Create a Cloud Provider Access Role

The Atlas API authenticates using HTTP Digest Authentication. Provide a programmatic API public key and corresponding private key as the username and password when constructing the HTTP request.

To learn how to configure API access for an Atlas project, see Configure Atlas API Access.

Info With Circle IconCreated with Sketch.Note

Groups and projects are synonymous terms. Your {GROUP-ID} is the same as your project ID. For existing groups, your group/project ID remains the same. The resource and corresponding endpoints use the term groups.

After a successful request to this API endpoint, you can add the atlasAWSAccountArn and atlasAssumedRoleExternalId values to the trust policy in your AWS console to create an IAM Assumed Role ARN . See Set Up Unified AWS Access for the complete procedure.

POST /groups/{GROUP-ID}/cloudProviderAccess
GROUP-IDstringThe unique identifier for the project whose cloud provider roles you want to retrieve.

The following query parameters are optional:

Query ParameterTypeDescriptionDefault
prettybooleanDisplays response in a prettyprint format.false
envelopebooleanSpecifies whether or not to wrap the response in an envelope.false
providerNamestringThe cloud provider for which to create a new role. Currently only AWS is supported.

The HTTP document contains the following elements:

atlasAWSAccountArnstringARN associated with the Atlas AWS account used to assume IAM roles in your AWS account.
atlasAssumedRoleExternalIdstringUnique external ID Atlas uses when assuming the IAM role in your AWS account.
authorizedDatedateDate on which this role was authorized.
createdDatedateDate on which this role was created.
featureUsagesarrayAtlas features this AWS IAM role is linked to.
iamAssumedRoleArnstringARN of the IAM Role that Atlas assumes when accessing resources in your AWS account.
providerNamestringName of the cloud provider. Currently limited to AWS.
roleIdstringUnique ID of this role.
curl --user "{PUBLIC-KEY}:{PRIVATE-KEY}" -X POST --digest \
--header "Accept: application/json" \
--header "Content-Type: application/json" \
"{GROUP-ID}/cloudProviderAccess?pretty=true" \
--data '{ "providerName": "AWS" }'
"atlasAWSAccountArn" : "arn:aws:iam::123456789012:root",
"atlasAssumedRoleExternalId" : "3192be49-6e76-4b7d-a7b8-b486a8fc4483",
"authorizedDate" : null,
"createdDate" : "2020-07-30T20:20:36Z",
"featureUsages" : [ ],
"iamAssumedRoleArn" : null,
"providerName" : "AWS",
"roleId" : "5f232b94af0a6b41747bcc2d"
Give Feedback