Skip to content

Installation & Setup Guide for Snowflake

Overview

Trust3AI is a comprehensive AI governance solution for Snowflake that provides robust access policies and guardrails for AI services. This guide will help you install and set up the Trust3AI native application from the Snowflake's marketplace.

What is Trust3AI?

Trust3AI enables organizations to implement AI governance, monitoring, and privacy controls within their Snowflake environment. The solution leverages Snowpark Container Services (SPCS) to run directly within Snowflake, providing:

  • AI Access Control: Define who can access which AI models and data
  • Data Privacy Protection: Implement PII detection and masking
  • Audit & Compliance: Comprehensive logging of all AI interactions
  • Policy Management: Configure and manage AI governance policies through an intuitive Streamlit interface
  • Real-time Monitoring: Monitor AI model usage and service status

Prerequisites

Before installing Trust3AI, ensure you have:

  • A Snowflake account with admin privileges
  • Access to Snowflake's marketplace
  • A compute warehouse available in your account
  • Permission to create roles, databases, and compute pools

Installation Instructions

Step 1: Access the Snowflake Marketplace

  1. Log in to your Snowflake account
  2. Navigate to Data ProductsMarketplace
  3. Search for AI Trust Layer for Cortex in the marketplace

Step 2: Install the Application

  1. Click on the AI Trust Layer for Cortex listing
  2. Review the application details and permissions
  3. Click Get to begin the installation process
  4. Choose an installation name (default: TRUST3AI_APP_INSTANCE)
  5. Click Get to complete the installation

First-Time Setup

Step 1: Access the Streamlit Admin Interface

After installation, access the Trust3AI admin interface:

  1. In your Snowflake account, navigate to Data ProductsApps

  2. Find and click on TRUST3AI_APP_INSTANCE

  3. After starting the application, In step1, Grant the necessary privileges.

  4. In step2, Connect to external service Trust3AI External Access Integration to access AWS Bedrock Guardrails endpoints

    • Review and Connect:

      1. Click "Review" to open the configuration popup
      2. Configure the integration with access to AWS Bedrock endpoints
      3. Click "Connect" to save the configuration

    • Required Configuration:

      1. Host Ports: bedrock.*.amazonaws.com:443, bedrock-runtime.*.amazonaws.com:443
      2. Type: External Access Integration
      3. Purpose: Allow access to AWS Bedrock Guardrails endpoints

  5. Click Activate button to proceed next.

  6. Click Launch app button to launch the streamlit application for managing trust3 service deployed into snowflake container.

  7. The Streamlit admin interface will open, showing the Trust3AI dashboard

  8. Click Refresh button to confirm the service is running.

Step 2: Check and Manage Service Status

The Streamlit Admin Portal provides an easy-to-use dashboard for managing your Trust3AI service:

  1. Service Status: The dashboard displays the current status of your Trust3AI service (PENDING, RUNNING, SUSPENDING, SUSPENDED, etc.)
  2. Last Status Check: The interface shows the last status check timestamp for reference
  3. Refresh Status: Use the "Refresh" button to refresh and verify the current service state
  4. Service Management: Depending on the current status, you'll see appropriate action buttons:
  5. Suspend Service: To pause the service and save on compute costs
  6. Resume Service: To restart a suspended service (when suspended)
  7. Getting Service URLs: Once the service is in Running state, it will display the Trust3AI service endpoint
  8. Accessing Logs: Navigate to the "Logs" section in the sidebar to view and monitor service activity

Step 3: Access the Trust3AI Application

Once the service is running:

  1. Once the Service URL is available, Click on it to access the full Trust3AI web application
  2. Open the URL in a new tab. After authenticating with Snowflake, you’ll access the Trust3 Portal. Use the following credentials to log in:
    • Username: admin
    • Password: welcome1
  3. You can now configure AI applications, policies, and monitoring through the Trust3AI interface

Next Steps

After successful installation and setup:

  1. Configure AI Applications: Set up your AI applications in the Trust3AI interface
  2. Define Policies: Create access control policies for your users and data
  3. Set Up Monitoring: Configure audit logs and monitoring dashboards
  4. Integration: Integrate Trust3AI with your existing AI/ML workflows

For detailed integration instructions, refer to the Trust3 Client Integration Guide.

Troubleshooting

Common Issues

Service Won't Start - Ensure all required privileges are granted (check Step 5 of installation) - Verify the external access integration is properly configured - Check that the compute warehouse is available and accessible - Use the Streamlit interface error messages for specific guidance

Cannot Access Streamlit Interface - Ensure you have the TRUST3AI_USER_ROLE role assigned - Check that the application role is properly granted - Verify warehouse access permissions - Try refreshing the Streamlit app

Service Takes Long Time to Start - Service startup typically takes 2-3 minutes - this is normal - Monitor progress through the Streamlit interface status indicators - Check the real-time logs in the Streamlit interface for any issues

Getting Help

  • Primary: Use the built-in log viewer in the Streamlit interface for real-time troubleshooting
  • Service Status: Check the service status dashboard for detailed error information
  • Error Messages: The Streamlit interface provides clear error messages and suggested solutions
  • Contact your system administrator for role and permission issues

Cost Considerations

  • Trust3AI runs on Snowpark Container Services, which incurs compute costs
  • The default configuration uses minimal resources (CPU_X64_XS instance)
  • Consider suspending the service when not in use to reduce costs
  • Monitor usage through the Snowflake usage dashboards

Security Notes

  • Trust3AI operates within your Snowflake account boundary
  • All data processing happens within your Snowflake environment
  • External access is limited to AWS Bedrock endpoints for AI guardrails
  • Regular audit logs are maintained for compliance purposes

Support: For technical support, contact your organization's Snowflake administrator or the application provider.

Version: This guide is for Trust3AI Version 1.0

What Next?