CloudLink is Elementum’s secure connection mechanism. It’s how Elementum reaches data and services that live outside the platform—your data warehouse (such as Snowflake) or an external REST API—so that workflows, apps, and automations can use that data where it already lives.Documentation Index
Fetch the complete documentation index at: https://docs.elementum.io/llms.txt
Use this file to discover all available pages before exploring further.
CloudLink vs. Snowflake
These are two different things that work together:| Term | What it is | Who owns it |
|---|---|---|
| Snowflake | Your data warehouse. The system where your business data is stored. | Your organization |
| CloudLink | The connection Elementum uses to reach Snowflake (or another supported system). | Elementum, configured by you |
CloudLink uses patented technology for direct, in-place access to your warehouse data. That approach supports faster implementations and workflows that run against current data in your environment.
What CloudLink provides
- Secure access — Direct, encrypted connections with IP whitelisting and role-based access control.
- In-place data — Your data stays in its source system. No data is copied or moved into Elementum.
- Centralized management — One place in Elementum to configure, monitor, and rotate connections.
- Scalable architecture — Supports small teams through enterprise-scale deployments.
Common use cases
A CloudLink to your warehouse is the foundation for processes that run on data you already own. Examples:- Sales — Opportunity routing, approvals, and pipeline monitoring from CRM or warehouse tables.
- Customer support — Priority routing and response tracking from ticket and interaction history.
- Finance — Reconciliation, spend monitoring, and reporting from ledger or transaction data.
- Supply chain — Inventory, reorder, and supplier metrics from operational and logistics tables.
Supported connection types
A CloudLink connects to one of two kinds of systems. The setup steps differ for each, so pick the one that matches what you’re connecting to.Snowflake
Connect Elementum to your Snowflake account using key-pair authentication. Required for Cortex AI features, change-tracking automations, and Snowflake stage workflows.
REST API
Connect Elementum to an external REST API. Used primarily to power API-powered dropdowns and API Elements.
Elementum also supports CloudLinks to Google BigQuery and Databricks. The concepts on this page apply to those platforms as well.
Authentication
CloudLink supports two authentication methods. Where the platform supports it, key-pair is required for full feature access. Key-pair authentication (recommended) Key-pair authentication uses an RSA key pair to secure the connection. Elementum holds the private key and gives you the public key to assign to your service account. Because the private key never leaves Elementum’s infrastructure, there’s no shared secret to leak or rotate manually. For Snowflake, key-pair authentication is required for change tracking, Cortex AI integration, and Cortex Agents. See Connect Snowflake to Elementum for the full setup. Password authentication Password authentication is simpler to set up but is not recommended. If you use password authentication today, plan to migrate to key-pair using the Snowflake setup guide.The platform schema (critical concept)
Every CloudLink to a data warehouse needs a small, dedicated schema (or dataset) that Elementum uses for its own platform operations. This is separate from your business data.| What you enter | What happens |
|---|---|
❌ Your data schema (for example PUBLIC, SALES) | Your data becomes inaccessible in Elementum |
✅ Empty platform schema (for example ELEMENTUM_PLATFORM) | Elementum stores operational data here; your data remains accessible |
Security model
CloudLink is designed so that data access is secure, auditable, and revocable.Key-pair authentication
RSA key-pair instead of passwords. Snowflake’s dual-key support enables zero-downtime key rotation.
Network security
IP whitelisting restricts inbound access to known Elementum IPs. All traffic uses TLS encryption. VPC/private network configurations are supported.
Access control
Dedicated service account with minimal permissions. Each organization has separate access controls. Complete logging of all access and modifications.
Compliance
Contact your Elementum representative to discuss SOC 2, GDPR, HIPAA, and other compliance requirements.
Security architecture
- Data encryption
- Network security
- Authentication
- Audit and access
At rest
- Account data is encrypted using industry-standard algorithms.
- Credentials are encrypted and never returned outside Elementum’s internal systems.
- All traffic is encrypted using TLS.
- Connections are supported over the public Internet or a VPN.
Elementum IP addresses
Whitelist these Elementum IPs in your data platform’s network policy or firewall before attempting a connection.| Region | IP Addresses |
|---|---|
| US East | 44.210.166.136, 44.209.114.114, 52.72.254.246 |
| Europe | 18.185.13.42, 63.182.157.140, 3.65.106.188 |
Keeping data fresh: real-time vs scheduled
CloudLink supports two complementary mechanisms for keeping Elementum’s view of your warehouse data current. You can use both, depending on the table.| Mechanism | What it does | Best for |
|---|---|---|
| Real-time updates (change tracking) | Elementum reacts to inserts and updates in your warehouse as they happen. Requires enabling change tracking on each Snowflake table. | Transactional data where workflows need to fire immediately on a new or changed row. |
| Scheduled updates | Elementum re-reads the table on a configurable interval (default 20 minutes; minutes to days). | Analytical or slower-changing data, and resource-efficient batch processing. |
What you can do once connected
After a CloudLink is set up, the same connection powers everything Elementum does with that warehouse:| Capability | Where to go next |
|---|---|
| Bring warehouse tables into Elementum | Tables |
| Build apps and workflows on warehouse data | Build an app, Flow |
| Detect new and changed data | Data Mining |
| Trigger and run workflows on warehouse changes | Automations |
| Process files stored in Snowflake stages | Snowflake stages |
| Use Snowflake Cortex as your AI provider | Snowflake Cortex setup |
| Connect Snowflake Cortex Agents to apps | Snowflake Cortex Agents |
| Run AI OCR on documents in Snowflake | Snowflake AI OCR |
Best practices
- Authentication — Prefer key-pair authentication where supported; rotate credentials on your security schedule; limit who can change CloudLink settings.
- Platform schema — Keep the Elementum platform schema dedicated and documented; never hand-edit Elementum-managed objects there.
- Data quality — Use clear column names and consistent formats in source tables; keep data current for reliable workflows.
- Scope — Connect only the tables you need; grant the minimum warehouse permissions required.
- Performance — Plan refresh frequency for table size and cost; treat performance warnings seriously before production workflows depend on a table.
- External BI tools — If you need warehouse data in BI tools such as Power BI or Tableau, do not point those tools at Elementum’s platform schema. Use Elementum Tables to define views and exports that external tools can consume safely.
Choose your connection type
Connect Snowflake
Step-by-step Snowflake setup: prerequisites, IP whitelisting, key-pair authentication, setup script, and Elementum-side credentials.
Connect a REST API
Set up a CloudLink to an external REST API for use in API-powered dropdowns and API Elements.