From 514fe4efe29a77ffdb49b1e7008452a962fe5e77 Mon Sep 17 00:00:00 2001 From: Quetzalli Writes Date: Thu, 18 Sep 2025 17:35:28 +0200 Subject: [PATCH 1/4] draft 1: new doc for network rules --- .../docs/snowflake/features/network.rules.md | 64 +++++++++++++++++++ 1 file changed, 64 insertions(+) create mode 100644 src/content/docs/snowflake/features/network.rules.md diff --git a/src/content/docs/snowflake/features/network.rules.md b/src/content/docs/snowflake/features/network.rules.md new file mode 100644 index 00000000..4182ad37 --- /dev/null +++ b/src/content/docs/snowflake/features/network.rules.md @@ -0,0 +1,64 @@ +--- +title: "Network Rules" +description: Get started with Network Rules in LocalStack for Snowflake +tags: ["Base"] +--- + +## Introduction + +Network rules are schema-level objects in Snowflake that allow you to group network identifiers (such as IP addresses, ports, or private endpoints) into logical units. They are used to define which network traffic should be allowed or blocked. + +The Snowflake emulator in LocalStack supports basic CRUD operations (`CREATE`, `ALTER`, `DROP`, `SHOW`) for network rules. This enables you to create and manage network rule objects locally for testing and schema validation. + +:::note +While you can create and manage network rules, their use in enforcing network access policies is not yet supported in the emulator. +::: + +## Getting started + +This guide is designed for users new to network rules and assumes you are already connected to your Snowflake emulator with an SQL client. The following examples demonstrate how to create, alter, show, and drop network rules. + +### Create a network rule + +You can create a network rule using the `CREATE NETWORK RULE` statement. The example below creates a network rule that allows ingress traffic from a specific IPv4 address: + +:::sql showLineNumbers +CREATE NETWORK RULE allow_ip_rule + TYPE = IPV4 + MODE = INGRESS + VALUE_LIST = ('192.168.1.1') + COMMENT = 'Allow traffic from 192.168.1.1'; +::: + +### Show network rules + +You can list all network rules in your schema using the `SHOW NETWORK RULES` statement: + +:::sql +SHOW NETWORK RULES; +::: + +### Alter a network rule + +You can modify an existing network rule using the `ALTER NETWORK RULE` statement. The example below updates the comment: + +:::sql +ALTER NETWORK RULE allow_ip_rule + SET COMMENT = 'Updated description'; +::: + +### Drop a network rule + +You can delete an existing network rule with the `DROP NETWORK RULE` statement: + +:::sql +DROP NETWORK RULE allow_ip_rule; +::: + +:::note +## Limitations + +- Only CRUD operations are supported in the emulator. +- Network rules cannot yet be enforced or attached to other Snowflake objects. +- Use this feature for schema validation and testing SQL workflows, not for actual network access control. +::: From 4fe26031abb595d06f8fa333def1ca24be5164e9 Mon Sep 17 00:00:00 2001 From: Quetzalli Writes Date: Thu, 18 Sep 2025 17:38:41 +0200 Subject: [PATCH 2/4] fixed file name --- .../snowflake/features/{network.rules.md => network-rules.md} | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename src/content/docs/snowflake/features/{network.rules.md => network-rules.md} (100%) diff --git a/src/content/docs/snowflake/features/network.rules.md b/src/content/docs/snowflake/features/network-rules.md similarity index 100% rename from src/content/docs/snowflake/features/network.rules.md rename to src/content/docs/snowflake/features/network-rules.md From 7b9575aefa933de8fbf9625dc090112137f4d843 Mon Sep 17 00:00:00 2001 From: Quetzalli Date: Thu, 18 Sep 2025 11:10:32 -0700 Subject: [PATCH 3/4] fix code block --- .../docs/snowflake/features/network-rules.md | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/src/content/docs/snowflake/features/network-rules.md b/src/content/docs/snowflake/features/network-rules.md index 4182ad37..c1c7f8a1 100644 --- a/src/content/docs/snowflake/features/network-rules.md +++ b/src/content/docs/snowflake/features/network-rules.md @@ -22,38 +22,38 @@ This guide is designed for users new to network rules and assumes you are alread You can create a network rule using the `CREATE NETWORK RULE` statement. The example below creates a network rule that allows ingress traffic from a specific IPv4 address: -:::sql showLineNumbers +```sql showLineNumbers CREATE NETWORK RULE allow_ip_rule TYPE = IPV4 MODE = INGRESS VALUE_LIST = ('192.168.1.1') COMMENT = 'Allow traffic from 192.168.1.1'; -::: +``` ### Show network rules You can list all network rules in your schema using the `SHOW NETWORK RULES` statement: -:::sql +```sql SHOW NETWORK RULES; -::: +``` ### Alter a network rule You can modify an existing network rule using the `ALTER NETWORK RULE` statement. The example below updates the comment: -:::sql +```sql ALTER NETWORK RULE allow_ip_rule SET COMMENT = 'Updated description'; -::: +``` ### Drop a network rule You can delete an existing network rule with the `DROP NETWORK RULE` statement: -:::sql +```sql DROP NETWORK RULE allow_ip_rule; -::: +``` :::note ## Limitations From 9b2ee230101a7b2a70b510b59017009b135f0916 Mon Sep 17 00:00:00 2001 From: Quetzalli Date: Mon, 22 Sep 2025 03:16:53 -0700 Subject: [PATCH 4/4] Apply suggestions from code review Co-authored-by: Brian Rinaldi --- src/content/docs/snowflake/features/network-rules.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/content/docs/snowflake/features/network-rules.md b/src/content/docs/snowflake/features/network-rules.md index c1c7f8a1..cb4aca88 100644 --- a/src/content/docs/snowflake/features/network-rules.md +++ b/src/content/docs/snowflake/features/network-rules.md @@ -16,7 +16,7 @@ While you can create and manage network rules, their use in enforcing network ac ## Getting started -This guide is designed for users new to network rules and assumes you are already connected to your Snowflake emulator with an SQL client. The following examples demonstrate how to create, alter, show, and drop network rules. +This guide is designed for users new to network rules and assumes you are already connected to your Snowflake emulator with a SQL client. The following examples demonstrate how to create, alter, show, and drop network rules. ### Create a network rule