Apache Iceberg is an open table format for huge analytical datasets that enables high performance analytics on open data formats with ACID compliance. Snowflake and AWS both support Iceberg format that enables customers to drastically improve data interoperability, speed of implementation and performance for integrated data lakes.

This guide will take you through the steps of converting existing parquet data to Iceberg and using it to build open analytic environments using Snowflake and AWS Glue with AWS Lake Formation providing fine-grained access controls and temporary access token to Iceberg tables.

For this guide we will use a Financial Services use case where Insurance data is analyzed. The Quotes data is collected from systems and stored as parquet on S3, while Customer and Policy data is already available as internal Snowflake tables. We will try to identify customers who are likely to churn or potential fraud with a high number of recent quote requests.

Cortex Code is Snowflake's AI coding agent, built into the Snowflake CLI. You can use it to automate the entire setup in this guide — from deploying the AWS infrastructure to creating the Snowflake catalog integration and Catalog-Linked Database.

Prerequisites for this path:

Use the prompts below in sequence. Each one picks up where the previous left off.

For the Snowflake-side steps, Cortex Code automatically loads the right skill based on your prompt — you don't need to invoke anything manually.

1. Deploy the AWS infrastructure (CloudFormation):

CoCo runs this via AWS CLI — no specific skill, uses your aws configure credentials directly.

2. Create the Glue Data Catalog database and Iceberg table:

CoCo uses AWS CLI and boto3 to create the Glue database, table definition, and ETL job script.

3. Configure Lake Formation for credential vending:

CoCo runs aws lakeformation CLI commands — no specific skill.

4. Create the Snowflake catalog integration:

CoCo auto-invokes the glueirc-catalog-integration-setup skill — collects your AWS account ID, region, IAM role ARN, and access delegation preference, generates and executes the SQL, then guides you through the trust policy update.

5. Create the Catalog-Linked Database:

CoCo auto-invokes the catalog-linked-database skill — creates the CLD, verifies the connection, and lists the auto-discovered Iceberg tables from the Glue catalog.

Once Cortex Code completes step 5, your Snowflake environment is connected to the Glue catalog and ready to query. Skip directly to the Query Iceberg Tables section.

In this step you'll use a CloudFormation template to provision the AWS resources needed for this quickstart: an S3 bucket and an IAM role with the policies that Glue needs to access it.

1. Log in to your AWS Console and confirm the region in the top-right corner is US West (Oregon) us-west-2.

2. Deploy the CloudFormation stack by clicking here. This creates the S3 bucket and IAM role used throughout the guide.

3. Click Next on the Create stack screen.
4. On Specify stack details, leave the default stack name Glue-IRC-Int and click Next.
5. On Configure stack options, scroll to the bottom, check I acknowledge that AWS CloudFormation might create IAM resources, and click Next.
6. On Review and create, click Submit.

Stack creation takes about a minute. Use the Events tab and the refresh button to monitor progress.

7. Once the stack status shows CREATE_COMPLETE, click the Outputs tab. Copy the Role ARN and S3 bucket name — you'll need both in later steps.

In this step you'll create a Glue Data Catalog database and table, then run a Glue ETL job to convert raw Parquet data on S3 to Apache Iceberg format.

1. In the AWS Console, navigate to AWS Glue and confirm the region is US West (Oregon) us-west-2.

2. In the left navigation pane under Data Catalog, click Databases, then click Add database.

3. Name the database iceberg and click Create database.

1. In the left menu, click Data Catalog > Databases > Tables, then click Add table.

2. Set the following table properties and click Next:
   • Name: quotes
   • Database: iceberg
   • Table format: Apache Iceberg table
   • IAM role: Select the role from the CloudFormation Outputs (e.g. Glue-IRC-Int-GlueSnowflakeLabRole-xxxx)
   • Check the acknowledgment checkbox
   • Data location: s3://glue-snowflake-lab-xxxx/iceberg/quotes/ — replace glue-snowflake-lab-xxxx with your S3 bucket name from the CloudFormation Outputs

3. On the schema screen, click Edit schema as JSON.

4. Download quotes_schema.json. Clear the [ ] placeholder, paste in the file contents, and click Save.

5. Verify the schema looks correct and click Next.

6. Click Create to finish creating the table.

This job reads raw Parquet quotes data from a public S3 bucket and writes it to your S3 bucket as an Iceberg table — no data copy or rewrite. The Glue Data Catalog table you just created is updated in place.

1. In the left menu under ETL jobs, click Visual ETL, then click the Visual ETL button.

2. Rename the job to Quotes - Raw to Iceberg.
3. Under the Job details tab, select the IAM role from the CloudFormation Outputs.
4. Optionally reduce Requested number of workers to 2.

5. Click Save. A green banner confirms the job is saved.
6. On the Visual tab, click the + button and add an S3 source node. Configure it:
   • Name: Quotes - Raw
   • S3 URL: s3://aws-data-analytics-workshops/aws_glue/glue-snowflake/raw-data/quotes/
   • Data format: Parquet

7. With the Quotes - Raw node selected, click + and add a Transform - Change Schema node.

8. In Change Schema, change the data type of uuid to varchar.

9. With Change Schema selected, click + and add an Amazon S3 target node from the Targets tab. Configure it:
   • Name: Quotes - Iceberg
   • Format: Apache Iceberg
   • Compression Type: Snappy
   • S3 Target Location: s3://glue-snowflake-lab-xxxx/iceberg/quotes/ — replace glue-snowflake-lab-xxxx with your bucket name
   • Data Catalog update options: Create a table in the Data Catalog and on subsequent runs, keep existing schema and add new partitions
   • Database: iceberg
   • Table name: quotes

10. Click Save, then click Run. Navigate to the Runs tab to monitor progress.

Once the job status shows Succeeded, the Iceberg table is live in your Glue Data Catalog.

As a bonus step, open the S3 console and browse your bucket — you'll see the Iceberg data and metadata/manifest files Glue created under iceberg/quotes/.

In this step you'll configure AWS Lake Formation to grant fine-grained access to the Iceberg table and enable credential vending. Credential vending allows Snowflake to request temporary S3 credentials from Lake Formation at query time — no external volume configuration needed on the Snowflake side.

1. Sign in to the Lake Formation console as a data lake administrator.
2. In the left navigation pane, choose Administration > Application integration settings.
3. Enable Allow external engines to access data in Amazon S3 locations with full table access.
4. Click Save.

1. Under Permissions, select Data locations and click Grant.
2. For IAM users and roles, select the role created by CloudFormation.
3. For Storage locations, click Browse and select your S3 bucket.
4. Check Grantable and click Grant.

1. Under Administration, select Data lake locations and click Register location.
2. For Amazon S3 path, enter the S3 bucket path from the CloudFormation Outputs.
3. For IAM role, select the role created by CloudFormation.
4. For Permission mode, select Lake Formation.
5. Click Register location.

1. Under Permissions, choose Data permissions and click Grant.
2. Configure the following:
   • Principals: IAM users and roles → select the role created by CloudFormation
   • Resources: Named Data Catalog resources
   • Catalog: your AWS account ID
   • Database: iceberg
   • Database permissions: SUPER
   • Grantable permissions: SUPER
3. Click Grant and confirm the permission appears in the list.

Your AWS setup is complete. Continue to the next step to configure Snowflake.

In this step you'll create the Snowflake role, database, warehouse, and internal tables used in the lab, then create the Catalog Integration and Catalog-Linked Database that connect Snowflake to the Glue Data Catalog.

Download the two SQL files for this lab:

Setup SQL

Workflow SQL

1. Log into your Snowflake account as a user with ACCOUNTADMIN privileges.
2. In the left menu, go to Projects > Workspaces, click + Add new, and select Upload Files.

3. Upload both SQL files. They'll appear under My Workspace.
4. Open hol_ice_setup_vxx.sql. Run the following sections in order by selecting each block and clicking Run.

Create the role and grant account-level privileges:

Create the database and warehouse:

5. Select lines 44–110 and run them to create the internal CUSTOMER and POLICIES tables and load data.

Open hol_ice_workflow_vxx.sql from My Workspace. Set the worksheet context (lines 16–20):

You'll need two values from your AWS environment:

Replace the placeholders and run the CREATE CATALOG INTEGRATION statement (lines 37–53):

Run DESC CATALOG INTEGRATION to retrieve the value needed for the IAM trust policy:

Note the GLUE_AWS_IAM_USER_ARN value from the output — you'll paste it into the trust policy next.

1. In the AWS Console, navigate to IAM > Roles and open the CloudFormation role.
2. Click the Trust relationships tab, then Edit trust policy.

3. Replace the entire policy with the JSON below, substituting GLUE_AWS_IAM_USER_ARN from the Snowflake output:

4. Click Update policy.

Verify the catalog integration is working:

The result should return success with no error codes or messages.

In this step you'll create a Catalog-Linked Database (CLD) that auto-discovers the Iceberg tables in your Glue catalog, query the data from Snowflake, create a new Iceberg table, and write aggregate results back to S3.

Check sync status:

The result shows "executionState":"RUNNING" while tables are being discovered. Once sync completes, the Glue iceberg database and its tables appear in Snowflake.

Replace <your-s3-bucket> with your bucket name from the CloudFormation Outputs:

Combine the internal CUSTOMER and POLICIES tables with the Glue-backed quotes Iceberg table and write results to the new table:

Query the aggregate Iceberg table:

This data is written as Iceberg to S3 and immediately visible in the Glue Data Catalog — other AWS query engines (Athena, EMR, etc.) can read it directly.

Follow the steps below to ensure the deployed resources are cleaned up. Snowflake:

AWS:

You've converted Parquet data to Iceberg format using AWS Glue, connected Snowflake to the Glue Data Catalog via the Iceberg REST API with Lake Formation vended credentials, and used a Catalog-Linked Database to query, create, and write Iceberg tables — all from Snowflake.