MongoDB Atlas v4.3.0 published on Thursday, Feb 5, 2026 by Pulumi
MongoDB Atlas v4.3.0 published on Thursday, Feb 5, 2026 by Pulumi
mongodbatlas.LogIntegration describes the configuration for a log integration identified by its unique ID. Log integrations are managed at the project level and allow you to continually export mongod, mongos, and audit logs to an AWS S3 bucket with 1-minute log export intervals.
To use this data source, the requesting Service Account or API Key must have the Organization Owner or Project Owner role.
Example Usage
import * as pulumi from "@pulumi/pulumi";
import * as mongodbatlas from "@pulumi/mongodbatlas";
const project = new mongodbatlas.Project("project", {
name: atlasProjectName,
orgId: atlasOrgId,
});
// Set up cloud provider access in Atlas using the created IAM role
const setupOnly = new mongodbatlas.CloudProviderAccessSetup("setup_only", {
projectId: project.id,
providerName: "AWS",
});
const authRole = new mongodbatlas.CloudProviderAccessAuthorization("auth_role", {
projectId: project.id,
roleId: setupOnly.roleId,
aws: {
iamAssumedRoleArn: atlasRole.arn,
},
});
// Set up log integration with authorized IAM role
const exampleLogIntegration = new mongodbatlas.LogIntegration("example", {
projectId: project.id,
bucketName: logBucket.bucket,
iamRoleId: authRole.roleId,
prefixPath: "atlas-logs",
type: "S3_LOG_EXPORT",
logTypes: ["MONGOD_AUDIT"],
});
const example = mongodbatlas.getLogIntegrationOutput({
projectId: exampleLogIntegration.projectId,
integrationId: exampleLogIntegration.integrationId,
});
const exampleGetLogIntegrations = mongodbatlas.getLogIntegrationsOutput({
projectId: exampleLogIntegration.projectId,
});
export const logIntegrationBucketName = example.apply(example => example.bucketName);
export const logIntegrationsResults = exampleGetLogIntegrations.apply(exampleGetLogIntegrations => exampleGetLogIntegrations.results);
import pulumi
import pulumi_mongodbatlas as mongodbatlas
project = mongodbatlas.Project("project",
name=atlas_project_name,
org_id=atlas_org_id)
# Set up cloud provider access in Atlas using the created IAM role
setup_only = mongodbatlas.CloudProviderAccessSetup("setup_only",
project_id=project.id,
provider_name="AWS")
auth_role = mongodbatlas.CloudProviderAccessAuthorization("auth_role",
project_id=project.id,
role_id=setup_only.role_id,
aws={
"iam_assumed_role_arn": atlas_role["arn"],
})
# Set up log integration with authorized IAM role
example_log_integration = mongodbatlas.LogIntegration("example",
project_id=project.id,
bucket_name=log_bucket["bucket"],
iam_role_id=auth_role.role_id,
prefix_path="atlas-logs",
type="S3_LOG_EXPORT",
log_types=["MONGOD_AUDIT"])
example = mongodbatlas.get_log_integration_output(project_id=example_log_integration.project_id,
integration_id=example_log_integration.integration_id)
example_get_log_integrations = mongodbatlas.get_log_integrations_output(project_id=example_log_integration.project_id)
pulumi.export("logIntegrationBucketName", example.bucket_name)
pulumi.export("logIntegrationsResults", example_get_log_integrations.results)
package main
import (
"github.com/pulumi/pulumi-mongodbatlas/sdk/v4/go/mongodbatlas"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
project, err := mongodbatlas.NewProject(ctx, "project", &mongodbatlas.ProjectArgs{
Name: pulumi.Any(atlasProjectName),
OrgId: pulumi.Any(atlasOrgId),
})
if err != nil {
return err
}
// Set up cloud provider access in Atlas using the created IAM role
setupOnly, err := mongodbatlas.NewCloudProviderAccessSetup(ctx, "setup_only", &mongodbatlas.CloudProviderAccessSetupArgs{
ProjectId: project.ID(),
ProviderName: pulumi.String("AWS"),
})
if err != nil {
return err
}
authRole, err := mongodbatlas.NewCloudProviderAccessAuthorization(ctx, "auth_role", &mongodbatlas.CloudProviderAccessAuthorizationArgs{
ProjectId: project.ID(),
RoleId: setupOnly.RoleId,
Aws: &mongodbatlas.CloudProviderAccessAuthorizationAwsArgs{
IamAssumedRoleArn: pulumi.Any(atlasRole.Arn),
},
})
if err != nil {
return err
}
// Set up log integration with authorized IAM role
exampleLogIntegration, err := mongodbatlas.NewLogIntegration(ctx, "example", &mongodbatlas.LogIntegrationArgs{
ProjectId: project.ID(),
BucketName: pulumi.Any(logBucket.Bucket),
IamRoleId: authRole.RoleId,
PrefixPath: pulumi.String("atlas-logs"),
Type: pulumi.String("S3_LOG_EXPORT"),
LogTypes: pulumi.StringArray{
pulumi.String("MONGOD_AUDIT"),
},
})
if err != nil {
return err
}
example := mongodbatlas.LookupLogIntegrationOutput(ctx, mongodbatlas.GetLogIntegrationOutputArgs{
ProjectId: exampleLogIntegration.ProjectId,
IntegrationId: exampleLogIntegration.IntegrationId,
}, nil)
exampleGetLogIntegrations := mongodbatlas.LookupLogIntegrationsOutput(ctx, mongodbatlas.GetLogIntegrationsOutputArgs{
ProjectId: exampleLogIntegration.ProjectId,
}, nil)
ctx.Export("logIntegrationBucketName", example.ApplyT(func(example mongodbatlas.GetLogIntegrationResult) (*string, error) {
return &example.BucketName, nil
}).(pulumi.StringPtrOutput))
ctx.Export("logIntegrationsResults", exampleGetLogIntegrations.ApplyT(func(exampleGetLogIntegrations mongodbatlas.GetLogIntegrationsResult) ([]mongodbatlas.GetLogIntegrationsResult, error) {
return []mongodbatlas.GetLogIntegrationsResult(exampleGetLogIntegrations.Results), nil
}).([]mongodbatlas.GetLogIntegrationsResultOutput))
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Mongodbatlas = Pulumi.Mongodbatlas;
return await Deployment.RunAsync(() =>
{
var project = new Mongodbatlas.Project("project", new()
{
Name = atlasProjectName,
OrgId = atlasOrgId,
});
// Set up cloud provider access in Atlas using the created IAM role
var setupOnly = new Mongodbatlas.CloudProviderAccessSetup("setup_only", new()
{
ProjectId = project.Id,
ProviderName = "AWS",
});
var authRole = new Mongodbatlas.CloudProviderAccessAuthorization("auth_role", new()
{
ProjectId = project.Id,
RoleId = setupOnly.RoleId,
Aws = new Mongodbatlas.Inputs.CloudProviderAccessAuthorizationAwsArgs
{
IamAssumedRoleArn = atlasRole.Arn,
},
});
// Set up log integration with authorized IAM role
var exampleLogIntegration = new Mongodbatlas.LogIntegration("example", new()
{
ProjectId = project.Id,
BucketName = logBucket.Bucket,
IamRoleId = authRole.RoleId,
PrefixPath = "atlas-logs",
Type = "S3_LOG_EXPORT",
LogTypes = new[]
{
"MONGOD_AUDIT",
},
});
var example = Mongodbatlas.GetLogIntegration.Invoke(new()
{
ProjectId = exampleLogIntegration.ProjectId,
IntegrationId = exampleLogIntegration.IntegrationId,
});
var exampleGetLogIntegrations = Mongodbatlas.GetLogIntegrations.Invoke(new()
{
ProjectId = exampleLogIntegration.ProjectId,
});
return new Dictionary<string, object?>
{
["logIntegrationBucketName"] = example.Apply(getLogIntegrationResult => getLogIntegrationResult.BucketName),
["logIntegrationsResults"] = exampleGetLogIntegrations.Apply(getLogIntegrationsResult => getLogIntegrationsResult.Results),
};
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.mongodbatlas.Project;
import com.pulumi.mongodbatlas.ProjectArgs;
import com.pulumi.mongodbatlas.CloudProviderAccessSetup;
import com.pulumi.mongodbatlas.CloudProviderAccessSetupArgs;
import com.pulumi.mongodbatlas.CloudProviderAccessAuthorization;
import com.pulumi.mongodbatlas.CloudProviderAccessAuthorizationArgs;
import com.pulumi.mongodbatlas.inputs.CloudProviderAccessAuthorizationAwsArgs;
import com.pulumi.mongodbatlas.LogIntegration;
import com.pulumi.mongodbatlas.LogIntegrationArgs;
import com.pulumi.mongodbatlas.MongodbatlasFunctions;
import com.pulumi.mongodbatlas.inputs.GetLogIntegrationArgs;
import com.pulumi.mongodbatlas.inputs.GetLogIntegrationsArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var project = new Project("project", ProjectArgs.builder()
.name(atlasProjectName)
.orgId(atlasOrgId)
.build());
// Set up cloud provider access in Atlas using the created IAM role
var setupOnly = new CloudProviderAccessSetup("setupOnly", CloudProviderAccessSetupArgs.builder()
.projectId(project.id())
.providerName("AWS")
.build());
var authRole = new CloudProviderAccessAuthorization("authRole", CloudProviderAccessAuthorizationArgs.builder()
.projectId(project.id())
.roleId(setupOnly.roleId())
.aws(CloudProviderAccessAuthorizationAwsArgs.builder()
.iamAssumedRoleArn(atlasRole.arn())
.build())
.build());
// Set up log integration with authorized IAM role
var exampleLogIntegration = new LogIntegration("exampleLogIntegration", LogIntegrationArgs.builder()
.projectId(project.id())
.bucketName(logBucket.bucket())
.iamRoleId(authRole.roleId())
.prefixPath("atlas-logs")
.type("S3_LOG_EXPORT")
.logTypes("MONGOD_AUDIT")
.build());
final var example = MongodbatlasFunctions.getLogIntegration(GetLogIntegrationArgs.builder()
.projectId(exampleLogIntegration.projectId())
.integrationId(exampleLogIntegration.integrationId())
.build());
final var exampleGetLogIntegrations = MongodbatlasFunctions.getLogIntegrations(GetLogIntegrationsArgs.builder()
.projectId(exampleLogIntegration.projectId())
.build());
ctx.export("logIntegrationBucketName", example.applyValue(_example -> _example.bucketName()));
ctx.export("logIntegrationsResults", exampleGetLogIntegrations.applyValue(_exampleGetLogIntegrations -> _exampleGetLogIntegrations.results()));
}
}
resources:
project:
type: mongodbatlas:Project
properties:
name: ${atlasProjectName}
orgId: ${atlasOrgId}
# Set up cloud provider access in Atlas using the created IAM role
setupOnly:
type: mongodbatlas:CloudProviderAccessSetup
name: setup_only
properties:
projectId: ${project.id}
providerName: AWS
authRole:
type: mongodbatlas:CloudProviderAccessAuthorization
name: auth_role
properties:
projectId: ${project.id}
roleId: ${setupOnly.roleId}
aws:
iamAssumedRoleArn: ${atlasRole.arn}
# Set up log integration with authorized IAM role
exampleLogIntegration:
type: mongodbatlas:LogIntegration
name: example
properties:
projectId: ${project.id}
bucketName: ${logBucket.bucket}
iamRoleId: ${authRole.roleId}
prefixPath: atlas-logs
type: S3_LOG_EXPORT
logTypes:
- MONGOD_AUDIT
variables:
example:
fn::invoke:
function: mongodbatlas:getLogIntegration
arguments:
projectId: ${exampleLogIntegration.projectId}
integrationId: ${exampleLogIntegration.integrationId}
exampleGetLogIntegrations:
fn::invoke:
function: mongodbatlas:getLogIntegrations
arguments:
projectId: ${exampleLogIntegration.projectId}
outputs:
logIntegrationBucketName: ${example.bucketName}
logIntegrationsResults: ${exampleGetLogIntegrations.results}
Using getLogIntegration
Two invocation forms are available. The direct form accepts plain arguments and either blocks until the result value is available, or returns a Promise-wrapped result. The output form accepts Input-wrapped arguments and returns an Output-wrapped result.
function getLogIntegration(args: GetLogIntegrationArgs, opts?: InvokeOptions): Promise<GetLogIntegrationResult>
function getLogIntegrationOutput(args: GetLogIntegrationOutputArgs, opts?: InvokeOptions): Output<GetLogIntegrationResult>def get_log_integration(integration_id: Optional[str] = None,
project_id: Optional[str] = None,
opts: Optional[InvokeOptions] = None) -> GetLogIntegrationResult
def get_log_integration_output(integration_id: Optional[pulumi.Input[str]] = None,
project_id: Optional[pulumi.Input[str]] = None,
opts: Optional[InvokeOptions] = None) -> Output[GetLogIntegrationResult]func LookupLogIntegration(ctx *Context, args *LookupLogIntegrationArgs, opts ...InvokeOption) (*LookupLogIntegrationResult, error)
func LookupLogIntegrationOutput(ctx *Context, args *LookupLogIntegrationOutputArgs, opts ...InvokeOption) LookupLogIntegrationResultOutput> Note: This function is named LookupLogIntegration in the Go SDK.
public static class GetLogIntegration
{
public static Task<GetLogIntegrationResult> InvokeAsync(GetLogIntegrationArgs args, InvokeOptions? opts = null)
public static Output<GetLogIntegrationResult> Invoke(GetLogIntegrationInvokeArgs args, InvokeOptions? opts = null)
}public static CompletableFuture<GetLogIntegrationResult> getLogIntegration(GetLogIntegrationArgs args, InvokeOptions options)
public static Output<GetLogIntegrationResult> getLogIntegration(GetLogIntegrationArgs args, InvokeOptions options)
fn::invoke:
function: mongodbatlas:index/getLogIntegration:getLogIntegration
arguments:
# arguments dictionaryThe following arguments are supported:
- Integration
Id string - Unique identifier of the log integration configuration.
- Project
Id string - Unique 24-hexadecimal digit string that identifies your project.
- Integration
Id string - Unique identifier of the log integration configuration.
- Project
Id string - Unique 24-hexadecimal digit string that identifies your project.
- integration
Id String - Unique identifier of the log integration configuration.
- project
Id String - Unique 24-hexadecimal digit string that identifies your project.
- integration
Id string - Unique identifier of the log integration configuration.
- project
Id string - Unique 24-hexadecimal digit string that identifies your project.
- integration_
id str - Unique identifier of the log integration configuration.
- project_
id str - Unique 24-hexadecimal digit string that identifies your project.
- integration
Id String - Unique identifier of the log integration configuration.
- project
Id String - Unique 24-hexadecimal digit string that identifies your project.
getLogIntegration Result
The following output properties are available:
- Bucket
Name string - Human-readable label that identifies the S3 bucket name for storing log files.
- Iam
Role stringId - Unique 24-hexadecimal digit string that identifies the AWS IAM role that MongoDB Cloud uses to access your S3 bucket.
- Id string
- The provider-assigned unique ID for this managed resource.
- Integration
Id string - Unique identifier of the log integration configuration.
- Kms
Key string - AWS KMS key ID or ARN for server-side encryption (optional). If not provided, uses bucket default encryption settings.
- Log
Types List<string> - Array of log types to export to S3. Valid values: MONGOD, MONGOS, MONGODAUDIT, MONGOSAUDIT.
- Prefix
Path string - S3 directory path prefix where the log files will be stored. MongoDB Cloud will add further sub-directories based on the log type.
- Project
Id string - Unique 24-hexadecimal digit string that identifies your project.
- Type string
- Human-readable label that identifies the service to which you want to integrate with MongoDB Cloud. The value must match the log integration type.
- Bucket
Name string - Human-readable label that identifies the S3 bucket name for storing log files.
- Iam
Role stringId - Unique 24-hexadecimal digit string that identifies the AWS IAM role that MongoDB Cloud uses to access your S3 bucket.
- Id string
- The provider-assigned unique ID for this managed resource.
- Integration
Id string - Unique identifier of the log integration configuration.
- Kms
Key string - AWS KMS key ID or ARN for server-side encryption (optional). If not provided, uses bucket default encryption settings.
- Log
Types []string - Array of log types to export to S3. Valid values: MONGOD, MONGOS, MONGODAUDIT, MONGOSAUDIT.
- Prefix
Path string - S3 directory path prefix where the log files will be stored. MongoDB Cloud will add further sub-directories based on the log type.
- Project
Id string - Unique 24-hexadecimal digit string that identifies your project.
- Type string
- Human-readable label that identifies the service to which you want to integrate with MongoDB Cloud. The value must match the log integration type.
- bucket
Name String - Human-readable label that identifies the S3 bucket name for storing log files.
- iam
Role StringId - Unique 24-hexadecimal digit string that identifies the AWS IAM role that MongoDB Cloud uses to access your S3 bucket.
- id String
- The provider-assigned unique ID for this managed resource.
- integration
Id String - Unique identifier of the log integration configuration.
- kms
Key String - AWS KMS key ID or ARN for server-side encryption (optional). If not provided, uses bucket default encryption settings.
- log
Types List<String> - Array of log types to export to S3. Valid values: MONGOD, MONGOS, MONGODAUDIT, MONGOSAUDIT.
- prefix
Path String - S3 directory path prefix where the log files will be stored. MongoDB Cloud will add further sub-directories based on the log type.
- project
Id String - Unique 24-hexadecimal digit string that identifies your project.
- type String
- Human-readable label that identifies the service to which you want to integrate with MongoDB Cloud. The value must match the log integration type.
- bucket
Name string - Human-readable label that identifies the S3 bucket name for storing log files.
- iam
Role stringId - Unique 24-hexadecimal digit string that identifies the AWS IAM role that MongoDB Cloud uses to access your S3 bucket.
- id string
- The provider-assigned unique ID for this managed resource.
- integration
Id string - Unique identifier of the log integration configuration.
- kms
Key string - AWS KMS key ID or ARN for server-side encryption (optional). If not provided, uses bucket default encryption settings.
- log
Types string[] - Array of log types to export to S3. Valid values: MONGOD, MONGOS, MONGODAUDIT, MONGOSAUDIT.
- prefix
Path string - S3 directory path prefix where the log files will be stored. MongoDB Cloud will add further sub-directories based on the log type.
- project
Id string - Unique 24-hexadecimal digit string that identifies your project.
- type string
- Human-readable label that identifies the service to which you want to integrate with MongoDB Cloud. The value must match the log integration type.
- bucket_
name str - Human-readable label that identifies the S3 bucket name for storing log files.
- iam_
role_ strid - Unique 24-hexadecimal digit string that identifies the AWS IAM role that MongoDB Cloud uses to access your S3 bucket.
- id str
- The provider-assigned unique ID for this managed resource.
- integration_
id str - Unique identifier of the log integration configuration.
- kms_
key str - AWS KMS key ID or ARN for server-side encryption (optional). If not provided, uses bucket default encryption settings.
- log_
types Sequence[str] - Array of log types to export to S3. Valid values: MONGOD, MONGOS, MONGODAUDIT, MONGOSAUDIT.
- prefix_
path str - S3 directory path prefix where the log files will be stored. MongoDB Cloud will add further sub-directories based on the log type.
- project_
id str - Unique 24-hexadecimal digit string that identifies your project.
- type str
- Human-readable label that identifies the service to which you want to integrate with MongoDB Cloud. The value must match the log integration type.
- bucket
Name String - Human-readable label that identifies the S3 bucket name for storing log files.
- iam
Role StringId - Unique 24-hexadecimal digit string that identifies the AWS IAM role that MongoDB Cloud uses to access your S3 bucket.
- id String
- The provider-assigned unique ID for this managed resource.
- integration
Id String - Unique identifier of the log integration configuration.
- kms
Key String - AWS KMS key ID or ARN for server-side encryption (optional). If not provided, uses bucket default encryption settings.
- log
Types List<String> - Array of log types to export to S3. Valid values: MONGOD, MONGOS, MONGODAUDIT, MONGOSAUDIT.
- prefix
Path String - S3 directory path prefix where the log files will be stored. MongoDB Cloud will add further sub-directories based on the log type.
- project
Id String - Unique 24-hexadecimal digit string that identifies your project.
- type String
- Human-readable label that identifies the service to which you want to integrate with MongoDB Cloud. The value must match the log integration type.
Package Details
- Repository
- MongoDB Atlas pulumi/pulumi-mongodbatlas
- License
- Apache-2.0
- Notes
- This Pulumi package is based on the
mongodbatlasTerraform Provider.
MongoDB Atlas v4.3.0 published on Thursday, Feb 5, 2026 by Pulumi
