terraform-provider-snowflake: Error when running `terraform apply` - Snowflake region Australia East
Provider Version
terraform providers: 0.22.0
Terraform Version
0.15.0
Describe the bug
When I run terraform apply I get the following error:
│ Error: error creating database: Post "https://xxxxx.AZURE_AUSTRALIAEAST.snowflakecomputing.com:443/session/v1/login-request?requestId=xxxxx&request_guid=xxxxx&roleName=SYSADMIN": x509: certificate is valid for *.us-west-2.snowflakecomputing.com, *.snowflakecomputing.com, *.global.snowflakecomputing.com, *.prod1.us-west-2.aws.snowflakecomputing.com, *.prod2.us-west-2.aws.snowflakecomputing.com, *.us-west-2.aws.snowflakecomputing.com, not xxxxx.AZURE_AUSTRALIAEAST.snowflakecomputing.com
│
│ on main.tf line 14, in resource "snowflake_database" "db":
│ 14: resource "snowflake_database" "db" {
Expected behavior
This should create a database in my Snowflake instance.
About this issue
- Original URL
- State: open
- Created 3 years ago
- Reactions: 1
- Comments: 15 (4 by maintainers)
For me, the region had to be set to “us-west-2”. Then it started working. The tutorial says to use the output of “SELECT current_region();” which is “AWS_US_WEST_2”… but that does not work.
This has tripped us up as well. Just submitted a PR (#1398) that attempts to shed light on the different Snowflake account identifier formats in hope that it may help future adopters when configuring this provider.
I ran into the same issue and was able to temporarily work around but defining the region like this:
Seems the format of the POST request doesn’t match what snowflake is actually expecting:
x509: certificate is valid for *.us-west-2.snowflakecomputing.com, *.snowflakecomputing.com, *.global.snowflakecomputing.com, *.prod1.us-west-2.aws.snowflakecomputing.com, *.prod2.us-west-2.aws.snowflakecomputing.com, *.us-west-2.aws.snowflakecomputing.com, not xxxxxxx.AWS_CA_CENTRAL_1.snowflakecomputing.com
I added the following as line 12
region = “us-east-1”
and everything worked like a champ
Obviously you’ll need to add your own AWS region for that line
It has worked for me in both, your way and also specifying the region with the format “region.cloud” (in my case west-europe.azure"). I have been able to see the organization name and account on the new UI at the left bottom of the website, just in case someone else struggles a bit searching that info while not being admin 😂
Using an Account Name as an Identifier
The account identifier for an account in your organization takes one of the following forms, depending on where and how the identifier is used:
<orgname>-account_name(for most URLs and other general purpose usage)To resolve this issue, remove the Terraform environment variable
SNOWFLAKE_REGIONsince it is optional and replace the environment valueSNOWFLAKE_ACCOUNTusing the taxonomy above instead of the generic account identifierThis will generate a URL in the format
MY_ORG-MY_ACCOUNT.snowflakecomputing.comwhich will be covered by the pattern*.snowflakecomputing.comI ran into this issue today also. I finally realized that there is a link to a reference table in the guide. Solved my issue.
Ran into this problem doing the tutorial, would be great if that pointed to the reference guide so you can get it right manually rather than a query that produces a string that fails with an unhelpful message. This issue also seems to be the same thing: https://github.com/Snowflake-Labs/sfquickstarts/issues/799