|
| 1 | +--- |
| 2 | +title: "Network Rules" |
| 3 | +description: Get started with Network Rules in LocalStack for Snowflake |
| 4 | +tags: ["Base"] |
| 5 | +--- |
| 6 | + |
| 7 | +## Introduction |
| 8 | + |
| 9 | +Network rules are schema-level objects in Snowflake that allow you to group network identifiers (such as IP addresses, ports, or private endpoints) into logical units. They are used to define which network traffic should be allowed or blocked. |
| 10 | + |
| 11 | +The Snowflake emulator in LocalStack supports basic CRUD operations (`CREATE`, `ALTER`, `DROP`, `SHOW`) for network rules. This enables you to create and manage network rule objects locally for testing and schema validation. |
| 12 | + |
| 13 | +:::note |
| 14 | +While you can create and manage network rules, their use in enforcing network access policies is not yet supported in the emulator. |
| 15 | +::: |
| 16 | + |
| 17 | +## Getting started |
| 18 | + |
| 19 | +This guide is designed for users new to network rules and assumes you are already connected to your Snowflake emulator with a SQL client. The following examples demonstrate how to create, alter, show, and drop network rules. |
| 20 | + |
| 21 | +### Create a network rule |
| 22 | + |
| 23 | +You can create a network rule using the `CREATE NETWORK RULE` statement. The example below creates a network rule that allows ingress traffic from a specific IPv4 address: |
| 24 | + |
| 25 | +```sql showLineNumbers |
| 26 | +CREATE NETWORK RULE allow_ip_rule |
| 27 | + TYPE = IPV4 |
| 28 | + MODE = INGRESS |
| 29 | + VALUE_LIST = ('192.168.1.1') |
| 30 | + COMMENT = 'Allow traffic from 192.168.1.1'; |
| 31 | +``` |
| 32 | + |
| 33 | +### Show network rules |
| 34 | + |
| 35 | +You can list all network rules in your schema using the `SHOW NETWORK RULES` statement: |
| 36 | + |
| 37 | +```sql |
| 38 | +SHOW NETWORK RULES; |
| 39 | +``` |
| 40 | + |
| 41 | +### Alter a network rule |
| 42 | + |
| 43 | +You can modify an existing network rule using the `ALTER NETWORK RULE` statement. The example below updates the comment: |
| 44 | + |
| 45 | +```sql |
| 46 | +ALTER NETWORK RULE allow_ip_rule |
| 47 | + SET COMMENT = 'Updated description'; |
| 48 | +``` |
| 49 | + |
| 50 | +### Drop a network rule |
| 51 | + |
| 52 | +You can delete an existing network rule with the `DROP NETWORK RULE` statement: |
| 53 | + |
| 54 | +```sql |
| 55 | +DROP NETWORK RULE allow_ip_rule; |
| 56 | +``` |
| 57 | + |
| 58 | +:::note |
| 59 | +## Limitations |
| 60 | + |
| 61 | +- Only CRUD operations are supported in the emulator. |
| 62 | +- Network rules cannot yet be enforced or attached to other Snowflake objects. |
| 63 | +- Use this feature for schema validation and testing SQL workflows, not for actual network access control. |
| 64 | +::: |
0 commit comments