Other configuration for Lambda processing

For the Lambda version of Snowflake on AWS data generation, you must also configure the AWS Lambda role and related Tonic Structural environment settings.

Setting up the AWS Lambda role for Snowflake on AWS

Creating the role

The AWS Lambda function that Structural sets up requires an AWS role. The name of this role is configured in the following environment setting:


The policy for this role should look like this:

	"Version": "2012-10-17",
	"Statement": [{
		"Sid": "VisualEditor0",
		"Effect": "Allow",
		"Action": [
		"Resource": [
			"arn:aws:sqs:*:<aws account id>:tonic-*",

The above policy grants the Lambda function the required access to Amazon SQS, Amazon S3, and CloudWatch.

This policy assumes that the S3 buckets and Amazon SQS queues that are used begin with the tonic- prefix.

Enabling Lambda to assume the role

After you create the role, you must allow the Lambda service to assume the role.

For the role, the Trust relationships in the AWS IAM role should be configured to look like the following:

    "Version": "2012-10-17",
    "Statement": [
            "Effect": "Allow",
            "Principal": {
                "Service": "lambda.amazonaws.com"
            "Action": "sts:AssumeRole"

Configuring Structural environment settings for Lambda processing

Structural allows you to set the following Snowflake-specific environment settings that make it easier to adapt our Snowflake integration into your specific AWS environment. You configure these settings in the Structural worker container.

# No default value
# This setting is required to be set by user
# ARN of AWS Role to be assumed by Structural's Lambda function

# Default value of 30 secs
# Timeout of Lambda used to process data files
# Maximum allowed duration of Lambda function is 15 min

# Default value of 1024MB
# Memory limit of Lambda used to process data files
# Maximum allowed memory of Lambda function is 10240 MB

# Default value of 30 secs
# Visibility of Amazon SQS, which stores messages sent to Lambda
# Note that this value must be >= TONIC_LAMBDA_TIMEOUT

# No default value
# This setting is required to be set by user if using AWS KMS encryption
# AWS KMS Key ID for encrypting messages sent to Amazon SQS

Last updated