Skip to contentSkip to navigationSkip to topbar
Twilio Segment Docs
On this page
Looking for more inspiration?Visit the
(information)
You're in the right place! Segment documentation is now part of Twilio Docs. The content you are used to is still here—just in a new home with a refreshed look.

Snowflake Reverse ETL Setup

(new)

Beta

This feature is in active development and may change before it's generally availabile.

Set up Snowflake as your Reverse ETL source.

At a high level, when you set up Snowflake for Reverse ETL, the configured user/role needs read permissions for any resources (databases, schemas, tables) the query needs to access. Segment keeps track of changes to your query results with a managed schema
(__SEGMENT_REVERSE_ETL), which requires the configured user to allow write permissions for that schema.

(information)

Snowflake Reverse ETL sources support Segment's dbt extension

If you have an existing dbt account with a Git repository, you can use Segment's dbt extension to centralize model management and versioning, reduce redundancies, and run CI checks to prevent breaking changes.

Set up guide

set-up-guide page anchor

Follow the instructions below to set up the Segment Snowflake connector. Segment recommends you use the ACCOUNTADMIN role to execute all the commands below, and that you create a user that authenticates with an encrypted key pair. Segment's Snowflake integration only supports authentication using a key pair, as Snowflake plans to deprecate password-only authentication starting August 2026. Learn more in the Snowflake docs(link takes you to an external page).

(information)

Set up your source using Terraform

Segment has a Terraform provider, powered by the Public API, that you can use to create a Snowflake Reverse ETL source. See the segment_source (Resource)(link takes you to an external page) documentation for more information.

  1. Log in to your Snowflake account.

  2. Navigate to Worksheets.

  3. Enter and run the code below to create a database. Segment uses the database specified in your connection settings to create a schema called __segment_reverse_etl to avoid collision with your data. The schema is used for tracking changes to your model query results between syncs. An existing database can be reused, if desired. Segment recommends you to use the same database across all your models attached to this source to keep all the state tracking tables in 1 place.

    1
    -- not required if another database is being reused

    2
    CREATE DATABASE segment_reverse_etl;

  4. Enter and run the code below to create a virtual warehouse. Segment Reverse ETL needs to execute queries on your Snowflake account, which requires a Virtual Warehouse to handle the compute. You can also reuse an existing warehouse.

    1
    -- not required if reusing another warehouse

    2
    CREATE WAREHOUSE segment_reverse_etl

    3
     WITH WAREHOUSE_SIZE = 'XSMALL'

    4
       WAREHOUSE_TYPE = 'STANDARD'

    5
       AUTO_SUSPEND = 600 -- 5 minutes

    6
       AUTO_RESUME = TRUE;

  5. Enter and run the code below to create specific roles for Reverse ETL. All Snowflake access is specified through roles, which are then assigned to the user you'll create later.

    1
    -- create role

    2
    CREATE ROLE segment_reverse_etl;

    3
    

    4
    -- warehouse access

    5
    GRANT USAGE ON WAREHOUSE segment_reverse_etl TO ROLE segment_reverse_etl;

    6
    

    7
    -- database access

    8
    GRANT USAGE ON DATABASE segment_reverse_etl TO ROLE segment_reverse_etl;

    9
    GRANT CREATE SCHEMA ON DATABASE segment_reverse_etl TO ROLE segment_reverse_etl;

    10
    GRANT CREATE TABLE ON SCHEMA __segment_reverse_etl TO ROLE segment_reverse_etl;

  6. Create the user Segment will use to run queries.

    1. Create the user and assign it a key pair following the instructions in the Snowflake docs(link takes you to an external page).
    2. Execute the following SQL commands:
    1
    -- create user (key-pair authentication)

    2
    CREATE USER segment_reverse_etl_user

    3
    DEFAULT_ROLE = segment_reverse_etl

    4
    RSA_PUBLIC_KEY = 'enter your public key';

    5
    

    6
    -- role access

    7
    GRANT ROLE segment_reverse_etl TO USER segment_reverse_etl_user;

  7. Add the account information for your source.

  8. Click Test Connection to test to see if the connection works.

  9. Click Add source if the test connection is successful.

Learn more about the Snowflake Account ID in Snowflake's Account identifiers(link takes you to an external page) documentation.

After you've successfully added your Snowflake source, add a model and follow the rest of the steps in the Reverse ETL setup guide.

Security

security page anchor

Allowlisting IPs

allowlisting-ips page anchor

If you create a network policy with Snowflake and are located in the US, add 52.25.130.38/32 and 34.223.203.0/28 to the "Allowed IP Addresses" list.

If you create a network policy with Snowflake and are located in the EU, add 3.251.148.96/29 to your "Allowed IP Addresses" list.