Public Access
How to set up public access to the Variant API.
Snowflake currently does not allow unauthenticated public internet access to any service on its platform. Since any experiments running outside of Snowflake will ultimiately need access to the Variant API running inside of the application, you’ll need a reverse proxy to route traffic securely into your Snowflake account.
In order to keep our promise of data control and privacy, we provide instructions below on how to set up this reverse proxy within your own cloud environment. Alternately, Winning Variant is happy to discuss a managed service.
Create a dedicated user
Create a user that will be used by the reverse proxy to access your snowflake account:
Within the application settings, map this new user to the proxy
application role created by the application. This will give it usage of the service that serves the Variant API.
Reverse Proxy
We provide a few simple examples below of reverse proxies you can deploy within your own cloud. We recommend choosing the same cloud/region as the Snowflake account the application is installed into.
Amazon Web Services
Google Cloud
Cloudflare Workers
While not in the same cloud region, Cloudflare workers provides a reliable and globally scalable alternative to a traditionally web proxy.
Snowflake Network Ingress Policy
If your organization enforces network policies, you may need to create an ingress policy to allow traffic from your reverse proxy. Read Controlling network traffic with network policies for details.
For example, if your reverse proxy has an egress IP address of ‘10.0.0.0’: