSTANCE_USER);
CREATE DATABASE identifier($INSTANCE_DB);
- Create your schema and grant the necessary permissions to your role to operate on your Snowflake database, warehouse, and schema:
CREATE SCHEMA identifier($INSTANCE_FULL_SCHEMA);
GRANT USAGE ON WAREHOUSE identifier($WAREHOUSE) TO ROLE identifier($INSTANCE_ROLE);
GRANT USAGE ON DATABASE identifier($INSTANCE_DB) TO ROLE identifier($INSTANCE_ROLE);
GRANT USAGE, CREATE TABLE ON SCHEMA identifier($INSTANCE_FULL_SCHEMA) TO ROLE identifier($INSTANCE_ROLE);
GRANT OWNERSHIP ON ALL TABLES IN SCHEMA identifier($INSTANCE_FULL_SCHEMA) TO ROLE identifier($INSTANCE_ROLE);
GRANT OWNERSHIP ON FUTURE TABLES IN SCHEMA identifier($INSTANCE_FULL_SCHEMA) TO ROLE identifier($INSTANCE_ROLE);
-
Important: Add your Snowflake password to your Instance vault defined above.
-
After this setup is complete, you will need the following information before completing the First-Time user flow:
- Account: Your Snowflake Account.
- User: Your Snowflake username.
- Password Key in vault: The key for your Snowflake password in your Instance vault.
- Database: Your Snowflake database to use for the Instance Store.
- Schema: The schema within your database to use for the Instance Store.
- Warehouse: The warehouse to use when writing to and reading from the Instance Store.
- Role: The role to use when reading from or writing to the Instance Store.
- In your Google Cloud Project, create a new Dataset to use for the Instance Store (follow these instructions to create a new Dataset in BigQuery). You can also use the BigQuery
bqcommand line tool to create a new Dataset:
GCP_PROJECT_ID=<your_project_id>
BQ_DATASET=<bq_dataset_name_to_create>
bq mk \
--dataset \
--description="Ascend Instance Store" $GCP_PROJECT_ID:$BQ_DATASET
Checklist
You are now ready to start your First-Time User Flow. Use the checklist below to ensure you have everything you need!
- Azure Key Vault
- GCP Secret Manager
- Resource Group
- Instance Azure Key Vault
- Environment Azure Key Vault
- Google Cloud Project ID with Secret Manager enabled
- Instance Secrets Name Prefix
- Environment Secrets Name Prefix
- Snowflake
- BigQuery
- Account
- User
- Password Key in vault
- Database
- Schema
- Warehouse
- Role
- Google Cloud Project ID with Secret Manager enabled
- Dataset to use for Instance Store