{"id":26577,"date":"2025-12-05T14:35:21","date_gmt":"2025-12-05T14:35:21","guid":{"rendered":"https:\/\/pokecon.jp\/job\/?p=26577"},"modified":"2025-12-05T14:35:21","modified_gmt":"2025-12-05T14:35:21","slug":"aws%e2%86%92snowflake%e3%81%aeworkload-identity-federation%e3%82%92bash%e3%81%a7%e5%ae%9f%e8%a3%85%e3%81%97%e3%81%a6%e4%bd%8e%e3%83%ac%e3%83%99%e3%83%ab%e3%81%aa%e5%87%a6%e7%90%86%e3%82%92%e7%90%86","status":"publish","type":"post","link":"https:\/\/pokecon.jp\/job\/26577\/","title":{"rendered":"AWS\u2192Snowflake\u306eWorkload Identity Federation\u3092Bash\u3067\u5b9f\u88c5\u3057\u3066\u4f4e\u30ec\u30d9\u30eb\u306a\u51e6\u7406\u3092\u7406\u89e3\u3059\u308b\u306e\u5dfb &#8211; LayerX \u30a8\u30f3\u30b8\u30cb\u30a2\u30d6\u30ed\u30b0"},"content":{"rendered":"\n<\/p>\n<div wp_automatic_readability=\"162.27859011335\">\n<p><span itemscope=\"\" itemtype=\"http:\/\/schema.org\/Photograph\"><img decoding=\"async\" src=\"https:\/\/cdn-ak.f.st-hatena.com\/images\/fotolife\/c\/civitaspo\/20251205\/20251205195437.png\" width=\"1200\" height=\"630\" loading=\"lazy\" title=\"\" class=\"hatena-fotolife\" itemprop=\"image\"\/><\/span><br \/>\n\u3053\u306e\u8a18\u4e8b\u306f\u3001LayerX Tech Advent Calendar 2025 \u306e 5\u65e5\u76ee\u306e\u8a18\u4e8b\u3067\u3059\u3002<br \/>\n<iframe src=\"https:\/\/hatenablog-parts.com\/embed?url=https%3A%2F%2Ftech.layerx.co.jp%2Fentry%2Ftech-advent-calendar-2025\" title=\"LayerX Tech Advent Calendar 2025 \u4eca\u5e74\u3082\u3084\u308a\u307e\u3059\uff01 #LayerX\u30c6\u30c3\u30af\u30a2\u30c9\u30ab\u30ec - LayerX \u30a8\u30f3\u30b8\u30cb\u30a2\u30d6\u30ed\u30b0\" class=\"embed-card embed-blogcard\" scrolling=\"no\" frameborder=\"0\" style=\"display: block; width: 100%; height: 190px; max-width: 500px; margin: 10px 0px;\" loading=\"lazy\"><\/iframe><cite class=\"hatena-citation\"><a target=\"_blank\" href=\"https:\/\/tech.layerx.co.jp\/entry\/tech-advent-calendar-2025\">tech.layerx.co.jp<\/a><\/cite><\/p>\n<p>\u3053\u3093\u306b\u3061\u306f\u3002\u30d0\u30af\u30e9\u30af\u4e8b\u696d\u90e8 BizOps\u90e8 \u30c7\u30fc\u30bf\u30b0\u30eb\u30fc\u30d7\u306e<a target=\"_blank\" href=\"https:\/\/twitter.com\/Civitaspo\">@civitaspo<\/a>\u3067\u3059\u3002<\/p>\n<p>\u5148\u65e5\u3001Snowflake\u3067Workload Identity Federation\u6a5f\u80fd\u304c\u30ea\u30ea\u30fc\u30b9\u3055\u308c\u307e\u3057\u305f\u3002Workload Identity Federation\u6a5f\u80fd\u306f\u3001Amazon Web Services\uff08\u4ee5\u4e0b\u3001AWS\uff09\u3084Google Cloud\u3001Microsoft Azure\u306a\u3069\u306e\u30af\u30e9\u30a6\u30c9\u30d7\u30ed\u30d0\u30a4\u30c0\u30fc\u4e0a\u306e\u30ef\u30fc\u30af\u30ed\u30fc\u30c9\u304c\u6301\u3064Identity\u3092\u4f7f\u3063\u3066Snowflake\u3068<a target=\"_blank\" href=\"https:\/\/openid.net\/developers\/how-connect-works\/\">OpenID Connect\uff08\u4ee5\u4e0b\u3001OIDC\uff09<\/a>\u3092\u4f7f\u3063\u305f\u8a8d\u8a3c\u3092\u884c\u3048\u308b\u6a5f\u80fd\u3067\u3059\u3002<\/p>\n<p><iframe src=\"https:\/\/hatenablog-parts.com\/embed?url=https%3A%2F%2Fdocs.snowflake.com%2Fen%2Frelease-notes%2F2025%2Fother%2F2025-08-14-wif\" title=\"Aug 14, 2025: Workload identity federation (General availability) | Snowflake Documentation\" class=\"embed-card embed-webcard\" scrolling=\"no\" frameborder=\"0\" style=\"display: block; width: 100%; height: 155px; max-width: 500px; margin: 10px 0px;\" loading=\"lazy\"><\/iframe><cite class=\"hatena-citation\"><a target=\"_blank\" href=\"https:\/\/docs.snowflake.com\/en\/release-notes\/2025\/other\/2025-08-14-wif\">docs.snowflake.com<\/a><\/cite><br \/>\n<iframe src=\"https:\/\/hatenablog-parts.com\/embed?url=https%3A%2F%2Fdocs.snowflake.com%2Fen%2Fuser-guide%2Fworkload-identity-federation\" title=\"Workload identity federation | Snowflake Documentation\" class=\"embed-card embed-webcard\" scrolling=\"no\" frameborder=\"0\" style=\"display: block; width: 100%; height: 155px; max-width: 500px; margin: 10px 0px;\" loading=\"lazy\"><\/iframe><cite class=\"hatena-citation\"><a target=\"_blank\" href=\"https:\/\/docs.snowflake.com\/en\/user-guide\/workload-identity-federation\">docs.snowflake.com<\/a><\/cite><\/p>\n<p>\u3053\u306eWorkload Identity Federation\u6a5f\u80fd\u306f\u3001\u4e0a\u8a18\u306b\u6319\u3052\u305f\u30af\u30e9\u30a6\u30c9\u30d7\u30ed\u30d0\u30a4\u30c0\u30fc\u3060\u3051\u3067\u306a\u304f\u3001Snowflake \u304c\u5b9a\u7fa9\u3059\u308b\u5f62\u5f0f\u306e OIDC attestation\u3092\u767a\u884c\u3067\u304d\u308b\u30ab\u30b9\u30bf\u30e0 OIDC \u30d7\u30ed\u30d0\u30a4\u30c0\u30fc\u3092\u5229\u7528\u3059\u308b\u3053\u3068\u3082\u3067\u304d\u307e\u3059\u3002\u306a\u304a\u3001Snowflake \u304c\u8a8d\u8b58\u3059\u308bOIDC attestation\u306e\u6b63\u5f0f\u306a\u4ed5\u69d8\uff08JWT claim \u3084\u7f72\u540d\u65b9\u5f0f\u306a\u3069\uff09\u306f\u516c\u958b\u3055\u308c\u3066\u3044\u307e\u305b\u3093\u3002\u305d\u306e\u305f\u3081\u3001\u30ab\u30b9\u30bf\u30e0 OIDC \u30d7\u30ed\u30d0\u30a4\u30c0\u30fc\u3092\u4f7f\u3046\u5834\u5408\u306f\u3001\u5b9f\u969b\u306b\u624b\u3092\u52d5\u304b\u3057\u3066 Snowflake \u304c accept \u3059\u308b\u30c8\u30fc\u30af\u30f3\u3092\u8a66\u884c\u932f\u8aa4\u3067\u63a2\u3059\u5fc5\u8981\u304c\u3042\u308a\u307e\u3059\u3002<\/p>\n<p>\u73fe\u5b9f\u7684\u306b\u306f\u3001\u975e\u5e38\u306b\u96e3\u6613\u5ea6\u306e\u9ad8\u3044\u8a71\u306a\u306e\u3067Snowflake\u304c\u63d0\u4f9b\u3059\u308bSDK\u3084CLI\u304c\u30b5\u30dd\u30fc\u30c8\u3059\u308b\u30ab\u30b9\u30bf\u30e0 OIDC \u30d7\u30ed\u30d0\u30a4\u30c0\u30fc\u306e\u307f\u304c\u5229\u7528\u53ef\u80fd\u3068\u8003\u3048\u308b\u306e\u304c\u826f\u3044\u3067\u3057\u3087\u3046\u30022025\/12\/05 \u6642\u70b9\u3067\u306f\u30ab\u30b9\u30bf\u30e0 OIDC \u30d7\u30ed\u30d0\u30a4\u30c0\u30fc\u3068\u3057\u3066GitHub Actions\u306e\u30b5\u30dd\u30fc\u30c8\u306f\u78ba\u8a8d\u3057\u3066\u3044\u307e\u3059\u3002<\/p>\n<p><iframe src=\"https:\/\/hatenablog-parts.com\/embed?url=https%3A%2F%2Fgithub.com%2Fsnowflakedb%2Fsnowflake-cli-action\" title=\"GitHub - snowflakedb\/snowflake-cli-action: Github Action enabling easy use of Snowflake CLI in your CI\/CD workflows\" class=\"embed-card embed-webcard\" scrolling=\"no\" frameborder=\"0\" style=\"display: block; width: 100%; height: 155px; max-width: 500px; margin: 10px 0px;\" loading=\"lazy\"><\/iframe><cite class=\"hatena-citation\"><a target=\"_blank\" href=\"https:\/\/github.com\/snowflakedb\/snowflake-cli-action\">github.com<\/a><\/cite><\/p>\n<p>\u4eca\u56de\u306e\u8a18\u4e8b\u3067\u306f\u3001\u3053\u306eWorkload Identity Federation\u6a5f\u80fd\u3092\u4f4e\u30ec\u30a4\u30e4\u30fc\u304b\u3089\u7406\u89e3\u3059\u308b\u305f\u3081\u3001AWS\u304b\u3089Snowflake\u3078Workload Identity Federation\u3092\u4f7f\u3063\u3066\u8a8d\u8a3c\u3057\u3001\u30bb\u30c3\u30b7\u30e7\u30f3\u30c8\u30fc\u30af\u30f3\u3092\u53d6\u5f97\u3059\u308b\u3068\u3053\u308d\u307e\u3067\u3092Bash\u3067\u5b9f\u88c5\u3057\u3066\u307f\u3088\u3046\u3068\u601d\u3044\u307e\u3059\u3002<\/p>\n<p>\u300c\u6700\u521d\u306b\u7d50\u8ad6\u304b\u3089\u300d\u3068\u8a00\u3046\u306b\u306f\u975e\u5e38\u306b\u66b4\u529b\u7684\u3067\u3059\u304c\u3001Bash\u30b9\u30af\u30ea\u30d7\u30c8\u3092\u8cbc\u308a\u4ed8\u3051\u307e\u3059\u3002\u4ee5\u4e0b\u306eBash\u30b9\u30af\u30ea\u30d7\u30c8\u3092\u5b9f\u884c\u3059\u308b\u3068\u3001AWS\u4e0a\u306e\u7279\u5b9a\u306e\u30ed\u30fc\u30eb\u3078Assume Role\u3092\u884c\u306a\u3063\u305f\u3042\u3068\u3001Snowflake Workload Identity Federation\u3092\u7528\u3044\u3066\u8a8d\u8a3c\u3092\u884c\u3044\u3001\u30bb\u30c3\u30b7\u30e7\u30f3\u30c8\u30fc\u30af\u30f3\u3092\u53d6\u5f97\u3067\u304d\u307e\u3059\u3002<\/p>\n<pre class=\"code lang-sh\" data-lang=\"sh\" data-unlink=\"\">\n\n<span class=\"synStatement\">set<\/span><span class=\"synIdentifier\"> <\/span><span class=\"synSpecial\">-eo<\/span><span class=\"synIdentifier\"> pipefail<\/span>\n\n<span class=\"synIdentifier\">usage() {<\/span>\n    cat <span class=\"synStatement\">&lt;<eof< span=\"\">\n<span class=\"synConstant\">Usage: <\/span><span class=\"synPreProc\">$0<\/span><span class=\"synConstant\"> [options]<\/span>\n\n<span class=\"synConstant\">Options:<\/span>\n<span class=\"synConstant\">  --aws-role-arn <aws_role_arn>:              AWS Role ARN to assume<\/aws_role_arn><\/span>\n<span class=\"synConstant\">  --aws-region <aws_region>:                  AWS Region<\/aws_region><\/span>\n<span class=\"synConstant\">  --snowflake-account-identifier:             Snowflake Account Identifier (<organization name=\"\">-<account name=\"\">)<\/account><\/organization><\/span>\n<span class=\"synConstant\">  --snowflake-username:                       Snowflake Username<\/span>\n<span class=\"synConstant\">  -h, --help:                                 Show this help message and exit<\/span>\n\n<span class=\"synStatement\">EOF<\/span>\n<span class=\"synIdentifier\">}<\/span>\n\n<span class=\"synStatement\">while <\/span><span class=\"synSpecial\">[[<\/span> <span class=\"synPreProc\">$#<\/span> <span class=\"synStatement\">-gt<\/span> <span class=\"synConstant\">0<\/span> <span class=\"synSpecial\">]]<\/span><span class=\"synStatement\">; do<\/span>\n    <span class=\"synStatement\">case<\/span> <span class=\"synPreProc\">$1<\/span> <span class=\"synStatement\">in<\/span>\n        --aws-role-arn<span class=\"synStatement\">)<\/span>\n            <span class=\"synIdentifier\">aws_role_arn<\/span>=<span class=\"synStatement\">\"<\/span><span class=\"synPreProc\">${2}<\/span><span class=\"synStatement\">\"<\/span>\n            <span class=\"synStatement\">shift<\/span> <span class=\"synConstant\">2<\/span>\n            <span class=\"synStatement\">;;<\/span>\n        --aws-region<span class=\"synStatement\">)<\/span>\n            <span class=\"synIdentifier\">aws_region<\/span>=<span class=\"synStatement\">\"<\/span><span class=\"synPreProc\">${2}<\/span><span class=\"synStatement\">\"<\/span>\n            <span class=\"synStatement\">shift<\/span> <span class=\"synConstant\">2<\/span>\n            <span class=\"synStatement\">;;<\/span>\n        --snowflake-account-identifier<span class=\"synStatement\">)<\/span>\n            <span class=\"synIdentifier\">snowflake_account_identifier<\/span>=<span class=\"synStatement\">\"<\/span><span class=\"synPreProc\">${2}<\/span><span class=\"synStatement\">\"<\/span>\n            <span class=\"synStatement\">shift<\/span> <span class=\"synConstant\">2<\/span>\n            <span class=\"synStatement\">;;<\/span>\n        --snowflake-username<span class=\"synStatement\">)<\/span>\n            <span class=\"synIdentifier\">snowflake_username<\/span>=<span class=\"synStatement\">\"<\/span><span class=\"synPreProc\">${2}<\/span><span class=\"synStatement\">\"<\/span>\n            <span class=\"synStatement\">shift<\/span> <span class=\"synConstant\">2<\/span>\n            <span class=\"synStatement\">;;<\/span>\n        -h|--help<span class=\"synStatement\">)<\/span>\n            usage\n            <span class=\"synStatement\">exit<\/span> <span class=\"synConstant\">0<\/span>\n            <span class=\"synStatement\">;;<\/span>\n        -*|--*<span class=\"synStatement\">)<\/span>\n            <span class=\"synStatement\">echo<\/span><span class=\"synConstant\"> <\/span><span class=\"synStatement\">\"<\/span><span class=\"synConstant\">[ERROR] Unknown option: <\/span><span class=\"synPreProc\">${1}<\/span><span class=\"synStatement\">\"<\/span>\n            usage\n            <span class=\"synStatement\">exit<\/span> <span class=\"synConstant\">1<\/span>\n            <span class=\"synStatement\">;;<\/span>\n        *<span class=\"synStatement\">)<\/span>\n            <span class=\"synStatement\">echo<\/span><span class=\"synConstant\"> <\/span><span class=\"synStatement\">\"<\/span><span class=\"synConstant\">[ERROR] Unknown argument: <\/span><span class=\"synPreProc\">${1}<\/span><span class=\"synStatement\">\"<\/span>\n            usage\n            <span class=\"synStatement\">exit<\/span> <span class=\"synConstant\">1<\/span>\n            <span class=\"synStatement\">;;<\/span>\n    <span class=\"synStatement\">esac<\/span>\n<span class=\"synStatement\">done<\/span>\n\n<span class=\"synStatement\">for<\/span> v <span class=\"synStatement\">in<\/span> aws_role_arn aws_region snowflake_account_identifier snowflake_username; <span class=\"synStatement\">do<\/span>\n    <span class=\"synStatement\">if <\/span><span class=\"synSpecial\">[[<\/span> <span class=\"synStatement\">-z<\/span> <span class=\"synStatement\">\"<\/span><span class=\"synPreProc\">${!v}<\/span><span class=\"synStatement\">\"<\/span> <span class=\"synSpecial\">]]<\/span><span class=\"synStatement\">;<\/span> <span class=\"synStatement\">then<\/span>\n        <span class=\"synStatement\">echo<\/span><span class=\"synConstant\"> <\/span><span class=\"synStatement\">\"<\/span><span class=\"synConstant\">[ERROR] '--<\/span><span class=\"synPreProc\">${v<\/span><span class=\"synStatement\">\/\/<\/span>_<span class=\"synStatement\">\/<\/span>-<span class=\"synPreProc\">}<\/span><span class=\"synConstant\">' option is not defined.<\/span><span class=\"synStatement\">\"<\/span><span class=\"synConstant\"> <\/span><span class=\"synStatement\">&gt;&amp;<\/span><span class=\"synConstant\">2<\/span>\n        <span class=\"synStatement\">exit<\/span> <span class=\"synConstant\">1<\/span>\n    <span class=\"synStatement\">fi<\/span>\n<span class=\"synStatement\">done<\/span>\n<span class=\"synStatement\">if <\/span><span class=\"synSpecial\">[[<\/span> <span class=\"synStatement\">!<\/span> <span class=\"synStatement\">\"<\/span><span class=\"synPreProc\">$aws_role_arn<\/span><span class=\"synStatement\">\"<\/span> <span class=\"synStatement\">=~<\/span> <span class=\"synConstant\">^arn:aws:iam::[0-9]+:role\/<\/span> <span class=\"synSpecial\">]]<\/span><span class=\"synStatement\">;<\/span> <span class=\"synStatement\">then<\/span>\n    <span class=\"synStatement\">echo<\/span><span class=\"synConstant\"> <\/span><span class=\"synStatement\">\"<\/span><span class=\"synConstant\">[ERROR] Invalid aws_role_arn: <\/span><span class=\"synPreProc\">$aws_role_arn<\/span><span class=\"synStatement\">\"<\/span><span class=\"synConstant\"> <\/span><span class=\"synStatement\">&gt;&amp;<\/span><span class=\"synConstant\">2<\/span>\n    <span class=\"synStatement\">exit<\/span> <span class=\"synConstant\">1<\/span>\n<span class=\"synStatement\">fi<\/span>\n<span class=\"synStatement\">if <\/span><span class=\"synSpecial\">[[<\/span> <span class=\"synStatement\">!<\/span> <span class=\"synStatement\">\"<\/span><span class=\"synPreProc\">$aws_region<\/span><span class=\"synStatement\">\"<\/span> <span class=\"synStatement\">=~<\/span> <span class=\"synConstant\">^[a-z]{2}-[a-z]+-[0-9]+$<\/span> <span class=\"synSpecial\">]]<\/span><span class=\"synStatement\">;<\/span> <span class=\"synStatement\">then<\/span>\n    <span class=\"synStatement\">echo<\/span><span class=\"synConstant\"> <\/span><span class=\"synStatement\">\"<\/span><span class=\"synConstant\">[ERROR] Invalid aws_region: <\/span><span class=\"synPreProc\">$aws_region<\/span><span class=\"synStatement\">\"<\/span><span class=\"synConstant\"> <\/span><span class=\"synStatement\">&gt;&amp;<\/span><span class=\"synConstant\">2<\/span>\n    <span class=\"synStatement\">exit<\/span> <span class=\"synConstant\">1<\/span>\n<span class=\"synStatement\">fi<\/span>\n\n<span class=\"synStatement\">for<\/span> cmd <span class=\"synStatement\">in<\/span> curl jq date aws openssl xxd; <span class=\"synStatement\">do<\/span>\n  <span class=\"synStatement\">if !<\/span> <span class=\"synStatement\">command<\/span> <span class=\"synStatement\">-v<\/span> <span class=\"synPreProc\">$cmd<\/span> <span class=\"synStatement\">&amp;&gt;<\/span> \/dev\/null<span class=\"synStatement\">;<\/span> <span class=\"synStatement\">then<\/span>\n    <span class=\"synStatement\">echo<\/span><span class=\"synConstant\"> <\/span><span class=\"synStatement\">\"<\/span><span class=\"synPreProc\">$cmd<\/span><span class=\"synConstant\"> command not found<\/span><span class=\"synStatement\">\"<\/span>\n    <span class=\"synStatement\">exit<\/span> <span class=\"synConstant\">1<\/span>\n  <span class=\"synStatement\">fi<\/span>\n<span class=\"synStatement\">done<\/span>\n\n\n<span class=\"synStatement\">readonly<\/span> <span class=\"synIdentifier\">AWS_ROLE_ARN<\/span>=<span class=\"synStatement\">\"<\/span><span class=\"synPreProc\">$aws_role_arn<\/span><span class=\"synStatement\">\"<\/span>\n<span class=\"synStatement\">readonly<\/span> <span class=\"synIdentifier\">AWS_REGION<\/span>=<span class=\"synStatement\">\"<\/span><span class=\"synPreProc\">$aws_region<\/span><span class=\"synStatement\">\"<\/span>\n<span class=\"synStatement\">readonly<\/span> <span class=\"synIdentifier\">SESSION_NAME<\/span>=<span class=\"synStatement\">\"<\/span><span class=\"synConstant\">snowflake-wif-access-<\/span><span class=\"synPreProc\">$(<\/span><span class=\"synSpecial\">date +%s<\/span><span class=\"synPreProc\">)<\/span><span class=\"synStatement\">\"<\/span>\n<span class=\"synStatement\">readonly<\/span> <span class=\"synIdentifier\">CREDENTIALS<\/span>=<span class=\"synPreProc\">$(<\/span><span class=\"synSpecial\">aws sts assume-role --role-arn <\/span><span class=\"synPreProc\">$AWS_ROLE_ARN<\/span><span class=\"synSpecial\"> --role-session-name <\/span><span class=\"synPreProc\">$SESSION_NAME<\/span><span class=\"synSpecial\"> --region <\/span><span class=\"synPreProc\">$AWS_REGION<\/span><span class=\"synSpecial\"> --output json<\/span><span class=\"synPreProc\">)<\/span>\n<span class=\"synStatement\">readonly<\/span> <span class=\"synIdentifier\">AWS_ACCESS_KEY_ID<\/span>=<span class=\"synPreProc\">$(<\/span><span class=\"synStatement\">echo<\/span><span class=\"synConstant\"> <\/span><span class=\"synPreProc\">$CREDENTIALS<\/span><span class=\"synConstant\"> <\/span><span class=\"synStatement\">|<\/span><span class=\"synSpecial\"> jq -r <\/span><span class=\"synStatement\">'<\/span><span class=\"synConstant\">.Credentials.AccessKeyId<\/span><span class=\"synStatement\">'<\/span><span class=\"synPreProc\">)<\/span>\n<span class=\"synStatement\">readonly<\/span> <span class=\"synIdentifier\">AWS_SECRET_ACCESS_KEY<\/span>=<span class=\"synPreProc\">$(<\/span><span class=\"synStatement\">echo<\/span><span class=\"synConstant\"> <\/span><span class=\"synPreProc\">$CREDENTIALS<\/span><span class=\"synConstant\"> <\/span><span class=\"synStatement\">|<\/span><span class=\"synSpecial\"> jq -r <\/span><span class=\"synStatement\">'<\/span><span class=\"synConstant\">.Credentials.SecretAccessKey<\/span><span class=\"synStatement\">'<\/span><span class=\"synPreProc\">)<\/span>\n<span class=\"synStatement\">readonly<\/span> <span class=\"synIdentifier\">AWS_SESSION_TOKEN<\/span>=<span class=\"synPreProc\">$(<\/span><span class=\"synStatement\">echo<\/span><span class=\"synConstant\"> <\/span><span class=\"synPreProc\">$CREDENTIALS<\/span><span class=\"synConstant\"> <\/span><span class=\"synStatement\">|<\/span><span class=\"synSpecial\"> jq -r <\/span><span class=\"synStatement\">'<\/span><span class=\"synConstant\">.Credentials.SessionToken<\/span><span class=\"synStatement\">'<\/span><span class=\"synPreProc\">)<\/span>\n\n<span class=\"synStatement\">readonly<\/span> <span class=\"synIdentifier\">X_AMZ_DATE<\/span>=<span class=\"synPreProc\">$(<\/span><span class=\"synIdentifier\">TZ<\/span>=UTC<span class=\"synSpecial\"> date +<\/span><span class=\"synStatement\">\"<\/span><span class=\"synConstant\">%Y%m%dT%H%M%SZ<\/span><span class=\"synStatement\">\"<\/span><span class=\"synPreProc\">)<\/span>\n<span class=\"synStatement\">readonly<\/span> <span class=\"synIdentifier\">X_AMZ_DATE_SHORT<\/span>=<span class=\"synPreProc\">$(<\/span><span class=\"synStatement\">echo<\/span><span class=\"synConstant\"> <\/span><span class=\"synPreProc\">$X_AMZ_DATE<\/span><span class=\"synConstant\"> <\/span><span class=\"synStatement\">|<\/span><span class=\"synSpecial\"> cut -c 1-8<\/span><span class=\"synPreProc\">)<\/span> \n<span class=\"synStatement\">readonly<\/span> <span class=\"synIdentifier\">CANONICAL_REQUEST_HOST<\/span>=<span class=\"synStatement\">\"<\/span><span class=\"synConstant\">sts.<\/span><span class=\"synPreProc\">${AWS_REGION}<\/span><span class=\"synConstant\">.amazonaws.com<\/span><span class=\"synStatement\">\"<\/span>\n<span class=\"synStatement\">readonly<\/span> <span class=\"synIdentifier\">CANONICAL_REQUEST_METHOD<\/span>=<span class=\"synStatement\">\"<\/span><span class=\"synConstant\">POST<\/span><span class=\"synStatement\">\"<\/span>\n<span class=\"synStatement\">readonly<\/span> <span class=\"synIdentifier\">CANONICAL_REQUEST_URI<\/span>=<span class=\"synStatement\">\"<\/span><span class=\"synConstant\">\/<\/span><span class=\"synStatement\">\"<\/span>\n<span class=\"synStatement\">readonly<\/span> <span class=\"synIdentifier\">CANONICAL_REQUEST_QUERY<\/span>=<span class=\"synStatement\">\"<\/span><span class=\"synConstant\">Action=GetCallerIdentity&amp;Version=2011-06-15<\/span><span class=\"synStatement\">\"<\/span>\n<span class=\"synStatement\">readonly<\/span> <span class=\"synIdentifier\">SNOWFLAKE_AUDIENCE_HEADER_KEY<\/span>=<span class=\"synStatement\">\"<\/span><span class=\"synConstant\">x-snowflake-audience<\/span><span class=\"synStatement\">\"<\/span>\n<span class=\"synStatement\">readonly<\/span> <span class=\"synIdentifier\">SNOWFLAKE_AUDIENCE_HEADER_VALUE<\/span>=<span class=\"synStatement\">\"<\/span><span class=\"synConstant\">snowflakecomputing.com<\/span><span class=\"synStatement\">\"<\/span>\n<span class=\"synStatement\">readonly<\/span> <span class=\"synIdentifier\">SIGNED_HEADERS<\/span>=<span class=\"synStatement\">\"<\/span><span class=\"synConstant\">host;x-amz-date;x-amz-security-token;<\/span><span class=\"synPreProc\">${SNOWFLAKE_AUDIENCE_HEADER_KEY}<\/span><span class=\"synStatement\">\"<\/span>\n<span class=\"synStatement\">readonly<\/span> <span class=\"synIdentifier\">CANONICAL_REQUEST_HEADERS<\/span>=<span class=\"synStatement\">\"<\/span><span class=\"synConstant\">\\<\/span>\n<span class=\"synConstant\">host:<\/span><span class=\"synPreProc\">${CANONICAL_REQUEST_HOST}<\/span>\n<span class=\"synConstant\">x-amz-date:<\/span><span class=\"synPreProc\">${X_AMZ_DATE}<\/span>\n<span class=\"synConstant\">x-amz-security-token:<\/span><span class=\"synPreProc\">${AWS_SESSION_TOKEN}<\/span>\n<span class=\"synConstant\">x-snowflake-audience:<\/span><span class=\"synPreProc\">${SNOWFLAKE_AUDIENCE_HEADER_VALUE}<\/span>\n<span class=\"synStatement\">\"<\/span>\n<span class=\"synStatement\">readonly<\/span> <span class=\"synIdentifier\">EMPTY_PAYLOAD_HASH<\/span>=<span class=\"synPreProc\">$(<\/span><span class=\"synStatement\">printf<\/span><span class=\"synSpecial\"> <\/span><span class=\"synStatement\">\"\"<\/span><span class=\"synSpecial\"> <\/span><span class=\"synStatement\">|<\/span><span class=\"synSpecial\"> openssl dgst -binary -sha256 <\/span><span class=\"synStatement\">|<\/span><span class=\"synSpecial\"> xxd -p -c <\/span><span class=\"synConstant\">256<\/span><span class=\"synPreProc\">)<\/span>\n<span class=\"synStatement\">readonly<\/span> <span class=\"synIdentifier\">CANONICAL_REQUEST<\/span>=<span class=\"synStatement\">\"<\/span><span class=\"synConstant\">\\<\/span>\n<span class=\"synPreProc\">${CANONICAL_REQUEST_METHOD}<\/span>\n<span class=\"synPreProc\">${CANONICAL_REQUEST_URI}<\/span>\n<span class=\"synPreProc\">${CANONICAL_REQUEST_QUERY}<\/span>\n<span class=\"synPreProc\">${CANONICAL_REQUEST_HEADERS}<\/span>\n<span class=\"synPreProc\">${SIGNED_HEADERS}<\/span>\n<span class=\"synPreProc\">${EMPTY_PAYLOAD_HASH}<\/span><span class=\"synStatement\">\"<\/span>\n<span class=\"synStatement\">readonly<\/span> <span class=\"synIdentifier\">CANONICAL_REQUEST_HASH<\/span>=<span class=\"synPreProc\">$(<\/span><span class=\"synStatement\">printf<\/span><span class=\"synSpecial\"> <\/span><span class=\"synStatement\">\"<\/span><span class=\"synPreProc\">$CANONICAL_REQUEST<\/span><span class=\"synStatement\">\"<\/span><span class=\"synSpecial\"> <\/span><span class=\"synStatement\">|<\/span><span class=\"synSpecial\"> openssl dgst -binary -sha256 <\/span><span class=\"synStatement\">|<\/span><span class=\"synSpecial\"> xxd -p -c <\/span><span class=\"synConstant\">256<\/span><span class=\"synPreProc\">)<\/span>\n<span class=\"synStatement\">readonly<\/span> <span class=\"synIdentifier\">STRING_TO_SIGN<\/span>=<span class=\"synStatement\">\"<\/span><span class=\"synConstant\">\\<\/span>\n<span class=\"synConstant\">AWS4-HMAC-SHA256<\/span>\n<span class=\"synPreProc\">${X_AMZ_DATE}<\/span>\n<span class=\"synPreProc\">${X_AMZ_DATE_SHORT}<\/span><span class=\"synConstant\">\/<\/span><span class=\"synPreProc\">${AWS_REGION}<\/span><span class=\"synConstant\">\/sts\/aws4_request<\/span>\n<span class=\"synPreProc\">${CANONICAL_REQUEST_HASH}<\/span><span class=\"synStatement\">\"<\/span>\n<span class=\"synStatement\">readonly<\/span> <span class=\"synIdentifier\">K_SECRET<\/span>=<span class=\"synPreProc\">$(<\/span><span class=\"synStatement\">printf<\/span><span class=\"synSpecial\"> <\/span><span class=\"synStatement\">\"<\/span><span class=\"synConstant\">AWS4<\/span><span class=\"synPreProc\">$AWS_SECRET_ACCESS_KEY<\/span><span class=\"synStatement\">\"<\/span><span class=\"synSpecial\"> <\/span><span class=\"synStatement\">|<\/span><span class=\"synSpecial\"> xxd -p -c <\/span><span class=\"synConstant\">256<\/span><span class=\"synPreProc\">)<\/span>\n<span class=\"synStatement\">readonly<\/span> <span class=\"synIdentifier\">K_DATE<\/span>=<span class=\"synPreProc\">$(<\/span><span class=\"synStatement\">printf<\/span><span class=\"synSpecial\"> <\/span><span class=\"synStatement\">\"<\/span><span class=\"synPreProc\">$X_AMZ_DATE_SHORT<\/span><span class=\"synStatement\">\"<\/span><span class=\"synSpecial\">  <\/span><span class=\"synStatement\">|<\/span><span class=\"synSpecial\"> openssl dgst -binary -sha256 -mac HMAC -macopt <\/span><span class=\"synStatement\">\"<\/span><span class=\"synConstant\">hexkey:<\/span><span class=\"synPreProc\">${K_SECRET}<\/span><span class=\"synStatement\">\"<\/span><span class=\"synSpecial\">  <\/span><span class=\"synConstant\">2<\/span><span class=\"synStatement\">&gt;<\/span><span class=\"synSpecial\">\/dev\/null <\/span><span class=\"synStatement\">|<\/span><span class=\"synSpecial\"> xxd -p -c <\/span><span class=\"synConstant\">256<\/span><span class=\"synPreProc\">)<\/span>\n<span class=\"synStatement\">readonly<\/span> <span class=\"synIdentifier\">K_REGION<\/span>=<span class=\"synPreProc\">$(<\/span><span class=\"synStatement\">printf<\/span><span class=\"synSpecial\"> <\/span><span class=\"synStatement\">\"<\/span><span class=\"synPreProc\">$AWS_REGION<\/span><span class=\"synStatement\">\"<\/span><span class=\"synSpecial\">      <\/span><span class=\"synStatement\">|<\/span><span class=\"synSpecial\"> openssl dgst -binary -sha256 -mac HMAC -macopt <\/span><span class=\"synStatement\">\"<\/span><span class=\"synConstant\">hexkey:<\/span><span class=\"synPreProc\">${K_DATE}<\/span><span class=\"synStatement\">\"<\/span><span class=\"synSpecial\">    <\/span><span class=\"synConstant\">2<\/span><span class=\"synStatement\">&gt;<\/span><span class=\"synSpecial\">\/dev\/null <\/span><span class=\"synStatement\">|<\/span><span class=\"synSpecial\"> xxd -p -c <\/span><span class=\"synConstant\">256<\/span><span class=\"synPreProc\">)<\/span>\n<span class=\"synStatement\">readonly<\/span> <span class=\"synIdentifier\">K_SERVICE<\/span>=<span class=\"synPreProc\">$(<\/span><span class=\"synStatement\">printf<\/span><span class=\"synSpecial\"> <\/span><span class=\"synStatement\">\"<\/span><span class=\"synConstant\">sts<\/span><span class=\"synStatement\">\"<\/span><span class=\"synSpecial\">             <\/span><span class=\"synStatement\">|<\/span><span class=\"synSpecial\"> openssl dgst -binary -sha256 -mac HMAC -macopt <\/span><span class=\"synStatement\">\"<\/span><span class=\"synConstant\">hexkey:<\/span><span class=\"synPreProc\">${K_REGION}<\/span><span class=\"synStatement\">\"<\/span><span class=\"synSpecial\">  <\/span><span class=\"synConstant\">2<\/span><span class=\"synStatement\">&gt;<\/span><span class=\"synSpecial\">\/dev\/null <\/span><span class=\"synStatement\">|<\/span><span class=\"synSpecial\"> xxd -p -c <\/span><span class=\"synConstant\">256<\/span><span class=\"synPreProc\">)<\/span>\n<span class=\"synStatement\">readonly<\/span> <span class=\"synIdentifier\">K_SIGNING<\/span>=<span class=\"synPreProc\">$(<\/span><span class=\"synStatement\">printf<\/span><span class=\"synSpecial\"> <\/span><span class=\"synStatement\">\"<\/span><span class=\"synConstant\">aws4_request<\/span><span class=\"synStatement\">\"<\/span><span class=\"synSpecial\">    <\/span><span class=\"synStatement\">|<\/span><span class=\"synSpecial\"> openssl dgst -binary -sha256 -mac HMAC -macopt <\/span><span class=\"synStatement\">\"<\/span><span class=\"synConstant\">hexkey:<\/span><span class=\"synPreProc\">${K_SERVICE}<\/span><span class=\"synStatement\">\"<\/span><span class=\"synSpecial\"> <\/span><span class=\"synConstant\">2<\/span><span class=\"synStatement\">&gt;<\/span><span class=\"synSpecial\">\/dev\/null <\/span><span class=\"synStatement\">|<\/span><span class=\"synSpecial\"> xxd -p -c <\/span><span class=\"synConstant\">256<\/span><span class=\"synPreProc\">)<\/span>\n<span class=\"synStatement\">readonly<\/span> <span class=\"synIdentifier\">SIGNATURE<\/span>=<span class=\"synPreProc\">$(<\/span><span class=\"synStatement\">printf<\/span><span class=\"synSpecial\"> <\/span><span class=\"synStatement\">\"<\/span><span class=\"synPreProc\">$STRING_TO_SIGN<\/span><span class=\"synStatement\">\"<\/span><span class=\"synSpecial\"> <\/span><span class=\"synStatement\">|<\/span><span class=\"synSpecial\"> openssl dgst -binary -sha256 -mac HMAC -macopt <\/span><span class=\"synStatement\">\"<\/span><span class=\"synConstant\">hexkey:<\/span><span class=\"synPreProc\">${K_SIGNING}<\/span><span class=\"synStatement\">\"<\/span><span class=\"synSpecial\"> <\/span><span class=\"synConstant\">2<\/span><span class=\"synStatement\">&gt;<\/span><span class=\"synSpecial\">\/dev\/null <\/span><span class=\"synStatement\">|<\/span><span class=\"synSpecial\"> xxd -p -c <\/span><span class=\"synConstant\">256<\/span><span class=\"synPreProc\">)<\/span>\n<span class=\"synStatement\">readonly<\/span> <span class=\"synIdentifier\">AUTHORIZATION_HEADER_VALUE<\/span>=<span class=\"synStatement\">\"<\/span><span class=\"synConstant\">AWS4-HMAC-SHA256 Credential=<\/span><span class=\"synPreProc\">${AWS_ACCESS_KEY_ID}<\/span><span class=\"synConstant\">\/<\/span><span class=\"synPreProc\">${X_AMZ_DATE_SHORT}<\/span><span class=\"synConstant\">\/<\/span><span class=\"synPreProc\">${AWS_REGION}<\/span><span class=\"synConstant\">\/sts\/aws4_request, SignedHeaders=<\/span><span class=\"synPreProc\">${SIGNED_HEADERS}<\/span><span class=\"synConstant\">, Signature=<\/span><span class=\"synPreProc\">${SIGNATURE}<\/span><span class=\"synStatement\">\"<\/span>\n<span class=\"synStatement\">readonly<\/span> <span class=\"synIdentifier\">CREDENTIAL_VERIFICATION_URL<\/span>=<span class=\"synStatement\">\"<\/span><span class=\"synConstant\">https:\/\/<\/span><span class=\"synPreProc\">${CANONICAL_REQUEST_HOST}${CANONICAL_REQUEST_URI}<\/span><span class=\"synConstant\">?<\/span><span class=\"synPreProc\">${CANONICAL_REQUEST_QUERY}<\/span><span class=\"synStatement\">\"<\/span>\n\n\n\n\n\n\n\n\n\n\n\n\n\n<span class=\"synStatement\">readonly<\/span> <span class=\"synIdentifier\">AWS_ATTESTATION_JSON<\/span>=<span class=\"synStatement\">\"<\/span><span class=\"synPreProc\">$(<\/span>\n<span class=\"synSpecial\">  jq -nrc \\<\/span>\n<span class=\"synSpecial\">    --arg url <\/span><span class=\"synStatement\">\"<\/span><span class=\"synPreProc\">$CREDENTIAL_VERIFICATION_URL<\/span><span class=\"synStatement\">\"<\/span><span class=\"synSpecial\"> \\<\/span>\n<span class=\"synSpecial\">    --arg authorization_header_value <\/span><span class=\"synStatement\">\"<\/span><span class=\"synPreProc\">$AUTHORIZATION_HEADER_VALUE<\/span><span class=\"synStatement\">\"<\/span><span class=\"synSpecial\"> \\<\/span>\n<span class=\"synSpecial\">    --arg http_method <\/span><span class=\"synStatement\">\"<\/span><span class=\"synPreProc\">$CANONICAL_REQUEST_METHOD<\/span><span class=\"synStatement\">\"<\/span><span class=\"synSpecial\"> \\<\/span>\n<span class=\"synSpecial\">    --arg host <\/span><span class=\"synStatement\">\"<\/span><span class=\"synPreProc\">$CANONICAL_REQUEST_HOST<\/span><span class=\"synStatement\">\"<\/span><span class=\"synSpecial\"> \\<\/span>\n<span class=\"synSpecial\">    --arg x_amz_date <\/span><span class=\"synStatement\">\"<\/span><span class=\"synPreProc\">$X_AMZ_DATE<\/span><span class=\"synStatement\">\"<\/span><span class=\"synSpecial\"> \\<\/span>\n<span class=\"synSpecial\">    --arg x_snowflake_audience <\/span><span class=\"synStatement\">\"<\/span><span class=\"synPreProc\">$SNOWFLAKE_AUDIENCE_HEADER_VALUE<\/span><span class=\"synStatement\">\"<\/span><span class=\"synSpecial\"> \\<\/span>\n<span class=\"synSpecial\">    --arg x_amz_security_token <\/span><span class=\"synStatement\">\"<\/span><span class=\"synPreProc\">$AWS_SESSION_TOKEN<\/span><span class=\"synStatement\">\"<\/span><span class=\"synSpecial\"> \\<\/span>\n<span class=\"synSpecial\">    <\/span><span class=\"synStatement\">'<\/span><span class=\"synConstant\">{<\/span>\n<span class=\"synConstant\">      url: $url,<\/span>\n<span class=\"synConstant\">      method: $http_method,<\/span>\n<span class=\"synConstant\">      headers: {<\/span>\n<span class=\"synConstant\">        \"authorization\": $authorization_header_value,<\/span>\n<span class=\"synConstant\">        \"host\": $host,<\/span>\n<span class=\"synConstant\">        \"x-amz-date\": $x_amz_date,<\/span>\n<span class=\"synConstant\">        \"x-amz-security-token\": $x_amz_security_token,<\/span>\n<span class=\"synConstant\">        \"x-snowflake-audience\": $x_snowflake_audience<\/span>\n<span class=\"synConstant\">      }<\/span>\n<span class=\"synConstant\">    }<\/span><span class=\"synStatement\">'<\/span>\n<span class=\"synPreProc\">)<\/span><span class=\"synStatement\">\"<\/span>\n<span class=\"synStatement\">readonly<\/span> <span class=\"synIdentifier\">AWS_ATTESTATION_B64<\/span>=<span class=\"synStatement\">\"<\/span><span class=\"synPreProc\">$(<\/span><span class=\"synStatement\">printf<\/span><span class=\"synSpecial\"> <\/span><span class=\"synStatement\">\"<\/span><span class=\"synConstant\">%s<\/span><span class=\"synStatement\">\"<\/span><span class=\"synSpecial\"> <\/span><span class=\"synStatement\">\"<\/span><span class=\"synPreProc\">$AWS_ATTESTATION_JSON<\/span><span class=\"synStatement\">\"<\/span><span class=\"synSpecial\"> <\/span><span class=\"synStatement\">|<\/span><span class=\"synSpecial\"> base64 <\/span><span class=\"synStatement\">|<\/span><span class=\"synSpecial\"> tr -d <\/span><span class=\"synStatement\">'<\/span><span class=\"synConstant\">\\n<\/span><span class=\"synStatement\">'<\/span><span class=\"synPreProc\">)<\/span><span class=\"synStatement\">\"<\/span>\n\n\n<span class=\"synStatement\">readonly<\/span> <span class=\"synIdentifier\">SNOWFLAKE_LOGIN_URL<\/span>=<span class=\"synStatement\">\"<\/span><span class=\"synConstant\">https:\/\/<\/span><span class=\"synPreProc\">${snowflake_account_identifier}<\/span><span class=\"synConstant\">.snowflakecomputing.com\/session\/v1\/login-request<\/span><span class=\"synStatement\">\"<\/span>\n<span class=\"synStatement\">readonly<\/span> <span class=\"synIdentifier\">SNOWFLAKE_LOGIN_REQUEST_BODY<\/span>=<span class=\"synStatement\">\"<\/span><span class=\"synPreProc\">$(<\/span>\n<span class=\"synSpecial\">  jq -nrc \\<\/span>\n<span class=\"synSpecial\">    --arg snowflake_account_identifier <\/span><span class=\"synStatement\">\"<\/span><span class=\"synPreProc\">${snowflake_account_identifier}<\/span><span class=\"synStatement\">\"<\/span><span class=\"synSpecial\"> \\<\/span>\n<span class=\"synSpecial\">    --arg snowflake_username <\/span><span class=\"synStatement\">\"<\/span><span class=\"synPreProc\">${snowflake_username}<\/span><span class=\"synStatement\">\"<\/span><span class=\"synSpecial\"> \\<\/span>\n<span class=\"synSpecial\">    --arg token <\/span><span class=\"synStatement\">\"<\/span><span class=\"synPreProc\">${AWS_ATTESTATION_B64}<\/span><span class=\"synStatement\">\"<\/span><span class=\"synSpecial\"> \\<\/span>\n<span class=\"synSpecial\">    <\/span><span class=\"synStatement\">'<\/span><span class=\"synConstant\">{<\/span>\n<span class=\"synConstant\">      data: {<\/span>\n<span class=\"synConstant\">        ACCOUNT_NAME: $snowflake_account_identifier,<\/span>\n<span class=\"synConstant\">        LOGIN_NAME: $snowflake_username,<\/span>\n<span class=\"synConstant\">        AUTHENTICATOR: \"WORKLOAD_IDENTITY\",<\/span>\n<span class=\"synConstant\">        PROVIDER: \"AWS\",<\/span>\n<span class=\"synConstant\">        TOKEN: $token<\/span>\n<span class=\"synConstant\">      }<\/span>\n<span class=\"synConstant\">    }<\/span><span class=\"synStatement\">'<\/span>\n<span class=\"synPreProc\">)<\/span><span class=\"synStatement\">\"<\/span>\n\n<span class=\"synStatement\">readonly<\/span> <span class=\"synIdentifier\">SNOWFLAKE_LOGIN_RESPONSE_JSON<\/span>=<span class=\"synStatement\">\"<\/span><span class=\"synPreProc\">$(<\/span>\n<span class=\"synSpecial\">  curl -sS -X POST \\<\/span>\n<span class=\"synSpecial\">    -H <\/span><span class=\"synStatement\">'<\/span><span class=\"synConstant\">Content-Type: application\/json<\/span><span class=\"synStatement\">'<\/span><span class=\"synSpecial\"> \\<\/span>\n<span class=\"synSpecial\">    -H <\/span><span class=\"synStatement\">'<\/span><span class=\"synConstant\">Accept: application\/snowflake<\/span><span class=\"synStatement\">'<\/span><span class=\"synSpecial\"> \\<\/span>\n<span class=\"synSpecial\">    -H <\/span><span class=\"synStatement\">'<\/span><span class=\"synConstant\">User-Agent: BASH-WIF-CLIENT\/0.0.1<\/span><span class=\"synStatement\">'<\/span><span class=\"synSpecial\"> \\<\/span>\n<span class=\"synSpecial\">    -d <\/span><span class=\"synStatement\">\"<\/span><span class=\"synPreProc\">${SNOWFLAKE_LOGIN_REQUEST_BODY}<\/span><span class=\"synStatement\">\"<\/span><span class=\"synSpecial\"> \\<\/span>\n<span class=\"synSpecial\">    <\/span><span class=\"synStatement\">\"<\/span><span class=\"synPreProc\">$SNOWFLAKE_LOGIN_URL<\/span><span class=\"synStatement\">\"<\/span>\n<span class=\"synPreProc\">)<\/span><span class=\"synStatement\">\"<\/span>\n<span class=\"synStatement\">readonly<\/span> <span class=\"synIdentifier\">SNOWFLAKE_MASTER_TOKEN<\/span>=<span class=\"synStatement\">\"<\/span><span class=\"synPreProc\">$(<\/span><span class=\"synStatement\">echo<\/span><span class=\"synConstant\"> <\/span><span class=\"synStatement\">\"<\/span><span class=\"synPreProc\">${SNOWFLAKE_LOGIN_RESPONSE_JSON}<\/span><span class=\"synStatement\">\"<\/span><span class=\"synConstant\"> <\/span><span class=\"synStatement\">|<\/span><span class=\"synSpecial\"> jq -r <\/span><span class=\"synStatement\">'<\/span><span class=\"synConstant\">.data.masterToken \/\/ empty<\/span><span class=\"synStatement\">'<\/span><span class=\"synPreProc\">)<\/span><span class=\"synStatement\">\"<\/span>\n<span class=\"synStatement\">readonly<\/span> <span class=\"synIdentifier\">SNOWFLAKE_SESSION_TOKEN<\/span>=<span class=\"synStatement\">\"<\/span><span class=\"synPreProc\">$(<\/span><span class=\"synStatement\">echo<\/span><span class=\"synConstant\"> <\/span><span class=\"synStatement\">\"<\/span><span class=\"synPreProc\">${SNOWFLAKE_LOGIN_RESPONSE_JSON}<\/span><span class=\"synStatement\">\"<\/span><span class=\"synConstant\"> <\/span><span class=\"synStatement\">|<\/span><span class=\"synSpecial\"> jq -r <\/span><span class=\"synStatement\">'<\/span><span class=\"synConstant\">.data.token \/\/ empty<\/span><span class=\"synStatement\">'<\/span><span class=\"synPreProc\">)<\/span><span class=\"synStatement\">\"<\/span>\n<span class=\"synStatement\">if <\/span><span class=\"synSpecial\">[[<\/span> <span class=\"synStatement\">-z<\/span> <span class=\"synStatement\">\"<\/span><span class=\"synPreProc\">${SNOWFLAKE_MASTER_TOKEN}<\/span><span class=\"synStatement\">\"<\/span> <span class=\"synSpecial\">]]<\/span><span class=\"synStatement\">;<\/span> <span class=\"synStatement\">then<\/span>\n  <span class=\"synStatement\">echo<\/span><span class=\"synConstant\"> <\/span><span class=\"synStatement\">\"<\/span><span class=\"synConstant\">Failed to get a snowflake master token.<\/span><span class=\"synStatement\">\"<\/span><span class=\"synConstant\"> <\/span><span class=\"synStatement\">&gt;&amp;<\/span><span class=\"synConstant\">2<\/span>\n  <span class=\"synStatement\">exit<\/span> <span class=\"synConstant\">1<\/span>\n<span class=\"synStatement\">fi<\/span>\n<span class=\"synStatement\">if <\/span><span class=\"synSpecial\">[[<\/span> <span class=\"synStatement\">-z<\/span> <span class=\"synStatement\">\"<\/span><span class=\"synPreProc\">${SNOWFLAKE_SESSION_TOKEN}<\/span><span class=\"synStatement\">\"<\/span> <span class=\"synSpecial\">]]<\/span><span class=\"synStatement\">;<\/span> <span class=\"synStatement\">then<\/span>\n  <span class=\"synStatement\">echo<\/span><span class=\"synConstant\"> <\/span><span class=\"synStatement\">\"<\/span><span class=\"synConstant\">Failed to get a snowflake session token.<\/span><span class=\"synStatement\">\"<\/span><span class=\"synConstant\"> <\/span><span class=\"synStatement\">&gt;&amp;<\/span><span class=\"synConstant\">2<\/span>\n  <span class=\"synStatement\">exit<\/span> <span class=\"synConstant\">1<\/span>\n<span class=\"synStatement\">fi<\/span>\n\njq <span class=\"synSpecial\">-ncr<\/span> <span class=\"synStatement\">\\<\/span>\n  <span class=\"synSpecial\">--arg<\/span> session_token <span class=\"synStatement\">\"<\/span><span class=\"synPreProc\">$SNOWFLAKE_SESSION_TOKEN<\/span><span class=\"synStatement\">\"<\/span> <span class=\"synStatement\">\\<\/span>\n  <span class=\"synSpecial\">--arg<\/span> master_token <span class=\"synStatement\">\"<\/span><span class=\"synPreProc\">$SNOWFLAKE_MASTER_TOKEN<\/span><span class=\"synStatement\">\"<\/span> <span class=\"synStatement\">\\<\/span>\n  <span class=\"synStatement\">'<\/span><span class=\"synConstant\">{<\/span>\n<span class=\"synConstant\">    session_token: $session_token,<\/span>\n<span class=\"synConstant\">    master_token: $master_token<\/span>\n<span class=\"synConstant\">  }<\/span><span class=\"synStatement\">'<\/span>\n<\/eof<><\/span><\/pre>\n<p>\u8a73\u3057\u304f\u8aac\u660e\u3057\u3066\u3044\u304d\u307e\u3059\u3002<\/p>\n<p>\u3044\u304d\u306a\u308aBash\u3092\u8cbc\u308a\u307e\u3057\u305f\u304c\u3001\u4e2d\u8eab\u3067\u3084\u3063\u3066\u3044\u308b\u3053\u3068\u3092\u3056\u3063\u304f\u308a\u5206\u89e3\u3059\u308b\u3068\u6b21\u306e3\u30b9\u30c6\u30c3\u30d7\u3067\u3059\u3002<\/p>\n<ol>\n<li>AWS STS \u306b\u5bfe\u3057\u3066 AssumeRole \u3092\u5b9f\u884c<\/li>\n<li>AssumeRole \u3067\u53d6\u5f97\u3057\u305fTemporal\u306aCredential\u3092\u4f7f\u3063\u3066\u3001AWS STS \u306e GetCallerIdentity \u306e SigV4 \u7f72\u540d\u4ed8\u304d\u30ea\u30af\u30a8\u30b9\u30c8\u3092\u7d44\u307f\u7acb\u3066<\/li>\n<li>\u305d\u306e\u7f72\u540d\u4ed8\u304d\u30ea\u30af\u30a8\u30b9\u30c8\u3092 Snowflake \u304c\u671f\u5f85\u3059\u308battestation\u5f62\u5f0f\u306b\u5909\u63db\u3057\u3001\u3000<code>\/session\/v1\/login-request<\/code> \u306b\u6295\u3052\u308b<\/li>\n<\/ol>\n<p>Snowflake \u306e Workload Identity Federation \u306e\u30c9\u30ad\u30e5\u30e1\u30f3\u30c8\u306b\u3082\u66f8\u304b\u308c\u3066\u3044\u308b\u3068\u304a\u308a\u3001Workload Identity Federation\uff08\u4ee5\u4e0b\u3001WIF\uff09 \u306e\u57fa\u672c\u7684\u306a\u6d41\u308c\u306f<\/p>\n<blockquote wp_automatic_readability=\"4.9147286821705\">\n<ol>\n<li>As a workload administrator, configure your service to use a native identity provider so that the provider can issue an\u00a0<em>attestation<\/em>\u00a0of your workload\u2019s identity. This attestation is often, but not always, a JSON Web Token (JWT).<\/li>\n<li>As a Snowflake administrator, create a Snowflake service user for your workload. You set the properties of this user to values found in the attestation sent by the provider. For example, a user property might specify the name of an IAM role or the issuer URL of the provider.<\/li>\n<li>As a workload developer, configure your workload to use a\u00a0<a target=\"_blank\" href=\"https:\/\/docs.snowflake.com\/en\/user-guide\/workload-identity-federation#label-wif-supported-drivers\">Snowflake driver<\/a>. Drivers send the attestation to Snowflake for verification.<\/li>\n<\/ol>\n<p>ref. <a target=\"_blank\" href=\"https:\/\/docs.snowflake.com\/en\/user-guide\/workload-identity-federation#workflow-for-implementing-workload-identity-federation\">https:\/\/docs.snowflake.com\/en\/user-guide\/workload-identity-federation#workflow-for-implementing-workload-identity-federation<\/a><\/p>\n<\/blockquote>\n<p>\u3068\u306a\u3063\u3066\u3044\u307e\u3059\u3002AWS \u306e\u5834\u5408\u3001\u305d\u306e\u300cattestation\u300d\u306e\u4e2d\u8eab\u304c SigV4 \u3067\u7f72\u540d\u3055\u308c\u305f GetCallerIdentity \u30ea\u30af\u30a8\u30b9\u30c8\u3068\u306a\u3063\u3066\u3044\u307e\u3059\u3002\u3053\u306e\u6d41\u308c\u306f\u3001AWS \u304b\u3089 Google Cloud \u306b\u5bfe\u3059\u308b Workload Identity Federation \u306e\u6d41\u308c\u3068\u307b\u3068\u3093\u3069\u5909\u308f\u308a\u307e\u305b\u3093\u3002<sup id=\"fnref:1\"><a target=\"_blank\" href=\"#fn:1\" rel=\"footnote\">1<\/a><\/sup><\/p>\n<p><iframe src=\"https:\/\/hatenablog-parts.com\/embed?url=https%3A%2F%2Fdocs.cloud.google.com%2Fiam%2Fdocs%2Fworkload-identity-federation-with-other-clouds%23advanced_scenarios\" title=\"Configure Workload Identity Federation with AWS or Azure VMs \u00a0|\u00a0 Identity and Access Management (IAM) \u00a0|\u00a0 Google Cloud Documentation\" class=\"embed-card embed-webcard\" scrolling=\"no\" frameborder=\"0\" style=\"display: block; width: 100%; height: 155px; max-width: 500px; margin: 10px 0px;\" loading=\"lazy\"><\/iframe><cite class=\"hatena-citation\"><a target=\"_blank\" href=\"https:\/\/docs.cloud.google.com\/iam\/docs\/workload-identity-federation-with-other-clouds#advanced_scenarios\">docs.cloud.google.com<\/a><\/cite><\/p>\n<p>\u5168\u4f53\u50cf\u306e1\u30682\u306f\u3001\u30c9\u30ad\u30e5\u30e1\u30f3\u30c8\u306b\u5fe0\u5b9f\u306b\u5b9f\u88c5\u3057\u305f\u3060\u3051\u3067\u3059\u3002<\/p>\n<p><iframe src=\"https:\/\/hatenablog-parts.com\/embed?url=https%3A%2F%2Fdocs.aws.amazon.com%2FIAM%2Flatest%2FUserGuide%2Freference_sigv-create-signed-request.html\" title=\"Create a signed AWS API request - AWS Identity and Access Management\" class=\"embed-card embed-webcard\" scrolling=\"no\" frameborder=\"0\" style=\"display: block; width: 100%; height: 155px; max-width: 500px; margin: 10px 0px;\" loading=\"lazy\"><\/iframe><cite class=\"hatena-citation\"><a target=\"_blank\" href=\"https:\/\/docs.aws.amazon.com\/IAM\/latest\/UserGuide\/reference_sigv-create-signed-request.html\">docs.aws.amazon.com<\/a><\/cite><\/p>\n<p>\u7279\u7b46\u3057\u3066\u8aac\u660e\u3059\u3079\u304d\u306a\u306e\u306f\u3001\u3053\u306e\u7f72\u540d\u306e\u30bf\u30a4\u30df\u30f3\u30b0\u3067 <code>x-snowflake-audience<\/code> \u30d8\u30c3\u30c0\u30fc\u3092Canonical Request \/ Signed Headers \u4e21\u65b9\u306b\u4e57\u305b\u308b\u5fc5\u8981\u304c\u3042\u308b\u70b9\u3067\u3059\u3002Snowflake \u306e Python \u30b3\u30cd\u30af\u30bf\u5b9f\u88c5\u3092\u898b\u308b\u3068\u3001AWS WIF \u306e attestation \u751f\u6210\u306b\u304a\u3044\u3066 X-Snowflake-Audience \u30d8\u30c3\u30c0\u3092\u4ed8\u4e0e\u3057\u3001\u305d\u308c\u3082 SigV4 \u7f72\u540d\u306e\u5bfe\u8c61\u306b\u542b\u3081\u3066\u3044\u308b\u3053\u3068\u304c\u308f\u304b\u308a\u307e\u3059\u3002<\/p>\n<p><iframe src=\"https:\/\/hatenablog-parts.com\/embed?url=https%3A%2F%2Fgithub.com%2Fsnowflakedb%2Fsnowflake-connector-python%2Fblob%2F3427a80f71d371f8d08e594840d1e6f7f5559075%2Fsrc%2Fsnowflake%2Fconnector%2Fwif_util.py%23L174-L220\" title=\"snowflake-connector-python\/src\/snowflake\/connector\/wif_util.py at 3427a80f71d371f8d08e594840d1e6f7f5559075 \u00b7 snowflakedb\/snowflake-connector-python\" class=\"embed-card embed-webcard\" scrolling=\"no\" frameborder=\"0\" style=\"display: block; width: 100%; height: 155px; max-width: 500px; margin: 10px 0px;\" loading=\"lazy\"><\/iframe><cite class=\"hatena-citation\"><a target=\"_blank\" href=\"https:\/\/github.com\/snowflakedb\/snowflake-connector-python\/blob\/3427a80f71d371f8d08e594840d1e6f7f5559075\/src\/snowflake\/connector\/wif_util.py#L174-L220\">github.com<\/a><\/cite><\/p>\n<p>\u3053\u308c\u3092\u629c\u3044\u3066\u3057\u307e\u3046\u3068 Snowflake \u5074\u304b\u3089 <code>code=394703 message=The AWS STS request contained unacceptable headers. For instance, the \u201cX-Amz-Date\u201d headers value may be too old as a request is only valid for 15 minutes.<\/code> \u3068\u3044\u3046\u30a8\u30e9\u30fc\u304c\u8fd4\u3063\u3066\u304d\u307e\u3059\u3002<\/p>\n<p>\u5b9f\u88c5\u3067\u8a00\u3046\u3068\u4ee5\u4e0b\u306e\u7b87\u6240\u3067\u3059\u3002\u3053\u3053\u307e\u3067\u306e\u5b9f\u88c5\u3067\u3001\u300cAWS STS \u306b\u6295\u3052\u3089\u308c\u308b\u3001GetCallerIdentity \u306eSigV4\u7f72\u540d\u4ed8\u304d\u30ea\u30af\u30a8\u30b9\u30c8\u300d\u304c\u4f5c\u3089\u308c\u3066\u3044\u308b\u306e\u3067\u3001\u3053\u308c\u3092Snowflake\u304c\u671f\u5f85\u3059\u308bJSON\u5f62\u5f0f\u306b\u5909\u63db\u3057\u307e\u3059\u3002<\/p>\n<pre class=\"code lang-sh\" data-lang=\"sh\" data-unlink=\"\"><span class=\"synStatement\">readonly<\/span> <span class=\"synIdentifier\">AWS_ATTESTATION_JSON<\/span>=<span class=\"synStatement\">\"<\/span><span class=\"synPreProc\">$(<\/span>\n<span class=\"synSpecial\">  jq -nrc \\<\/span>\n<span class=\"synSpecial\">    --arg url <\/span><span class=\"synStatement\">\"<\/span><span class=\"synPreProc\">$CREDENTIAL_VERIFICATION_URL<\/span><span class=\"synStatement\">\"<\/span><span class=\"synSpecial\"> \\<\/span>\n<span class=\"synSpecial\">    --arg authorization_header_value <\/span><span class=\"synStatement\">\"<\/span><span class=\"synPreProc\">$AUTHORIZATION_HEADER_VALUE<\/span><span class=\"synStatement\">\"<\/span><span class=\"synSpecial\"> \\<\/span>\n<span class=\"synSpecial\">    --arg http_method <\/span><span class=\"synStatement\">\"<\/span><span class=\"synPreProc\">$CANONICAL_REQUEST_METHOD<\/span><span class=\"synStatement\">\"<\/span><span class=\"synSpecial\"> \\<\/span>\n<span class=\"synSpecial\">    --arg host <\/span><span class=\"synStatement\">\"<\/span><span class=\"synPreProc\">$CANONICAL_REQUEST_HOST<\/span><span class=\"synStatement\">\"<\/span><span class=\"synSpecial\"> \\<\/span>\n<span class=\"synSpecial\">    --arg x_amz_date <\/span><span class=\"synStatement\">\"<\/span><span class=\"synPreProc\">$X_AMZ_DATE<\/span><span class=\"synStatement\">\"<\/span><span class=\"synSpecial\"> \\<\/span>\n<span class=\"synSpecial\">    --arg x_snowflake_audience <\/span><span class=\"synStatement\">\"<\/span><span class=\"synPreProc\">$SNOWFLAKE_AUDIENCE_HEADER_VALUE<\/span><span class=\"synStatement\">\"<\/span><span class=\"synSpecial\"> \\<\/span>\n<span class=\"synSpecial\">    --arg x_amz_security_token <\/span><span class=\"synStatement\">\"<\/span><span class=\"synPreProc\">$AWS_SESSION_TOKEN<\/span><span class=\"synStatement\">\"<\/span><span class=\"synSpecial\"> \\<\/span>\n<span class=\"synSpecial\">    <\/span><span class=\"synStatement\">'<\/span><span class=\"synConstant\">{<\/span>\n<span class=\"synConstant\">      url: $url,<\/span>\n<span class=\"synConstant\">      method: $http_method,<\/span>\n<span class=\"synConstant\">      headers: {<\/span>\n<span class=\"synConstant\">        \"authorization\": $authorization_header_value,<\/span>\n<span class=\"synConstant\">        \"host\": $host,<\/span>\n<span class=\"synConstant\">        \"x-amz-date\": $x_amz_date,<\/span>\n<span class=\"synConstant\">        \"x-amz-security-token\": $x_amz_security_token,<\/span>\n<span class=\"synConstant\">        \"x-snowflake-audience\": $x_snowflake_audience<\/span>\n<span class=\"synConstant\">      }<\/span>\n<span class=\"synConstant\">    }<\/span><span class=\"synStatement\">'<\/span>\n<span class=\"synPreProc\">)<\/span><span class=\"synStatement\">\"<\/span>\n<span class=\"synStatement\">readonly<\/span> <span class=\"synIdentifier\">AWS_ATTESTATION_B64<\/span>=<span class=\"synStatement\">\"<\/span><span class=\"synPreProc\">$(<\/span><span class=\"synStatement\">printf<\/span><span class=\"synSpecial\"> <\/span><span class=\"synStatement\">\"<\/span><span class=\"synConstant\">%s<\/span><span class=\"synStatement\">\"<\/span><span class=\"synSpecial\"> <\/span><span class=\"synStatement\">\"<\/span><span class=\"synPreProc\">$AWS_ATTESTATION_JSON<\/span><span class=\"synStatement\">\"<\/span><span class=\"synSpecial\"> <\/span><span class=\"synStatement\">|<\/span><span class=\"synSpecial\"> base64 <\/span><span class=\"synStatement\">|<\/span><span class=\"synSpecial\"> tr -d <\/span><span class=\"synStatement\">'<\/span><span class=\"synConstant\">\\n<\/span><span class=\"synStatement\">'<\/span><span class=\"synPreProc\">)<\/span><span class=\"synStatement\">\"<\/span>\n<\/pre>\n<p>snowflake-connector-python\u306e\u5b9f\u88c5\u306b\u304a\u3051\u308b\u3001 <code>create_aws_attestation(\u2026)<\/code> \u30e1\u30bd\u30c3\u30c9\u306e\u7d50\u679c\u3092\u4f5c\u3063\u3066\u3044\u307e\u3059\u3002 <code>url<\/code>, <code>method<\/code>, <code>headers<\/code> \u3092\u30d5\u30a3\u30fc\u30eb\u30c9\u306b\u6301\u3064JSON\u3067\u3001AWS STS\u306b\u5bfe\u3057\u3066\u6295\u3052\u3089\u308c\u308b\u30ea\u30af\u30a8\u30b9\u30c8\u306e\u8a73\u7d30\u304c\u683c\u7d0d\u3055\u308c\u307e\u3059\u3002<\/p>\n<p><iframe src=\"https:\/\/hatenablog-parts.com\/embed?url=https%3A%2F%2Fgithub.com%2Fsnowflakedb%2Fsnowflake-connector-python%2Fblob%2F3427a80f71d371f8d08e594840d1e6f7f5559075%2Fsrc%2Fsnowflake%2Fconnector%2Fwif_util.py%23L210-L215\" title=\"snowflake-connector-python\/src\/snowflake\/connector\/wif_util.py at 3427a80f71d371f8d08e594840d1e6f7f5559075 \u00b7 snowflakedb\/snowflake-connector-python\" class=\"embed-card embed-webcard\" scrolling=\"no\" frameborder=\"0\" style=\"display: block; width: 100%; height: 155px; max-width: 500px; margin: 10px 0px;\" loading=\"lazy\"><\/iframe><cite class=\"hatena-citation\"><a target=\"_blank\" href=\"https:\/\/github.com\/snowflakedb\/snowflake-connector-python\/blob\/3427a80f71d371f8d08e594840d1e6f7f5559075\/src\/snowflake\/connector\/wif_util.py#L210-L215\">github.com<\/a><\/cite><\/p>\n<p>\u3053\u3053\u307e\u3067\u6e96\u5099\u3057\u305f\u306e\u3067\u3001\u3042\u3068\u306fSnowflake\u306b\u8a8d\u8a3c\u30ea\u30af\u30a8\u30b9\u30c8\u3092\u6295\u3052\u308b\u306e\u307f\u3067\u3059\u3002 <code>\/session\/v1\/login-request<\/code> \u3078\u5148\u307b\u3069\u69cb\u7bc9\u3057\u305f AWS Attestation JSON \u3092\u8a8d\u8a3c\u306b\u5fc5\u8981\u306a\u30d1\u30e9\u30e1\u30fc\u30bf\u3068\u3068\u3082\u306b\u6295\u3052\u8fbc\u307f\u307e\u3059\u3002<\/p>\n<pre class=\"code lang-sh\" data-lang=\"sh\" data-unlink=\"\"><span class=\"synStatement\">readonly<\/span> <span class=\"synIdentifier\">SNOWFLAKE_LOGIN_URL<\/span>=<span class=\"synStatement\">\"<\/span><span class=\"synConstant\">https:\/\/<\/span><span class=\"synPreProc\">${snowflake_account_identifier}<\/span><span class=\"synConstant\">.snowflakecomputing.com\/session\/v1\/login-request<\/span><span class=\"synStatement\">\"<\/span>\n<span class=\"synStatement\">readonly<\/span> <span class=\"synIdentifier\">SNOWFLAKE_LOGIN_REQUEST_BODY<\/span>=<span class=\"synStatement\">\"<\/span><span class=\"synPreProc\">$(<\/span>\n<span class=\"synSpecial\">  jq -nrc \\<\/span>\n<span class=\"synSpecial\">    --arg snowflake_account_identifier <\/span><span class=\"synStatement\">\"<\/span><span class=\"synPreProc\">${snowflake_account_identifier}<\/span><span class=\"synStatement\">\"<\/span><span class=\"synSpecial\"> \\<\/span>\n<span class=\"synSpecial\">    --arg snowflake_username <\/span><span class=\"synStatement\">\"<\/span><span class=\"synPreProc\">${snowflake_username}<\/span><span class=\"synStatement\">\"<\/span><span class=\"synSpecial\"> \\<\/span>\n<span class=\"synSpecial\">    --arg token <\/span><span class=\"synStatement\">\"<\/span><span class=\"synPreProc\">${AWS_ATTESTATION_B64}<\/span><span class=\"synStatement\">\"<\/span><span class=\"synSpecial\"> \\<\/span>\n<span class=\"synSpecial\">    <\/span><span class=\"synStatement\">'<\/span><span class=\"synConstant\">{<\/span>\n<span class=\"synConstant\">      data: {<\/span>\n<span class=\"synConstant\">        ACCOUNT_NAME: $snowflake_account_identifier,<\/span>\n<span class=\"synConstant\">        LOGIN_NAME: $snowflake_username,<\/span>\n<span class=\"synConstant\">        AUTHENTICATOR: \"WORKLOAD_IDENTITY\",<\/span>\n<span class=\"synConstant\">        PROVIDER: \"AWS\",<\/span>\n<span class=\"synConstant\">        TOKEN: $token<\/span>\n<span class=\"synConstant\">      }<\/span>\n<span class=\"synConstant\">    }<\/span><span class=\"synStatement\">'<\/span>\n<span class=\"synPreProc\">)<\/span><span class=\"synStatement\">\"<\/span>\n<span class=\"synStatement\">readonly<\/span> <span class=\"synIdentifier\">SNOWFLAKE_LOGIN_RESPONSE_JSON<\/span>=<span class=\"synStatement\">\"<\/span><span class=\"synPreProc\">$(<\/span>\n<span class=\"synSpecial\">  curl -sS -X POST \\<\/span>\n<span class=\"synSpecial\">    -H <\/span><span class=\"synStatement\">'<\/span><span class=\"synConstant\">Content-Type: application\/json<\/span><span class=\"synStatement\">'<\/span><span class=\"synSpecial\"> \\<\/span>\n<span class=\"synSpecial\">    -H <\/span><span class=\"synStatement\">'<\/span><span class=\"synConstant\">Accept: application\/snowflake<\/span><span class=\"synStatement\">'<\/span><span class=\"synSpecial\"> \\<\/span>\n<span class=\"synSpecial\">    -H <\/span><span class=\"synStatement\">'<\/span><span class=\"synConstant\">User-Agent: BASH-WIF-CLIENT\/0.0.1<\/span><span class=\"synStatement\">'<\/span><span class=\"synSpecial\"> \\<\/span>\n<span class=\"synSpecial\">    -d <\/span><span class=\"synStatement\">\"<\/span><span class=\"synPreProc\">${SNOWFLAKE_LOGIN_REQUEST_BODY}<\/span><span class=\"synStatement\">\"<\/span><span class=\"synSpecial\"> \\<\/span>\n<span class=\"synSpecial\">    <\/span><span class=\"synStatement\">\"<\/span><span class=\"synPreProc\">$SNOWFLAKE_LOGIN_URL<\/span><span class=\"synStatement\">\"<\/span>\n<span class=\"synPreProc\">)<\/span><span class=\"synStatement\">\"<\/span>\n<\/pre>\n<p>snowflake-connector-python \u306b\u304a\u3051\u308b\u5b9f\u88c5\u306f\u4ee5\u4e0b\u306b\u306a\u308a\u307e\u3059\u3002<\/p>\n<p><iframe src=\"https:\/\/hatenablog-parts.com\/embed?url=https%3A%2F%2Fgithub.com%2Fsnowflakedb%2Fsnowflake-connector-python%2Fblob%2F3427a80f71d371f8d08e594840d1e6f7f5559075%2Fsrc%2Fsnowflake%2Fconnector%2Fauth%2Fworkload_identity.py%23L49-L110\" title=\"snowflake-connector-python\/src\/snowflake\/connector\/auth\/workload_identity.py at 3427a80f71d371f8d08e594840d1e6f7f5559075 \u00b7 snowflakedb\/snowflake-connector-python\" class=\"embed-card embed-webcard\" scrolling=\"no\" frameborder=\"0\" style=\"display: block; width: 100%; height: 155px; max-width: 500px; margin: 10px 0px;\" loading=\"lazy\"><\/iframe><cite class=\"hatena-citation\"><a target=\"_blank\" href=\"https:\/\/github.com\/snowflakedb\/snowflake-connector-python\/blob\/3427a80f71d371f8d08e594840d1e6f7f5559075\/src\/snowflake\/connector\/auth\/workload_identity.py#L49-L110\">github.com<\/a><\/cite><\/p>\n<p>Snowflake \u304b\u3089\u306e\u30ec\u30b9\u30dd\u30f3\u30b9\u306f\u3001\u3056\u3063\u304f\u308a\u6b21\u306e\u3088\u3046\u306a JSON \u3067\u3059\u3002<\/p>\n<pre class=\"code lang-json\" data-lang=\"json\" data-unlink=\"\"><span class=\"synSpecial\">{<\/span>\n  \"<span class=\"synStatement\">data<\/span>\": <span class=\"synSpecial\">{<\/span>\n    \"<span class=\"synStatement\">masterToken<\/span>\": \"<span class=\"synConstant\">XXXXXXXXXX<\/span>\",\n    \"<span class=\"synStatement\">token<\/span>\": \"<span class=\"synConstant\">XXXXXXXXXX<\/span>\",\n    \"<span class=\"synStatement\">validityInSeconds<\/span>\": <span class=\"synConstant\">3600<\/span>,\n    \"<span class=\"synStatement\">displayUserName<\/span>\": \"<span class=\"synConstant\">TEST_USER<\/span>\",\n    \"<span class=\"synStatement\">firstLogin<\/span>\": <span class=\"synConstant\">false<\/span>,\n    ...\n  <span class=\"synSpecial\">}<\/span>,\n  \"<span class=\"synStatement\">success<\/span>\": <span class=\"synConstant\">true<\/span>\n<span class=\"synSpecial\">}<\/span>\n<\/pre>\n<p>snowflake-connector-python \u306e\u5b9f\u88c5\u3067\u3082\u3001\u3053\u306e token \u3068 masterToken \u3092\u8a8d\u8a3c\u5f8c\u306b\u683c\u7d0d\u3057\u3066\u3044\u307e\u3059\u3002<\/p>\n<p><iframe src=\"https:\/\/hatenablog-parts.com\/embed?url=https%3A%2F%2Fgithub.com%2Fsnowflakedb%2Fsnowflake-connector-python%2Fblob%2F90f3caff29c8fb305276527d78831233c951b52e%2Fsrc%2Fsnowflake%2Fconnector%2Fauth%2F_auth.py%23L478-L484\" title=\"snowflake-connector-python\/src\/snowflake\/connector\/auth\/_auth.py at 90f3caff29c8fb305276527d78831233c951b52e \u00b7 snowflakedb\/snowflake-connector-python\" class=\"embed-card embed-webcard\" scrolling=\"no\" frameborder=\"0\" style=\"display: block; width: 100%; height: 155px; max-width: 500px; margin: 10px 0px;\" loading=\"lazy\"><\/iframe><cite class=\"hatena-citation\"><a target=\"_blank\" href=\"https:\/\/github.com\/snowflakedb\/snowflake-connector-python\/blob\/90f3caff29c8fb305276527d78831233c951b52e\/src\/snowflake\/connector\/auth\/_auth.py#L478-L484\">github.com<\/a><\/cite><\/p>\n<p>\u672c\u8a18\u4e8b\u3067\u306f\u3001AWS\u304b\u3089Snowflake\u3078Workload Identity Federation\u3092\u4f7f\u3063\u3066\u8a8d\u8a3c\u3057\u3001\u30bb\u30c3\u30b7\u30e7\u30f3\u30c8\u30fc\u30af\u30f3\u3092\u53d6\u5f97\u3059\u308b\u3068\u3053\u308d\u307e\u3067\u3092Bash\u3067\u5b9f\u88c5\u3057\u3066\u307f\u308b\u3053\u3068\u3067\u3001Workload Identity Federation\u6a5f\u80fd\u306b\u304a\u3051\u308b\u4f4e\u30ec\u30a4\u30e4\u30fc\u306a\u30a2\u30af\u30bb\u30b9\u3092\u7406\u89e3\u3057\u307e\u3057\u305f\u3002SDK\u306e\u4e2d\u3067\u884c\u308f\u308c\u3066\u3044\u308bWorkload Identity Federation\u306b\u3088\u308b\u8a8d\u8a3c\u306e\u5b9f\u88c5\u3092\u518d\u5b9f\u88c5\u3057\u3066\u307f\u308b\u3053\u3068\u3067\u3001\u8a73\u7d30\u306a\u51e6\u7406\u3092\u8ffd\u3046\u3053\u3068\u304c\u51fa\u6765\u307e\u3057\u305f\u3002\u3082\u3057\u30ea\u30af\u30a8\u30b9\u30c8\u6642\u306b\u8a8d\u8a3c\u30a8\u30e9\u30fc\u306a\u3069\u306e\u554f\u984c\u304c\u767a\u751f\u3057\u3066\u3082\u3001\u539f\u56e0\u5207\u308a\u5206\u3051\u3082\u3084\u308a\u3084\u3059\u304f\u306a\u308b\u3053\u3068\u3067\u3057\u3087\u3046\u3002<\/p>\n<p>LayerX\u3067\u306f\u3001Snowflake\u3092\u6d3b\u7528\u3057\u305f\u30c7\u30fc\u30bf\u57fa\u76e4\u306e\u69cb\u7bc9\u3068\u3001\u305d\u306e\u4e0a\u3067\u306eAI\/ML\u30b7\u30b9\u30c6\u30e0\u306e\u958b\u767a\u3092\u9032\u3081\u3066\u3044\u307e\u3059\u3002Production-Ready\u306aAI\u958b\u767a\u3092\u30b5\u30dd\u30fc\u30c8\u3059\u308b\u305f\u3081\u306e\u30c7\u30fc\u30bf\u57fa\u76e4\u958b\u767a\u3001\u6642\u7cfb\u5217\u30c7\u30fc\u30bf\u51e6\u7406\u3001\u30ea\u30a2\u30eb\u30bf\u30a4\u30e0\u30c7\u30fc\u30bf\u30d1\u30a4\u30d7\u30e9\u30a4\u30f3\u306e\u69cb\u7bc9\u306a\u3069\u306b\u8208\u5473\u304c\u3042\u308b\u65b9\u306f\u3001\u305c\u3072\u4e00\u7dd2\u306b\u30c1\u30e3\u30ec\u30f3\u30b8\u3057\u307e\u3057\u3087\u3046!<\/p>\n<p><iframe loading=\"lazy\" src=\"https:\/\/open.talentio.com\/r\/1\/c\/layerx\/embed\/pages\/61470\" width=\"100%\" height=\"300\" frameborder=\"0\" title=\"%E6%A0%AA%E5%BC%8F%E4%BC%9A%E7%A4%BELayerX++%7C+%E3%80%90%E3%83%90%E3%82%AF%E3%83%A9%E3%82%AF%E3%80%91%E3%83%87%E3%83%BC%E3%82%BF%E3%82%A8%E3%83%B3%E3%82%B8%E3%83%8B%E3%82%A2\"><\/iframe><cite class=\"hatena-citation\"><a target=\"_blank\" href=\"https:\/\/open.talentio.com\/r\/1\/c\/layerx\/pages\/61470\">open.talentio.com<\/a><\/cite><br \/>\n<iframe loading=\"lazy\" src=\"https:\/\/open.talentio.com\/r\/1\/c\/layerx\/embed\/pages\/108414\" width=\"100%\" height=\"300\" frameborder=\"0\" title=\"%E6%A0%AA%E5%BC%8F%E4%BC%9A%E7%A4%BELayerX++%7C+%E3%80%90%E3%83%90%E3%82%AF%E3%83%A9%E3%82%AF%E3%80%91%E3%82%BD%E3%83%95%E3%83%88%E3%82%A6%E3%82%A7%E3%82%A2%E3%82%A8%E3%83%B3%E3%82%B8%E3%83%8B%E3%82%A2_BizOps\"><\/iframe><cite class=\"hatena-citation\"><a target=\"_blank\" href=\"https:\/\/open.talentio.com\/r\/1\/c\/layerx\/pages\/108414\">open.talentio.com<\/a><\/cite><br \/>\n<iframe loading=\"lazy\" src=\"https:\/\/open.talentio.com\/r\/1\/c\/layerx\/embed\/pages\/70069\" width=\"100%\" height=\"300\" frameborder=\"0\" title=\"%E6%A0%AA%E5%BC%8F%E4%BC%9A%E7%A4%BELayerX++%7C+%E3%80%90%E3%83%90%E3%82%AF%E3%83%A9%E3%82%AF%E3%80%91%E7%B5%8C%E5%96%B6%E4%BC%81%E7%94%BB%E3%83%BB%E4%BA%8B%E6%A5%AD%E4%BC%81%E7%94%BB\"><\/iframe><cite class=\"hatena-citation\"><a target=\"_blank\" href=\"https:\/\/open.talentio.com\/r\/1\/c\/layerx\/pages\/70069\">open.talentio.com<\/a><\/cite><\/p>\n<\/div>\n<p><script async src=\"\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><script>(function(d, s, id) {\n  var js, fjs = d.getElementsByTagName(s)[0];\n  if (d.getElementById(id)) return;\n  js = d.createElement(s); js.id = id;\n  js.src = \"\/\/connect.facebook.net\/ja_JP\/sdk.js#xfbml=1&appId=719729204785177&version=v17.0\";\n  fjs.parentNode.insertBefore(js, fjs);\n}(document, 'script', 'facebook-jssdk'));<\/script><br \/>\n<br \/>\n<br \/><a href=\"https:\/\/tech.layerx.co.jp\/entry\/snowflake-wif-for-aws-bash\">\u5143\u306e\u8a18\u4e8b\u3092\u78ba\u8a8d\u3059\u308b <\/a><\/p>\n","protected":false},"excerpt":{"rendered":"\u3053\u306e\u8a18\u4e8b\u306f\u3001LayerX Tech Advent Calendar 2025 \u306e 5\u65e5\u76ee\u306e\u8a18\u4e8b\u3067\u3059\u3002 tech.layerx.co.jp \u3053\u3093\u306b\u3061\u306f\u3002\u30d0\u30af\u30e9\u30af\u4e8b\u696d\u90e8 BizOps\u90e8 \u30c7\u30fc\u30bf\u30b0\u30eb\u30fc\u30d7\u306e@civitaspo\u3067 [&hellip;]","protected":false},"author":1,"featured_media":26578,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[4],"tags":[],"class_list":["post-26577","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-company-tec"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.6 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>AWS\u2192Snowflake\u306eWorkload Identity Federation\u3092Bash\u3067\u5b9f\u88c5\u3057\u3066\u4f4e\u30ec\u30d9\u30eb\u306a\u51e6\u7406\u3092\u7406\u89e3\u3059\u308b\u306e\u5dfb - LayerX \u30a8\u30f3\u30b8\u30cb\u30a2\u30d6\u30ed\u30b0 - \u30dd\u30b1\u30b3\u30f3<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/tech.layerx.co.jp\/entry\/snowflake-wif-for-aws-bash\" \/>\n<meta property=\"og:locale\" content=\"ja_JP\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"AWS\u2192Snowflake\u306eWorkload Identity Federation\u3092Bash\u3067\u5b9f\u88c5\u3057\u3066\u4f4e\u30ec\u30d9\u30eb\u306a\u51e6\u7406\u3092\u7406\u89e3\u3059\u308b\u306e\u5dfb - LayerX \u30a8\u30f3\u30b8\u30cb\u30a2\u30d6\u30ed\u30b0 - \u30dd\u30b1\u30b3\u30f3\" \/>\n<meta property=\"og:description\" content=\"\u3053\u306e\u8a18\u4e8b\u306f\u3001LayerX Tech Advent Calendar 2025 \u306e 5\u65e5\u76ee\u306e\u8a18\u4e8b\u3067\u3059\u3002 tech.layerx.co.jp \u3053\u3093\u306b\u3061\u306f\u3002\u30d0\u30af\u30e9\u30af\u4e8b\u696d\u90e8 BizOps\u90e8 \u30c7\u30fc\u30bf\u30b0\u30eb\u30fc\u30d7\u306e@civitaspo\u3067 [&hellip;]\" \/>\n<meta property=\"og:url\" content=\"https:\/\/tech.layerx.co.jp\/entry\/snowflake-wif-for-aws-bash\" \/>\n<meta property=\"og:site_name\" content=\"\u30dd\u30b1\u30b3\u30f3\" \/>\n<meta property=\"article:published_time\" content=\"2025-12-05T14:35:21+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/pokecon.jp\/job\/wp-content\/uploads\/2025\/12\/https3A2F2Fcdn-ak.f.st-hatena.com2Fimages2Ffotolife2Fc2Fcivitaspo2F202512052F20251205195437.png\" \/>\n\t<meta property=\"og:image:width\" content=\"1300\" \/>\n\t<meta property=\"og:image:height\" content=\"683\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/png\" \/>\n<meta name=\"author\" content=\"info@pokecon.jp\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"\u57f7\u7b46\u8005\" \/>\n\t<meta name=\"twitter:data1\" content=\"info@pokecon.jp\" \/>\n\t<meta name=\"twitter:label2\" content=\"\u63a8\u5b9a\u8aad\u307f\u53d6\u308a\u6642\u9593\" \/>\n\t<meta name=\"twitter:data2\" content=\"5\u5206\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/tech.layerx.co.jp\\\/entry\\\/snowflake-wif-for-aws-bash#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/pokecon.jp\\\/job\\\/26577\\\/\"},\"author\":{\"name\":\"info@pokecon.jp\",\"@id\":\"https:\\\/\\\/pokecon.jp\\\/job\\\/#\\\/schema\\\/person\\\/16c9f07b1ba984d165d9aee259bda997\"},\"headline\":\"AWS\u2192Snowflake\u306eWorkload Identity Federation\u3092Bash\u3067\u5b9f\u88c5\u3057\u3066\u4f4e\u30ec\u30d9\u30eb\u306a\u51e6\u7406\u3092\u7406\u89e3\u3059\u308b\u306e\u5dfb &#8211; LayerX \u30a8\u30f3\u30b8\u30cb\u30a2\u30d6\u30ed\u30b0\",\"datePublished\":\"2025-12-05T14:35:21+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/pokecon.jp\\\/job\\\/26577\\\/\"},\"wordCount\":311,\"image\":{\"@id\":\"https:\\\/\\\/tech.layerx.co.jp\\\/entry\\\/snowflake-wif-for-aws-bash#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/pokecon.jp\\\/job\\\/wp-content\\\/uploads\\\/2025\\\/12\\\/https3A2F2Fcdn-ak.f.st-hatena.com2Fimages2Ffotolife2Fc2Fcivitaspo2F202512052F20251205195437.png\",\"articleSection\":[\"\u4f01\u696d\u30c6\u30c3\u30af\"],\"inLanguage\":\"ja\"},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/pokecon.jp\\\/job\\\/26577\\\/\",\"url\":\"https:\\\/\\\/tech.layerx.co.jp\\\/entry\\\/snowflake-wif-for-aws-bash\",\"name\":\"AWS\u2192Snowflake\u306eWorkload Identity Federation\u3092Bash\u3067\u5b9f\u88c5\u3057\u3066\u4f4e\u30ec\u30d9\u30eb\u306a\u51e6\u7406\u3092\u7406\u89e3\u3059\u308b\u306e\u5dfb - LayerX \u30a8\u30f3\u30b8\u30cb\u30a2\u30d6\u30ed\u30b0 - \u30dd\u30b1\u30b3\u30f3\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/pokecon.jp\\\/job\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/tech.layerx.co.jp\\\/entry\\\/snowflake-wif-for-aws-bash#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/tech.layerx.co.jp\\\/entry\\\/snowflake-wif-for-aws-bash#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/pokecon.jp\\\/job\\\/wp-content\\\/uploads\\\/2025\\\/12\\\/https3A2F2Fcdn-ak.f.st-hatena.com2Fimages2Ffotolife2Fc2Fcivitaspo2F202512052F20251205195437.png\",\"datePublished\":\"2025-12-05T14:35:21+00:00\",\"author\":{\"@id\":\"https:\\\/\\\/pokecon.jp\\\/job\\\/#\\\/schema\\\/person\\\/16c9f07b1ba984d165d9aee259bda997\"},\"breadcrumb\":{\"@id\":\"https:\\\/\\\/tech.layerx.co.jp\\\/entry\\\/snowflake-wif-for-aws-bash#breadcrumb\"},\"inLanguage\":\"ja\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/tech.layerx.co.jp\\\/entry\\\/snowflake-wif-for-aws-bash\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"ja\",\"@id\":\"https:\\\/\\\/tech.layerx.co.jp\\\/entry\\\/snowflake-wif-for-aws-bash#primaryimage\",\"url\":\"https:\\\/\\\/pokecon.jp\\\/job\\\/wp-content\\\/uploads\\\/2025\\\/12\\\/https3A2F2Fcdn-ak.f.st-hatena.com2Fimages2Ffotolife2Fc2Fcivitaspo2F202512052F20251205195437.png\",\"contentUrl\":\"https:\\\/\\\/pokecon.jp\\\/job\\\/wp-content\\\/uploads\\\/2025\\\/12\\\/https3A2F2Fcdn-ak.f.st-hatena.com2Fimages2Ffotolife2Fc2Fcivitaspo2F202512052F20251205195437.png\",\"width\":1300,\"height\":683},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/tech.layerx.co.jp\\\/entry\\\/snowflake-wif-for-aws-bash#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"\u30db\u30fc\u30e0\",\"item\":\"https:\\\/\\\/pokecon.jp\\\/job\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"AWS\u2192Snowflake\u306eWorkload Identity Federation\u3092Bash\u3067\u5b9f\u88c5\u3057\u3066\u4f4e\u30ec\u30d9\u30eb\u306a\u51e6\u7406\u3092\u7406\u89e3\u3059\u308b\u306e\u5dfb &#8211; LayerX \u30a8\u30f3\u30b8\u30cb\u30a2\u30d6\u30ed\u30b0\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/pokecon.jp\\\/job\\\/#website\",\"url\":\"https:\\\/\\\/pokecon.jp\\\/job\\\/\",\"name\":\"\u30dd\u30b1\u30b3\u30f3\",\"description\":\"\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/pokecon.jp\\\/job\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"ja\"},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/pokecon.jp\\\/job\\\/#\\\/schema\\\/person\\\/16c9f07b1ba984d165d9aee259bda997\",\"name\":\"info@pokecon.jp\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"ja\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/2b0549cd9f7907c092ca5fbb283baf72337f235726e4b46fa39ec0b701ac2fe2?s=96&d=wavatar&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/2b0549cd9f7907c092ca5fbb283baf72337f235726e4b46fa39ec0b701ac2fe2?s=96&d=wavatar&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/2b0549cd9f7907c092ca5fbb283baf72337f235726e4b46fa39ec0b701ac2fe2?s=96&d=wavatar&r=g\",\"caption\":\"info@pokecon.jp\"},\"url\":\"https:\\\/\\\/pokecon.jp\\\/job\\\/author\\\/infopokecon-jp\\\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"AWS\u2192Snowflake\u306eWorkload Identity Federation\u3092Bash\u3067\u5b9f\u88c5\u3057\u3066\u4f4e\u30ec\u30d9\u30eb\u306a\u51e6\u7406\u3092\u7406\u89e3\u3059\u308b\u306e\u5dfb - LayerX \u30a8\u30f3\u30b8\u30cb\u30a2\u30d6\u30ed\u30b0 - \u30dd\u30b1\u30b3\u30f3","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/tech.layerx.co.jp\/entry\/snowflake-wif-for-aws-bash","og_locale":"ja_JP","og_type":"article","og_title":"AWS\u2192Snowflake\u306eWorkload Identity Federation\u3092Bash\u3067\u5b9f\u88c5\u3057\u3066\u4f4e\u30ec\u30d9\u30eb\u306a\u51e6\u7406\u3092\u7406\u89e3\u3059\u308b\u306e\u5dfb - LayerX \u30a8\u30f3\u30b8\u30cb\u30a2\u30d6\u30ed\u30b0 - \u30dd\u30b1\u30b3\u30f3","og_description":"\u3053\u306e\u8a18\u4e8b\u306f\u3001LayerX Tech Advent Calendar 2025 \u306e 5\u65e5\u76ee\u306e\u8a18\u4e8b\u3067\u3059\u3002 tech.layerx.co.jp \u3053\u3093\u306b\u3061\u306f\u3002\u30d0\u30af\u30e9\u30af\u4e8b\u696d\u90e8 BizOps\u90e8 \u30c7\u30fc\u30bf\u30b0\u30eb\u30fc\u30d7\u306e@civitaspo\u3067 [&hellip;]","og_url":"https:\/\/tech.layerx.co.jp\/entry\/snowflake-wif-for-aws-bash","og_site_name":"\u30dd\u30b1\u30b3\u30f3","article_published_time":"2025-12-05T14:35:21+00:00","og_image":[{"width":1300,"height":683,"url":"https:\/\/pokecon.jp\/job\/wp-content\/uploads\/2025\/12\/https3A2F2Fcdn-ak.f.st-hatena.com2Fimages2Ffotolife2Fc2Fcivitaspo2F202512052F20251205195437.png","type":"image\/png"}],"author":"info@pokecon.jp","twitter_card":"summary_large_image","twitter_misc":{"\u57f7\u7b46\u8005":"info@pokecon.jp","\u63a8\u5b9a\u8aad\u307f\u53d6\u308a\u6642\u9593":"5\u5206"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/tech.layerx.co.jp\/entry\/snowflake-wif-for-aws-bash#article","isPartOf":{"@id":"https:\/\/pokecon.jp\/job\/26577\/"},"author":{"name":"info@pokecon.jp","@id":"https:\/\/pokecon.jp\/job\/#\/schema\/person\/16c9f07b1ba984d165d9aee259bda997"},"headline":"AWS\u2192Snowflake\u306eWorkload Identity Federation\u3092Bash\u3067\u5b9f\u88c5\u3057\u3066\u4f4e\u30ec\u30d9\u30eb\u306a\u51e6\u7406\u3092\u7406\u89e3\u3059\u308b\u306e\u5dfb &#8211; LayerX \u30a8\u30f3\u30b8\u30cb\u30a2\u30d6\u30ed\u30b0","datePublished":"2025-12-05T14:35:21+00:00","mainEntityOfPage":{"@id":"https:\/\/pokecon.jp\/job\/26577\/"},"wordCount":311,"image":{"@id":"https:\/\/tech.layerx.co.jp\/entry\/snowflake-wif-for-aws-bash#primaryimage"},"thumbnailUrl":"https:\/\/pokecon.jp\/job\/wp-content\/uploads\/2025\/12\/https3A2F2Fcdn-ak.f.st-hatena.com2Fimages2Ffotolife2Fc2Fcivitaspo2F202512052F20251205195437.png","articleSection":["\u4f01\u696d\u30c6\u30c3\u30af"],"inLanguage":"ja"},{"@type":"WebPage","@id":"https:\/\/pokecon.jp\/job\/26577\/","url":"https:\/\/tech.layerx.co.jp\/entry\/snowflake-wif-for-aws-bash","name":"AWS\u2192Snowflake\u306eWorkload Identity Federation\u3092Bash\u3067\u5b9f\u88c5\u3057\u3066\u4f4e\u30ec\u30d9\u30eb\u306a\u51e6\u7406\u3092\u7406\u89e3\u3059\u308b\u306e\u5dfb - LayerX \u30a8\u30f3\u30b8\u30cb\u30a2\u30d6\u30ed\u30b0 - \u30dd\u30b1\u30b3\u30f3","isPartOf":{"@id":"https:\/\/pokecon.jp\/job\/#website"},"primaryImageOfPage":{"@id":"https:\/\/tech.layerx.co.jp\/entry\/snowflake-wif-for-aws-bash#primaryimage"},"image":{"@id":"https:\/\/tech.layerx.co.jp\/entry\/snowflake-wif-for-aws-bash#primaryimage"},"thumbnailUrl":"https:\/\/pokecon.jp\/job\/wp-content\/uploads\/2025\/12\/https3A2F2Fcdn-ak.f.st-hatena.com2Fimages2Ffotolife2Fc2Fcivitaspo2F202512052F20251205195437.png","datePublished":"2025-12-05T14:35:21+00:00","author":{"@id":"https:\/\/pokecon.jp\/job\/#\/schema\/person\/16c9f07b1ba984d165d9aee259bda997"},"breadcrumb":{"@id":"https:\/\/tech.layerx.co.jp\/entry\/snowflake-wif-for-aws-bash#breadcrumb"},"inLanguage":"ja","potentialAction":[{"@type":"ReadAction","target":["https:\/\/tech.layerx.co.jp\/entry\/snowflake-wif-for-aws-bash"]}]},{"@type":"ImageObject","inLanguage":"ja","@id":"https:\/\/tech.layerx.co.jp\/entry\/snowflake-wif-for-aws-bash#primaryimage","url":"https:\/\/pokecon.jp\/job\/wp-content\/uploads\/2025\/12\/https3A2F2Fcdn-ak.f.st-hatena.com2Fimages2Ffotolife2Fc2Fcivitaspo2F202512052F20251205195437.png","contentUrl":"https:\/\/pokecon.jp\/job\/wp-content\/uploads\/2025\/12\/https3A2F2Fcdn-ak.f.st-hatena.com2Fimages2Ffotolife2Fc2Fcivitaspo2F202512052F20251205195437.png","width":1300,"height":683},{"@type":"BreadcrumbList","@id":"https:\/\/tech.layerx.co.jp\/entry\/snowflake-wif-for-aws-bash#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"\u30db\u30fc\u30e0","item":"https:\/\/pokecon.jp\/job\/"},{"@type":"ListItem","position":2,"name":"AWS\u2192Snowflake\u306eWorkload Identity Federation\u3092Bash\u3067\u5b9f\u88c5\u3057\u3066\u4f4e\u30ec\u30d9\u30eb\u306a\u51e6\u7406\u3092\u7406\u89e3\u3059\u308b\u306e\u5dfb &#8211; LayerX \u30a8\u30f3\u30b8\u30cb\u30a2\u30d6\u30ed\u30b0"}]},{"@type":"WebSite","@id":"https:\/\/pokecon.jp\/job\/#website","url":"https:\/\/pokecon.jp\/job\/","name":"\u30dd\u30b1\u30b3\u30f3","description":"","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/pokecon.jp\/job\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"ja"},{"@type":"Person","@id":"https:\/\/pokecon.jp\/job\/#\/schema\/person\/16c9f07b1ba984d165d9aee259bda997","name":"info@pokecon.jp","image":{"@type":"ImageObject","inLanguage":"ja","@id":"https:\/\/secure.gravatar.com\/avatar\/2b0549cd9f7907c092ca5fbb283baf72337f235726e4b46fa39ec0b701ac2fe2?s=96&d=wavatar&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/2b0549cd9f7907c092ca5fbb283baf72337f235726e4b46fa39ec0b701ac2fe2?s=96&d=wavatar&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/2b0549cd9f7907c092ca5fbb283baf72337f235726e4b46fa39ec0b701ac2fe2?s=96&d=wavatar&r=g","caption":"info@pokecon.jp"},"url":"https:\/\/pokecon.jp\/job\/author\/infopokecon-jp\/"}]}},"_links":{"self":[{"href":"https:\/\/pokecon.jp\/job\/wp-json\/wp\/v2\/posts\/26577","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/pokecon.jp\/job\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/pokecon.jp\/job\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/pokecon.jp\/job\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/pokecon.jp\/job\/wp-json\/wp\/v2\/comments?post=26577"}],"version-history":[{"count":1,"href":"https:\/\/pokecon.jp\/job\/wp-json\/wp\/v2\/posts\/26577\/revisions"}],"predecessor-version":[{"id":26579,"href":"https:\/\/pokecon.jp\/job\/wp-json\/wp\/v2\/posts\/26577\/revisions\/26579"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/pokecon.jp\/job\/wp-json\/wp\/v2\/media\/26578"}],"wp:attachment":[{"href":"https:\/\/pokecon.jp\/job\/wp-json\/wp\/v2\/media?parent=26577"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/pokecon.jp\/job\/wp-json\/wp\/v2\/categories?post=26577"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/pokecon.jp\/job\/wp-json\/wp\/v2\/tags?post=26577"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}