Andrea Test

Authorize One Cloud Provider Access Role

PATCH /api/atlas/v2/groups/{groupId}/cloudProviderAccess/{roleId}
Digest auth

Grants access to the specified project for the specified access role. To use this resource, the requesting API Key must have the Project Owner role. This API endpoint is one step in a procedure to create unified access for MongoDB Cloud services.

Set Up Access to Cloud Providers

Path parameters

  • groupId string Required

    Unique 24-hexadecimal digit string that identifies your project. Use the /groups endpoint to retrieve all projects to which the authenticated user has access.

    NOTE: Groups and projects are synonymous terms. Your group id is the same as your project id. For existing groups, your group/project id remains the same. The resource and corresponding endpoints use the term groups.

    Minimum length is 24, maximum length is 24. Format should match the following pattern: ^([a-f0-9]{24})$.

  • roleId string Required

    Unique 24-hexadecimal digit string that identifies the role.

    Minimum length is 24, maximum length is 24. Format should match the following pattern: ^([a-f0-9]{24})$.

Query parameters

  • envelope boolean

    Flag that indicates whether Application wraps the response in an envelope JSON object. Some API clients cannot access the HTTP response headers or status code. To remediate this, set envelope=true in the query. Endpoints that return a list of results use the results object as an envelope. Application adds the status parameter to the response body.

    Default value is false.

  • pretty boolean

    Flag that indicates whether the response body should be in the prettyprint format.

    Default value is false.

application/vnd.atlas.2023-01-01+json

Body object Required

Grants access to the specified project for the specified access role.

One of:
object-2 object AZURE object

Responses

  • 200 application/vnd.atlas.2023-01-01+json

    OK

    One of:
    object-2 object AZURE object
  • 400 application/json

    Bad Request.

    Hide response attributes Show response attributes object
    • detail string

      Describes the specific conditions or reasons that cause each type of error.

    • error integer(int32)

      HTTP status code returned with this error.

      External documentation
    • errorCode string

      Application error code returned with this error.

    • parameters array[object]

      Parameters used to give more information about the error.

    • reason string

      Application error message returned with this error.
  • 404 application/json

    Not Found.

    Hide response attributes Show response attributes object
    • detail string

      Describes the specific conditions or reasons that cause each type of error.

    • error integer(int32)

      HTTP status code returned with this error.

      External documentation
    • errorCode string

      Application error code returned with this error.

    • parameters array[object]

      Parameters used to give more information about the error.

    • reason string

      Application error message returned with this error.
  • 409 application/json

    Conflict.

    Hide response attributes Show response attributes object
    • detail string

      Describes the specific conditions or reasons that cause each type of error.

    • error integer(int32)

      HTTP status code returned with this error.

      External documentation
    • errorCode string

      Application error code returned with this error.

    • parameters array[object]

      Parameters used to give more information about the error.

    • reason string

      Application error message returned with this error.
  • 500 application/json

    Internal Server Error.

    Hide response attributes Show response attributes object
    • detail string

      Describes the specific conditions or reasons that cause each type of error.

    • error integer(int32)

      HTTP status code returned with this error.

      External documentation
    • errorCode string

      Application error code returned with this error.

    • parameters array[object]

      Parameters used to give more information about the error.

    • reason string

      Application error message returned with this error.
PATCH /api/atlas/v2/groups/{groupId}/cloudProviderAccess/{roleId} 
atlas api cloudProviderAccess authorizeCloudProviderAccessRole --help
import (
	"os"
	"context"
	"log"
	sdk "go.mongodb.org/atlas-sdk/v20230101001/admin"
)

func main() {
	ctx := context.Background()
	clientID := os.Getenv("MONGODB_ATLAS_CLIENT_ID")
	clientSecret := os.Getenv("MONGODB_ATLAS_CLIENT_SECRET")

	// See https://dochub.mongodb.org/core/atlas-go-sdk-oauth
	client, err := sdk.NewClient(sdk.UseOAuthAuth(clientID, clientSecret))

	if err != nil {
		log.Fatalf("Error: %v", err)
	}

	params = &sdk.AuthorizeCloudProviderAccessRoleApiParams{}
	sdkResp, httpResp, err := client.CloudProviderAccessApi.
		AuthorizeCloudProviderAccessRoleWithParams(ctx, params).
		Execute()
}

curl --include --header "Authorization: Bearer ${ACCESS_TOKEN}" \
  --header "Accept: application/vnd.atlas.2023-01-01+json" \
  --header "Content-Type: application/json" \
  -X PATCH "https://cloud.mongodb.com/api/atlas/v2/groups/{groupId}/cloudProviderAccess/{roleId}" \
  -d '{ <Payload> }'
curl --user "${PUBLIC_KEY}:${PRIVATE_KEY}" \
  --digest --include \
  --header "Accept: application/vnd.atlas.2023-01-01+json" \
  --header "Content-Type: application/json" \
  -X PATCH "https://cloud.mongodb.com/api/atlas/v2/groups/{groupId}/cloudProviderAccess/{roleId}" \
  -d '{ <Payload> }'
Request examples 
{
  "providerName": "string",
  "iamAssumedRoleArn": "arn:aws:iam::123456789012:root"
}
{
  "providerName": "AZURE",
  "atlasAzureAppId": "string",
  "servicePrincipalId": "string",
  "tenantId": "string"
}
Response examples (200) 
{
  "providerName": "string",
  "atlasAWSAccountArn": "arn:aws:iam::772401394250:role/my-test-aws-role",
  "atlasAssumedRoleExternalId": "string",
  "authorizedDate": "2025-05-04T09:42:00Z",
  "createdDate": "2025-05-04T09:42:00Z",
  "featureUsages": [
    {
      "featureType": "ATLAS_DATA_LAKE",
      "featureId": {
        "groupId": "32b6e34b3d91647abb20e7b8",
        "name": "string"
      }
    }
  ],
  "iamAssumedRoleArn": "arn:aws:iam::123456789012:root",
  "roleId": "32b6e34b3d91647abb20e7b8"
}
{
  "providerName": "AZURE",
  "_id": "32b6e34b3d91647abb20e7b8",
  "atlasAzureAppId": "string",
  "createdDate": "2025-05-04T09:42:00Z",
  "featureUsages": [
    {
      "featureType": "ATLAS_DATA_LAKE",
      "featureId": {
        "groupId": "32b6e34b3d91647abb20e7b8",
        "name": "string"
      }
    }
  ],
  "lastUpdatedDate": "2025-05-04T09:42:00Z",
  "servicePrincipalId": "string",
  "tenantId": "string"
}
Response examples (400) 
{
  "error": 400,
  "detail": "(This is just an example, the exception may not be related to this endpoint) No provider AWS exists.",
  "reason": "Bad Request",
  "errorCode": "VALIDATION_ERROR"
}
Response examples (404) 
{
  "error": 404,
  "detail": "(This is just an example, the exception may not be related to this endpoint) Cannot find resource AWS",
  "reason": "Not Found",
  "errorCode": "RESOURCE_NOT_FOUND"
}
Response examples (409) 
{
  "error": 409,
  "detail": "(This is just an example, the exception may not be related to this endpoint) Cannot delete organization link while there is active migration in following project ids: 60c4fd418ebe251047c50554",
  "reason": "Conflict",
  "errorCode": "CANNOT_DELETE_ORG_ACTIVE_LIVE_MIGRATION_ATLAS_ORG_LINK"
}
Response examples (500) 
{
  "error": 500,
  "detail": "(This is just an example, the exception may not be related to this endpoint)",
  "reason": "Internal Server Error",
  "errorCode": "UNEXPECTED_ERROR"
}