Andrea Test

Return All Cloud Provider Access Roles

GET /api/atlas/v2/groups/{groupId}/cloudProviderAccess
Digest auth

Returns all cloud provider access roles with access to the specified project. To use this resource, the requesting API Key must have the Project Owner role.

Path parameters

  • groupId string Required

    Unique 24-hexadecimal digit string that identifies your project. Use the /groups endpoint to retrieve all projects to which the authenticated user has access.

    NOTE: Groups and projects are synonymous terms. Your group id is the same as your project id. For existing groups, your group/project id remains the same. The resource and corresponding endpoints use the term groups.

    Minimum length is 24, maximum length is 24. Format should match the following pattern: ^([a-f0-9]{24})$.

Query parameters

  • envelope boolean

    Flag that indicates whether Application wraps the response in an envelope JSON object. Some API clients cannot access the HTTP response headers or status code. To remediate this, set envelope=true in the query. Endpoints that return a list of results use the results object as an envelope. Application adds the status parameter to the response body.

    Default value is false.

  • pretty boolean

    Flag that indicates whether the response body should be in the prettyprint format.

    Default value is false.

Responses

  • 200 application/vnd.atlas.2023-01-01+json

    OK

    Hide response attribute Show response attribute object
    • awsIamRoles array[object]

      List that contains the Amazon Web Services (AWS) IAM roles registered and authorized with MongoDB Cloud.

      Details that describe the features linked to the Amazon Web Services (AWS) Identity and Access Management (IAM) role.

      Hide awsIamRoles attributes Show awsIamRoles attributes object

      Details that describe the features linked to the Amazon Web Services (AWS) Identity and Access Management (IAM) role.

      • providerName string Required Discriminator

        Human-readable label that identifies the cloud provider of the role.

      • _id string

        Unique 24-hexadecimal digit string that identifies the role.

        Minimum length is 24, maximum length is 24. Format should match the following pattern: ^([a-f0-9]{24})$.

      • atlasAzureAppId string

        Azure Active Directory Application ID of Atlas.

        Minimum length is 32, maximum length is 36. Format should match the following pattern: ^[0-9a-fA-F]{8}\b-[0-9a-fA-F]{4}\b-[0-9a-fA-F]{4}\b-[0-9a-fA-F]{4}\b-[0-9a-fA-F]{12}$.

      • createdDate string(date-time)

        Date and time when someone created this role for the specified cloud service provider. This parameter expresses its value in the ISO 8601 timestamp format in UTC.

      • featureUsages array[object]

        List that contains application features associated with this Amazon Web Services (AWS) Identity and Access Management (IAM) role.

        One of:
        ATLAS_DATA_LAKE object ENCRYPTION_AT_REST object EXPORT_SNAPSHOT object PUSH_BASED_LOG_EXPORT object
      • lastUpdatedDate string(date-time)

        Date and time when this Azure Service Principal was last updated. This parameter expresses its value in the ISO 8601 timestamp format in UTC.

      • servicePrincipalId string

        UUID string that identifies the Azure Service Principal.

        Minimum length is 32, maximum length is 36. Format should match the following pattern: ^[0-9a-fA-F]{8}\b-[0-9a-fA-F]{4}\b-[0-9a-fA-F]{4}\b-[0-9a-fA-F]{4}\b-[0-9a-fA-F]{12}$.

      • tenantId string

        UUID String that identifies the Azure Active Directory Tenant ID.

        Minimum length is 32, maximum length is 36. Format should match the following pattern: ^[0-9a-fA-F]{8}\b-[0-9a-fA-F]{4}\b-[0-9a-fA-F]{4}\b-[0-9a-fA-F]{4}\b-[0-9a-fA-F]{12}$.

      • atlasAWSAccountArn string

        Amazon Resource Name that identifies the Amazon Web Services (AWS) user account that MongoDB Cloud uses when it assumes the Identity and Access Management (IAM) role.

        Minimum length is 20, maximum length is 2048.

      • atlasAssumedRoleExternalId string(uuid)

        Unique external ID that MongoDB Cloud uses when it assumes the IAM role in your Amazon Web Services (AWS) account.

      • authorizedDate string(date-time)

        Date and time when someone authorized this role for the specified cloud service provider. This parameter expresses its value in the ISO 8601 timestamp format in UTC.

      • iamAssumedRoleArn string

        Amazon Resource Name (ARN) that identifies the Amazon Web Services (AWS) Identity and Access Management (IAM) role that MongoDB Cloud assumes when it accesses resources in your AWS account.

        Minimum length is 20, maximum length is 2048.

      • roleId string

        Unique 24-hexadecimal digit string that identifies the role.

        Minimum length is 24, maximum length is 24. Format should match the following pattern: ^([a-f0-9]{24})$.
  • 404 application/json

    Not Found.

    Hide response attributes Show response attributes object
    • detail string

      Describes the specific conditions or reasons that cause each type of error.

    • error integer(int32)

      HTTP status code returned with this error.

      External documentation
    • errorCode string

      Application error code returned with this error.

    • parameters array[object]

      Parameters used to give more information about the error.

    • reason string

      Application error message returned with this error.
  • 500 application/json

    Internal Server Error.

    Hide response attributes Show response attributes object
    • detail string

      Describes the specific conditions or reasons that cause each type of error.

    • error integer(int32)

      HTTP status code returned with this error.

      External documentation
    • errorCode string

      Application error code returned with this error.

    • parameters array[object]

      Parameters used to give more information about the error.

    • reason string

      Application error message returned with this error.
GET /api/atlas/v2/groups/{groupId}/cloudProviderAccess 
atlas api cloudProviderAccess listCloudProviderAccessRoles --help
import (
	"os"
	"context"
	"log"
	sdk "go.mongodb.org/atlas-sdk/v20230101001/admin"
)

func main() {
	ctx := context.Background()
	clientID := os.Getenv("MONGODB_ATLAS_CLIENT_ID")
	clientSecret := os.Getenv("MONGODB_ATLAS_CLIENT_SECRET")

	// See https://dochub.mongodb.org/core/atlas-go-sdk-oauth
	client, err := sdk.NewClient(sdk.UseOAuthAuth(clientID, clientSecret))

	if err != nil {
		log.Fatalf("Error: %v", err)
	}

	params = &sdk.ListCloudProviderAccessRolesApiParams{}
	sdkResp, httpResp, err := client.CloudProviderAccessApi.
		ListCloudProviderAccessRolesWithParams(ctx, params).
		Execute()
}

curl --include --header "Authorization: Bearer ${ACCESS_TOKEN}" \
  --header "Accept: application/vnd.atlas.2023-01-01+json" \
  -X GET "https://cloud.mongodb.com/api/atlas/v2/groups/{groupId}/cloudProviderAccess?pretty=true"
curl --user "${PUBLIC_KEY}:${PRIVATE_KEY}" \
  --digest --include \
  --header "Accept: application/vnd.atlas.2023-01-01+json" \
  -X GET "https://cloud.mongodb.com/api/atlas/v2/groups/{groupId}/cloudProviderAccess?pretty=true"
Response examples (200) 
{
  "awsIamRoles": [
    {
      "providerName": "string",
      "_id": "32b6e34b3d91647abb20e7b8",
      "atlasAzureAppId": "string",
      "createdDate": "2025-05-04T09:42:00Z",
      "featureUsages": [
        {
          "featureType": "ATLAS_DATA_LAKE",
          "featureId": {}
        }
      ],
      "lastUpdatedDate": "2025-05-04T09:42:00Z",
      "servicePrincipalId": "string",
      "tenantId": "string",
      "atlasAWSAccountArn": "arn:aws:iam::772401394250:role/my-test-aws-role",
      "atlasAssumedRoleExternalId": "string",
      "authorizedDate": "2025-05-04T09:42:00Z",
      "iamAssumedRoleArn": "arn:aws:iam::123456789012:root",
      "roleId": "32b6e34b3d91647abb20e7b8"
    }
  ]
}
Response examples (404) 
{
  "error": 404,
  "detail": "(This is just an example, the exception may not be related to this endpoint) Cannot find resource AWS",
  "reason": "Not Found",
  "errorCode": "RESOURCE_NOT_FOUND"
}
Response examples (500) 
{
  "error": 500,
  "detail": "(This is just an example, the exception may not be related to this endpoint)",
  "reason": "Internal Server Error",
  "errorCode": "UNEXPECTED_ERROR"
}