Create and manage Snowflake network rules and policies from the terminal. Supports IPv4 presets for GitHub Actions, Google services, and local IP detection.
5+ manual steps → single command.
Snowflake CLI (snow) installed and configuredPython 3.12+
Task (optional, for task-based workflow)
uv sync # or: pip install . # Create a network rule with your local IP (default)# Include GitHub Actions runner IPs for CI/CD# Create rule + network policy in one command# Google IPs (App Scripts, Cloud Functions, etc.)# Egress rule for external APIs" api.openai.com:443,api.anthropic.com:443" task create NW_RULE_NAME=dev_rule NW_RULE_DB=my_db
task github NW_RULE_NAME=ci_rule NW_RULE_DB=my_db
task google NW_RULE_NAME=google_ips NW_RULE_DB=my_db
task local NW_RULE_NAME=dev_local NW_RULE_DB=my_db
task policy -- --name ci_policy --rules " DB.NETWORKS.RULE1"
Command
Description
rule createCreate a network rule with presets and/or custom values
rule updateReplace values in an existing network rule
rule deleteDelete a network rule
rule listList network rules in a schema
policy createCreate a network policy with specified rules
policy alterAdd rules to an existing network policy
policy deleteDelete a network policy
policy listList all network policies
policy assignAssign a network policy to a user
Supported Rule Modes and Types
Mode
Valid Types
ingressipv4, awsvpceid
egressipv4, host_port
internal_stageipv4, awsvpceid
postgres_ingressipv4, awsvpceid
postgres_egressipv4, host_port
Flag
Source
--allow-local (default ON)Your current public IP via ipify.org
--allow-ghGitHub Actions runner IPs via GitHub meta API
--allow-googleGoogle IP ranges via gstatic.com
--valuesCustom comma-separated CIDRs or host:port values
Variable
Description
NW_RULE_NAMENetwork rule name
NW_RULE_DBDatabase for network rules
NW_RULE_SCHEMASchema for network rules (default: NETWORKS)
sf-utils-skills — Cortex Code skill sf-utils-networks (after repo rename from snow-utils-skills)
Apache 2.0