published on Tuesday, Mar 31, 2026 by Pulumi
published on Tuesday, Mar 31, 2026 by Pulumi
mongodbatlas.AccessListApiKey provides an IP Access List entry resource. The access list grants access from IPs or CIDRs to clusters within the Project.
Note: The
mongodbatlas.AccessListApiKeyresource can be used to manage all Programmatic API Keys, regardless of whether they were created at the Organization level or Project level.
NOTE: Groups and projects are synonymous terms. You may find
groupIdin the official documentation.
IMPORTANT: When you remove an entry from the access list, existing connections from the removed address(es) may remain open for a variable amount of time. How much time passes before Atlas closes the connection depends on several factors, including how the connection was established, the particular behavior of the application or driver using the address, and the connection protocol (e.g., TCP or UDP). This is particularly important to consider when changing an existing IP address or CIDR block as they cannot be updated via the Provider, hence a change will force the destruction and recreation of entries.
IMPORTANT WARNING: Managing Atlas Programmatic API Keys (PAKs) with Terraform will expose sensitive organizational secrets in Terraform’s state. We suggest following Terraform’s best practices. You may also want to consider managing your PAKs via a more secure method, such as the HashiCorp Vault MongoDB Atlas Secrets Engine.
Example Usage
Using CIDR Block
import * as pulumi from "@pulumi/pulumi";
import * as mongodbatlas from "@pulumi/mongodbatlas";
const test = new mongodbatlas.AccessListApiKey("test", {
orgId: "<ORG_ID>",
cidrBlock: "1.2.3.4/32",
apiKeyId: "<API_KEY_ID>",
});
import pulumi
import pulumi_mongodbatlas as mongodbatlas
test = mongodbatlas.AccessListApiKey("test",
org_id="<ORG_ID>",
cidr_block="1.2.3.4/32",
api_key_id="<API_KEY_ID>")
package main
import (
"github.com/pulumi/pulumi-mongodbatlas/sdk/v4/go/mongodbatlas"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := mongodbatlas.NewAccessListApiKey(ctx, "test", &mongodbatlas.AccessListApiKeyArgs{
OrgId: pulumi.String("<ORG_ID>"),
CidrBlock: pulumi.String("1.2.3.4/32"),
ApiKeyId: pulumi.String("<API_KEY_ID>"),
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Mongodbatlas = Pulumi.Mongodbatlas;
return await Deployment.RunAsync(() =>
{
var test = new Mongodbatlas.AccessListApiKey("test", new()
{
OrgId = "<ORG_ID>",
CidrBlock = "1.2.3.4/32",
ApiKeyId = "<API_KEY_ID>",
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.mongodbatlas.AccessListApiKey;
import com.pulumi.mongodbatlas.AccessListApiKeyArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var test = new AccessListApiKey("test", AccessListApiKeyArgs.builder()
.orgId("<ORG_ID>")
.cidrBlock("1.2.3.4/32")
.apiKeyId("<API_KEY_ID>")
.build());
}
}
resources:
test:
type: mongodbatlas:AccessListApiKey
properties:
orgId: <ORG_ID>
cidrBlock: 1.2.3.4/32
apiKeyId: <API_KEY_ID>
Using IP Address
import * as pulumi from "@pulumi/pulumi";
import * as mongodbatlas from "@pulumi/mongodbatlas";
const test = new mongodbatlas.AccessListApiKey("test", {
orgId: "<ORG_ID>",
ipAddress: "2.3.4.5",
apiKeyId: "<API_KEY_ID>",
});
import pulumi
import pulumi_mongodbatlas as mongodbatlas
test = mongodbatlas.AccessListApiKey("test",
org_id="<ORG_ID>",
ip_address="2.3.4.5",
api_key_id="<API_KEY_ID>")
package main
import (
"github.com/pulumi/pulumi-mongodbatlas/sdk/v4/go/mongodbatlas"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := mongodbatlas.NewAccessListApiKey(ctx, "test", &mongodbatlas.AccessListApiKeyArgs{
OrgId: pulumi.String("<ORG_ID>"),
IpAddress: pulumi.String("2.3.4.5"),
ApiKeyId: pulumi.String("<API_KEY_ID>"),
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Mongodbatlas = Pulumi.Mongodbatlas;
return await Deployment.RunAsync(() =>
{
var test = new Mongodbatlas.AccessListApiKey("test", new()
{
OrgId = "<ORG_ID>",
IpAddress = "2.3.4.5",
ApiKeyId = "<API_KEY_ID>",
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.mongodbatlas.AccessListApiKey;
import com.pulumi.mongodbatlas.AccessListApiKeyArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var test = new AccessListApiKey("test", AccessListApiKeyArgs.builder()
.orgId("<ORG_ID>")
.ipAddress("2.3.4.5")
.apiKeyId("<API_KEY_ID>")
.build());
}
}
resources:
test:
type: mongodbatlas:AccessListApiKey
properties:
orgId: <ORG_ID>
ipAddress: 2.3.4.5
apiKeyId: <API_KEY_ID>
Further Examples
- Create Programmatic API Key
Create AccessListApiKey Resource
Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.
Constructor syntax
new AccessListApiKey(name: string, args: AccessListApiKeyArgs, opts?: CustomResourceOptions);@overload
def AccessListApiKey(resource_name: str,
args: AccessListApiKeyArgs,
opts: Optional[ResourceOptions] = None)
@overload
def AccessListApiKey(resource_name: str,
opts: Optional[ResourceOptions] = None,
api_key_id: Optional[str] = None,
org_id: Optional[str] = None,
cidr_block: Optional[str] = None,
ip_address: Optional[str] = None)func NewAccessListApiKey(ctx *Context, name string, args AccessListApiKeyArgs, opts ...ResourceOption) (*AccessListApiKey, error)public AccessListApiKey(string name, AccessListApiKeyArgs args, CustomResourceOptions? opts = null)
public AccessListApiKey(String name, AccessListApiKeyArgs args)
public AccessListApiKey(String name, AccessListApiKeyArgs args, CustomResourceOptions options)
type: mongodbatlas:AccessListApiKey
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
Parameters
- name string
- The unique name of the resource.
- args AccessListApiKeyArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args AccessListApiKeyArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args AccessListApiKeyArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args AccessListApiKeyArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args AccessListApiKeyArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
Constructor example
The following reference example uses placeholder values for all input properties.
var accessListApiKeyResource = new Mongodbatlas.Index.AccessListApiKey("accessListApiKeyResource", new()
{
ApiKeyId = "string",
OrgId = "string",
CidrBlock = "string",
IpAddress = "string",
});
example, err := mongodbatlas.NewAccessListApiKey(ctx, "accessListApiKeyResource", &mongodbatlas.AccessListApiKeyArgs{
ApiKeyId: pulumi.String("string"),
OrgId: pulumi.String("string"),
CidrBlock: pulumi.String("string"),
IpAddress: pulumi.String("string"),
})
var accessListApiKeyResource = new AccessListApiKey("accessListApiKeyResource", AccessListApiKeyArgs.builder()
.apiKeyId("string")
.orgId("string")
.cidrBlock("string")
.ipAddress("string")
.build());
access_list_api_key_resource = mongodbatlas.AccessListApiKey("accessListApiKeyResource",
api_key_id="string",
org_id="string",
cidr_block="string",
ip_address="string")
const accessListApiKeyResource = new mongodbatlas.AccessListApiKey("accessListApiKeyResource", {
apiKeyId: "string",
orgId: "string",
cidrBlock: "string",
ipAddress: "string",
});
type: mongodbatlas:AccessListApiKey
properties:
apiKeyId: string
cidrBlock: string
ipAddress: string
orgId: string
AccessListApiKey Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.
The AccessListApiKey resource accepts the following input properties:
- Api
Key stringId Unique identifier for the Organization API Key for which you want to create a new access list entry.
NOTE: One of the following attributes must set:
cidrBlockoripAddressbut not both.- Org
Id string - Unique 24-hexadecimal digit string that identifies the organization that contains your projects.
- Cidr
Block string - Range of IP addresses in CIDR notation to be added to the access list. Your access list entry can include only one
cidrBlock, or oneipAddress. - Ip
Address string - Single IP address to be added to the access list.
- Api
Key stringId Unique identifier for the Organization API Key for which you want to create a new access list entry.
NOTE: One of the following attributes must set:
cidrBlockoripAddressbut not both.- Org
Id string - Unique 24-hexadecimal digit string that identifies the organization that contains your projects.
- Cidr
Block string - Range of IP addresses in CIDR notation to be added to the access list. Your access list entry can include only one
cidrBlock, or oneipAddress. - Ip
Address string - Single IP address to be added to the access list.
- api
Key StringId Unique identifier for the Organization API Key for which you want to create a new access list entry.
NOTE: One of the following attributes must set:
cidrBlockoripAddressbut not both.- org
Id String - Unique 24-hexadecimal digit string that identifies the organization that contains your projects.
- cidr
Block String - Range of IP addresses in CIDR notation to be added to the access list. Your access list entry can include only one
cidrBlock, or oneipAddress. - ip
Address String - Single IP address to be added to the access list.
- api
Key stringId Unique identifier for the Organization API Key for which you want to create a new access list entry.
NOTE: One of the following attributes must set:
cidrBlockoripAddressbut not both.- org
Id string - Unique 24-hexadecimal digit string that identifies the organization that contains your projects.
- cidr
Block string - Range of IP addresses in CIDR notation to be added to the access list. Your access list entry can include only one
cidrBlock, or oneipAddress. - ip
Address string - Single IP address to be added to the access list.
- api_
key_ strid Unique identifier for the Organization API Key for which you want to create a new access list entry.
NOTE: One of the following attributes must set:
cidrBlockoripAddressbut not both.- org_
id str - Unique 24-hexadecimal digit string that identifies the organization that contains your projects.
- cidr_
block str - Range of IP addresses in CIDR notation to be added to the access list. Your access list entry can include only one
cidrBlock, or oneipAddress. - ip_
address str - Single IP address to be added to the access list.
- api
Key StringId Unique identifier for the Organization API Key for which you want to create a new access list entry.
NOTE: One of the following attributes must set:
cidrBlockoripAddressbut not both.- org
Id String - Unique 24-hexadecimal digit string that identifies the organization that contains your projects.
- cidr
Block String - Range of IP addresses in CIDR notation to be added to the access list. Your access list entry can include only one
cidrBlock, or oneipAddress. - ip
Address String - Single IP address to be added to the access list.
Outputs
All input properties are implicitly available as output properties. Additionally, the AccessListApiKey resource produces the following output properties:
- Id string
- The provider-assigned unique ID for this managed resource.
- Id string
- The provider-assigned unique ID for this managed resource.
- id String
- The provider-assigned unique ID for this managed resource.
- id string
- The provider-assigned unique ID for this managed resource.
- id str
- The provider-assigned unique ID for this managed resource.
- id String
- The provider-assigned unique ID for this managed resource.
Look up Existing AccessListApiKey Resource
Get an existing AccessListApiKey resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
public static get(name: string, id: Input<ID>, state?: AccessListApiKeyState, opts?: CustomResourceOptions): AccessListApiKey@staticmethod
def get(resource_name: str,
id: str,
opts: Optional[ResourceOptions] = None,
api_key_id: Optional[str] = None,
cidr_block: Optional[str] = None,
ip_address: Optional[str] = None,
org_id: Optional[str] = None) -> AccessListApiKeyfunc GetAccessListApiKey(ctx *Context, name string, id IDInput, state *AccessListApiKeyState, opts ...ResourceOption) (*AccessListApiKey, error)public static AccessListApiKey Get(string name, Input<string> id, AccessListApiKeyState? state, CustomResourceOptions? opts = null)public static AccessListApiKey get(String name, Output<String> id, AccessListApiKeyState state, CustomResourceOptions options)resources: _: type: mongodbatlas:AccessListApiKey get: id: ${id}- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- resource_name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- Api
Key stringId Unique identifier for the Organization API Key for which you want to create a new access list entry.
NOTE: One of the following attributes must set:
cidrBlockoripAddressbut not both.- Cidr
Block string - Range of IP addresses in CIDR notation to be added to the access list. Your access list entry can include only one
cidrBlock, or oneipAddress. - Ip
Address string - Single IP address to be added to the access list.
- Org
Id string - Unique 24-hexadecimal digit string that identifies the organization that contains your projects.
- Api
Key stringId Unique identifier for the Organization API Key for which you want to create a new access list entry.
NOTE: One of the following attributes must set:
cidrBlockoripAddressbut not both.- Cidr
Block string - Range of IP addresses in CIDR notation to be added to the access list. Your access list entry can include only one
cidrBlock, or oneipAddress. - Ip
Address string - Single IP address to be added to the access list.
- Org
Id string - Unique 24-hexadecimal digit string that identifies the organization that contains your projects.
- api
Key StringId Unique identifier for the Organization API Key for which you want to create a new access list entry.
NOTE: One of the following attributes must set:
cidrBlockoripAddressbut not both.- cidr
Block String - Range of IP addresses in CIDR notation to be added to the access list. Your access list entry can include only one
cidrBlock, or oneipAddress. - ip
Address String - Single IP address to be added to the access list.
- org
Id String - Unique 24-hexadecimal digit string that identifies the organization that contains your projects.
- api
Key stringId Unique identifier for the Organization API Key for which you want to create a new access list entry.
NOTE: One of the following attributes must set:
cidrBlockoripAddressbut not both.- cidr
Block string - Range of IP addresses in CIDR notation to be added to the access list. Your access list entry can include only one
cidrBlock, or oneipAddress. - ip
Address string - Single IP address to be added to the access list.
- org
Id string - Unique 24-hexadecimal digit string that identifies the organization that contains your projects.
- api_
key_ strid Unique identifier for the Organization API Key for which you want to create a new access list entry.
NOTE: One of the following attributes must set:
cidrBlockoripAddressbut not both.- cidr_
block str - Range of IP addresses in CIDR notation to be added to the access list. Your access list entry can include only one
cidrBlock, or oneipAddress. - ip_
address str - Single IP address to be added to the access list.
- org_
id str - Unique 24-hexadecimal digit string that identifies the organization that contains your projects.
- api
Key StringId Unique identifier for the Organization API Key for which you want to create a new access list entry.
NOTE: One of the following attributes must set:
cidrBlockoripAddressbut not both.- cidr
Block String - Range of IP addresses in CIDR notation to be added to the access list. Your access list entry can include only one
cidrBlock, or oneipAddress. - ip
Address String - Single IP address to be added to the access list.
- org
Id String - Unique 24-hexadecimal digit string that identifies the organization that contains your projects.
Import
IP Access List entries can be imported using the orgId , apiKeyId and cidrBlock or ipAddress, e.g.
$ pulumi import mongodbatlas:index/accessListApiKey:AccessListApiKey test 5d0f1f74cf09a29120e123cd-a29120e123cd-10.242.88.0/21
For more information see: MongoDB Atlas API Reference.
To learn more about importing existing cloud resources, see Importing resources.
Package Details
- Repository
- MongoDB Atlas pulumi/pulumi-mongodbatlas
- License
- Apache-2.0
- Notes
- This Pulumi package is based on the
mongodbatlasTerraform Provider.
published on Tuesday, Mar 31, 2026 by Pulumi
