Docs Home Pulumi IaC Pulumi ESC Pulumi Insights Pulumi IDP Pulumi Cloud Packages Tutorials
  1. Packages
  2. Mongodbatlas Provider
  3. API Docs
  4. DatabaseUser
MongoDB Atlas v3.31.0 published on Tuesday, May 6, 2025 by Pulumi
pulumi/pulumi-mongodbatlas

mongodbatlas.DatabaseUser

Explore with Pulumi AI

mongodbatlas logo
MongoDB Atlas v3.31.0 published on Tuesday, May 6, 2025 by Pulumi
pulumi/pulumi-mongodbatlas

    # Resource: mongodbatlas.DatabaseUser

    mongodbatlas.DatabaseUser provides a Database User resource. This represents a database user which will be applied to all clusters within the project.

    Each user has a set of roles that provide access to the project’s databases. User’s roles apply to all the clusters in the project: if two clusters have a products database and a user has a role granting read access on the products database, the user has that access on both clusters.

    NOTE: Groups and projects are synonymous terms. You may find group_id in the official documentation.

    WARNING: The password argument is required for creation but should be removed after creation if it will be managed externally. More details can be found in the password argument documentation.

    IMPORTANT: All arguments including the password will be stored in the raw state as plain-text. Read more about sensitive data in state.

    Example Usage

    S

    import * as pulumi from "@pulumi/pulumi";
import * as mongodbatlas from "@pulumi/mongodbatlas";

const test = new mongodbatlas.DatabaseUser("test", {
    username: "test-acc-username",
    password: "test-acc-password",
    projectId: "<PROJECT-ID>",
    authDatabaseName: "admin",
    roles: [
        {
            roleName: "readWrite",
            databaseName: "dbforApp",
        },
        {
            roleName: "readAnyDatabase",
            databaseName: "admin",
        },
    ],
    labels: [{
        key: "My Key",
        value: "My Value",
    }],
    scopes: [
        {
            name: "My cluster name",
            type: "CLUSTER",
        },
        {
            name: "My second cluster name",
            type: "CLUSTER",
        },
    ],
});

    import pulumi
import pulumi_mongodbatlas as mongodbatlas

test = mongodbatlas.DatabaseUser("test",
    username="test-acc-username",
    password="test-acc-password",
    project_id="<PROJECT-ID>",
    auth_database_name="admin",
    roles=[
        {
            "role_name": "readWrite",
            "database_name": "dbforApp",
        },
        {
            "role_name": "readAnyDatabase",
            "database_name": "admin",
        },
    ],
    labels=[{
        "key": "My Key",
        "value": "My Value",
    }],
    scopes=[
        {
            "name": "My cluster name",
            "type": "CLUSTER",
        },
        {
            "name": "My second cluster name",
            "type": "CLUSTER",
        },
    ])

    package main

import (
	"github.com/pulumi/pulumi-mongodbatlas/sdk/v3/go/mongodbatlas"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := mongodbatlas.NewDatabaseUser(ctx, "test", &mongodbatlas.DatabaseUserArgs{
			Username:         pulumi.String("test-acc-username"),
			Password:         pulumi.String("test-acc-password"),
			ProjectId:        pulumi.String("<PROJECT-ID>"),
			AuthDatabaseName: pulumi.String("admin"),
			Roles: mongodbatlas.DatabaseUserRoleArray{
				&mongodbatlas.DatabaseUserRoleArgs{
					RoleName:     pulumi.String("readWrite"),
					DatabaseName: pulumi.String("dbforApp"),
				},
				&mongodbatlas.DatabaseUserRoleArgs{
					RoleName:     pulumi.String("readAnyDatabase"),
					DatabaseName: pulumi.String("admin"),
				},
			},
			Labels: mongodbatlas.DatabaseUserLabelArray{
				&mongodbatlas.DatabaseUserLabelArgs{
					Key:   pulumi.String("My Key"),
					Value: pulumi.String("My Value"),
				},
			},
			Scopes: mongodbatlas.DatabaseUserScopeArray{
				&mongodbatlas.DatabaseUserScopeArgs{
					Name: pulumi.String("My cluster name"),
					Type: pulumi.String("CLUSTER"),
				},
				&mongodbatlas.DatabaseUserScopeArgs{
					Name: pulumi.String("My second cluster name"),
					Type: pulumi.String("CLUSTER"),
				},
			},
		})
		if err != nil {
			return err
		}
		return nil
	})
}

    using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Mongodbatlas = Pulumi.Mongodbatlas;

return await Deployment.RunAsync(() => 
{
    var test = new Mongodbatlas.DatabaseUser("test", new()
    {
        Username = "test-acc-username",
        Password = "test-acc-password",
        ProjectId = "<PROJECT-ID>",
        AuthDatabaseName = "admin",
        Roles = new[]
        {
            new Mongodbatlas.Inputs.DatabaseUserRoleArgs
            {
                RoleName = "readWrite",
                DatabaseName = "dbforApp",
            },
            new Mongodbatlas.Inputs.DatabaseUserRoleArgs
            {
                RoleName = "readAnyDatabase",
                DatabaseName = "admin",
            },
        },
        Labels = new[]
        {
            new Mongodbatlas.Inputs.DatabaseUserLabelArgs
            {
                Key = "My Key",
                Value = "My Value",
            },
        },
        Scopes = new[]
        {
            new Mongodbatlas.Inputs.DatabaseUserScopeArgs
            {
                Name = "My cluster name",
                Type = "CLUSTER",
            },
            new Mongodbatlas.Inputs.DatabaseUserScopeArgs
            {
                Name = "My second cluster name",
                Type = "CLUSTER",
            },
        },
    });

});

    package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.mongodbatlas.DatabaseUser;
import com.pulumi.mongodbatlas.DatabaseUserArgs;
import com.pulumi.mongodbatlas.inputs.DatabaseUserRoleArgs;
import com.pulumi.mongodbatlas.inputs.DatabaseUserLabelArgs;
import com.pulumi.mongodbatlas.inputs.DatabaseUserScopeArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        var test = new DatabaseUser("test", DatabaseUserArgs.builder()
            .username("test-acc-username")
            .password("test-acc-password")
            .projectId("<PROJECT-ID>")
            .authDatabaseName("admin")
            .roles(            
                DatabaseUserRoleArgs.builder()
                    .roleName("readWrite")
                    .databaseName("dbforApp")
                    .build(),
                DatabaseUserRoleArgs.builder()
                    .roleName("readAnyDatabase")
                    .databaseName("admin")
                    .build())
            .labels(DatabaseUserLabelArgs.builder()
                .key("My Key")
                .value("My Value")
                .build())
            .scopes(            
                DatabaseUserScopeArgs.builder()
                    .name("My cluster name")
                    .type("CLUSTER")
                    .build(),
                DatabaseUserScopeArgs.builder()
                    .name("My second cluster name")
                    .type("CLUSTER")
                    .build())
            .build());

    }
}

    resources:
  test:
    type: mongodbatlas:DatabaseUser
    properties:
      username: test-acc-username
      password: test-acc-password
      projectId: <PROJECT-ID>
      authDatabaseName: admin
      roles:
        - roleName: readWrite
          databaseName: dbforApp
        - roleName: readAnyDatabase
          databaseName: admin
      labels:
        - key: My Key
          value: My Value
      scopes:
        - name: My cluster name
          type: CLUSTER
        - name: My second cluster name
          type: CLUSTER

    import * as pulumi from "@pulumi/pulumi";
import * as mongodbatlas from "@pulumi/mongodbatlas";

const test = new mongodbatlas.DatabaseUser("test", {
    username: "test-acc-username",
    x509Type: "MANAGED",
    projectId: "<PROJECT-ID>",
    authDatabaseName: "$external",
    roles: [{
        roleName: "readAnyDatabase",
        databaseName: "admin",
    }],
    labels: [{
        key: "%s",
        value: "%s",
    }],
    scopes: [{
        name: "My cluster name",
        type: "CLUSTER",
    }],
});

    import pulumi
import pulumi_mongodbatlas as mongodbatlas

test = mongodbatlas.DatabaseUser("test",
    username="test-acc-username",
    x509_type="MANAGED",
    project_id="<PROJECT-ID>",
    auth_database_name="$external",
    roles=[{
        "role_name": "readAnyDatabase",
        "database_name": "admin",
    }],
    labels=[{
        "key": "%s",
        "value": "%s",
    }],
    scopes=[{
        "name": "My cluster name",
        "type": "CLUSTER",
    }])

    package main

import (
	"github.com/pulumi/pulumi-mongodbatlas/sdk/v3/go/mongodbatlas"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := mongodbatlas.NewDatabaseUser(ctx, "test", &mongodbatlas.DatabaseUserArgs{
			Username:         pulumi.String("test-acc-username"),
			X509Type:         pulumi.String("MANAGED"),
			ProjectId:        pulumi.String("<PROJECT-ID>"),
			AuthDatabaseName: pulumi.String("$external"),
			Roles: mongodbatlas.DatabaseUserRoleArray{
				&mongodbatlas.DatabaseUserRoleArgs{
					RoleName:     pulumi.String("readAnyDatabase"),
					DatabaseName: pulumi.String("admin"),
				},
			},
			Labels: mongodbatlas.DatabaseUserLabelArray{
				&mongodbatlas.DatabaseUserLabelArgs{
					Key:   pulumi.String("%s"),
					Value: pulumi.String("%s"),
				},
			},
			Scopes: mongodbatlas.DatabaseUserScopeArray{
				&mongodbatlas.DatabaseUserScopeArgs{
					Name: pulumi.String("My cluster name"),
					Type: pulumi.String("CLUSTER"),
				},
			},
		})
		if err != nil {
			return err
		}
		return nil
	})
}

    using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Mongodbatlas = Pulumi.Mongodbatlas;

return await Deployment.RunAsync(() => 
{
    var test = new Mongodbatlas.DatabaseUser("test", new()
    {
        Username = "test-acc-username",
        X509Type = "MANAGED",
        ProjectId = "<PROJECT-ID>",
        AuthDatabaseName = "$external",
        Roles = new[]
        {
            new Mongodbatlas.Inputs.DatabaseUserRoleArgs
            {
                RoleName = "readAnyDatabase",
                DatabaseName = "admin",
            },
        },
        Labels = new[]
        {
            new Mongodbatlas.Inputs.DatabaseUserLabelArgs
            {
                Key = "%s",
                Value = "%s",
            },
        },
        Scopes = new[]
        {
            new Mongodbatlas.Inputs.DatabaseUserScopeArgs
            {
                Name = "My cluster name",
                Type = "CLUSTER",
            },
        },
    });

});

    package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.mongodbatlas.DatabaseUser;
import com.pulumi.mongodbatlas.DatabaseUserArgs;
import com.pulumi.mongodbatlas.inputs.DatabaseUserRoleArgs;
import com.pulumi.mongodbatlas.inputs.DatabaseUserLabelArgs;
import com.pulumi.mongodbatlas.inputs.DatabaseUserScopeArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        var test = new DatabaseUser("test", DatabaseUserArgs.builder()
            .username("test-acc-username")
            .x509Type("MANAGED")
            .projectId("<PROJECT-ID>")
            .authDatabaseName("$external")
            .roles(DatabaseUserRoleArgs.builder()
                .roleName("readAnyDatabase")
                .databaseName("admin")
                .build())
            .labels(DatabaseUserLabelArgs.builder()
                .key("%s")
                .value("%s")
                .build())
            .scopes(DatabaseUserScopeArgs.builder()
                .name("My cluster name")
                .type("CLUSTER")
                .build())
            .build());

    }
}

    resources:
  test:
    type: mongodbatlas:DatabaseUser
    properties:
      username: test-acc-username
      x509Type: MANAGED
      projectId: <PROJECT-ID>
      authDatabaseName: $external
      roles:
        - roleName: readAnyDatabase
          databaseName: admin
      labels:
        - key: '%s'
          value: '%s'
      scopes:
        - name: My cluster name
          type: CLUSTER

    import * as pulumi from "@pulumi/pulumi";
import * as mongodbatlas from "@pulumi/mongodbatlas";

const test = new mongodbatlas.DatabaseUser("test", {
    username: testAwsIamRole.arn,
    projectId: "<PROJECT-ID>",
    authDatabaseName: "$external",
    awsIamType: "ROLE",
    roles: [{
        roleName: "readAnyDatabase",
        databaseName: "admin",
    }],
    labels: [{
        key: "%s",
        value: "%s",
    }],
    scopes: [{
        name: "My cluster name",
        type: "CLUSTER",
    }],
});

    import pulumi
import pulumi_mongodbatlas as mongodbatlas

test = mongodbatlas.DatabaseUser("test",
    username=test_aws_iam_role["arn"],
    project_id="<PROJECT-ID>",
    auth_database_name="$external",
    aws_iam_type="ROLE",
    roles=[{
        "role_name": "readAnyDatabase",
        "database_name": "admin",
    }],
    labels=[{
        "key": "%s",
        "value": "%s",
    }],
    scopes=[{
        "name": "My cluster name",
        "type": "CLUSTER",
    }])

    package main

import (
	"github.com/pulumi/pulumi-mongodbatlas/sdk/v3/go/mongodbatlas"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := mongodbatlas.NewDatabaseUser(ctx, "test", &mongodbatlas.DatabaseUserArgs{
			Username:         pulumi.Any(testAwsIamRole.Arn),
			ProjectId:        pulumi.String("<PROJECT-ID>"),
			AuthDatabaseName: pulumi.String("$external"),
			AwsIamType:       pulumi.String("ROLE"),
			Roles: mongodbatlas.DatabaseUserRoleArray{
				&mongodbatlas.DatabaseUserRoleArgs{
					RoleName:     pulumi.String("readAnyDatabase"),
					DatabaseName: pulumi.String("admin"),
				},
			},
			Labels: mongodbatlas.DatabaseUserLabelArray{
				&mongodbatlas.DatabaseUserLabelArgs{
					Key:   pulumi.String("%s"),
					Value: pulumi.String("%s"),
				},
			},
			Scopes: mongodbatlas.DatabaseUserScopeArray{
				&mongodbatlas.DatabaseUserScopeArgs{
					Name: pulumi.String("My cluster name"),
					Type: pulumi.String("CLUSTER"),
				},
			},
		})
		if err != nil {
			return err
		}
		return nil
	})
}

    using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Mongodbatlas = Pulumi.Mongodbatlas;

return await Deployment.RunAsync(() => 
{
    var test = new Mongodbatlas.DatabaseUser("test", new()
    {
        Username = testAwsIamRole.Arn,
        ProjectId = "<PROJECT-ID>",
        AuthDatabaseName = "$external",
        AwsIamType = "ROLE",
        Roles = new[]
        {
            new Mongodbatlas.Inputs.DatabaseUserRoleArgs
            {
                RoleName = "readAnyDatabase",
                DatabaseName = "admin",
            },
        },
        Labels = new[]
        {
            new Mongodbatlas.Inputs.DatabaseUserLabelArgs
            {
                Key = "%s",
                Value = "%s",
            },
        },
        Scopes = new[]
        {
            new Mongodbatlas.Inputs.DatabaseUserScopeArgs
            {
                Name = "My cluster name",
                Type = "CLUSTER",
            },
        },
    });

});

    package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.mongodbatlas.DatabaseUser;
import com.pulumi.mongodbatlas.DatabaseUserArgs;
import com.pulumi.mongodbatlas.inputs.DatabaseUserRoleArgs;
import com.pulumi.mongodbatlas.inputs.DatabaseUserLabelArgs;
import com.pulumi.mongodbatlas.inputs.DatabaseUserScopeArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        var test = new DatabaseUser("test", DatabaseUserArgs.builder()
            .username(testAwsIamRole.arn())
            .projectId("<PROJECT-ID>")
            .authDatabaseName("$external")
            .awsIamType("ROLE")
            .roles(DatabaseUserRoleArgs.builder()
                .roleName("readAnyDatabase")
                .databaseName("admin")
                .build())
            .labels(DatabaseUserLabelArgs.builder()
                .key("%s")
                .value("%s")
                .build())
            .scopes(DatabaseUserScopeArgs.builder()
                .name("My cluster name")
                .type("CLUSTER")
                .build())
            .build());

    }
}

    resources:
  test:
    type: mongodbatlas:DatabaseUser
    properties:
      username: ${testAwsIamRole.arn}
      projectId: <PROJECT-ID>
      authDatabaseName: $external
      awsIamType: ROLE
      roles:
        - roleName: readAnyDatabase
          databaseName: admin
      labels:
        - key: '%s'
          value: '%s'
      scopes:
        - name: My cluster name
          type: CLUSTER

    Example of how to create a OIDC federated authentication user

    import * as pulumi from "@pulumi/pulumi";
import * as mongodbatlas from "@pulumi/mongodbatlas";

const test = new mongodbatlas.DatabaseUser("test", {
    username: "64d613677e1ad50839cce4db/testUserOr",
    projectId: "6414908c207f4d22f4d8f232",
    authDatabaseName: "admin",
    oidcAuthType: "IDP_GROUP",
    roles: [{
        roleName: "readWriteAnyDatabase",
        databaseName: "admin",
    }],
});

    import pulumi
import pulumi_mongodbatlas as mongodbatlas

test = mongodbatlas.DatabaseUser("test",
    username="64d613677e1ad50839cce4db/testUserOr",
    project_id="6414908c207f4d22f4d8f232",
    auth_database_name="admin",
    oidc_auth_type="IDP_GROUP",
    roles=[{
        "role_name": "readWriteAnyDatabase",
        "database_name": "admin",
    }])

    package main

import (
	"github.com/pulumi/pulumi-mongodbatlas/sdk/v3/go/mongodbatlas"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := mongodbatlas.NewDatabaseUser(ctx, "test", &mongodbatlas.DatabaseUserArgs{
			Username:         pulumi.String("64d613677e1ad50839cce4db/testUserOr"),
			ProjectId:        pulumi.String("6414908c207f4d22f4d8f232"),
			AuthDatabaseName: pulumi.String("admin"),
			OidcAuthType:     pulumi.String("IDP_GROUP"),
			Roles: mongodbatlas.DatabaseUserRoleArray{
				&mongodbatlas.DatabaseUserRoleArgs{
					RoleName:     pulumi.String("readWriteAnyDatabase"),
					DatabaseName: pulumi.String("admin"),
				},
			},
		})
		if err != nil {
			return err
		}
		return nil
	})
}

    using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Mongodbatlas = Pulumi.Mongodbatlas;

return await Deployment.RunAsync(() => 
{
    var test = new Mongodbatlas.DatabaseUser("test", new()
    {
        Username = "64d613677e1ad50839cce4db/testUserOr",
        ProjectId = "6414908c207f4d22f4d8f232",
        AuthDatabaseName = "admin",
        OidcAuthType = "IDP_GROUP",
        Roles = new[]
        {
            new Mongodbatlas.Inputs.DatabaseUserRoleArgs
            {
                RoleName = "readWriteAnyDatabase",
                DatabaseName = "admin",
            },
        },
    });

});

    package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.mongodbatlas.DatabaseUser;
import com.pulumi.mongodbatlas.DatabaseUserArgs;
import com.pulumi.mongodbatlas.inputs.DatabaseUserRoleArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        var test = new DatabaseUser("test", DatabaseUserArgs.builder()
            .username("64d613677e1ad50839cce4db/testUserOr")
            .projectId("6414908c207f4d22f4d8f232")
            .authDatabaseName("admin")
            .oidcAuthType("IDP_GROUP")
            .roles(DatabaseUserRoleArgs.builder()
                .roleName("readWriteAnyDatabase")
                .databaseName("admin")
                .build())
            .build());

    }
}

    resources:
  test:
    type: mongodbatlas:DatabaseUser
    properties:
      username: 64d613677e1ad50839cce4db/testUserOr
      projectId: 6414908c207f4d22f4d8f232
      authDatabaseName: admin
      oidcAuthType: IDP_GROUP
      roles:
        - roleName: readWriteAnyDatabase
          databaseName: admin

    username format: Atlas OIDC IdP ID (found in federation settings), followed by a ‘/’, followed by the IdP group name

    Note: OIDC support is only avalible starting in MongoDB 7.0 or later. To learn more, see the MongoDB Atlas documentation.

    Create DatabaseUser Resource

    Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.

    Constructor syntax

    new DatabaseUser(name: string, args: DatabaseUserArgs, opts?: CustomResourceOptions);
    @overload
def DatabaseUser(resource_name: str,
                 args: DatabaseUserArgs,
                 opts: Optional[ResourceOptions] = None)

@overload
def DatabaseUser(resource_name: str,
                 opts: Optional[ResourceOptions] = None,
                 auth_database_name: Optional[str] = None,
                 project_id: Optional[str] = None,
                 username: Optional[str] = None,
                 aws_iam_type: Optional[str] = None,
                 description: Optional[str] = None,
                 labels: Optional[Sequence[DatabaseUserLabelArgs]] = None,
                 ldap_auth_type: Optional[str] = None,
                 oidc_auth_type: Optional[str] = None,
                 password: Optional[str] = None,
                 roles: Optional[Sequence[DatabaseUserRoleArgs]] = None,
                 scopes: Optional[Sequence[DatabaseUserScopeArgs]] = None,
                 x509_type: Optional[str] = None)
    func NewDatabaseUser(ctx *Context, name string, args DatabaseUserArgs, opts ...ResourceOption) (*DatabaseUser, error)
    public DatabaseUser(string name, DatabaseUserArgs args, CustomResourceOptions? opts = null)
    public DatabaseUser(String name, DatabaseUserArgs args)
public DatabaseUser(String name, DatabaseUserArgs args, CustomResourceOptions options)

    type: mongodbatlas:DatabaseUser
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.

    Parameters

    name string
    The unique name of the resource.
    args DatabaseUserArgs
    The arguments to resource properties.
    opts CustomResourceOptions
    Bag of options to control resource's behavior.
    resource_name str
    The unique name of the resource.
    args DatabaseUserArgs
    The arguments to resource properties.
    opts ResourceOptions
    Bag of options to control resource's behavior.
    ctx Context
    Context object for the current deployment.
    name string
    The unique name of the resource.
    args DatabaseUserArgs
    The arguments to resource properties.
    opts ResourceOption
    Bag of options to control resource's behavior.
    name string
    The unique name of the resource.
    args DatabaseUserArgs
    The arguments to resource properties.
    opts CustomResourceOptions
    Bag of options to control resource's behavior.
    name String
    The unique name of the resource.
    args DatabaseUserArgs
    The arguments to resource properties.
    options CustomResourceOptions
    Bag of options to control resource's behavior.

    Constructor example

    The following reference example uses placeholder values for all input properties.

    var databaseUserResource = new Mongodbatlas.DatabaseUser("databaseUserResource", new()
{
    AuthDatabaseName = "string",
    ProjectId = "string",
    Username = "string",
    AwsIamType = "string",
    Description = "string",
    Labels = new[]
    {
        new Mongodbatlas.Inputs.DatabaseUserLabelArgs
        {
            Key = "string",
            Value = "string",
        },
    },
    LdapAuthType = "string",
    OidcAuthType = "string",
    Password = "string",
    Roles = new[]
    {
        new Mongodbatlas.Inputs.DatabaseUserRoleArgs
        {
            DatabaseName = "string",
            RoleName = "string",
            CollectionName = "string",
        },
    },
    Scopes = new[]
    {
        new Mongodbatlas.Inputs.DatabaseUserScopeArgs
        {
            Name = "string",
            Type = "string",
        },
    },
    X509Type = "string",
});

    example, err := mongodbatlas.NewDatabaseUser(ctx, "databaseUserResource", &mongodbatlas.DatabaseUserArgs{
	AuthDatabaseName: pulumi.String("string"),
	ProjectId:        pulumi.String("string"),
	Username:         pulumi.String("string"),
	AwsIamType:       pulumi.String("string"),
	Description:      pulumi.String("string"),
	Labels: mongodbatlas.DatabaseUserLabelArray{
		&mongodbatlas.DatabaseUserLabelArgs{
			Key:   pulumi.String("string"),
			Value: pulumi.String("string"),
		},
	},
	LdapAuthType: pulumi.String("string"),
	OidcAuthType: pulumi.String("string"),
	Password:     pulumi.String("string"),
	Roles: mongodbatlas.DatabaseUserRoleArray{
		&mongodbatlas.DatabaseUserRoleArgs{
			DatabaseName:   pulumi.String("string"),
			RoleName:       pulumi.String("string"),
			CollectionName: pulumi.String("string"),
		},
	},
	Scopes: mongodbatlas.DatabaseUserScopeArray{
		&mongodbatlas.DatabaseUserScopeArgs{
			Name: pulumi.String("string"),
			Type: pulumi.String("string"),
		},
	},
	X509Type: pulumi.String("string"),
})

    var databaseUserResource = new DatabaseUser("databaseUserResource", DatabaseUserArgs.builder()
    .authDatabaseName("string")
    .projectId("string")
    .username("string")
    .awsIamType("string")
    .description("string")
    .labels(DatabaseUserLabelArgs.builder()
        .key("string")
        .value("string")
        .build())
    .ldapAuthType("string")
    .oidcAuthType("string")
    .password("string")
    .roles(DatabaseUserRoleArgs.builder()
        .databaseName("string")
        .roleName("string")
        .collectionName("string")
        .build())
    .scopes(DatabaseUserScopeArgs.builder()
        .name("string")
        .type("string")
        .build())
    .x509Type("string")
    .build());

    database_user_resource = mongodbatlas.DatabaseUser("databaseUserResource",
    auth_database_name="string",
    project_id="string",
    username="string",
    aws_iam_type="string",
    description="string",
    labels=[{
        "key": "string",
        "value": "string",
    }],
    ldap_auth_type="string",
    oidc_auth_type="string",
    password="string",
    roles=[{
        "database_name": "string",
        "role_name": "string",
        "collection_name": "string",
    }],
    scopes=[{
        "name": "string",
        "type": "string",
    }],
    x509_type="string")

    const databaseUserResource = new mongodbatlas.DatabaseUser("databaseUserResource", {
    authDatabaseName: "string",
    projectId: "string",
    username: "string",
    awsIamType: "string",
    description: "string",
    labels: [{
        key: "string",
        value: "string",
    }],
    ldapAuthType: "string",
    oidcAuthType: "string",
    password: "string",
    roles: [{
        databaseName: "string",
        roleName: "string",
        collectionName: "string",
    }],
    scopes: [{
        name: "string",
        type: "string",
    }],
    x509Type: "string",
});

    type: mongodbatlas:DatabaseUser
properties:
    authDatabaseName: string
    awsIamType: string
    description: string
    labels:
        - key: string
          value: string
    ldapAuthType: string
    oidcAuthType: string
    password: string
    projectId: string
    roles:
        - collectionName: string
          databaseName: string
          roleName: string
    scopes:
        - name: string
          type: string
    username: string
    x509Type: string

    DatabaseUser Resource Properties

    To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

    Inputs

    In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.

    The DatabaseUser resource accepts the following input properties:

    AuthDatabaseName string
    Database against which Atlas authenticates the user. A user must provide both a username and authentication database to log into MongoDB. Accepted values include:
    ProjectId string
    The unique ID for the project to create the database user.
    Username string
    Username for authenticating to MongoDB. USER_ARN or ROLE_ARN if aws_iam_type is USER or ROLE.
    AwsIamType string
    If this value is set, the new database user authenticates with AWS IAM credentials. If no value is given, Atlas uses the default value of NONE. The accepted types are:

    • NONE - The user does not use AWS IAM credentials.
    • USER - New database user has AWS IAM user credentials.
    • ROLE - New database user has credentials associated with an AWS IAM role.
    Description string
    Description of this database user.
    Labels List<DatabaseUserLabel>
    LdapAuthType string
    Method by which the provided username is authenticated. If no value is given, Atlas uses the default value of NONE.

    • NONE - Atlas authenticates this user through SCRAM-SHA, not LDAP.
    • USER - LDAP server authenticates this user through the user's LDAP user. username must also be a fully qualified distinguished name, as defined in RFC-2253.
    • GROUP - LDAP server authenticates this user using their LDAP user and authorizes this user using their LDAP group. To learn more about LDAP security, see Set up User Authentication and Authorization with LDAP. username must also be a fully qualified distinguished name, as defined in RFC-2253.
    OidcAuthType string
    Human-readable label that indicates whether the new database user authenticates with OIDC (OpenID Connect) federated authentication. If no value is given, Atlas uses the default value of NONE. The accepted types are:

    Password string
    Roles List<DatabaseUserRole>
    List of user’s roles and the databases / collections on which the roles apply. A role allows the user to perform particular actions on the specified database. A role on the admin database can include privileges that apply to the other databases as well. See Roles below for more details.
    Scopes List<DatabaseUserScope>
    X509Type string
    X.509 method by which the provided username is authenticated. If no value is given, Atlas uses the default value of NONE. The accepted types are:

    • NONE - The user does not use X.509 authentication.
    • MANAGED - The user is being created for use with Atlas-managed X.509.Externally authenticated users can only be created on the $external database.
    • CUSTOMER - The user is being created for use with Self-Managed X.509. Users created with this x509Type require a Common Name (CN) in the username field. Externally authenticated users can only be created on the $external database.
    AuthDatabaseName string
    Database against which Atlas authenticates the user. A user must provide both a username and authentication database to log into MongoDB. Accepted values include:
    ProjectId string
    The unique ID for the project to create the database user.
    Username string
    Username for authenticating to MongoDB. USER_ARN or ROLE_ARN if aws_iam_type is USER or ROLE.
    AwsIamType string
    If this value is set, the new database user authenticates with AWS IAM credentials. If no value is given, Atlas uses the default value of NONE. The accepted types are:

    • NONE - The user does not use AWS IAM credentials.
    • USER - New database user has AWS IAM user credentials.
    • ROLE - New database user has credentials associated with an AWS IAM role.
    Description string
    Description of this database user.
    Labels []DatabaseUserLabelArgs
    LdapAuthType string
    Method by which the provided username is authenticated. If no value is given, Atlas uses the default value of NONE.

    • NONE - Atlas authenticates this user through SCRAM-SHA, not LDAP.
    • USER - LDAP server authenticates this user through the user's LDAP user. username must also be a fully qualified distinguished name, as defined in RFC-2253.
    • GROUP - LDAP server authenticates this user using their LDAP user and authorizes this user using their LDAP group. To learn more about LDAP security, see Set up User Authentication and Authorization with LDAP. username must also be a fully qualified distinguished name, as defined in RFC-2253.
    OidcAuthType string
    Human-readable label that indicates whether the new database user authenticates with OIDC (OpenID Connect) federated authentication. If no value is given, Atlas uses the default value of NONE. The accepted types are:

    Password string
    Roles []DatabaseUserRoleArgs
    List of user’s roles and the databases / collections on which the roles apply. A role allows the user to perform particular actions on the specified database. A role on the admin database can include privileges that apply to the other databases as well. See Roles below for more details.
    Scopes []DatabaseUserScopeArgs
    X509Type string
    X.509 method by which the provided username is authenticated. If no value is given, Atlas uses the default value of NONE. The accepted types are:

    • NONE - The user does not use X.509 authentication.
    • MANAGED - The user is being created for use with Atlas-managed X.509.Externally authenticated users can only be created on the $external database.
    • CUSTOMER - The user is being created for use with Self-Managed X.509. Users created with this x509Type require a Common Name (CN) in the username field. Externally authenticated users can only be created on the $external database.
    authDatabaseName String
    Database against which Atlas authenticates the user. A user must provide both a username and authentication database to log into MongoDB. Accepted values include:
    projectId String
    The unique ID for the project to create the database user.
    username String
    Username for authenticating to MongoDB. USER_ARN or ROLE_ARN if aws_iam_type is USER or ROLE.
    awsIamType String
    If this value is set, the new database user authenticates with AWS IAM credentials. If no value is given, Atlas uses the default value of NONE. The accepted types are:

    • NONE - The user does not use AWS IAM credentials.
    • USER - New database user has AWS IAM user credentials.
    • ROLE - New database user has credentials associated with an AWS IAM role.
    description String
    Description of this database user.
    labels List<DatabaseUserLabel>
    ldapAuthType String
    Method by which the provided username is authenticated. If no value is given, Atlas uses the default value of NONE.

    • NONE - Atlas authenticates this user through SCRAM-SHA, not LDAP.
    • USER - LDAP server authenticates this user through the user's LDAP user. username must also be a fully qualified distinguished name, as defined in RFC-2253.
    • GROUP - LDAP server authenticates this user using their LDAP user and authorizes this user using their LDAP group. To learn more about LDAP security, see Set up User Authentication and Authorization with LDAP. username must also be a fully qualified distinguished name, as defined in RFC-2253.
    oidcAuthType String
    Human-readable label that indicates whether the new database user authenticates with OIDC (OpenID Connect) federated authentication. If no value is given, Atlas uses the default value of NONE. The accepted types are:

    password String
    roles List<DatabaseUserRole>
    List of user’s roles and the databases / collections on which the roles apply. A role allows the user to perform particular actions on the specified database. A role on the admin database can include privileges that apply to the other databases as well. See Roles below for more details.
    scopes List<DatabaseUserScope>
    x509Type String
    X.509 method by which the provided username is authenticated. If no value is given, Atlas uses the default value of NONE. The accepted types are:

    • NONE - The user does not use X.509 authentication.
    • MANAGED - The user is being created for use with Atlas-managed X.509.Externally authenticated users can only be created on the $external database.
    • CUSTOMER - The user is being created for use with Self-Managed X.509. Users created with this x509Type require a Common Name (CN) in the username field. Externally authenticated users can only be created on the $external database.
    authDatabaseName string
    Database against which Atlas authenticates the user. A user must provide both a username and authentication database to log into MongoDB. Accepted values include:
    projectId string
    The unique ID for the project to create the database user.
    username string
    Username for authenticating to MongoDB. USER_ARN or ROLE_ARN if aws_iam_type is USER or ROLE.
    awsIamType string
    If this value is set, the new database user authenticates with AWS IAM credentials. If no value is given, Atlas uses the default value of NONE. The accepted types are:

    • NONE - The user does not use AWS IAM credentials.
    • USER - New database user has AWS IAM user credentials.
    • ROLE - New database user has credentials associated with an AWS IAM role.
    description string
    Description of this database user.
    labels DatabaseUserLabel[]
    ldapAuthType string
    Method by which the provided username is authenticated. If no value is given, Atlas uses the default value of NONE.

    • NONE - Atlas authenticates this user through SCRAM-SHA, not LDAP.
    • USER - LDAP server authenticates this user through the user's LDAP user. username must also be a fully qualified distinguished name, as defined in RFC-2253.
    • GROUP - LDAP server authenticates this user using their LDAP user and authorizes this user using their LDAP group. To learn more about LDAP security, see Set up User Authentication and Authorization with LDAP. username must also be a fully qualified distinguished name, as defined in RFC-2253.
    oidcAuthType string
    Human-readable label that indicates whether the new database user authenticates with OIDC (OpenID Connect) federated authentication. If no value is given, Atlas uses the default value of NONE. The accepted types are:

    password string
    roles DatabaseUserRole[]
    List of user’s roles and the databases / collections on which the roles apply. A role allows the user to perform particular actions on the specified database. A role on the admin database can include privileges that apply to the other databases as well. See Roles below for more details.
    scopes DatabaseUserScope[]
    x509Type string
    X.509 method by which the provided username is authenticated. If no value is given, Atlas uses the default value of NONE. The accepted types are:

    • NONE - The user does not use X.509 authentication.
    • MANAGED - The user is being created for use with Atlas-managed X.509.Externally authenticated users can only be created on the $external database.
    • CUSTOMER - The user is being created for use with Self-Managed X.509. Users created with this x509Type require a Common Name (CN) in the username field. Externally authenticated users can only be created on the $external database.
    auth_database_name str
    Database against which Atlas authenticates the user. A user must provide both a username and authentication database to log into MongoDB. Accepted values include:
    project_id str
    The unique ID for the project to create the database user.
    username str
    Username for authenticating to MongoDB. USER_ARN or ROLE_ARN if aws_iam_type is USER or ROLE.
    aws_iam_type str
    If this value is set, the new database user authenticates with AWS IAM credentials. If no value is given, Atlas uses the default value of NONE. The accepted types are:

    • NONE - The user does not use AWS IAM credentials.
    • USER - New database user has AWS IAM user credentials.
    • ROLE - New database user has credentials associated with an AWS IAM role.
    description str
    Description of this database user.
    labels Sequence[DatabaseUserLabelArgs]
    ldap_auth_type str
    Method by which the provided username is authenticated. If no value is given, Atlas uses the default value of NONE.

    • NONE - Atlas authenticates this user through SCRAM-SHA, not LDAP.
    • USER - LDAP server authenticates this user through the user's LDAP user. username must also be a fully qualified distinguished name, as defined in RFC-2253.
    • GROUP - LDAP server authenticates this user using their LDAP user and authorizes this user using their LDAP group. To learn more about LDAP security, see Set up User Authentication and Authorization with LDAP. username must also be a fully qualified distinguished name, as defined in RFC-2253.
    oidc_auth_type str
    Human-readable label that indicates whether the new database user authenticates with OIDC (OpenID Connect) federated authentication. If no value is given, Atlas uses the default value of NONE. The accepted types are:

    password str
    roles Sequence[DatabaseUserRoleArgs]
    List of user’s roles and the databases / collections on which the roles apply. A role allows the user to perform particular actions on the specified database. A role on the admin database can include privileges that apply to the other databases as well. See Roles below for more details.
    scopes Sequence[DatabaseUserScopeArgs]
    x509_type str
    X.509 method by which the provided username is authenticated. If no value is given, Atlas uses the default value of NONE. The accepted types are:

    • NONE - The user does not use X.509 authentication.
    • MANAGED - The user is being created for use with Atlas-managed X.509.Externally authenticated users can only be created on the $external database.
    • CUSTOMER - The user is being created for use with Self-Managed X.509. Users created with this x509Type require a Common Name (CN) in the username field. Externally authenticated users can only be created on the $external database.
    authDatabaseName String
    Database against which Atlas authenticates the user. A user must provide both a username and authentication database to log into MongoDB. Accepted values include:
    projectId String
    The unique ID for the project to create the database user.
    username String
    Username for authenticating to MongoDB. USER_ARN or ROLE_ARN if aws_iam_type is USER or ROLE.
    awsIamType String
    If this value is set, the new database user authenticates with AWS IAM credentials. If no value is given, Atlas uses the default value of NONE. The accepted types are:

    • NONE - The user does not use AWS IAM credentials.
    • USER - New database user has AWS IAM user credentials.
    • ROLE - New database user has credentials associated with an AWS IAM role.
    description String
    Description of this database user.
    labels List<Property Map>
    ldapAuthType String
    Method by which the provided username is authenticated. If no value is given, Atlas uses the default value of NONE.

    • NONE - Atlas authenticates this user through SCRAM-SHA, not LDAP.
    • USER - LDAP server authenticates this user through the user's LDAP user. username must also be a fully qualified distinguished name, as defined in RFC-2253.
    • GROUP - LDAP server authenticates this user using their LDAP user and authorizes this user using their LDAP group. To learn more about LDAP security, see Set up User Authentication and Authorization with LDAP. username must also be a fully qualified distinguished name, as defined in RFC-2253.
    oidcAuthType String
    Human-readable label that indicates whether the new database user authenticates with OIDC (OpenID Connect) federated authentication. If no value is given, Atlas uses the default value of NONE. The accepted types are:

    password String
    roles List<Property Map>
    List of user’s roles and the databases / collections on which the roles apply. A role allows the user to perform particular actions on the specified database. A role on the admin database can include privileges that apply to the other databases as well. See Roles below for more details.
    scopes List<Property Map>
    x509Type String
    X.509 method by which the provided username is authenticated. If no value is given, Atlas uses the default value of NONE. The accepted types are:

    • NONE - The user does not use X.509 authentication.
    • MANAGED - The user is being created for use with Atlas-managed X.509.Externally authenticated users can only be created on the $external database.
    • CUSTOMER - The user is being created for use with Self-Managed X.509. Users created with this x509Type require a Common Name (CN) in the username field. Externally authenticated users can only be created on the $external database.

    Outputs

    All input properties are implicitly available as output properties. Additionally, the DatabaseUser resource produces the following output properties:

    Id string
    The provider-assigned unique ID for this managed resource.
    Id string
    The provider-assigned unique ID for this managed resource.
    id String
    The provider-assigned unique ID for this managed resource.
    id string
    The provider-assigned unique ID for this managed resource.
    id str
    The provider-assigned unique ID for this managed resource.
    id String
    The provider-assigned unique ID for this managed resource.

    Look up Existing DatabaseUser Resource

    Get an existing DatabaseUser resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

    public static get(name: string, id: Input<ID>, state?: DatabaseUserState, opts?: CustomResourceOptions): DatabaseUser
    @staticmethod
def get(resource_name: str,
        id: str,
        opts: Optional[ResourceOptions] = None,
        auth_database_name: Optional[str] = None,
        aws_iam_type: Optional[str] = None,
        description: Optional[str] = None,
        labels: Optional[Sequence[DatabaseUserLabelArgs]] = None,
        ldap_auth_type: Optional[str] = None,
        oidc_auth_type: Optional[str] = None,
        password: Optional[str] = None,
        project_id: Optional[str] = None,
        roles: Optional[Sequence[DatabaseUserRoleArgs]] = None,
        scopes: Optional[Sequence[DatabaseUserScopeArgs]] = None,
        username: Optional[str] = None,
        x509_type: Optional[str] = None) -> DatabaseUser
    func GetDatabaseUser(ctx *Context, name string, id IDInput, state *DatabaseUserState, opts ...ResourceOption) (*DatabaseUser, error)
    public static DatabaseUser Get(string name, Input<string> id, DatabaseUserState? state, CustomResourceOptions? opts = null)
    public static DatabaseUser get(String name, Output<String> id, DatabaseUserState state, CustomResourceOptions options)
    resources:  _:    type: mongodbatlas:DatabaseUser    get:      id: ${id}
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    resource_name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    The following state arguments are supported:
    AuthDatabaseName string
    Database against which Atlas authenticates the user. A user must provide both a username and authentication database to log into MongoDB. Accepted values include:
    AwsIamType string
    If this value is set, the new database user authenticates with AWS IAM credentials. If no value is given, Atlas uses the default value of NONE. The accepted types are:

    • NONE - The user does not use AWS IAM credentials.
    • USER - New database user has AWS IAM user credentials.
    • ROLE - New database user has credentials associated with an AWS IAM role.
    Description string
    Description of this database user.
    Labels List<DatabaseUserLabel>
    LdapAuthType string
    Method by which the provided username is authenticated. If no value is given, Atlas uses the default value of NONE.

    • NONE - Atlas authenticates this user through SCRAM-SHA, not LDAP.
    • USER - LDAP server authenticates this user through the user's LDAP user. username must also be a fully qualified distinguished name, as defined in RFC-2253.
    • GROUP - LDAP server authenticates this user using their LDAP user and authorizes this user using their LDAP group. To learn more about LDAP security, see Set up User Authentication and Authorization with LDAP. username must also be a fully qualified distinguished name, as defined in RFC-2253.
    OidcAuthType string
    Human-readable label that indicates whether the new database user authenticates with OIDC (OpenID Connect) federated authentication. If no value is given, Atlas uses the default value of NONE. The accepted types are:

    Password string
    ProjectId string
    The unique ID for the project to create the database user.
    Roles List<DatabaseUserRole>
    List of user’s roles and the databases / collections on which the roles apply. A role allows the user to perform particular actions on the specified database. A role on the admin database can include privileges that apply to the other databases as well. See Roles below for more details.
    Scopes List<DatabaseUserScope>
    Username string
    Username for authenticating to MongoDB. USER_ARN or ROLE_ARN if aws_iam_type is USER or ROLE.
    X509Type string
    X.509 method by which the provided username is authenticated. If no value is given, Atlas uses the default value of NONE. The accepted types are:

    • NONE - The user does not use X.509 authentication.
    • MANAGED - The user is being created for use with Atlas-managed X.509.Externally authenticated users can only be created on the $external database.
    • CUSTOMER - The user is being created for use with Self-Managed X.509. Users created with this x509Type require a Common Name (CN) in the username field. Externally authenticated users can only be created on the $external database.
    AuthDatabaseName string
    Database against which Atlas authenticates the user. A user must provide both a username and authentication database to log into MongoDB. Accepted values include:
    AwsIamType string
    If this value is set, the new database user authenticates with AWS IAM credentials. If no value is given, Atlas uses the default value of NONE. The accepted types are:

    • NONE - The user does not use AWS IAM credentials.
    • USER - New database user has AWS IAM user credentials.
    • ROLE - New database user has credentials associated with an AWS IAM role.
    Description string
    Description of this database user.
    Labels []DatabaseUserLabelArgs
    LdapAuthType string
    Method by which the provided username is authenticated. If no value is given, Atlas uses the default value of NONE.

    • NONE - Atlas authenticates this user through SCRAM-SHA, not LDAP.
    • USER - LDAP server authenticates this user through the user's LDAP user. username must also be a fully qualified distinguished name, as defined in RFC-2253.
    • GROUP - LDAP server authenticates this user using their LDAP user and authorizes this user using their LDAP group. To learn more about LDAP security, see Set up User Authentication and Authorization with LDAP. username must also be a fully qualified distinguished name, as defined in RFC-2253.
    OidcAuthType string
    Human-readable label that indicates whether the new database user authenticates with OIDC (OpenID Connect) federated authentication. If no value is given, Atlas uses the default value of NONE. The accepted types are:

    Password string
    ProjectId string
    The unique ID for the project to create the database user.
    Roles []DatabaseUserRoleArgs
    List of user’s roles and the databases / collections on which the roles apply. A role allows the user to perform particular actions on the specified database. A role on the admin database can include privileges that apply to the other databases as well. See Roles below for more details.
    Scopes []DatabaseUserScopeArgs
    Username string
    Username for authenticating to MongoDB. USER_ARN or ROLE_ARN if aws_iam_type is USER or ROLE.
    X509Type string
    X.509 method by which the provided username is authenticated. If no value is given, Atlas uses the default value of NONE. The accepted types are:

    • NONE - The user does not use X.509 authentication.
    • MANAGED - The user is being created for use with Atlas-managed X.509.Externally authenticated users can only be created on the $external database.
    • CUSTOMER - The user is being created for use with Self-Managed X.509. Users created with this x509Type require a Common Name (CN) in the username field. Externally authenticated users can only be created on the $external database.
    authDatabaseName String
    Database against which Atlas authenticates the user. A user must provide both a username and authentication database to log into MongoDB. Accepted values include:
    awsIamType String
    If this value is set, the new database user authenticates with AWS IAM credentials. If no value is given, Atlas uses the default value of NONE. The accepted types are:

    • NONE - The user does not use AWS IAM credentials.
    • USER - New database user has AWS IAM user credentials.
    • ROLE - New database user has credentials associated with an AWS IAM role.
    description String
    Description of this database user.
    labels List<DatabaseUserLabel>
    ldapAuthType String
    Method by which the provided username is authenticated. If no value is given, Atlas uses the default value of NONE.

    • NONE - Atlas authenticates this user through SCRAM-SHA, not LDAP.
    • USER - LDAP server authenticates this user through the user's LDAP user. username must also be a fully qualified distinguished name, as defined in RFC-2253.
    • GROUP - LDAP server authenticates this user using their LDAP user and authorizes this user using their LDAP group. To learn more about LDAP security, see Set up User Authentication and Authorization with LDAP. username must also be a fully qualified distinguished name, as defined in RFC-2253.
    oidcAuthType String
    Human-readable label that indicates whether the new database user authenticates with OIDC (OpenID Connect) federated authentication. If no value is given, Atlas uses the default value of NONE. The accepted types are:

    password String
    projectId String
    The unique ID for the project to create the database user.
    roles List<DatabaseUserRole>
    List of user’s roles and the databases / collections on which the roles apply. A role allows the user to perform particular actions on the specified database. A role on the admin database can include privileges that apply to the other databases as well. See Roles below for more details.
    scopes List<DatabaseUserScope>
    username String
    Username for authenticating to MongoDB. USER_ARN or ROLE_ARN if aws_iam_type is USER or ROLE.
    x509Type String
    X.509 method by which the provided username is authenticated. If no value is given, Atlas uses the default value of NONE. The accepted types are:

    • NONE - The user does not use X.509 authentication.
    • MANAGED - The user is being created for use with Atlas-managed X.509.Externally authenticated users can only be created on the $external database.
    • CUSTOMER - The user is being created for use with Self-Managed X.509. Users created with this x509Type require a Common Name (CN) in the username field. Externally authenticated users can only be created on the $external database.
    authDatabaseName string
    Database against which Atlas authenticates the user. A user must provide both a username and authentication database to log into MongoDB. Accepted values include:
    awsIamType string
    If this value is set, the new database user authenticates with AWS IAM credentials. If no value is given, Atlas uses the default value of NONE. The accepted types are:

    • NONE - The user does not use AWS IAM credentials.
    • USER - New database user has AWS IAM user credentials.
    • ROLE - New database user has credentials associated with an AWS IAM role.
    description string
    Description of this database user.
    labels DatabaseUserLabel[]
    ldapAuthType string
    Method by which the provided username is authenticated. If no value is given, Atlas uses the default value of NONE.

    • NONE - Atlas authenticates this user through SCRAM-SHA, not LDAP.
    • USER - LDAP server authenticates this user through the user's LDAP user. username must also be a fully qualified distinguished name, as defined in RFC-2253.
    • GROUP - LDAP server authenticates this user using their LDAP user and authorizes this user using their LDAP group. To learn more about LDAP security, see Set up User Authentication and Authorization with LDAP. username must also be a fully qualified distinguished name, as defined in RFC-2253.
    oidcAuthType string
    Human-readable label that indicates whether the new database user authenticates with OIDC (OpenID Connect) federated authentication. If no value is given, Atlas uses the default value of NONE. The accepted types are:

    password string
    projectId string
    The unique ID for the project to create the database user.
    roles DatabaseUserRole[]
    List of user’s roles and the databases / collections on which the roles apply. A role allows the user to perform particular actions on the specified database. A role on the admin database can include privileges that apply to the other databases as well. See Roles below for more details.
    scopes DatabaseUserScope[]
    username string
    Username for authenticating to MongoDB. USER_ARN or ROLE_ARN if aws_iam_type is USER or ROLE.
    x509Type string
    X.509 method by which the provided username is authenticated. If no value is given, Atlas uses the default value of NONE. The accepted types are:

    • NONE - The user does not use X.509 authentication.
    • MANAGED - The user is being created for use with Atlas-managed X.509.Externally authenticated users can only be created on the $external database.
    • CUSTOMER - The user is being created for use with Self-Managed X.509. Users created with this x509Type require a Common Name (CN) in the username field. Externally authenticated users can only be created on the $external database.
    auth_database_name str
    Database against which Atlas authenticates the user. A user must provide both a username and authentication database to log into MongoDB. Accepted values include:
    aws_iam_type str
    If this value is set, the new database user authenticates with AWS IAM credentials. If no value is given, Atlas uses the default value of NONE. The accepted types are:

    • NONE - The user does not use AWS IAM credentials.
    • USER - New database user has AWS IAM user credentials.
    • ROLE - New database user has credentials associated with an AWS IAM role.
    description str
    Description of this database user.
    labels Sequence[DatabaseUserLabelArgs]
    ldap_auth_type str
    Method by which the provided username is authenticated. If no value is given, Atlas uses the default value of NONE.

    • NONE - Atlas authenticates this user through SCRAM-SHA, not LDAP.
    • USER - LDAP server authenticates this user through the user's LDAP user. username must also be a fully qualified distinguished name, as defined in RFC-2253.
    • GROUP - LDAP server authenticates this user using their LDAP user and authorizes this user using their LDAP group. To learn more about LDAP security, see Set up User Authentication and Authorization with LDAP. username must also be a fully qualified distinguished name, as defined in RFC-2253.
    oidc_auth_type str
    Human-readable label that indicates whether the new database user authenticates with OIDC (OpenID Connect) federated authentication. If no value is given, Atlas uses the default value of NONE. The accepted types are:

    password str
    project_id str
    The unique ID for the project to create the database user.
    roles Sequence[DatabaseUserRoleArgs]
    List of user’s roles and the databases / collections on which the roles apply. A role allows the user to perform particular actions on the specified database. A role on the admin database can include privileges that apply to the other databases as well. See Roles below for more details.
    scopes Sequence[DatabaseUserScopeArgs]
    username str
    Username for authenticating to MongoDB. USER_ARN or ROLE_ARN if aws_iam_type is USER or ROLE.
    x509_type str
    X.509 method by which the provided username is authenticated. If no value is given, Atlas uses the default value of NONE. The accepted types are:

    • NONE - The user does not use X.509 authentication.
    • MANAGED - The user is being created for use with Atlas-managed X.509.Externally authenticated users can only be created on the $external database.
    • CUSTOMER - The user is being created for use with Self-Managed X.509. Users created with this x509Type require a Common Name (CN) in the username field. Externally authenticated users can only be created on the $external database.
    authDatabaseName String
    Database against which Atlas authenticates the user. A user must provide both a username and authentication database to log into MongoDB. Accepted values include:
    awsIamType String
    If this value is set, the new database user authenticates with AWS IAM credentials. If no value is given, Atlas uses the default value of NONE. The accepted types are:

    • NONE - The user does not use AWS IAM credentials.
    • USER - New database user has AWS IAM user credentials.
    • ROLE - New database user has credentials associated with an AWS IAM role.
    description String
    Description of this database user.
    labels List<Property Map>
    ldapAuthType String
    Method by which the provided username is authenticated. If no value is given, Atlas uses the default value of NONE.

    • NONE - Atlas authenticates this user through SCRAM-SHA, not LDAP.
    • USER - LDAP server authenticates this user through the user's LDAP user. username must also be a fully qualified distinguished name, as defined in RFC-2253.
    • GROUP - LDAP server authenticates this user using their LDAP user and authorizes this user using their LDAP group. To learn more about LDAP security, see Set up User Authentication and Authorization with LDAP. username must also be a fully qualified distinguished name, as defined in RFC-2253.
    oidcAuthType String
    Human-readable label that indicates whether the new database user authenticates with OIDC (OpenID Connect) federated authentication. If no value is given, Atlas uses the default value of NONE. The accepted types are:

    password String
    projectId String
    The unique ID for the project to create the database user.
    roles List<Property Map>
    List of user’s roles and the databases / collections on which the roles apply. A role allows the user to perform particular actions on the specified database. A role on the admin database can include privileges that apply to the other databases as well. See Roles below for more details.
    scopes List<Property Map>
    username String
    Username for authenticating to MongoDB. USER_ARN or ROLE_ARN if aws_iam_type is USER or ROLE.
    x509Type String
    X.509 method by which the provided username is authenticated. If no value is given, Atlas uses the default value of NONE. The accepted types are:

    • NONE - The user does not use X.509 authentication.
    • MANAGED - The user is being created for use with Atlas-managed X.509.Externally authenticated users can only be created on the $external database.
    • CUSTOMER - The user is being created for use with Self-Managed X.509. Users created with this x509Type require a Common Name (CN) in the username field. Externally authenticated users can only be created on the $external database.

    Supporting Types

    DatabaseUserLabel, DatabaseUserLabelArgs

    Key string
    The key that you want to write.
    Value string
    The value that you want to write.
    Key string
    The key that you want to write.
    Value string
    The value that you want to write.
    key String
    The key that you want to write.
    value String
    The value that you want to write.
    key string
    The key that you want to write.
    value string
    The value that you want to write.
    key str
    The key that you want to write.
    value str
    The value that you want to write.
    key String
    The key that you want to write.
    value String
    The value that you want to write.

    DatabaseUserRole, DatabaseUserRoleArgs

    DatabaseName string
    Database on which the user has the specified role. A role on the admin database can include privileges that apply to the other databases. This field should be set to admin for a custom MongoDB role.
    RoleName string
    Name of the role to grant. See Create a Database User roles.roleName for valid values and restrictions.
    CollectionName string
    Collection for which the role applies. You can specify a collection for the read and readWrite roles. If you do not specify a collection for read and readWrite, the role applies to all collections in the database (excluding some collections in the system. database).
    DatabaseName string
    Database on which the user has the specified role. A role on the admin database can include privileges that apply to the other databases. This field should be set to admin for a custom MongoDB role.
    RoleName string
    Name of the role to grant. See Create a Database User roles.roleName for valid values and restrictions.
    CollectionName string
    Collection for which the role applies. You can specify a collection for the read and readWrite roles. If you do not specify a collection for read and readWrite, the role applies to all collections in the database (excluding some collections in the system. database).
    databaseName String
    Database on which the user has the specified role. A role on the admin database can include privileges that apply to the other databases. This field should be set to admin for a custom MongoDB role.
    roleName String
    Name of the role to grant. See Create a Database User roles.roleName for valid values and restrictions.
    collectionName String
    Collection for which the role applies. You can specify a collection for the read and readWrite roles. If you do not specify a collection for read and readWrite, the role applies to all collections in the database (excluding some collections in the system. database).
    databaseName string
    Database on which the user has the specified role. A role on the admin database can include privileges that apply to the other databases. This field should be set to admin for a custom MongoDB role.
    roleName string
    Name of the role to grant. See Create a Database User roles.roleName for valid values and restrictions.
    collectionName string
    Collection for which the role applies. You can specify a collection for the read and readWrite roles. If you do not specify a collection for read and readWrite, the role applies to all collections in the database (excluding some collections in the system. database).
    database_name str
    Database on which the user has the specified role. A role on the admin database can include privileges that apply to the other databases. This field should be set to admin for a custom MongoDB role.
    role_name str
    Name of the role to grant. See Create a Database User roles.roleName for valid values and restrictions.
    collection_name str
    Collection for which the role applies. You can specify a collection for the read and readWrite roles. If you do not specify a collection for read and readWrite, the role applies to all collections in the database (excluding some collections in the system. database).
    databaseName String
    Database on which the user has the specified role. A role on the admin database can include privileges that apply to the other databases. This field should be set to admin for a custom MongoDB role.
    roleName String
    Name of the role to grant. See Create a Database User roles.roleName for valid values and restrictions.
    collectionName String
    Collection for which the role applies. You can specify a collection for the read and readWrite roles. If you do not specify a collection for read and readWrite, the role applies to all collections in the database (excluding some collections in the system. database).

    DatabaseUserScope, DatabaseUserScopeArgs

    Name string
    Name of the cluster or Atlas Data Lake that the user has access to.
    Type string
    Type of resource that the user has access to. See Database User API for the list of valid values.
    Name string
    Name of the cluster or Atlas Data Lake that the user has access to.
    Type string
    Type of resource that the user has access to. See Database User API for the list of valid values.
    name String
    Name of the cluster or Atlas Data Lake that the user has access to.
    type String
    Type of resource that the user has access to. See Database User API for the list of valid values.
    name string
    Name of the cluster or Atlas Data Lake that the user has access to.
    type string
    Type of resource that the user has access to. See Database User API for the list of valid values.
    name str
    Name of the cluster or Atlas Data Lake that the user has access to.
    type str
    Type of resource that the user has access to. See Database User API for the list of valid values.
    name String
    Name of the cluster or Atlas Data Lake that the user has access to.
    type String
    Type of resource that the user has access to. See Database User API for the list of valid values.

    Import

    Database users can be imported using project ID, username, and auth database name in the format:

    1. project_id-username-auth_database_name Doesn’t work if - is used in both the username and the auth_database_name. For example my-username and my-db should use (2).

    2. project_id/username/auth_database_name Works when neither username nor auth_database_name use /.

    $ pulumi import mongodbatlas:index/databaseUser:DatabaseUser my_user 1112222b3bf99403840e8934-my_user-admin # (1)

    $ pulumi import mongodbatlas:index/databaseUser:DatabaseUser my_user 1112222b3bf99403840e8934/my-username-dash/my-db-name # (2)

    To learn more about importing existing cloud resources, see Importing resources.

    Package Details

    Repository
    MongoDB Atlas pulumi/pulumi-mongodbatlas
    License
    Apache-2.0
    Notes
    This Pulumi package is based on the mongodbatlas Terraform Provider.
    mongodbatlas logo
    MongoDB Atlas v3.31.0 published on Tuesday, May 6, 2025 by Pulumi
    pulumi/pulumi-mongodbatlas