mongodbatlas.CloudProviderAccessAuthorization

MongoDB Atlas v4.5.0, Mar 12 26

Viewing docs for MongoDB Atlas v4.5.0
published on Thursday, Mar 12, 2026 by Pulumi

Schema (JSON)

pulumi/pulumi-mongodbatlas

Viewing docs for MongoDB Atlas v4.5.0
published on Thursday, Mar 12, 2026 by Pulumi

Schema (JSON)

pulumi/pulumi-mongodbatlas

Cloud Provider Access Configuration Paths

The Terraform MongoDB Atlas Provider offers a two-resource path to perform an authorization for a cloud provider role.

The first resource, mongodbatlas.CloudProviderAccessSetup, only generates the initial configuration (create, delete operations).
The second resource, mongodbatlas.CloudProviderAccessAuthorization, helps to perform the authorization using the role_id of the first resource.

This path is helpful in a multi-provider Terraform file, and allows for a single and decoupled apply. See example of this two-resource path option with AWS Cloud here, AZURE Cloud here and GCP Cloud here.

## mongodbatlas.CloudProviderAccessAuthorization This is the second resource in the two-resource path as described above.

mongodbatlas.CloudProviderAccessAuthorization allows you to authorize an AWS, AZURE or GCP IAM roles in Atlas.

IMPORTANT: Changes to project_id or role_id will result in the destruction and recreation of the authorization resource. This action happens as these fields uniquely identify the authorization and cannot be modified in-place.

Example Usage

With AWS

import * as pulumi from "@pulumi/pulumi";
import * as mongodbatlas from "@pulumi/mongodbatlas";

const setupOnly = new mongodbatlas.CloudProviderAccessSetup("setup_only", {
    projectId: "64259ee860c43338194b0f8e",
    providerName: "AWS",
});
const authRole = new mongodbatlas.CloudProviderAccessAuthorization("auth_role", {
    projectId: setupOnly.projectId,
    roleId: setupOnly.roleId,
    aws: {
        iamAssumedRoleArn: "arn:aws:iam::<AWS_ACCOUNT_ID>:role/test-user-role",
    },
});

import pulumi
import pulumi_mongodbatlas as mongodbatlas

setup_only = mongodbatlas.CloudProviderAccessSetup("setup_only",
    project_id="64259ee860c43338194b0f8e",
    provider_name="AWS")
auth_role = mongodbatlas.CloudProviderAccessAuthorization("auth_role",
    project_id=setup_only.project_id,
    role_id=setup_only.role_id,
    aws={
        "iam_assumed_role_arn": "arn:aws:iam::<AWS_ACCOUNT_ID>:role/test-user-role",
    })

package main

import (
	"github.com/pulumi/pulumi-mongodbatlas/sdk/v4/go/mongodbatlas"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		setupOnly, err := mongodbatlas.NewCloudProviderAccessSetup(ctx, "setup_only", &mongodbatlas.CloudProviderAccessSetupArgs{
			ProjectId:    pulumi.String("64259ee860c43338194b0f8e"),
			ProviderName: pulumi.String("AWS"),
		})
		if err != nil {
			return err
		}
		_, err = mongodbatlas.NewCloudProviderAccessAuthorization(ctx, "auth_role", &mongodbatlas.CloudProviderAccessAuthorizationArgs{
			ProjectId: setupOnly.ProjectId,
			RoleId:    setupOnly.RoleId,
			Aws: &mongodbatlas.CloudProviderAccessAuthorizationAwsArgs{
				IamAssumedRoleArn: pulumi.String("arn:aws:iam::<AWS_ACCOUNT_ID>:role/test-user-role"),
			},
		})
		if err != nil {
			return err
		}
		return nil
	})
}

using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Mongodbatlas = Pulumi.Mongodbatlas;

return await Deployment.RunAsync(() => 
{
    var setupOnly = new Mongodbatlas.CloudProviderAccessSetup("setup_only", new()
    {
        ProjectId = "64259ee860c43338194b0f8e",
        ProviderName = "AWS",
    });

    var authRole = new Mongodbatlas.CloudProviderAccessAuthorization("auth_role", new()
    {
        ProjectId = setupOnly.ProjectId,
        RoleId = setupOnly.RoleId,
        Aws = new Mongodbatlas.Inputs.CloudProviderAccessAuthorizationAwsArgs
        {
            IamAssumedRoleArn = "arn:aws:iam::<AWS_ACCOUNT_ID>:role/test-user-role",
        },
    });

});

package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.mongodbatlas.CloudProviderAccessSetup;
import com.pulumi.mongodbatlas.CloudProviderAccessSetupArgs;
import com.pulumi.mongodbatlas.CloudProviderAccessAuthorization;
import com.pulumi.mongodbatlas.CloudProviderAccessAuthorizationArgs;
import com.pulumi.mongodbatlas.inputs.CloudProviderAccessAuthorizationAwsArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        var setupOnly = new CloudProviderAccessSetup("setupOnly", CloudProviderAccessSetupArgs.builder()
            .projectId("64259ee860c43338194b0f8e")
            .providerName("AWS")
            .build());

        var authRole = new CloudProviderAccessAuthorization("authRole", CloudProviderAccessAuthorizationArgs.builder()
            .projectId(setupOnly.projectId())
            .roleId(setupOnly.roleId())
            .aws(CloudProviderAccessAuthorizationAwsArgs.builder()
                .iamAssumedRoleArn("arn:aws:iam::<AWS_ACCOUNT_ID>:role/test-user-role")
                .build())
            .build());

    }
}

resources:
  setupOnly:
    type: mongodbatlas:CloudProviderAccessSetup
    name: setup_only
    properties:
      projectId: 64259ee860c43338194b0f8e
      providerName: AWS
  authRole:
    type: mongodbatlas:CloudProviderAccessAuthorization
    name: auth_role
    properties:
      projectId: ${setupOnly.projectId}
      roleId: ${setupOnly.roleId}
      aws:
        iamAssumedRoleArn: arn:aws:iam::<AWS_ACCOUNT_ID>:role/test-user-role

With Azure

import * as pulumi from "@pulumi/pulumi";
import * as mongodbatlas from "@pulumi/mongodbatlas";

const setupOnly = new mongodbatlas.CloudProviderAccessSetup("setup_only", {
    projectId: "64259ee860c43338194b0f8e",
    providerName: "AZURE",
    azureConfigs: [{
        atlasAzureAppId: "9f2deb0d-be22-4524-a403-df531868bac0",
        servicePrincipalId: "22f1d2a6-d0e9-482a-83a4-b8dd7dddc2c1",
        tenantId: "91402384-d71e-22f5-22dd-759e272cdc1c",
    }],
});
const authRole = new mongodbatlas.CloudProviderAccessAuthorization("auth_role", {
    projectId: setupOnly.projectId,
    roleId: setupOnly.roleId,
    azure: {
        atlasAzureAppId: "9f2deb0d-be22-4524-a403-df531868bac0",
        servicePrincipalId: "22f1d2a6-d0e9-482a-83a4-b8dd7dddc2c1",
        tenantId: "91402384-d71e-22f5-22dd-759e272cdc1c",
    },
});

import pulumi
import pulumi_mongodbatlas as mongodbatlas

setup_only = mongodbatlas.CloudProviderAccessSetup("setup_only",
    project_id="64259ee860c43338194b0f8e",
    provider_name="AZURE",
    azure_configs=[{
        "atlas_azure_app_id": "9f2deb0d-be22-4524-a403-df531868bac0",
        "service_principal_id": "22f1d2a6-d0e9-482a-83a4-b8dd7dddc2c1",
        "tenant_id": "91402384-d71e-22f5-22dd-759e272cdc1c",
    }])
auth_role = mongodbatlas.CloudProviderAccessAuthorization("auth_role",
    project_id=setup_only.project_id,
    role_id=setup_only.role_id,
    azure={
        "atlas_azure_app_id": "9f2deb0d-be22-4524-a403-df531868bac0",
        "service_principal_id": "22f1d2a6-d0e9-482a-83a4-b8dd7dddc2c1",
        "tenant_id": "91402384-d71e-22f5-22dd-759e272cdc1c",
    })

package main

import (
	"github.com/pulumi/pulumi-mongodbatlas/sdk/v4/go/mongodbatlas"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		setupOnly, err := mongodbatlas.NewCloudProviderAccessSetup(ctx, "setup_only", &mongodbatlas.CloudProviderAccessSetupArgs{
			ProjectId:    pulumi.String("64259ee860c43338194b0f8e"),
			ProviderName: pulumi.String("AZURE"),
			AzureConfigs: mongodbatlas.CloudProviderAccessSetupAzureConfigArray{
				&mongodbatlas.CloudProviderAccessSetupAzureConfigArgs{
					AtlasAzureAppId:    pulumi.String("9f2deb0d-be22-4524-a403-df531868bac0"),
					ServicePrincipalId: pulumi.String("22f1d2a6-d0e9-482a-83a4-b8dd7dddc2c1"),
					TenantId:           pulumi.String("91402384-d71e-22f5-22dd-759e272cdc1c"),
				},
			},
		})
		if err != nil {
			return err
		}
		_, err = mongodbatlas.NewCloudProviderAccessAuthorization(ctx, "auth_role", &mongodbatlas.CloudProviderAccessAuthorizationArgs{
			ProjectId: setupOnly.ProjectId,
			RoleId:    setupOnly.RoleId,
			Azure: &mongodbatlas.CloudProviderAccessAuthorizationAzureArgs{
				AtlasAzureAppId:    pulumi.String("9f2deb0d-be22-4524-a403-df531868bac0"),
				ServicePrincipalId: pulumi.String("22f1d2a6-d0e9-482a-83a4-b8dd7dddc2c1"),
				TenantId:           pulumi.String("91402384-d71e-22f5-22dd-759e272cdc1c"),
			},
		})
		if err != nil {
			return err
		}
		return nil
	})
}

using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Mongodbatlas = Pulumi.Mongodbatlas;

return await Deployment.RunAsync(() => 
{
    var setupOnly = new Mongodbatlas.CloudProviderAccessSetup("setup_only", new()
    {
        ProjectId = "64259ee860c43338194b0f8e",
        ProviderName = "AZURE",
        AzureConfigs = new[]
        {
            new Mongodbatlas.Inputs.CloudProviderAccessSetupAzureConfigArgs
            {
                AtlasAzureAppId = "9f2deb0d-be22-4524-a403-df531868bac0",
                ServicePrincipalId = "22f1d2a6-d0e9-482a-83a4-b8dd7dddc2c1",
                TenantId = "91402384-d71e-22f5-22dd-759e272cdc1c",
            },
        },
    });

    var authRole = new Mongodbatlas.CloudProviderAccessAuthorization("auth_role", new()
    {
        ProjectId = setupOnly.ProjectId,
        RoleId = setupOnly.RoleId,
        Azure = new Mongodbatlas.Inputs.CloudProviderAccessAuthorizationAzureArgs
        {
            AtlasAzureAppId = "9f2deb0d-be22-4524-a403-df531868bac0",
            ServicePrincipalId = "22f1d2a6-d0e9-482a-83a4-b8dd7dddc2c1",
            TenantId = "91402384-d71e-22f5-22dd-759e272cdc1c",
        },
    });

});

package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.mongodbatlas.CloudProviderAccessSetup;
import com.pulumi.mongodbatlas.CloudProviderAccessSetupArgs;
import com.pulumi.mongodbatlas.inputs.CloudProviderAccessSetupAzureConfigArgs;
import com.pulumi.mongodbatlas.CloudProviderAccessAuthorization;
import com.pulumi.mongodbatlas.CloudProviderAccessAuthorizationArgs;
import com.pulumi.mongodbatlas.inputs.CloudProviderAccessAuthorizationAzureArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        var setupOnly = new CloudProviderAccessSetup("setupOnly", CloudProviderAccessSetupArgs.builder()
            .projectId("64259ee860c43338194b0f8e")
            .providerName("AZURE")
            .azureConfigs(CloudProviderAccessSetupAzureConfigArgs.builder()
                .atlasAzureAppId("9f2deb0d-be22-4524-a403-df531868bac0")
                .servicePrincipalId("22f1d2a6-d0e9-482a-83a4-b8dd7dddc2c1")
                .tenantId("91402384-d71e-22f5-22dd-759e272cdc1c")
                .build())
            .build());

        var authRole = new CloudProviderAccessAuthorization("authRole", CloudProviderAccessAuthorizationArgs.builder()
            .projectId(setupOnly.projectId())
            .roleId(setupOnly.roleId())
            .azure(CloudProviderAccessAuthorizationAzureArgs.builder()
                .atlasAzureAppId("9f2deb0d-be22-4524-a403-df531868bac0")
                .servicePrincipalId("22f1d2a6-d0e9-482a-83a4-b8dd7dddc2c1")
                .tenantId("91402384-d71e-22f5-22dd-759e272cdc1c")
                .build())
            .build());

    }
}

resources:
  setupOnly:
    type: mongodbatlas:CloudProviderAccessSetup
    name: setup_only
    properties:
      projectId: 64259ee860c43338194b0f8e
      providerName: AZURE
      azureConfigs:
        - atlasAzureAppId: 9f2deb0d-be22-4524-a403-df531868bac0
          servicePrincipalId: 22f1d2a6-d0e9-482a-83a4-b8dd7dddc2c1
          tenantId: 91402384-d71e-22f5-22dd-759e272cdc1c
  authRole:
    type: mongodbatlas:CloudProviderAccessAuthorization
    name: auth_role
    properties:
      projectId: ${setupOnly.projectId}
      roleId: ${setupOnly.roleId}
      azure:
        atlasAzureAppId: 9f2deb0d-be22-4524-a403-df531868bac0
        servicePrincipalId: 22f1d2a6-d0e9-482a-83a4-b8dd7dddc2c1
        tenantId: 91402384-d71e-22f5-22dd-759e272cdc1c

With GCP

import * as pulumi from "@pulumi/pulumi";
import * as mongodbatlas from "@pulumi/mongodbatlas";

const setupOnly = new mongodbatlas.CloudProviderAccessSetup("setup_only", {
    projectId: "64259ee860c43338194b0f8e",
    providerName: "GCP",
});
const authRole = new mongodbatlas.CloudProviderAccessAuthorization("auth_role", {
    projectId: setupOnly.projectId,
    roleId: setupOnly.roleId,
});

import pulumi
import pulumi_mongodbatlas as mongodbatlas

setup_only = mongodbatlas.CloudProviderAccessSetup("setup_only",
    project_id="64259ee860c43338194b0f8e",
    provider_name="GCP")
auth_role = mongodbatlas.CloudProviderAccessAuthorization("auth_role",
    project_id=setup_only.project_id,
    role_id=setup_only.role_id)

package main

import (
	"github.com/pulumi/pulumi-mongodbatlas/sdk/v4/go/mongodbatlas"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		setupOnly, err := mongodbatlas.NewCloudProviderAccessSetup(ctx, "setup_only", &mongodbatlas.CloudProviderAccessSetupArgs{
			ProjectId:    pulumi.String("64259ee860c43338194b0f8e"),
			ProviderName: pulumi.String("GCP"),
		})
		if err != nil {
			return err
		}
		_, err = mongodbatlas.NewCloudProviderAccessAuthorization(ctx, "auth_role", &mongodbatlas.CloudProviderAccessAuthorizationArgs{
			ProjectId: setupOnly.ProjectId,
			RoleId:    setupOnly.RoleId,
		})
		if err != nil {
			return err
		}
		return nil
	})
}

using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Mongodbatlas = Pulumi.Mongodbatlas;

return await Deployment.RunAsync(() => 
{
    var setupOnly = new Mongodbatlas.CloudProviderAccessSetup("setup_only", new()
    {
        ProjectId = "64259ee860c43338194b0f8e",
        ProviderName = "GCP",
    });

    var authRole = new Mongodbatlas.CloudProviderAccessAuthorization("auth_role", new()
    {
        ProjectId = setupOnly.ProjectId,
        RoleId = setupOnly.RoleId,
    });

});

package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.mongodbatlas.CloudProviderAccessSetup;
import com.pulumi.mongodbatlas.CloudProviderAccessSetupArgs;
import com.pulumi.mongodbatlas.CloudProviderAccessAuthorization;
import com.pulumi.mongodbatlas.CloudProviderAccessAuthorizationArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        var setupOnly = new CloudProviderAccessSetup("setupOnly", CloudProviderAccessSetupArgs.builder()
            .projectId("64259ee860c43338194b0f8e")
            .providerName("GCP")
            .build());

        var authRole = new CloudProviderAccessAuthorization("authRole", CloudProviderAccessAuthorizationArgs.builder()
            .projectId(setupOnly.projectId())
            .roleId(setupOnly.roleId())
            .build());

    }
}

resources:
  setupOnly:
    type: mongodbatlas:CloudProviderAccessSetup
    name: setup_only
    properties:
      projectId: 64259ee860c43338194b0f8e
      providerName: GCP
  authRole:
    type: mongodbatlas:CloudProviderAccessAuthorization
    name: auth_role
    properties:
      projectId: ${setupOnly.projectId}
      roleId: ${setupOnly.roleId}

Further Examples

AWS Cloud Provider Access
Azure Cloud Provider Access
GCP Cloud Provider Access

Create CloudProviderAccessAuthorization Resource

Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.

Constructor syntax

new CloudProviderAccessAuthorization(name: string, args: CloudProviderAccessAuthorizationArgs, opts?: CustomResourceOptions);

@overload
def CloudProviderAccessAuthorization(resource_name: str,
                                     args: CloudProviderAccessAuthorizationArgs,
                                     opts: Optional[ResourceOptions] = None)

@overload
def CloudProviderAccessAuthorization(resource_name: str,
                                     opts: Optional[ResourceOptions] = None,
                                     project_id: Optional[str] = None,
                                     role_id: Optional[str] = None,
                                     aws: Optional[CloudProviderAccessAuthorizationAwsArgs] = None,
                                     azure: Optional[CloudProviderAccessAuthorizationAzureArgs] = None)

func NewCloudProviderAccessAuthorization(ctx *Context, name string, args CloudProviderAccessAuthorizationArgs, opts ...ResourceOption) (*CloudProviderAccessAuthorization, error)

public CloudProviderAccessAuthorization(string name, CloudProviderAccessAuthorizationArgs args, CustomResourceOptions? opts = null)

public CloudProviderAccessAuthorization(String name, CloudProviderAccessAuthorizationArgs args)
public CloudProviderAccessAuthorization(String name, CloudProviderAccessAuthorizationArgs args, CustomResourceOptions options)

type: mongodbatlas:CloudProviderAccessAuthorization
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.

Parameters

name string: The unique name of the resource.
args CloudProviderAccessAuthorizationArgs: The arguments to resource properties.
opts CustomResourceOptions: Bag of options to control resource's behavior.

resource_name str: The unique name of the resource.
args CloudProviderAccessAuthorizationArgs: The arguments to resource properties.
opts ResourceOptions: Bag of options to control resource's behavior.

ctx Context: Context object for the current deployment.
name string: The unique name of the resource.
args CloudProviderAccessAuthorizationArgs: The arguments to resource properties.
opts ResourceOption: Bag of options to control resource's behavior.

name string: The unique name of the resource.
args CloudProviderAccessAuthorizationArgs: The arguments to resource properties.
opts CustomResourceOptions: Bag of options to control resource's behavior.

name String: The unique name of the resource.
args CloudProviderAccessAuthorizationArgs: The arguments to resource properties.
options CustomResourceOptions: Bag of options to control resource's behavior.

Constructor example

The following reference example uses placeholder values for all input properties.

var cloudProviderAccessAuthorizationResource = new Mongodbatlas.CloudProviderAccessAuthorization("cloudProviderAccessAuthorizationResource", new()
{
    ProjectId = "string",
    RoleId = "string",
    Aws = new Mongodbatlas.Inputs.CloudProviderAccessAuthorizationAwsArgs
    {
        IamAssumedRoleArn = "string",
    },
    Azure = new Mongodbatlas.Inputs.CloudProviderAccessAuthorizationAzureArgs
    {
        AtlasAzureAppId = "string",
        ServicePrincipalId = "string",
        TenantId = "string",
    },
});

example, err := mongodbatlas.NewCloudProviderAccessAuthorization(ctx, "cloudProviderAccessAuthorizationResource", &mongodbatlas.CloudProviderAccessAuthorizationArgs{
	ProjectId: pulumi.String("string"),
	RoleId:    pulumi.String("string"),
	Aws: &mongodbatlas.CloudProviderAccessAuthorizationAwsArgs{
		IamAssumedRoleArn: pulumi.String("string"),
	},
	Azure: &mongodbatlas.CloudProviderAccessAuthorizationAzureArgs{
		AtlasAzureAppId:    pulumi.String("string"),
		ServicePrincipalId: pulumi.String("string"),
		TenantId:           pulumi.String("string"),
	},
})

var cloudProviderAccessAuthorizationResource = new CloudProviderAccessAuthorization("cloudProviderAccessAuthorizationResource", CloudProviderAccessAuthorizationArgs.builder()
    .projectId("string")
    .roleId("string")
    .aws(CloudProviderAccessAuthorizationAwsArgs.builder()
        .iamAssumedRoleArn("string")
        .build())
    .azure(CloudProviderAccessAuthorizationAzureArgs.builder()
        .atlasAzureAppId("string")
        .servicePrincipalId("string")
        .tenantId("string")
        .build())
    .build());

cloud_provider_access_authorization_resource = mongodbatlas.CloudProviderAccessAuthorization("cloudProviderAccessAuthorizationResource",
    project_id="string",
    role_id="string",
    aws={
        "iam_assumed_role_arn": "string",
    },
    azure={
        "atlas_azure_app_id": "string",
        "service_principal_id": "string",
        "tenant_id": "string",
    })

const cloudProviderAccessAuthorizationResource = new mongodbatlas.CloudProviderAccessAuthorization("cloudProviderAccessAuthorizationResource", {
    projectId: "string",
    roleId: "string",
    aws: {
        iamAssumedRoleArn: "string",
    },
    azure: {
        atlasAzureAppId: "string",
        servicePrincipalId: "string",
        tenantId: "string",
    },
});

type: mongodbatlas:CloudProviderAccessAuthorization
properties:
    aws:
        iamAssumedRoleArn: string
    azure:
        atlasAzureAppId: string
        servicePrincipalId: string
        tenantId: string
    projectId: string
    roleId: string

CloudProviderAccessAuthorization Resource Properties

To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

Inputs

In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.

The CloudProviderAccessAuthorization resource accepts the following input properties:

ProjectId string

The unique ID for the project. WARNING: Changing the project_id will result in destruction of the existing authorization resource and the creation of a new authorization resource.

RoleId string

The unique ID of this role returned by the mongodb atlas api. WARNING: Changing the role_id will result in destruction of the existing authorization resource and the creation of a new authorization resource.

Conditional

Aws CloudProviderAccessAuthorizationAws

Azure CloudProviderAccessAuthorizationAzure

ProjectId string

The unique ID for the project. WARNING: Changing the project_id will result in destruction of the existing authorization resource and the creation of a new authorization resource.

RoleId string

Conditional

Aws CloudProviderAccessAuthorizationAwsArgs

Azure CloudProviderAccessAuthorizationAzureArgs

projectId String

The unique ID for the project. WARNING: Changing the project_id will result in destruction of the existing authorization resource and the creation of a new authorization resource.

roleId String

Conditional

aws CloudProviderAccessAuthorizationAws

azure CloudProviderAccessAuthorizationAzure

projectId string

The unique ID for the project. WARNING: Changing the project_id will result in destruction of the existing authorization resource and the creation of a new authorization resource.

roleId string

Conditional

aws CloudProviderAccessAuthorizationAws

azure CloudProviderAccessAuthorizationAzure

project_id str

The unique ID for the project. WARNING: Changing the project_id will result in destruction of the existing authorization resource and the creation of a new authorization resource.

role_id str

Conditional

aws CloudProviderAccessAuthorizationAwsArgs

azure CloudProviderAccessAuthorizationAzureArgs

projectId String

The unique ID for the project. WARNING: Changing the project_id will result in destruction of the existing authorization resource and the creation of a new authorization resource.

roleId String

Conditional

aws Property Map

azure Property Map

Outputs

All input properties are implicitly available as output properties. Additionally, the CloudProviderAccessAuthorization resource produces the following output properties:

AuthorizedDate string: Date on which this role was authorized.
FeatureUsages List<CloudProviderAccessAuthorizationFeatureUsage>: Atlas features this AWS IAM role is linked to.
Gcps List<CloudProviderAccessAuthorizationGcp>
Id string: The provider-assigned unique ID for this managed resource.

AuthorizedDate string: Date on which this role was authorized.
FeatureUsages []CloudProviderAccessAuthorizationFeatureUsage: Atlas features this AWS IAM role is linked to.
Gcps []CloudProviderAccessAuthorizationGcp
Id string: The provider-assigned unique ID for this managed resource.

authorizedDate String: Date on which this role was authorized.
featureUsages List<CloudProviderAccessAuthorizationFeatureUsage>: Atlas features this AWS IAM role is linked to.
gcps List<CloudProviderAccessAuthorizationGcp>
id String: The provider-assigned unique ID for this managed resource.

authorizedDate string: Date on which this role was authorized.
featureUsages CloudProviderAccessAuthorizationFeatureUsage[]: Atlas features this AWS IAM role is linked to.
gcps CloudProviderAccessAuthorizationGcp[]
id string: The provider-assigned unique ID for this managed resource.

authorized_date str: Date on which this role was authorized.
feature_usages Sequence[CloudProviderAccessAuthorizationFeatureUsage]: Atlas features this AWS IAM role is linked to.
gcps Sequence[CloudProviderAccessAuthorizationGcp]
id str: The provider-assigned unique ID for this managed resource.

authorizedDate String: Date on which this role was authorized.
featureUsages List<Property Map>: Atlas features this AWS IAM role is linked to.
gcps List<Property Map>
id String: The provider-assigned unique ID for this managed resource.

Look up Existing CloudProviderAccessAuthorization Resource

Get an existing CloudProviderAccessAuthorization resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

public static get(name: string, id: Input<ID>, state?: CloudProviderAccessAuthorizationState, opts?: CustomResourceOptions): CloudProviderAccessAuthorization

@staticmethod
def get(resource_name: str,
        id: str,
        opts: Optional[ResourceOptions] = None,
        authorized_date: Optional[str] = None,
        aws: Optional[CloudProviderAccessAuthorizationAwsArgs] = None,
        azure: Optional[CloudProviderAccessAuthorizationAzureArgs] = None,
        feature_usages: Optional[Sequence[CloudProviderAccessAuthorizationFeatureUsageArgs]] = None,
        gcps: Optional[Sequence[CloudProviderAccessAuthorizationGcpArgs]] = None,
        project_id: Optional[str] = None,
        role_id: Optional[str] = None) -> CloudProviderAccessAuthorization

func GetCloudProviderAccessAuthorization(ctx *Context, name string, id IDInput, state *CloudProviderAccessAuthorizationState, opts ...ResourceOption) (*CloudProviderAccessAuthorization, error)

public static CloudProviderAccessAuthorization Get(string name, Input<string> id, CloudProviderAccessAuthorizationState? state, CustomResourceOptions? opts = null)

public static CloudProviderAccessAuthorization get(String name, Output<String> id, CloudProviderAccessAuthorizationState state, CustomResourceOptions options)

resources:  _:    type: mongodbatlas:CloudProviderAccessAuthorization    get:      id: ${id}

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

resource_name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

The following state arguments are supported:

AuthorizedDate string

Date on which this role was authorized.

Aws CloudProviderAccessAuthorizationAws

Azure CloudProviderAccessAuthorizationAzure

FeatureUsages List<CloudProviderAccessAuthorizationFeatureUsage>

Atlas features this AWS IAM role is linked to.

Gcps List<CloudProviderAccessAuthorizationGcp>

ProjectId string

The unique ID for the project. WARNING: Changing the project_id will result in destruction of the existing authorization resource and the creation of a new authorization resource.

RoleId string

Conditional

AuthorizedDate string

Date on which this role was authorized.

Aws CloudProviderAccessAuthorizationAwsArgs

Azure CloudProviderAccessAuthorizationAzureArgs

FeatureUsages []CloudProviderAccessAuthorizationFeatureUsageArgs

Atlas features this AWS IAM role is linked to.

Gcps []CloudProviderAccessAuthorizationGcpArgs

ProjectId string

The unique ID for the project. WARNING: Changing the project_id will result in destruction of the existing authorization resource and the creation of a new authorization resource.

RoleId string

Conditional

authorizedDate String

Date on which this role was authorized.

aws CloudProviderAccessAuthorizationAws

azure CloudProviderAccessAuthorizationAzure

featureUsages List<CloudProviderAccessAuthorizationFeatureUsage>

Atlas features this AWS IAM role is linked to.

gcps List<CloudProviderAccessAuthorizationGcp>

projectId String

The unique ID for the project. WARNING: Changing the project_id will result in destruction of the existing authorization resource and the creation of a new authorization resource.

roleId String

Conditional

authorizedDate string

Date on which this role was authorized.

aws CloudProviderAccessAuthorizationAws

azure CloudProviderAccessAuthorizationAzure

featureUsages CloudProviderAccessAuthorizationFeatureUsage[]

Atlas features this AWS IAM role is linked to.

gcps CloudProviderAccessAuthorizationGcp[]

projectId string

The unique ID for the project. WARNING: Changing the project_id will result in destruction of the existing authorization resource and the creation of a new authorization resource.

roleId string

Conditional

authorized_date str

Date on which this role was authorized.

aws CloudProviderAccessAuthorizationAwsArgs

azure CloudProviderAccessAuthorizationAzureArgs

feature_usages Sequence[CloudProviderAccessAuthorizationFeatureUsageArgs]

Atlas features this AWS IAM role is linked to.

gcps Sequence[CloudProviderAccessAuthorizationGcpArgs]

project_id str

The unique ID for the project. WARNING: Changing the project_id will result in destruction of the existing authorization resource and the creation of a new authorization resource.

role_id str

Conditional

authorizedDate String

Date on which this role was authorized.

aws Property Map

azure Property Map

featureUsages List<Property Map>

Atlas features this AWS IAM role is linked to.

gcps List<Property Map>

projectId String

The unique ID for the project. WARNING: Changing the project_id will result in destruction of the existing authorization resource and the creation of a new authorization resource.

roleId String

Conditional

Supporting Types

CloudProviderAccessAuthorizationAws, CloudProviderAccessAuthorizationAwsArgs

IamAssumedRoleArn string: ARN of the IAM Role that Atlas assumes when accessing resources in your AWS account. This value is required after the creation (register of the role) as part of Set Up Unified AWS Access.

IamAssumedRoleArn string: ARN of the IAM Role that Atlas assumes when accessing resources in your AWS account. This value is required after the creation (register of the role) as part of Set Up Unified AWS Access.

iamAssumedRoleArn String: ARN of the IAM Role that Atlas assumes when accessing resources in your AWS account. This value is required after the creation (register of the role) as part of Set Up Unified AWS Access.

iamAssumedRoleArn string: ARN of the IAM Role that Atlas assumes when accessing resources in your AWS account. This value is required after the creation (register of the role) as part of Set Up Unified AWS Access.

iam_assumed_role_arn str: ARN of the IAM Role that Atlas assumes when accessing resources in your AWS account. This value is required after the creation (register of the role) as part of Set Up Unified AWS Access.

iamAssumedRoleArn String: ARN of the IAM Role that Atlas assumes when accessing resources in your AWS account. This value is required after the creation (register of the role) as part of Set Up Unified AWS Access.

CloudProviderAccessAuthorizationAzure, CloudProviderAccessAuthorizationAzureArgs

AtlasAzureAppId string: Azure Active Directory Application ID of Atlas.
ServicePrincipalId string: UUID string that identifies the Azure Service Principal.
TenantId string: UUID String that identifies the Azure Active Directory Tenant ID.

AtlasAzureAppId string: Azure Active Directory Application ID of Atlas.
ServicePrincipalId string: UUID string that identifies the Azure Service Principal.
TenantId string: UUID String that identifies the Azure Active Directory Tenant ID.

atlasAzureAppId String: Azure Active Directory Application ID of Atlas.
servicePrincipalId String: UUID string that identifies the Azure Service Principal.
tenantId String: UUID String that identifies the Azure Active Directory Tenant ID.

atlasAzureAppId string: Azure Active Directory Application ID of Atlas.
servicePrincipalId string: UUID string that identifies the Azure Service Principal.
tenantId string: UUID String that identifies the Azure Active Directory Tenant ID.

atlas_azure_app_id str: Azure Active Directory Application ID of Atlas.
service_principal_id str: UUID string that identifies the Azure Service Principal.
tenant_id str: UUID String that identifies the Azure Active Directory Tenant ID.

atlasAzureAppId String: Azure Active Directory Application ID of Atlas.
servicePrincipalId String: UUID string that identifies the Azure Service Principal.
tenantId String: UUID String that identifies the Azure Active Directory Tenant ID.

CloudProviderAccessAuthorizationFeatureUsage, CloudProviderAccessAuthorizationFeatureUsageArgs

FeatureId Dictionary<string, string>
FeatureType string

FeatureId map[string]string
FeatureType string

featureId Map<String,String>
featureType String

featureId {[key: string]: string}
featureType string

feature_id Mapping[str, str]
feature_type str

featureId Map<String>
featureType String

CloudProviderAccessAuthorizationGcp, CloudProviderAccessAuthorizationGcpArgs

ServiceAccountForAtlas string: Email address for the Google Service Account created by Atlas.

ServiceAccountForAtlas string: Email address for the Google Service Account created by Atlas.

serviceAccountForAtlas String: Email address for the Google Service Account created by Atlas.

serviceAccountForAtlas string: Email address for the Google Service Account created by Atlas.

service_account_for_atlas str: Email address for the Google Service Account created by Atlas.

serviceAccountForAtlas String: Email address for the Google Service Account created by Atlas.

Import

mongodbatlas.CloudProviderAccessAuthorization You cannot import the Cloud Provider Access Authorization resource into Terraform. Instead, if the associated role is already authorized, you can recreate the resource without any adverse effects.

To learn more about importing existing cloud resources, see Importing resources.

Package Details

Repository: MongoDB Atlas pulumi/pulumi-mongodbatlas
License: Apache-2.0
Notes: This Pulumi package is based on the mongodbatlas Terraform Provider.

Viewing docs for MongoDB Atlas v4.5.0
published on Thursday, Mar 12, 2026 by Pulumi

Schema (JSON)

pulumi/pulumi-mongodbatlas

mongodbatlas.CloudProviderAccessAuthorization

On this page

On this page

Cloud Provider Access Configuration Paths

Example Usage

With AWS

With Azure

With GCP

Further Examples

Create CloudProviderAccessAuthorization Resource

Constructor syntax

Parameters

Constructor example

CloudProviderAccessAuthorization Resource Properties

Inputs

Outputs

Look up Existing CloudProviderAccessAuthorization Resource

Supporting Types

CloudProviderAccessAuthorizationAws, CloudProviderAccessAuthorizationAwsArgs

CloudProviderAccessAuthorizationAzure, CloudProviderAccessAuthorizationAzureArgs

CloudProviderAccessAuthorizationFeatureUsage, CloudProviderAccessAuthorizationFeatureUsageArgs

CloudProviderAccessAuthorizationGcp, CloudProviderAccessAuthorizationGcpArgs

Import

Package Details

On this page

On this page