Hi Team,
We have a self-hosted Metabase (v.0.55.2.2) instance that runs on ECS Fargate. It’s connected to our RDS (Postgres) database. I’m trying to set up a connection to Snowflake, but I am getting an error: “Permission Denied” (logs attached below).
From the actual error code (Failed to connect to Database,java.io.IOException: Permission denied, at java.base/java.io.UnixFileSystem.createFileExclusively0(Native Method)), it looks to me like Metabase is failing to create a temp file with connection credentials, which makes sense, given our AWS policies don’t allow writes to storage from ECS. Still, I wanted to check if anyone else encountered this issue before and if there’s a way to bypass it somehow?
Thank you.
Logs
[845dce34-e581-43f9-bca7-7d55306d3967] 2025-10-22T10:52:50+11:00 INFO metabase.driver.impl Initializing driver :snowflake... [845dce34-e581-43f9-bca7-7d55306d3967] 2025-10-22T10:52:50+11:00 INFO metabase.classloader.impl Added URL file:/plugins/snowflake.metabase-driver.jar to classpath [845dce34-e581-43f9-bca7-7d55306d3967] 2025-10-22T10:52:50+11:00 DEBUG metabase.plugins.init-steps Loading plugin namespace metabase.driver.snowflake... [5c8d5e84-3dfe-4c0f-b144-8aad567cf352] 2025-10-22T10:52:50+11:00 DEBUG metabase.server.middleware.log GET /api/health 200 0ms (0 DB calls) App DB connections: 0/15 Jetty threads: 4/50 (2 idle, 0 queued) (115 total active threads) Queries in flight: 0 (0 queued) {:metabase-user-id nil} [845dce34-e581-43f9-bca7-7d55306d3967] 2025-10-22T10:52:51+11:00 INFO metabase.driver.impl Registered abstract driver :metabase.driver.sql-jdbc.execute.legacy-impl/use-legacy-classes-for-read-and-set [845dce34-e581-43f9-bca7-7d55306d3967] 2025-10-22T10:52:51+11:00 INFO metabase.driver.impl Registered driver :snowflake (parents: [:sql-jdbc :metabase.driver.sql-jdbc.execute.legacy-impl/use-legacy-classes-for-read-and-set]) [5c8d5e84-3dfe-4c0f-b144-8aad567cf352] 2025-10-22T10:52:51+11:00 DEBUG metabase.server.middleware.log GET /api/health 200 0ms (0 DB calls) App DB connections: 0/15 Jetty threads: 4/50 (2 idle, 0 queued) (115 total active threads) Queries in flight: 0 (0 queued) {:metabase-user-id nil} [845dce34-e581-43f9-bca7-7d55306d3967] 2025-10-22T10:52:51+11:00 DEBUG metabase.plugins.jdbc-proxy Registering JDBC proxy driver for net.snowflake.client.jdbc.SnowflakeDriver... [845dce34-e581-43f9-bca7-7d55306d3967] 2025-10-22T10:52:51+11:00 INFO metabase.util Load lazy loading driver :snowflake took 452.3 ms [845dce34-e581-43f9-bca7-7d55306d3967] 2025-10-22T10:52:51+11:00 ERROR metabase.driver.util Failed to connect to Database,java.io.IOException: Permission denied, at java.base/java.io.UnixFileSystem.createFileExclusively0(Native Method), at java.base/java.io.UnixFileSystem.createFileExclusively(Unknown Source), at java.base/java.io.File.createTempFile(Unknown Source), at java.base/java.io.File.createTempFile(Unknown Source), at metabase.secrets.models.secret$value_as_file_STAR_.invokeStatic(secret.clj:251), at metabase.secrets.models.secret$value_as_file_STAR_.doInvoke(secret.clj:236), at clojure.lang.RestFn.invoke(RestFn.java:448), at clojure.lang.AFn.applyToHelper(AFn.java:160), at clojure.lang.RestFn.applyTo(RestFn.java:135), at clojure.core$apply.invokeStatic(core.clj:667), at clojure.core$apply.invoke(core.clj:662), at clojure.core.memoize$through_STAR_$fn__6811.invoke(memoize.clj:110), at clojure.core.cache$through$fn__6533.invoke(cache.clj:55), at clojure.core.memoize$through_STAR_$fn__6807$fn__6808.invoke(memoize.clj:109), at clojure.core.memoize.RetryingDelay.deref(memoize.clj:47), at clojure.core$deref.invokeStatic(core.clj:2337), at clojure.core$deref.invoke(core.clj:2323), at clojure.core.memoize$cached_function$fn__6875.doInvoke(memoize.clj:234), at clojure.lang.RestFn.applyTo(RestFn.java:140) [845dce34-e581-43f9-bca7-7d55306d3967] 2025-10-22T10:52:51+11:00 ERROR metabase.driver.snowflake (type message) => java.lang.String [845dce34-e581-43f9-bca7-7d55306d3967] 2025-10-22T10:52:51+11:00 ERROR metabase.warehouses.api Cannot connect to Database,clojure.lang.ExceptionInfo: Permission denied {:message "Permission denied"}, at metabase.driver.util$can_connect_with_details_QMARK_.invokeStatic(util.clj:151), at metabase.driver.util$can_connect_with_details_QMARK_.doInvoke(util.clj:122), at clojure.lang.RestFn.invoke(RestFn.java:445), at metabase.warehouses.api$test_database_connection.invokeStatic(api.clj:754), at metabase.warehouses.api$test_database_connection.doInvoke(api.clj:744), at clojure.lang.RestFn.invoke(RestFn.java:428), at metabase.warehouses.api$test_connection_details124069__124070.invokeStatic(api.clj:808), at metabase.warehouses.api$test_connection_details124069__124070.invoke(api.clj:788), at metabase.warehouses.api$fn__124077$fn__124083.invoke(api.clj:832), at metabase.api.macros$_core_fn93064__93065$core_fn__93066.invoke(macros.clj:415), at metabase.api.macros$endpoint_handler_STAR_93108__93110$handler__93114.invoke(macros.clj:611), at metabase.api.macros$build_ns_handler93141__93142$ns_handler_STAR___93143.invoke(macros.clj:675), at metabase.api.open_api.HandlerWithOpenAPISpec.invoke(open_api.clj:42), at metabase.api.routes.common$enforce_authentication$fn__115038.invoke(common.clj:91), at metabase.api.open_api.HandlerWithOpenAPISpec.invoke(open_api.clj:42), at metabase.api.util.handlers$_route_map_handler$fn__99775.invoke(handlers.clj:23), at metabase.api.open_api.HandlerWithOpenAPISpec.invoke(open_api.clj:42), at compojure.core$routes$fn__99712$f__99713.invoke(core.clj:198), at compojure.core$routes$fn__99712$f__99713$respond_SINGLEQUOTE___99714.invoke(core.clj:197) [845dce34-e581-43f9-bca7-7d55306d3967] 2025-10-22T10:52:51+11:00 DEBUG metabase.server.middleware.log POST /api/database 400 480ms (0 DB calls) {:metabase-user-id 172} {:message "Permission denied"}
