nerdexam
Snowflake

SOL-C01 · Question #2

You are tasked with creating a Snowflake Notebook that reads data from an external stage (AWS S3), transforms it using Python, and then loads the transformed data into a Snowflake table. The external

The correct answer is A. Create a Snowflake storage integration object that defines the AWS IAM role ARN and the S3 B. Grant the necessary privileges (e.g., USAGE, READ) on the storage integration object to the C. Configure the AWS IAM role to trust the Snowflake account and grant it access to the S3 bucket. E. Create a Snowflake external table that points to the S3 bucket and uses the storage integration.. Options A, B, and C form the three-part handshake required for Snowflake's secure S3 access pattern: A (storage integration) tells Snowflake which IAM role ARN to use and which S3 paths are allowed; B grants Snowflake roles permission to actually use that integration object; and

Data Loading and Unloading

Question

You are tasked with creating a Snowflake Notebook that reads data from an external stage (AWS S3), transforms it using Python, and then loads the transformed data into a Snowflake table. The external stage requires authentication using AWS IAM roles. Which of the following steps are necessary to configure the connection and access the data from the external stage within your Snowflake Notebook using Python? (Choose all that apply.)

Options

  • ACreate a Snowflake storage integration object that defines the AWS IAM role ARN and the S3
  • BGrant the necessary privileges (e.g., USAGE, READ) on the storage integration object to the
  • CConfigure the AWS IAM role to trust the Snowflake account and grant it access to the S3 bucket.
  • DUse the AWS SDK for Python (bot03) within the Snowflake Notebook to assume the IAM role and
  • ECreate a Snowflake external table that points to the S3 bucket and uses the storage integration.

How the community answered

(40 responses)
  • A
    65% (26)
  • D
    35% (14)

Explanation

Options A, B, and C form the three-part handshake required for Snowflake's secure S3 access pattern: A (storage integration) tells Snowflake which IAM role ARN to use and which S3 paths are allowed; B grants Snowflake roles permission to actually use that integration object; and C establishes the trust relationship on the AWS side so the IAM role accepts Snowflake's identity. Option E is required because without an external table (or external stage) that references the storage integration, there is no Snowflake object to query the S3 data through.

Option D is the trap: Snowflake's storage integration handles IAM role assumption internally - you never need boto3 inside a Snowflake Notebook to authenticate to S3, and doing so would mean hardcoding credentials or bypassing Snowflake's security model entirely.

Memory tip: Think of it as a three-way handshake: Snowflake side setup (A + B) + AWS side setup (C) + a queryable object to tie them together (E). If it involves manually calling AWS from inside Snowflake code, that's the wrong direction - Snowflake's integration layer handles that for you.

Topics

#Storage Integration#AWS IAM roles#External Stage#S3 access

Community Discussion

No community discussion yet for this question.

Full SOL-C01 Practice