Reactive Machines

Amazon Quick Suite now supports two-key authentication for Snowflake data sources

Photo of nimda nimda Send an email February 19, 2026
0 6 6 minutes read
Amazon Quick Suite now supports two-key authentication for Snowflake data sources

Modern enterprises face major challenges in connecting business intelligence platforms to data warehouses while maintaining automation. Password-based authentication introduces security risks, performance conflicts, and compliance gaps—especially since Snowflake drops the user's username.

Amazon Quick Sight (an Amazon Quick Suite capability) now supports Snowflake integration key pair authentication, using asymmetric cryptography where RSA key pairs replace traditional passwords. This enhancement addresses an important need as Snowflake moves to deprecate password-based authentication, which requires more secure authentication methods. With this new capability, Amazon Quick Suite users can establish secure, password-free connections to Snowflake data sources using RSA key pairs, providing a seamless and secure integration experience that meets enterprise security standards.

In this blog post, we'll guide you through establishing a data source connection between Amazon Quick Sight and Snowflake using secure key pair authentication.

What is required

Before setting up key pair authentication between Amazon Quick Suite and Snowflake, make sure you have the following:

  • An active Amazon Quick Suite account with appropriate permissions – You need administrative access to create and manage data sources, configure authentication settings, and assign permissions to users. An Amazon Quick Suite Enterprise license or an author role in Amazon Quick Suite Enterprise Sight Edition usually provides sufficient access.
  • A Snowflake account with the ACCOUNTADMIN, SECURITYADMIN, or USERADMIN role – These elevated permissions are important for modifying user accounts, assigning public keys using ALTER USER commands, and assigning warehouse and database permissions. If you cannot access these roles, contact your Snowflake administrator for assistance.
  • OpenSSL included (key generation) – This cryptographic toolkit generates RSA key pairs in PKCS#8 format. Most Linux and macOS systems include OpenSSL pre-installed. Windows users can use Windows Subsystem Linux (WSL) or download OpenSSL separately.
  • (Optional) AWS Secrets Manager Access (with API-based setup) – Required for system configuration, you'll need IAM permissions to create and manage secrets, as well as Amazon Quick Sight API access for automated deployment and infrastructure as code (IaC) implementation.

A solution to travel

We will guide you through the following key steps to authenticate a secure key pair between Amazon Quick Sight and Snowflake:

  1. Generate RSA Key Pair – Generate public and private keys using OpenSSL with appropriate encryption standards
  2. Configure Snowflake User – Assign the public key to your Snowflake user account and confirm the setup
  3. Create a Data Source Connection – Create your connection by using the Amazon Quick Suite UI for interactive programming or the AWS Command Line Interface (AWS CLI) for programmatic use.

Let's examine each step in detail and secure your Amazon Quick Sight-Snowflake connection with an authentication key!

Generate an RSA key pair:

  1. Navigate to AWS CloudShell in the AWS Management Console and issue the following command to generate an RSA private key. You will be asked to enter an encryption passphrase. Choose a strong passphrase and store it securely—you'll need this later when you generate the public key.
openssl genrsa 2048 | openssl pkcs8 -topk8 -inform PEM -out rsa_key.p8

  1. Run the following commands to create the public key pair. You will be asked to enter the phrase you used in the previous step.
openssl rsa -in rsa_key.p8 -pubout -out rsa_key.pub

  1. Extract the contents of the private key (including the header and footer):

This displays your private key in the format:

-----BEGIN PRIVATE KEY-----[key content]-----END PRIVATE KEY-----

Be careful: Copy all output including -----BEGIN PRIVATE KEY----- again -----END PRIVATE KEY----- lines. You will use this complete private key (with headers and footer) when you create your Snowflake data source connection.

  1. Snowflake requires a public key in a specific format without headers or line breaks. Run these commands to extract and format the key correctly.
grep -v KEY rsa_key.pub | tr -d 'n' | awk '{print $1}' > pub.Key
cat pub.Key

This will display your formatted public key string. Copy this output—you'll use it in the next step to configure your Snowflake user account.

Give the public key to the Snowflake user:

  1. Log in to Snowflake and issue the following SQL commands to assign the public key to your user:
ALTER USER  SET RSA_PUBLIC_KEY='';

  1. Confirm assignment: See RSA_PUBLIC_KEY property to ensure that the public key is set.

Establish your Snowflake connection in the Amazon Quick Suite UI:

  1. Navigate to Amazon Quick Suite in the AWS Management Console and select Data sets. Then select the Data sources tab and select Create a data source.

  1. Of Create a data source in the window, enter the “snowflake” inside Search datasetschoose Ice snow, and select The next one.

  1. In the New Snowflake Data Source pane, enter the name of the data source, and then enter the connection type as Public network or Private VPC Connection. If you need a VPC connection, see Configure a VPC connection in Quick Suite.
  2. Then, enter the host name of the database server, the name of the database, and the name of the warehouse.
  3. Select Type of confirmation like KeyPair and enter the username of the Snowflake user.
  4. Of Private Key field, paste the complete output from it cat rsa_key.p8 (including the BEGIN and END headers). If you configured a passphrase during key generation, provide it in the optional passphrase field.
  5. After all the fields are entered, select the Confirm the connection button.

  1. After the connection is confirmed, select the file Create a data source button.
  2. Then in the Data sources list, find the snowflake data source you created.
  3. From the Action menu, select i Create a dataset option.

Establish your Snowflake connection using the Amazon Quick Sight API:

Using the AWS CLI, create an Amazon Quick Suite data source connection to Snowflake by running the following command:

aws quicksight create-data-source 
  --aws-account-id 123456789 
  --data-source-id awsclikeypairtest 
  --name "awsclikeypairtest" 
  --type SNOWFLAKE 
  --data-source-parameters '{
    "SnowflakeParameters": {
      "Host": "hostname.snowflakecomputing.com",
      "Database": "DB_NAME",
      "Warehouse": "WH_NAME",
      "AuthenticationType": "KEYPAIR"
    }
  }' 
  --credentials '{
    "KeyPairCredentials": {
      "KeyPairUsername": "SNOWFLAKE_USERNAME",
      "PrivateKey": "-----BEGIN ENCRYPTED PRIVATE KEY-----nPRIVATE_KEYn-----END ENCRYPTED PRIVATE KEY-----",
      "PrivateKeyPassphrase": "******"
    }
  }' 
    --permissions '[
    {
      "Principal": "arn:aws:quicksight:us-east-1: 123456789:user/default/Admin/username,
      "Actions": [
        "quicksight:DescribeDataSource",
        "quicksight:DescribeDataSourcePermissions",
        "quicksight:PassDataSource",
        "quicksight:UpdateDataSource",
        "quicksight:DeleteDataSource",
        "quicksight:UpdateDataSourcePermissions"
      ]
    }
  ]' 
  --region us-east-1

Use the following command to check the creation status:

aws quicksight describe-data-source --region us-east-1 --aws-account-id 123456789 --data-source-id awsclikeypairtest

Initially, the status returned from the define-data-source command will be CREATION_IN_PROGRESS. The situation will change CREATION_SUCCESSFUL when the new data source is ready for use.

Alternatively, when creating a data source programmatically with CreateDataSourceyou can save the username, key and passphrase in AWS Secret Manager and refer to them using the Secret ARN.

After the data source is successfully created, you can navigate to the Quick Suite console. Of Create a Dataset page, you can view the newly created data source connection awsclikeypairtest under the list of data sources. You can continue creating the dataset.

Clean up

To clear your resources to avoid additional charges, follow these steps:

  1. Delete the created secret in the AWS Secrets Manager Console.
  2. Delete a data source connection created in Amazon Quick Suite.

The conclusion

Key pair authentication represents a revolutionary improvement in securing data communication between Amazon Quick Suite and Snowflake. By eliminating password-based vulnerabilities and adopting cryptographic authentication, organizations can achieve a higher security posture while maintaining seamless automated workflows. This implementation addresses key business needs, such as enhanced security with asymmetric encryption, simplified service account management, and compliance with emerging authentication standards as Snowflake transitions from traditional password methods.

Whether deploying through the intuitive Amazon Quick Suite UI or using the AWS CLI for Infrastructure as a Code implementation, two-factor authentication provides flexibility without compromising security. Integration with AWS Secrets Manager helps protect private keys, while a streamlined setup process enables rapid deployment across development, staging, and production environments.

As data security continues to evolve, adopting two-factor authentication puts your organization at the forefront of best practices. Business intelligence teams can now focus on extracting actionable insights from Snowflake data instead of managing complex validation tasks, ultimately accelerating time to insight and improving operational efficiency.

To learn more, see Snowflake Key-Pair Authentication.

About the writers

Vignesh Baskaran

Vignesh Baskaran is Sr. Technical Product Manager in a DATA domain built on Amazon Quick Suite enabling BI and GenAI systems. He has 9+ years of experience developing large-scale data and analytics solutions. Prior to this role, he worked as a Sr. Analytics on AWS builds comprehensive BI solutions using the Quick Suite that are adopted globally by all AWS Worldwide Professional Sales teams. Outside of work, he enjoys watching cricket, playing Racquetball and exploring the diverse cuisines of Seattle.

Chinnakanu Sai Janakiram

Chinnakanu Sai Janakiram is a Software Development Engineer at Amazon Quick Suite, working on cloud infrastructure automation and feature development using AWS technology. He has 2+ years of experience building scalable systems across AWS, CI/CD pipelines, CloudFormation, React, and Spring Boot. Prior to this role, he contributed to data and analytics solutions at AWS, improving deployment reliability and scalability across regions. Outside of work, he enjoys following Formula 1 and staying up-to-date with emerging technologies.

Nithyashree Alwarsamy

Nithyashree Alwarsamy is a Partner Solutions Architect at Amazon Web Services, specializing in data and analytics solutions focused on streaming and event-driven architecture. Leveraging deep expertise in modern data architecture, Nithyashree helps organizations unlock the full potential of their data by integrating Snowflake's native data platform with a range of AWS services.

Andries Engelbrecht

Andries Engelbrecht is a Principal Engineer of Partner Solutions at Snowflake working with AWS. He supports product and service integration, and the development of integrated solutions with AWS. Andries has over 25 years of experience in the field of data and analytics.

Source link

Photo of nimda nimda Send an email February 19, 2026
0 6 6 minutes read
Photo of nimda

nimda

Related Articles

Organizing Agents’ memory at scale: Namespace design patterns in AgentCore Memory

Organizing Agents’ memory at scale: Namespace design patterns in AgentCore Memory

58 minutes ago
Compression of LSTM models for Retail Edge deployments

Compression of LSTM models for Retail Edge deployments

5 hours ago
Building AI-ready data: Vanguard’s Virtual Analyst journey

Building AI-ready data: Vanguard’s Virtual Analyst journey

9 hours ago
Dynamic Thinking: Large Language Models Know Time to Think in Subtle Space

Dynamic Thinking: Large Language Models Know Time to Think in Subtle Space

20 hours ago

Leave a Reply

Your email address will not be published. Required fields are marked *

Back to top button