SUPPORT.TWILIO.COM END OF LIFE NOTICE: This site, support.twilio.com, is scheduled to go End of Life on February 27, 2024. All Twilio Support content has been migrated to help.twilio.com, where you can continue to find helpful Support articles, API docs, and Twilio blog content, and escalate your issues to our Support team. We encourage you to update your bookmarks and begin using the new site today for all your Twilio Support needs.

Snowflake login failures coming from Segment's IP range

Issue

Snowflake connection errors using password authentication are surfacing for the SEGMENT user, but all visible Snowflake configurations within the Twilio Segment UI are configured to use Keypair authentication. To improve searchability, these password auth connection errors happen silently behind the scenes, making it difficult to trace the offending configuration directly from standard destination settings.

 

Product

Twilio Segment

 

Environment

Segment Console

 

Cause

While modern Segment integration pathways for Snowflake (such as Storage Destinations, Reverse ETL, Profiles Sync, and Data Graph) enforce keypair-only authentication, legacy SQL Traits warehouse sources (a feature that reached End of Sale in March 2024 but remains active for legacy environments) could have been configured using password authentication prior to the keypair requirement. If a workspace contains an active legacy SQL Traits source, it will periodically attempt password-based connections, triggering Snowflake login failures.

 

Resolution

To identify and update the legacy source causing the password authentication failures, follow these steps:

  1. Verify the Source IP: Check the login history to confirm the failed password attempts are originating from Segment's IP ranges (e.g., 34.223.203.0/28):

  2. Whitelisted ranges: https://www.twilio.com/docs/segment/connections/storage/catalog/postgres

  3. Locate Legacy SQL Traits: Navigate to your Engage spaces (or legacy Personas spaces) rather than standard destinations.

  4. Access Warehouse Settings: Go to Engage Settings > Warehouse Sources.

  5. Re-authenticate with Keypair: Select the legacy Snowflake source and update its credentials by re-authenticating the connection using Keypair authentication instead of password authentication.

 

Additional Information

Note: During initial configuration setups (like Data Graph), some setup scripts automatically assign a default PASSWORD attribute to the SEGMENT user in Snowflake. Even if Segment doesn't actively use it for modern integrations, other tools utilizing those same credentials can cause collisions. Ensure you explicitly check legacy SQL Traits sections in the UI if Segment IPs are flagged in your Snowflake login audits.

Have more questions? Submit a request
We can’t wait to see what you build.
Powered by Zendesk