Set Up Unified AWS Access¶
On this page
- Overview
- Prerequisites
- Procedure
- Begin the Setup Procedure for AWS IAM Access
- Create New Role with the AWS CLI
- Add Trust Relationships to an Existing Role
- Send a POST request to the
cloudProviderAccessendpoint. - Modify your AWS IAM role trust policy.
- Authorize the newly created IAM role.
- Resume an Authorization Procedure
- Deauthorize an Assumed IAM Role
Overview¶
Some Atlas features, including Data Lakes and Encryption at Rest, use AWS IAM roles for authentication. When Atlas accesses AWS services, it does so through an assumed IAM role.
You can set up an assumed IAM role for your Atlas account to use with the Atlas Administration API or UI.
If you have Encryption at Rest enabled for your cluster and you want to set up a new IAM role, be sure the new role has access to the existing KMS.
Prerequisites¶
- An Atlas account.
- The AWS Command Line Interface (CLI).
Procedure¶
Resume an Authorization Procedure¶
If you cancel a procedure to authorize an AWS IAM role for use with Atlas, you can resume it where you left off.
- Expand the Options menu next to your project name in the Atlas UI upper left corner. Select Integrations.
Click the Configure button in the AWS IAM Role Access panel.
Note: if you already have one or more roles configured, the button reads Edit.
- Any roles with an ongoing authorization procedure are listed with an
in progressstatus. Click the Resume button to resume the authorization process.
To cancel an in-progress role authorization completely, click the Delete icon next to the in-progress role.
Deauthorize an Assumed IAM Role¶
You can deauthorize an existing AWS IAM role from your Atlas account with the Atlas Administration API or the Atlas UI.
Be sure to remove any associated Atlas services from the IAM role before you deauthorize it.