How to add Snowflake sub vnet to existing azure vnet?

Question

Hi,

I've configured an Azure storage container to allow access from only "Enabled from selected virtual networks and IP addresses". I've added an existing virtual network that I have defined.
Now I want to add my Snowflake instance of subnet's to enable a virtual network between my storage container and the Snowflake instance.

I assume this should be done by adding the existing Snowflake VNET subnetID's to the azure virtual network. Note these VNET subnetID's have been provided by Snowflake.
See below snowflake subnet ID's.
{

"snowflake-vnet-subnet-id": [

    "/subscriptions/XXXXX--XXX-XXXXX-XXXX/resourceGroups/deployment-infra-rg/providers/Microsoft.Network/virtualNetworks/deployment-vnet/subnets/xp",

    "/subscriptions/XXXXX--XXX-XXXXX-XXXX/resourceGroups/deployment-infra-rg/providers/Microsoft.Network/virtualNetworks/deployment-vnet/subnets/gs",

    "/subscriptions/XXXXX--XXX-XXXXX-XXXX/resourceGroups/deployment-infra-rg2/providers/Microsoft.Network/virtualNetworks/deployment-vnet2/subnets/xp",

    "/subscriptions/XXXXX--XXX-XXXXX-XXXX/resourceGroups/deployment-infra-rg2/providers/Microsoft.Network/virtualNetworks/deployment-vnet2/subnets/gs",

    "/subscriptions/XXXXX--XXX-XXXXX-XXXX/resourceGroups/deployment-infra-rg3/providers/Microsoft.Network/virtualNetworks/deployment-vnet3/subnets/xp",

    "/subscriptions/XXXXX--XXX-XXXXX-XXXX/resourceGroups/deployment-infra-rg3/providers/Microsoft.Network/virtualNetworks/deployment-vnet3/subnets/gs"

]

}

I cannot find where to add the above. Can anyone help?

Thanks,
Adrian

Answer 1

I have found the solution.
Adding the existing Snowflake VNET subnetID's via the Azure portal UI as of 25/07/2024 is not supported.
To add the Snowflake VNET subnetID's, the Azure CLI must be used. https://learn.microsoft.com/en-us/azure/storage/common/storage-network-security?tabs=azure-cli#managing-virtual-network-rules

Use the following command.

Where $subnetid refers to each subnet.

And "mysourcegroup" refers to your storage accounts resource group.

And "mystorageaccount" refers to the name of the storage account.

az storage account network-rule add --resource-group "myresourcegroup" --account-name "mystorageaccount" --subnet $subnetid

Answer 2

@adrian I'm glad that you were able to resolve your issue and thank you for posting your solution so that others experiencing the same thing can easily reference this! Since the Microsoft Q&A community has a policy that "The question author cannot accept their own answer. They can only accept answers by others ", I'll repost your solution in case you'd like to "Accept " the answer.

Issue: How can I add my Snowflake instance subnets to the Azure virtual network to enable connectivity between my Azure storage container and Snowflake instance, given the Snowflake VNET subnet IDs provided?**

Solution:** For now we are, adding the existing Snowflake VNET subnet IDs via the Azure portal UI is not supported. To add the Snowflake VNET subnet IDs, use the Azure CLI. Follow the instructions at https://learn.microsoft.com/en-us/azure/storage/common/storage-network-security?tabs=azure-cli#managing-virtual-network-rules

Use the following command:

• $subnetid refers to each subnet ID.
• "mysourcegroup" refers to your storage account's resource group.
• "mystorageaccount" refers to the name of the storage account.

az storage account network-rule add --resource-group "myresourcegroup" --account-name "mystorageaccount" --subnet $subnetid

 If you wish you may leave your feedback here. All the feedback you share in these forums will be monitored and reviewed by the Microsoft engineering teams responsible for building Azure.

---

Please remember to "Accept Answer" if any answer/reply helped, so that others in the community facing similar issues can easily find the solution.