Return All Cloud Provider Access Roles

GET /api/atlas/v1.0/groups/{groupId}/cloudProviderAccess

Returns all cloud provider access roles with access to the specified project. To use this resource, the requesting Service Account or API Key must have the Project Owner role.

Role requirements

Project Owner

Path parameters

groupId string Required

Unique 24-hexadecimal digit string that identifies your project. Use the /groups endpoint to retrieve all projects to which the authenticated user has access.

NOTE: Groups and projects are synonymous terms. Your group id is the same as your project id. For existing groups, your group/project id remains the same. The resource and corresponding endpoints use the term groups.

Format should match the following pattern: ^([a-f0-9]{24})$.

Query parameters

envelope boolean

Flag that indicates whether Application wraps the response in an envelope JSON object. Some API clients cannot access the HTTP response headers or status code. To remediate this, set envelope=true in the query. Endpoints that return a list of results use the results object as an envelope. Application adds the status parameter to the response body.

Default value is false.
pretty boolean

Flag that indicates whether the response body should be in the prettyprint format.

Default value is false.

Prettyprint

Responses

200 application/json

OK
Hide response attributes Show response attributes object
- awsIamRoles array[object]
  
  List that contains the Amazon Web Services (AWS) IAM roles registered and authorized with MongoDB Cloud.
  
  Hide awsIamRoles attributes Show awsIamRoles attributes object
  
  Details that describe the features linked to the Amazon Web Services (AWS) Identity and Access Management (IAM) role.
  
  providerName string Required Discriminator
  
  Human-readable label that identifies the cloud provider of the role.
  
  Value is CloudProviderAccessRole.
  
  _id string
  
  Unique 24-hexadecimal digit string that identifies the role.
  
  Format should match the following pattern: ^([a-f0-9]{24})$.
  
  atlasAzureAppId string(uuid)
  
  Azure Active Directory Application ID of Atlas. This field is optional and will be derived from the Azure subscription if not provided.
  
  createdDate string(date-time)
  
  Date and time when someone created this role for the specified cloud service provider. This parameter expresses its value in the ISO 8601 timestamp format in UTC.
  
  featureUsages array[object]
  
  List that contains application features associated with this Amazon Web Services (AWS) Identity and Access Management (IAM) role.
  
  One of:
  ATLAS_DATA_LAKE object ATLAS_LOG_INTEGRATION object ENCRYPTION_AT_REST object EXPORT_SNAPSHOT object PUSH_BASED_LOG_EXPORT object
  
  Details that describe the Atlas Data Lakes linked to this Amazon Web Services (AWS) Identity and Access Management (IAM) role.
  
  Hide attributes Show attributes
  
  featureType string Discriminator
  
  Human-readable label that describes one MongoDB Cloud feature linked to this Amazon Web Services (AWS) Identity and Access Management (IAM) role.
  
  Value is ATLAS_DATA_LAKE.
  
  featureId object
  
  Identifying characteristics about the data lake linked to this Amazon Web Services (AWS) Identity and Access Management (IAM) role.
  
  Hide featureId attributes Show featureId attributes object
  
  groupId string
  
  Unique 24-hexadecimal digit string that identifies your project.
  
  Format should match the following pattern: ^([a-f0-9]{24})$.
  
  name string
  
  Human-readable label that identifies the data lake.
  
  Details that describe the Atlas log integration linked to this cloud provider access role.
  
  Hide attributes Show attributes
  
  featureType string Discriminator
  
  Human-readable label that describes one MongoDB Cloud feature linked to this Amazon Web Services (AWS) Identity and Access Management (IAM) role.
  
  Value is ATLAS_LOG_INTEGRATION.
  
  featureId object
  
  Identifying characteristics about the Atlas log integration linked to this cloud provider access role.
  
  Hide featureId attributes Show featureId attributes object
  
  configId string
  
  Unique 24-hexadecimal digit string that identifies the Atlas log integration configuration.
  
  Format should match the following pattern: ^([a-f0-9]{24})$.
  
  groupId string
  
  Unique 24-hexadecimal digit string that identifies your project.
  
  Format should match the following pattern: ^([a-f0-9]{24})$.
  
  sinkName string
  
  Human-readable label that identifies the sink, such as an S3/GCS bucket or Azure container name.
  
  Details that describe the Key Management Service (KMS) linked to this Amazon Web Services (AWS) Identity and Access Management (IAM) role.
  
  Hide attributes Show attributes
  
  featureType string Discriminator
  
  Human-readable label that describes one MongoDB Cloud feature linked to this Amazon Web Services (AWS) Identity and Access Management (IAM) role.
  
  Value is ENCRYPTION_AT_REST.
  
  featureId object | null
  
  Object that contains the identifying characteristics of the Amazon Web Services (AWS) Key Management Service (KMS). This field always returns a null value.
  
  Details that describe the Amazon Web Services (AWS) Simple Storage Service (S3) export buckets linked to this AWS Identity and Access Management (IAM) role.
  
  Hide attributes Show attributes
  
  featureType string Discriminator
  
  Human-readable label that describes one MongoDB Cloud feature linked to this Amazon Web Services (AWS) Identity and Access Management (IAM) role.
  
  Value is EXPORT_SNAPSHOT.
  
  featureId object
  
  Identifying characteristics about the Amazon Web Services (AWS) Simple Storage Service (S3) export bucket linked to this AWS Identity and Access Management (IAM) role.
  
  Hide featureId attributes Show featureId attributes object
  
  exportBucketId string
  
  Unique 24-hexadecimal digit string that identifies the AWS S3 bucket to which you export your snapshots.
  
  Format should match the following pattern: ^([a-f0-9]{24})$.
  
  groupId string
  
  Unique 24-hexadecimal digit string that identifies your project.
  
  Format should match the following pattern: ^([a-f0-9]{24})$.
  
  Details that describe the Amazon Web Services (AWS) Simple Storage Service (S3) export buckets linked to this AWS Identity and Access Management (IAM) role.
  
  Hide attributes Show attributes
  
  featureType string Discriminator
  
  Human-readable label that describes one MongoDB Cloud feature linked to this Amazon Web Services (AWS) Identity and Access Management (IAM) role.
  
  Value is PUSH_BASED_LOG_EXPORT.
  
  featureId object
  
  Identifying characteristics about the Amazon Web Services (AWS) Simple Storage Service (S3) export bucket linked to this AWS Identity and Access Management (IAM) role.
  
  Hide featureId attributes Show featureId attributes object
  
  bucketName string
  
  Name of the AWS S3 bucket to which your logs will be exported to.
  
  groupId string
  
  Unique 24-hexadecimal digit string that identifies your project.
  
  Format should match the following pattern: ^([a-f0-9]{24})$.
  
  lastUpdatedDate string(date-time)
  
  Date and time when this Azure Service Principal was last updated. This parameter expresses its value in the ISO 8601 timestamp format in UTC.
  
  servicePrincipalId string(uuid)
  
  UUID string that identifies the Azure Service Principal.
  
  tenantId string(uuid)
  
  UUID String that identifies the Azure Active Directory Tenant ID.
  
  gcpServiceAccountForAtlas string
  
  Email address for the Google Service Account created by Atlas.
  
  Format should match the following pattern: ^mongodb-atlas-[0-9a-z]{16}@p-[0-9a-z]{24}.iam.gserviceaccount.com$.
  
  roleId string
  
  Unique 24-hexadecimal digit string that identifies the role.
  
  Format should match the following pattern: ^([a-f0-9]{24})$.
  
  status string
  
  Provision status of the service account.
  
  Values are IN_PROGRESS, COMPLETE, FAILED, or NOT_INITIATED.
  
  atlasAWSAccountArn string
  
  Amazon Resource Name that identifies the Amazon Web Services (AWS) user account that MongoDB Cloud uses when it assumes the Identity and Access Management (IAM) role.
  
  Minimum length is 20, maximum length is 2048.
  
  atlasAssumedRoleExternalId string(uuid)
  
  Unique external ID that MongoDB Cloud uses when it assumes the IAM role in your Amazon Web Services (AWS) account.
  
  authorizedDate string(date-time)
  
  Date and time when someone authorized this role for the specified cloud service provider. This parameter expresses its value in the ISO 8601 timestamp format in UTC.
  
  iamAssumedRoleArn string
  
  Amazon Resource Name (ARN) that identifies the Amazon Web Services (AWS) Identity and Access Management (IAM) role that MongoDB Cloud assumes when it accesses resources in your AWS account.
  
  Minimum length is 20, maximum length is 2048.
- azureServicePrincipals array[object]
  
  List that contains the Azure Service Principals registered with MongoDB Cloud.
  
  Hide azureServicePrincipals attributes Show azureServicePrincipals attributes object
  
  Details that describe the features linked to the Azure Service Principal.
  
  providerName string Required Discriminator
  
  Human-readable label that identifies the cloud provider of the role.
  
  atlasAWSAccountArn string
  
  Amazon Resource Name that identifies the Amazon Web Services (AWS) user account that MongoDB Cloud uses when it assumes the Identity and Access Management (IAM) role.
  
  Minimum length is 20, maximum length is 2048.
  
  atlasAssumedRoleExternalId string(uuid)
  
  Unique external ID that MongoDB Cloud uses when it assumes the IAM role in your Amazon Web Services (AWS) account.
  
  authorizedDate string(date-time)
  
  Date and time when someone authorized this role for the specified cloud service provider. This parameter expresses its value in the ISO 8601 timestamp format in UTC.
  
  createdDate string(date-time)
  
  Date and time when this Azure Service Principal was created. This parameter expresses its value in the ISO 8601 timestamp format in UTC.
  
  featureUsages array[object]
  
  List that contains application features associated with this Azure Service Principal.
  
  One of:
  ATLAS_DATA_LAKE object ATLAS_LOG_INTEGRATION object ENCRYPTION_AT_REST object EXPORT_SNAPSHOT object PUSH_BASED_LOG_EXPORT object
  
  Details that describe the Atlas Data Lakes linked to this Amazon Web Services (AWS) Identity and Access Management (IAM) role.
  
  Hide attributes Show attributes
  
  featureType string Discriminator
  
  Human-readable label that describes one MongoDB Cloud feature linked to this Amazon Web Services (AWS) Identity and Access Management (IAM) role.
  
  Value is ATLAS_DATA_LAKE.
  
  featureId object
  
  Identifying characteristics about the data lake linked to this Amazon Web Services (AWS) Identity and Access Management (IAM) role.
  
  Hide featureId attributes Show featureId attributes object
  
  groupId string
  
  Unique 24-hexadecimal digit string that identifies your project.
  
  Format should match the following pattern: ^([a-f0-9]{24})$.
  
  name string
  
  Human-readable label that identifies the data lake.
  
  Details that describe the Atlas log integration linked to this cloud provider access role.
  
  Hide attributes Show attributes
  
  featureType string Discriminator
  
  Human-readable label that describes one MongoDB Cloud feature linked to this Amazon Web Services (AWS) Identity and Access Management (IAM) role.
  
  Value is ATLAS_LOG_INTEGRATION.
  
  featureId object
  
  Identifying characteristics about the Atlas log integration linked to this cloud provider access role.
  
  Hide featureId attributes Show featureId attributes object
  
  configId string
  
  Unique 24-hexadecimal digit string that identifies the Atlas log integration configuration.
  
  Format should match the following pattern: ^([a-f0-9]{24})$.
  
  groupId string
  
  Unique 24-hexadecimal digit string that identifies your project.
  
  Format should match the following pattern: ^([a-f0-9]{24})$.
  
  sinkName string
  
  Human-readable label that identifies the sink, such as an S3/GCS bucket or Azure container name.
  
  Details that describe the Key Management Service (KMS) linked to this Amazon Web Services (AWS) Identity and Access Management (IAM) role.
  
  Hide attributes Show attributes
  
  featureType string Discriminator
  
  Human-readable label that describes one MongoDB Cloud feature linked to this Amazon Web Services (AWS) Identity and Access Management (IAM) role.
  
  Value is ENCRYPTION_AT_REST.
  
  featureId object | null
  
  Object that contains the identifying characteristics of the Amazon Web Services (AWS) Key Management Service (KMS). This field always returns a null value.
  
  Details that describe the Amazon Web Services (AWS) Simple Storage Service (S3) export buckets linked to this AWS Identity and Access Management (IAM) role.
  
  Hide attributes Show attributes
  
  featureType string Discriminator
  
  Human-readable label that describes one MongoDB Cloud feature linked to this Amazon Web Services (AWS) Identity and Access Management (IAM) role.
  
  Value is EXPORT_SNAPSHOT.
  
  featureId object
  
  Identifying characteristics about the Amazon Web Services (AWS) Simple Storage Service (S3) export bucket linked to this AWS Identity and Access Management (IAM) role.
  
  Hide featureId attributes Show featureId attributes object
  
  exportBucketId string
  
  Unique 24-hexadecimal digit string that identifies the AWS S3 bucket to which you export your snapshots.
  
  Format should match the following pattern: ^([a-f0-9]{24})$.
  
  groupId string
  
  Unique 24-hexadecimal digit string that identifies your project.
  
  Format should match the following pattern: ^([a-f0-9]{24})$.
  
  Details that describe the Amazon Web Services (AWS) Simple Storage Service (S3) export buckets linked to this AWS Identity and Access Management (IAM) role.
  
  Hide attributes Show attributes
  
  featureType string Discriminator
  
  Human-readable label that describes one MongoDB Cloud feature linked to this Amazon Web Services (AWS) Identity and Access Management (IAM) role.
  
  Value is PUSH_BASED_LOG_EXPORT.
  
  featureId object
  
  Identifying characteristics about the Amazon Web Services (AWS) Simple Storage Service (S3) export bucket linked to this AWS Identity and Access Management (IAM) role.
  
  Hide featureId attributes Show featureId attributes object
  
  bucketName string
  
  Name of the AWS S3 bucket to which your logs will be exported to.
  
  groupId string
  
  Unique 24-hexadecimal digit string that identifies your project.
  
  Format should match the following pattern: ^([a-f0-9]{24})$.
  
  iamAssumedRoleArn string
  
  Amazon Resource Name (ARN) that identifies the Amazon Web Services (AWS) Identity and Access Management (IAM) role that MongoDB Cloud assumes when it accesses resources in your AWS account.
  
  Minimum length is 20, maximum length is 2048.
  
  roleId string
  
  Unique 24-hexadecimal digit string that identifies the role.
  
  Format should match the following pattern: ^([a-f0-9]{24})$.
  
  gcpServiceAccountForAtlas string
  
  Email address for the Google Service Account created by Atlas.
  
  Format should match the following pattern: ^mongodb-atlas-[0-9a-z]{16}@p-[0-9a-z]{24}.iam.gserviceaccount.com$.
  
  status string
  
  Provision status of the service account.
  
  Values are IN_PROGRESS, COMPLETE, FAILED, or NOT_INITIATED.
  
  _id string
  
  Unique 24-hexadecimal digit string that identifies the role.
  
  Format should match the following pattern: ^([a-f0-9]{24})$.
  
  atlasAzureAppId string(uuid)
  
  Azure Active Directory Application ID of Atlas. This field is optional and will be derived from the Azure subscription if not provided.
  
  lastUpdatedDate string(date-time)
  
  Date and time when this Azure Service Principal was last updated. This parameter expresses its value in the ISO 8601 timestamp format in UTC.
  
  servicePrincipalId string(uuid)
  
  UUID string that identifies the Azure Service Principal.
  
  tenantId string(uuid)
  
  UUID String that identifies the Azure Active Directory Tenant ID.
- gcpServiceAccounts array[object]
  
  List that contains the Google Service Accounts registered and authorized with MongoDB Cloud.
  
  Hide gcpServiceAccounts attributes Show gcpServiceAccounts attributes object
  
  Details that describe the features linked to the GCP Service Account.
  
  providerName string Required Discriminator
  
  Human-readable label that identifies the cloud provider of the role.
  
  atlasAWSAccountArn string
  
  Amazon Resource Name that identifies the Amazon Web Services (AWS) user account that MongoDB Cloud uses when it assumes the Identity and Access Management (IAM) role.
  
  Minimum length is 20, maximum length is 2048.
  
  atlasAssumedRoleExternalId string(uuid)
  
  Unique external ID that MongoDB Cloud uses when it assumes the IAM role in your Amazon Web Services (AWS) account.
  
  authorizedDate string(date-time)
  
  Date and time when someone authorized this role for the specified cloud service provider. This parameter expresses its value in the ISO 8601 timestamp format in UTC.
  
  createdDate string(date-time)
  
  Date and time when this Google Service Account was created. This parameter expresses its value in the ISO 8601 timestamp format in UTC.
  
  featureUsages array[object]
  
  List that contains application features associated with this Google Service Account.
  
  One of:
  ATLAS_DATA_LAKE object ATLAS_LOG_INTEGRATION object ENCRYPTION_AT_REST object EXPORT_SNAPSHOT object PUSH_BASED_LOG_EXPORT object
  
  Details that describe the Atlas Data Lakes linked to this Amazon Web Services (AWS) Identity and Access Management (IAM) role.
  
  Hide attributes Show attributes
  
  featureType string Discriminator
  
  Human-readable label that describes one MongoDB Cloud feature linked to this Amazon Web Services (AWS) Identity and Access Management (IAM) role.
  
  Value is ATLAS_DATA_LAKE.
  
  featureId object
  
  Identifying characteristics about the data lake linked to this Amazon Web Services (AWS) Identity and Access Management (IAM) role.
  
  Hide featureId attributes Show featureId attributes object
  
  groupId string
  
  Unique 24-hexadecimal digit string that identifies your project.
  
  Format should match the following pattern: ^([a-f0-9]{24})$.
  
  name string
  
  Human-readable label that identifies the data lake.
  
  Details that describe the Atlas log integration linked to this cloud provider access role.
  
  Hide attributes Show attributes
  
  featureType string Discriminator
  
  Human-readable label that describes one MongoDB Cloud feature linked to this Amazon Web Services (AWS) Identity and Access Management (IAM) role.
  
  Value is ATLAS_LOG_INTEGRATION.
  
  featureId object
  
  Identifying characteristics about the Atlas log integration linked to this cloud provider access role.
  
  Hide featureId attributes Show featureId attributes object
  
  configId string
  
  Unique 24-hexadecimal digit string that identifies the Atlas log integration configuration.
  
  Format should match the following pattern: ^([a-f0-9]{24})$.
  
  groupId string
  
  Unique 24-hexadecimal digit string that identifies your project.
  
  Format should match the following pattern: ^([a-f0-9]{24})$.
  
  sinkName string
  
  Human-readable label that identifies the sink, such as an S3/GCS bucket or Azure container name.
  
  Details that describe the Key Management Service (KMS) linked to this Amazon Web Services (AWS) Identity and Access Management (IAM) role.
  
  Hide attributes Show attributes
  
  featureType string Discriminator
  
  Human-readable label that describes one MongoDB Cloud feature linked to this Amazon Web Services (AWS) Identity and Access Management (IAM) role.
  
  Value is ENCRYPTION_AT_REST.
  
  featureId object | null
  
  Object that contains the identifying characteristics of the Amazon Web Services (AWS) Key Management Service (KMS). This field always returns a null value.
  
  Details that describe the Amazon Web Services (AWS) Simple Storage Service (S3) export buckets linked to this AWS Identity and Access Management (IAM) role.
  
  Hide attributes Show attributes
  
  featureType string Discriminator
  
  Human-readable label that describes one MongoDB Cloud feature linked to this Amazon Web Services (AWS) Identity and Access Management (IAM) role.
  
  Value is EXPORT_SNAPSHOT.
  
  featureId object
  
  Identifying characteristics about the Amazon Web Services (AWS) Simple Storage Service (S3) export bucket linked to this AWS Identity and Access Management (IAM) role.
  
  Hide featureId attributes Show featureId attributes object
  
  exportBucketId string
  
  Unique 24-hexadecimal digit string that identifies the AWS S3 bucket to which you export your snapshots.
  
  Format should match the following pattern: ^([a-f0-9]{24})$.
  
  groupId string
  
  Unique 24-hexadecimal digit string that identifies your project.
  
  Format should match the following pattern: ^([a-f0-9]{24})$.
  
  Details that describe the Amazon Web Services (AWS) Simple Storage Service (S3) export buckets linked to this AWS Identity and Access Management (IAM) role.
  
  Hide attributes Show attributes
  
  featureType string Discriminator
  
  Human-readable label that describes one MongoDB Cloud feature linked to this Amazon Web Services (AWS) Identity and Access Management (IAM) role.
  
  Value is PUSH_BASED_LOG_EXPORT.
  
  featureId object
  
  Identifying characteristics about the Amazon Web Services (AWS) Simple Storage Service (S3) export bucket linked to this AWS Identity and Access Management (IAM) role.
  
  Hide featureId attributes Show featureId attributes object
  
  bucketName string
  
  Name of the AWS S3 bucket to which your logs will be exported to.
  
  groupId string
  
  Unique 24-hexadecimal digit string that identifies your project.
  
  Format should match the following pattern: ^([a-f0-9]{24})$.
  
  iamAssumedRoleArn string
  
  Amazon Resource Name (ARN) that identifies the Amazon Web Services (AWS) Identity and Access Management (IAM) role that MongoDB Cloud assumes when it accesses resources in your AWS account.
  
  Minimum length is 20, maximum length is 2048.
  
  roleId string
  
  Unique 24-hexadecimal digit string that identifies the role.
  
  Format should match the following pattern: ^([a-f0-9]{24})$.
  
  _id string
  
  Unique 24-hexadecimal digit string that identifies the role.
  
  Format should match the following pattern: ^([a-f0-9]{24})$.
  
  atlasAzureAppId string(uuid)
  
  Azure Active Directory Application ID of Atlas. This field is optional and will be derived from the Azure subscription if not provided.
  
  lastUpdatedDate string(date-time)
  
  Date and time when this Azure Service Principal was last updated. This parameter expresses its value in the ISO 8601 timestamp format in UTC.
  
  servicePrincipalId string(uuid)
  
  UUID string that identifies the Azure Service Principal.
  
  tenantId string(uuid)
  
  UUID String that identifies the Azure Active Directory Tenant ID.
  
  gcpServiceAccountForAtlas string
  
  Email address for the Google Service Account created by Atlas.
  
  Format should match the following pattern: ^mongodb-atlas-[0-9a-z]{16}@p-[0-9a-z]{24}.iam.gserviceaccount.com$.
  
  status string
  
  Provision status of the service account.
  
  Values are IN_PROGRESS, COMPLETE, FAILED, or NOT_INITIATED.
401 application/json

Unauthorized.
Hide response attributes Show response attributes object
- badRequestDetail object
  
  Bad request detail.
  
  Hide badRequestDetail attribute Show badRequestDetail attribute object
  
  fields array[object]
  
  Describes all violations in a client request.
  
  Hide fields attributes Show fields attributes object
  
  description string Required
  
  A description of why the request element is bad.
  
  field string Required
  
  A path that leads to a field in the request body.
- detail string
  
  Describes the specific conditions or reasons that cause each type of error.
- error integer(int32) Required
  
  HTTP status code returned with this error.
  
  External documentation
- errorCode string Required
  
  Application error code returned with this error.
- parameters array[object]
  
  Parameters used to give more information about the error.
- reason string
  
  Application error message returned with this error.
403 application/json

Forbidden.
Hide response attributes Show response attributes object
- badRequestDetail object
  
  Bad request detail.
  
  Hide badRequestDetail attribute Show badRequestDetail attribute object
  
  fields array[object]
  
  Describes all violations in a client request.
  
  Hide fields attributes Show fields attributes object
  
  description string Required
  
  A description of why the request element is bad.
  
  field string Required
  
  A path that leads to a field in the request body.
- detail string
  
  Describes the specific conditions or reasons that cause each type of error.
- error integer(int32) Required
  
  HTTP status code returned with this error.
  
  External documentation
- errorCode string Required
  
  Application error code returned with this error.
- parameters array[object]
  
  Parameters used to give more information about the error.
- reason string
  
  Application error message returned with this error.
404 application/json

Not Found.
Hide response attributes Show response attributes object
- badRequestDetail object
  
  Bad request detail.
  
  Hide badRequestDetail attribute Show badRequestDetail attribute object
  
  fields array[object]
  
  Describes all violations in a client request.
  
  Hide fields attributes Show fields attributes object
  
  description string Required
  
  A description of why the request element is bad.
  
  field string Required
  
  A path that leads to a field in the request body.
- detail string
  
  Describes the specific conditions or reasons that cause each type of error.
- error integer(int32) Required
  
  HTTP status code returned with this error.
  
  External documentation
- errorCode string Required
  
  Application error code returned with this error.
- parameters array[object]
  
  Parameters used to give more information about the error.
- reason string
  
  Application error message returned with this error.
500 application/json

Internal Server Error.
Hide response attributes Show response attributes object
- badRequestDetail object
  
  Bad request detail.
  
  Hide badRequestDetail attribute Show badRequestDetail attribute object
  
  fields array[object]
  
  Describes all violations in a client request.
  
  Hide fields attributes Show fields attributes object
  
  description string Required
  
  A description of why the request element is bad.
  
  field string Required
  
  A path that leads to a field in the request body.
- detail string
  
  Describes the specific conditions or reasons that cause each type of error.
- error integer(int32) Required
  
  HTTP status code returned with this error.
  
  External documentation
- errorCode string Required
  
  Application error code returned with this error.
- parameters array[object]
  
  Parameters used to give more information about the error.
- reason string
  
  Application error message returned with this error.

GET /api/atlas/v1.0/groups/{groupId}/cloudProviderAccess

curl \
 --request GET 'https://cloud.mongodb.com/api/atlas/v1.0/groups/32b6e34b3d91647abb20e7b8/cloudProviderAccess' \
 --header "Authorization: Bearer $ACCESS_TOKEN"

Response examples (200)

{
  "awsIamRoles": [
    {
      "providerName": "CloudProviderAccessRole",
      "_id": "32b6e34b3d91647abb20e7b8",
      "atlasAzureAppId": "string",
      "createdDate": "2026-05-04T09:42:00Z",
      "featureUsages": [
        {
          "featureType": "ATLAS_DATA_LAKE",
          "featureId": {
            "groupId": "32b6e34b3d91647abb20e7b8",
            "name": "string"
          }
        }
      ],
      "lastUpdatedDate": "2026-05-04T09:42:00Z",
      "servicePrincipalId": "string",
      "tenantId": "string",
      "gcpServiceAccountForAtlas": "string",
      "roleId": "32b6e34b3d91647abb20e7b8",
      "status": "IN_PROGRESS",
      "atlasAWSAccountArn": "arn:aws:iam::772401394250:role/my-test-aws-role",
      "atlasAssumedRoleExternalId": "string",
      "authorizedDate": "2026-05-04T09:42:00Z",
      "iamAssumedRoleArn": "arn:aws:iam::123456789012:root"
    }
  ],
  "azureServicePrincipals": [
    {
      "providerName": "string",
      "atlasAWSAccountArn": "arn:aws:iam::772401394250:role/my-test-aws-role",
      "atlasAssumedRoleExternalId": "string",
      "authorizedDate": "2026-05-04T09:42:00Z",
      "createdDate": "2026-05-04T09:42:00Z",
      "featureUsages": [
        {
          "featureType": "ATLAS_DATA_LAKE",
          "featureId": {
            "groupId": "32b6e34b3d91647abb20e7b8",
            "name": "string"
          }
        }
      ],
      "iamAssumedRoleArn": "arn:aws:iam::123456789012:root",
      "roleId": "32b6e34b3d91647abb20e7b8",
      "gcpServiceAccountForAtlas": "string",
      "status": "IN_PROGRESS",
      "_id": "32b6e34b3d91647abb20e7b8",
      "atlasAzureAppId": "string",
      "lastUpdatedDate": "2026-05-04T09:42:00Z",
      "servicePrincipalId": "string",
      "tenantId": "string"
    }
  ],
  "gcpServiceAccounts": [
    {
      "providerName": "string",
      "atlasAWSAccountArn": "arn:aws:iam::772401394250:role/my-test-aws-role",
      "atlasAssumedRoleExternalId": "string",
      "authorizedDate": "2026-05-04T09:42:00Z",
      "createdDate": "2026-05-04T09:42:00Z",
      "featureUsages": [
        {
          "featureType": "ATLAS_DATA_LAKE",
          "featureId": {
            "groupId": "32b6e34b3d91647abb20e7b8",
            "name": "string"
          }
        }
      ],
      "iamAssumedRoleArn": "arn:aws:iam::123456789012:root",
      "roleId": "32b6e34b3d91647abb20e7b8",
      "_id": "32b6e34b3d91647abb20e7b8",
      "atlasAzureAppId": "string",
      "lastUpdatedDate": "2026-05-04T09:42:00Z",
      "servicePrincipalId": "string",
      "tenantId": "string",
      "gcpServiceAccountForAtlas": "string",
      "status": "IN_PROGRESS"
    }
  ]
}

Response examples (401)

{
  "detail": "(This is just an example, the exception may not be related to this endpoint)",
  "error": 401,
  "errorCode": "NOT_ORG_GROUP_CREATOR",
  "reason": "Unauthorized"
}

Response examples (403)

{
  "detail": "(This is just an example, the exception may not be related to this endpoint)",
  "error": 403,
  "errorCode": "CANNOT_CHANGE_GROUP_NAME",
  "reason": "Forbidden"
}

Response examples (404)

{
  "detail": "(This is just an example, the exception may not be related to this endpoint) Cannot find resource AWS",
  "error": 404,
  "errorCode": "RESOURCE_NOT_FOUND",
  "reason": "Not Found"
}

Response examples (500)

{
  "detail": "(This is just an example, the exception may not be related to this endpoint)",
  "error": 500,
  "errorCode": "UNEXPECTED_ERROR",
  "reason": "Internal Server Error"
}