Docs Menu

Create a Cloud Provider Access Role

On this page

  • Workflow
  • Resource
  • Request Path Parameters
  • Request Query Parameters
  • Request Body Parameters
  • Response
  • Example Request
  • Example Response

The Atlas Administration API authenticates using HTTP Digest Authentication. Provide a programmatic API public key and corresponding private key as the username and password when constructing the HTTP request. To learn how to configure API access for an Atlas project, see Get Started with the Atlas Administration API.

Note

Groups and projects are synonymous terms. Your {GROUP-ID} is the same as your project ID. For existing groups, your group/project ID remains the same. The resource and corresponding endpoints use the term groups.

After a successful request to this API endpoint, you can add the atlasAWSAccountArn and atlasAssumedRoleExternalId values to the trust policy in your AWS console to create an IAM Assumed Role ARN. See Set Up Unified AWS Access for the complete procedure.

https://cloud.mongodb.com/api/atlas/v1.0

POST /groups/{GROUP-ID}/cloudProviderAccess
Parameter
Type
Description
GROUP-ID
string
The unique identifier for the project whose cloud provider roles you want to retrieve.

This endpoint might use any of the HTTP request query parameters available to all Atlas Administration API resources. All of these are optional.

Name
Type
Necessity
Description
Default
pretty
boolean
Optional
Flag indicating whether the response body should be in a prettyprint format.
false
envelope
boolean
Optional

Flag indicating if Atlas should wrap the response in a JSON envelope.

This option may be needed for some API clients. These clients cannot access the HTTP response headers or status code. To remediate this, set envelope=true in the query.

For endpoints that return one result, the response body includes:

status
HTTP response code
envelope
Expected response body
false
Parameter
Type
Description
providerName
string
The cloud provider for which to create a new role. Currently only AWS is supported.

The HTTP document contains the following elements:

Name
Type
Description
atlasAWSAccountArn
string
ARN associated with the Atlas AWS account used to assume IAM roles in your AWS account.
atlasAssumedRoleExternalId
string
Unique external ID Atlas uses when assuming the IAM role in your AWS account.
authorizedDate
date
Date on which this role was authorized.
createdDate
date
Date on which this role was created.
featureUsages
array
Atlas features this AWS IAM role is linked to.
iamAssumedRoleArn
string
ARN of the IAM Role that Atlas assumes when accessing resources in your AWS account.
providerName
string
Name of the cloud provider. Currently limited to AWS.
roleId
string
Unique ID of this role.
curl --user "{PUBLIC-KEY}:{PRIVATE-KEY}" -X POST --digest \
--header "Accept: application/json" \
--header "Content-Type: application/json" \
"https://cloud.mongodb.com/api/atlas/v1.0/groups/{GROUP-ID}/cloudProviderAccess?pretty=true" \
--data '{ "providerName": "AWS" }'
{
"atlasAWSAccountArn" : "arn:aws:iam::123456789012:root",
"atlasAssumedRoleExternalId" : "3192be49-6e76-4b7d-a7b8-b486a8fc4483",
"authorizedDate" : null,
"createdDate" : "2020-07-30T20:20:36Z",
"featureUsages" : [ ],
"iamAssumedRoleArn" : null,
"providerName" : "AWS",
"roleId" : "5f232b94af0a6b41747bcc2d"
}
Give Feedback
MongoDB logo
© 2021 MongoDB, Inc.

About

  • Careers
  • Legal Notices
  • Privacy Notices
  • Security Information
  • Trust Center
© 2021 MongoDB, Inc.