Atlas CloudFormation resources fails on user creation in CDK

Creating Atlas cluster cloudformation resource with CDK fails on the database user creation. Is something missing or it is a configuration on the organization:

"Error getting resource : POST 400 (request "ATLAS_INVALID_AUTH_SETTINGS") Invalid authentication settings. Users
cannot be configured for multiple authentication mechanisms (SCRAM, MONGODB_AWS)."

CDK code snippet:

                        .username("role name")

Hi @Nikita_Levi and welcome to MongoDB community forums!!

Based on the above error message, it looks like you are trying to set the IAM role while creating the user.
As mentioned in the API documentation, you would need to set the ARN in the username section.

Please let us know if this works.
If not, could you help me with the documentation you are referring to create the user?

Warm regards

Hi @Aasawari , we facing the same issue while adding an “IAM Role” as a Database User. We are following this documentation.

This is the template that’s expected (awsIamUser) and the template that’s created by our stack is almost the same template.

"MongoAtlasDatabaseUser": {
   "Type": "MongoDB::Atlas::DatabaseUser",
   "Properties": {
    "AWSIAMType": "ROLE",
    "DatabaseName": "auditLog",
    "LdapAuthType": "NONE",
    "X509Type": "NONE",
    "ProjectId": "64e9191111111118119fcfb6", //Our project ID (Updated differently)
    "Roles": [
      "DatabaseName": "admin",
      "RoleName": "readAnyDatabase"
    "Username": "arn:aws:iam::071429502830:role/common-insurance-auto-ame-cancelautoaohuonmainlamb-SZT2B11YOZ2M",
    "Profile": "atlasMongoDbAuditLog"
   "Metadata": {
    "aws:cdk:path": "MongoAtlas-Database-Stack-us-west-2/Mongo Atlas DatabaseUser"

Hi @aasawari_sahasrabuddhe
The username is set to an IAM role ARN. We use Mongo Atlas CDK resources to create a new cluster: GitHub - mongodb/awscdk-resources-mongodbatlas: MongoDB Atlas AWS CDK Resources.
I see that a default user gets created together with the project - ‘atlas-user’ with SCRAM authentication method. This could be causing the error.