This guide walks you through configuring Snowflake as a destination for your Webflow Analyze and Optimize data export.
'MIIBI...<SHORTENED>...Xrw2nwIDAQAB'SHOW GRANTS TO USER <your_username>; and review the role column.)34.69.83.207/32 to complete Step 2.Recommendation: Key-pair authentication with service user
Snowflake is deprecating single-factor passwords and will disallow passwords for service users (TYPE=SERVICE) by October 2026. For that reason, we strongly recommend configuring the transfer user as a service user with key-pair authentication.
Review and make any changes to the following setup script.
Alternative authentication method: username & password
By default, this script creates a new user using key-pair authentication. If you’d prefer to use username & password authentication, instead of:
Use the following block:
Using an existing schema
By default, a new schema (with a name you provide) will be created in the target Snowflake database upon the initial connection. If instead you create the schema ahead of time, you may remove the CREATE SCHEMA permission, and instead grant ALL PRIVILEGES on the target schema for the designated role.
The script below can be used to complete this step:
Using an existing warehouse or database
By default, this script creates a new warehouse and a new database. If you’d prefer to use an existing warehouse/database, change the warehouse_name variable from TRANSFER_WAREHOUSE to the name of the warehouse to be shared/database_name variable from TRANSFER_DATABASE to the name of the database to be shared.
In the Snowflake interface, select the dropdown next to the “Run” button, and click Run All. This will run every query in the script at once. If successful, you will see Statement executed successfully in the query results.
If your Snowflake data warehouse is using Snowflake Access Policies, a new policy must be added to allow Webflow’s static IP to write to the warehouse.
Review current network policies to check for existing IP allowlists.
If there is no existing Snowflake Network Policies (the SHOW query returns no results), you can skip to Step 3.
If there is an existing Snowflake Network Policy, you must alter the existing policy or create a new one to allowlist Webflow’s static IP address. Use the CREATE NETWORK POLICY command to specify the IP addresses that can access your Snowflake warehouse.
Network allowlisting
Webflow Static IP: 34.69.83.207/32
Creating your first network policy
If you have no existing network policies and you create your first as part of this step, all other IPs outside of the ALLOWED_IP_LIST will be blocked. Snowflake does not allow setting a network policy that blocks your current IP address. (An error message results while trying to create a network policy that blocks the current IP address.) But be careful when setting your first network policy.
Use the following details to complete the connection setup: host name, database name, your chosen schema name, username, and password.
USAGE on the target warehouseUSAGE and CREATE SCHEMA on the target database (the setup script also includes MONITOR)USAGE on the target databaseALL PRIVILEGES on the target schemaDEFAULT_ROLE, DEFAULT_WAREHOUSERSA_PUBLIC_KEY setWe recommend key-based authentication. You register a public key on a Snowflake user and we authenticate using the corresponding private key, so no password is shared or stored. You can also enforce Snowflake Network Policies to allowlist Webflow’s egress IP.
Minimum grants:
USAGE on the warehouseUSAGE and CREATE SCHEMA on the databaseUSAGE on the database and ALL PRIVILEGES on the schemaYes. Grant USAGE on that warehouse to the transfer role. You may also size the warehouse to control performance/cost.
No, you should only provide the raw public key string, without the -----BEGIN PUBLIC KEY----- and -----END PUBLIC KEY----- tags.