Create a Cloud Provider Access Role
On this page
The Atlas Administration API authenticates using HTTP Digest Authentication. Provide a programmatic API public key and corresponding private key as the username and password when constructing the HTTP request. To learn how to configure API access for an Atlas project, see Get Started with the Atlas Administration API.
Groups and projects are synonymous terms. Your {GROUP-ID}
is the
same as your project ID. For existing groups, your group/project ID
remains the same. The resource and corresponding endpoints use the
term groups
.
Workflow
After a successful request to this API endpoint, you can add the
atlasAWSAccountArn
and atlasAssumedRoleExternalId
values to the
trust policy in your AWS console to create an IAM Assumed Role ARN.
See Set Up Unified AWS Access for the complete procedure.
Resource
https://cloud.mongodb.com/api/atlas/v1.0
POST /groups/{GROUP-ID}/cloudProviderAccess
Request Path Parameters
Parameter | Type | Description |
---|---|---|
GROUP-ID | string | The unique identifier for the project whose cloud
provider roles you want to retrieve. |
Request Query Parameters
This endpoint might use any of the HTTP request query parameters available to all Atlas Administration API resources. All of these are optional.
Name | Type | Necessity | Description | Default | ||||||
---|---|---|---|---|---|---|---|---|---|---|
pretty | boolean | Optional | Flag indicating whether the response body should be in a
prettyprint format. | false | ||||||
envelope | boolean | Optional | Flag indicating if Atlas should wrap the response in a JSON envelope. This option may be needed for some API clients. These clients cannot access the HTTP response headers or status code. To remediate this, set envelope=true in the query. For endpoints that return one result, the response body includes:
| false |
Request Body Parameters
Parameter | Type | Description |
---|---|---|
providerName | string | The cloud provider for which to create a new role. Currently only
AWS is supported. |
Response
The HTTP document contains the following elements:
Name | Type | Description |
---|---|---|
atlasAWSAccountArn | string | ARN associated with the Atlas AWS account used to assume
IAM roles in your AWS account. |
atlasAssumedRoleExternalId | string | Unique external ID Atlas uses when assuming the IAM role in
your AWS account. |
authorizedDate | date | Date on which this role was authorized. |
createdDate | date | Date on which this role was created. |
featureUsages | array | Atlas features this AWS IAM role is linked to. |
iamAssumedRoleArn | string | ARN of the IAM Role that Atlas assumes when accessing resources
in your AWS account. |
providerName | string | Name of the cloud provider. Currently limited to AWS . |
roleId | string | Unique ID of this role. |
Example Request
curl --user "{PUBLIC-KEY}:{PRIVATE-KEY}" -X POST --digest \ --header "Accept: application/json" \ --header "Content-Type: application/json" \ "https://cloud.mongodb.com/api/atlas/v1.0/groups/{GROUP-ID}/cloudProviderAccess?pretty=true" \ --data '{ "providerName": "AWS" }'
Example Response
{ "atlasAWSAccountArn" : "arn:aws:iam::123456789012:root", "atlasAssumedRoleExternalId" : "3192be49-6e76-4b7d-a7b8-b486a8fc4483", "authorizedDate" : null, "createdDate" : "2020-07-30T20:20:36Z", "featureUsages" : [ ], "iamAssumedRoleArn" : null, "providerName" : "AWS", "roleId" : "5f232b94af0a6b41747bcc2d" }