From cd64ed9abe72c7f80bb3eae2285b4a9e24afffbf Mon Sep 17 00:00:00 2001 From: HarshCasper Date: Tue, 2 Jun 2026 17:36:33 +0530 Subject: [PATCH 1/3] Update Snowflake hostname configuration docs --- .../snowflake/capabilities/configuration.md | 32 ++++++++++++++++++- 1 file changed, 31 insertions(+), 1 deletion(-) diff --git a/src/content/docs/snowflake/capabilities/configuration.md b/src/content/docs/snowflake/capabilities/configuration.md index 4bd793f7e..b6066d02c 100644 --- a/src/content/docs/snowflake/capabilities/configuration.md +++ b/src/content/docs/snowflake/capabilities/configuration.md @@ -26,12 +26,42 @@ Options that affect the core Snowflake emulator functionality. | `SF_S3_ENDPOINT_EXTERNAL` | `s3.localhost.localstack.cloud:4566` | S3 endpoint for file uploads to return to external clients. Defaults to `SF_S3_ENDPOINT` if not set. | | `SF_AWS_ENDPOINT_URL` | `localhost:4566` (default) | AWS services endpoint for connecting to other AWS services (SQS, SNS, etc.) from the Snowflake emulator. | | `DNS_NAME_PATTERNS_TO_RESOLVE_UPSTREAM` | `*.s3.amazonaws.com` (example) | List of domain names that should NOT be resolved to the LocalStack container, but instead always forwarded to the upstream resolver (S3 for example). this would be required when importing data into a stage from an external S3 bucket on the real AWS cloud. Comma-separated list of Python-flavored regex patterns. | -| `SF_HOSTNAME_REGEX` | `snowflake\..+` (default) | Allows you to customize the hostname used for matching the Snowflake API routes in the HTTP router. If not set, then it matches on any hostnames that contain a `snowflake.*` subdomain (e.g., `snowflake.localhost.localstack.cloud`). | +| `SF_HOSTNAMES` | `snowflake.localhost.localstack.cloud,snowflake.internal` | Comma-separated list of hostnames that should route to the Snowflake emulator. If set, only these hostnames are matched. If unset, LocalStack keeps matching the default `*.snowflake.*` hostnames for backward compatibility. | | `SF_CSV_IMPORT_MAX_ROWS` | `50000` (default) | Maximum number of rows to import from CSV files into tables | | `SF_DEFAULT_USER` | `test` (default) | Specify the default user to be used by the Snowflake emulator. | | `SF_DEFAULT_PASSWORD` | `test` (default) | Specify the default password to be used by the Snowflake emulator. | | `SF_PROXY_PRIVATE_KEY` | | Specify the private key to be used by the Snowflake emulator. | +### Custom Snowflake hostnames + +By default, the Snowflake emulator accepts requests for hostnames such as `snowflake.localhost.localstack.cloud` and other `*.snowflake.*` hostnames. +If you expose the emulator through a custom DNS name, for example in Kubernetes or behind an ingress, set `SF_HOSTNAMES` to the exact hostnames clients use to reach the emulator: + +```bash +SF_HOSTNAMES=snowflake.internal.example.com,snowflake.internal \ +localstack start --stack snowflake +``` + +The first hostname in `SF_HOSTNAMES` is used as the primary hostname for local connection defaults and generated URLs. +When `SF_HOSTNAMES` is set, the default wildcard fallback is disabled, and only the configured hostnames are routed to the Snowflake emulator. + +::::note +`SF_HOSTNAME_REGEX` is no longer supported. +If you previously used `SF_HOSTNAME_REGEX`, migrate to `SF_HOSTNAMES` and list each hostname explicitly. +:::: + +If your custom hostname also needs a matching TLS certificate, use LocalStack's standard certificate configuration options: + +```bash +SF_HOSTNAMES=snowflake.internal.example.com \ +CUSTOM_SSL_CERT_PATH=/var/lib/localstack/custom/cert.pem \ +SKIP_SSL_CERT_DOWNLOAD=1 \ +localstack start --stack snowflake +``` + +The file referenced by `CUSTOM_SSL_CERT_PATH` must contain a certificate and private key that match the hostname used by your Snowflake clients. +For more general guidance on adding trusted certificates to LocalStack, see [Custom TLS certificates](/aws/capabilities/security-testing/custom-tls-certificates/). + ## CLI These options are applicable when using the CLI to start LocalStack. From 4f82f33395d8cd1c22b67b077e33d8cf58dadbb7 Mon Sep 17 00:00:00 2001 From: Quetzalli Date: Thu, 4 Jun 2026 18:30:41 +0200 Subject: [PATCH 2/3] Apply suggestion from @quetzalliwrites --- src/content/docs/snowflake/capabilities/configuration.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/content/docs/snowflake/capabilities/configuration.md b/src/content/docs/snowflake/capabilities/configuration.md index b6066d02c..7e006a176 100644 --- a/src/content/docs/snowflake/capabilities/configuration.md +++ b/src/content/docs/snowflake/capabilities/configuration.md @@ -26,7 +26,7 @@ Options that affect the core Snowflake emulator functionality. | `SF_S3_ENDPOINT_EXTERNAL` | `s3.localhost.localstack.cloud:4566` | S3 endpoint for file uploads to return to external clients. Defaults to `SF_S3_ENDPOINT` if not set. | | `SF_AWS_ENDPOINT_URL` | `localhost:4566` (default) | AWS services endpoint for connecting to other AWS services (SQS, SNS, etc.) from the Snowflake emulator. | | `DNS_NAME_PATTERNS_TO_RESOLVE_UPSTREAM` | `*.s3.amazonaws.com` (example) | List of domain names that should NOT be resolved to the LocalStack container, but instead always forwarded to the upstream resolver (S3 for example). this would be required when importing data into a stage from an external S3 bucket on the real AWS cloud. Comma-separated list of Python-flavored regex patterns. | -| `SF_HOSTNAMES` | `snowflake.localhost.localstack.cloud,snowflake.internal` | Comma-separated list of hostnames that should route to the Snowflake emulator. If set, only these hostnames are matched. If unset, LocalStack keeps matching the default `*.snowflake.*` hostnames for backward compatibility. | +| `SF_HOSTNAMES` | `snowflake.localhost.localstack.cloud,snowflake.internal` | Comma-separated list of hostnames that should route to the Snowflake emulator. If set, only these hostnames are matched. If unset, LocalStack also matches any hostname with a `snowflake.` subdomain (i.e., `*snowflake.*` or `*.snowflake.*` for backward compatibility.) | `SF_CSV_IMPORT_MAX_ROWS` | `50000` (default) | Maximum number of rows to import from CSV files into tables | | `SF_DEFAULT_USER` | `test` (default) | Specify the default user to be used by the Snowflake emulator. | | `SF_DEFAULT_PASSWORD` | `test` (default) | Specify the default password to be used by the Snowflake emulator. | From 1130b2be7f110f575e93d204e52ccbda93e3bab4 Mon Sep 17 00:00:00 2001 From: Quetzalli Date: Thu, 4 Jun 2026 18:31:33 +0200 Subject: [PATCH 3/3] Apply suggestion from @quetzalliwrites --- src/content/docs/snowflake/capabilities/configuration.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/content/docs/snowflake/capabilities/configuration.md b/src/content/docs/snowflake/capabilities/configuration.md index 7e006a176..781390fa4 100644 --- a/src/content/docs/snowflake/capabilities/configuration.md +++ b/src/content/docs/snowflake/capabilities/configuration.md @@ -26,7 +26,7 @@ Options that affect the core Snowflake emulator functionality. | `SF_S3_ENDPOINT_EXTERNAL` | `s3.localhost.localstack.cloud:4566` | S3 endpoint for file uploads to return to external clients. Defaults to `SF_S3_ENDPOINT` if not set. | | `SF_AWS_ENDPOINT_URL` | `localhost:4566` (default) | AWS services endpoint for connecting to other AWS services (SQS, SNS, etc.) from the Snowflake emulator. | | `DNS_NAME_PATTERNS_TO_RESOLVE_UPSTREAM` | `*.s3.amazonaws.com` (example) | List of domain names that should NOT be resolved to the LocalStack container, but instead always forwarded to the upstream resolver (S3 for example). this would be required when importing data into a stage from an external S3 bucket on the real AWS cloud. Comma-separated list of Python-flavored regex patterns. | -| `SF_HOSTNAMES` | `snowflake.localhost.localstack.cloud,snowflake.internal` | Comma-separated list of hostnames that should route to the Snowflake emulator. If set, only these hostnames are matched. If unset, LocalStack also matches any hostname with a `snowflake.` subdomain (i.e., `*snowflake.*` or `*.snowflake.*` for backward compatibility.) +| `SF_HOSTNAMES` | `snowflake.localhost.localstack.cloud,snowflake.internal` | Comma-separated list of hostnames that should route to the Snowflake emulator. If set, only these hostnames are matched. If unset, LocalStack also matches any hostname with a `snowflake.` subdomain (i.e., `*snowflake.*` or `*.snowflake.*`) for backward compatibility. | `SF_CSV_IMPORT_MAX_ROWS` | `50000` (default) | Maximum number of rows to import from CSV files into tables | | `SF_DEFAULT_USER` | `test` (default) | Specify the default user to be used by the Snowflake emulator. | | `SF_DEFAULT_PASSWORD` | `test` (default) | Specify the default password to be used by the Snowflake emulator. |