Viewing docs for MongoDB Atlas v4.5.0
published on Thursday, Mar 12, 2026 by Pulumi
published on Thursday, Mar 12, 2026 by Pulumi
Viewing docs for MongoDB Atlas v4.5.0
published on Thursday, Mar 12, 2026 by Pulumi
published on Thursday, Mar 12, 2026 by Pulumi
mongodbatlas.ServiceAccountAccessListEntry returns an Access List entry for the specified Service Account.
IMPORTANT: When you remove an entry from the access list, existing connections from the removed address(es) may remain open for a variable amount of time. How much time passes before Atlas closes the connection depends on several factors, including how the connection was established, the particular behavior of the application or driver using the address, and the connection protocol (e.g., TCP or UDP). This is particularly important to consider when changing an existing IP address or CIDR block as they cannot be updated via the Provider, hence a change will force the destruction and recreation of entries.
IMPORTANT WARNING: Managing Service Accounts with Terraform exposes sensitive organizational secrets in Terraform’s state. We suggest following Terraform’s best practices.
Example Usage
S
import * as pulumi from "@pulumi/pulumi";
import * as mongodbatlas from "@pulumi/mongodbatlas";
const thisServiceAccount = new mongodbatlas.ServiceAccount("this", {
orgId: orgId,
name: "example-service-account",
description: "Example Service Account",
roles: ["ORG_READ_ONLY"],
secretExpiresAfterHours: 2160,
});
// Add IP Access List Entry to Service Account using CIDR Block
const cidr = new mongodbatlas.ServiceAccountAccessListEntry("cidr", {
orgId: orgId,
clientId: thisServiceAccount.clientId,
cidrBlock: "1.2.3.4/32",
});
// Add IP Access List Entry to Service Account using IP Address
const ip = new mongodbatlas.ServiceAccountAccessListEntry("ip", {
orgId: orgId,
clientId: thisServiceAccount.clientId,
ipAddress: "2.3.4.5",
});
// Data source to read a single Access List entry for the Service Account
const _this = mongodbatlas.getServiceAccountAccessListEntryOutput({
orgId: cidr.orgId,
clientId: cidr.clientId,
cidrBlock: cidr.cidrBlock,
});
export const accessListEntryCidrBlock = _this.apply(_this => _this.cidrBlock);
// Data source to read all Access List entries for the Service Account
const thisGetServiceAccountAccessListEntries = mongodbatlas.getServiceAccountAccessListEntriesOutput({
orgId: thisServiceAccount.orgId,
clientId: thisServiceAccount.clientId,
});
export const allAccessListEntries = thisGetServiceAccountAccessListEntries.apply(thisGetServiceAccountAccessListEntries => thisGetServiceAccountAccessListEntries.results);
import pulumi
import pulumi_mongodbatlas as mongodbatlas
this_service_account = mongodbatlas.ServiceAccount("this",
org_id=org_id,
name="example-service-account",
description="Example Service Account",
roles=["ORG_READ_ONLY"],
secret_expires_after_hours=2160)
# Add IP Access List Entry to Service Account using CIDR Block
cidr = mongodbatlas.ServiceAccountAccessListEntry("cidr",
org_id=org_id,
client_id=this_service_account.client_id,
cidr_block="1.2.3.4/32")
# Add IP Access List Entry to Service Account using IP Address
ip = mongodbatlas.ServiceAccountAccessListEntry("ip",
org_id=org_id,
client_id=this_service_account.client_id,
ip_address="2.3.4.5")
# Data source to read a single Access List entry for the Service Account
this = mongodbatlas.get_service_account_access_list_entry_output(org_id=cidr.org_id,
client_id=cidr.client_id,
cidr_block=cidr.cidr_block)
pulumi.export("accessListEntryCidrBlock", this.cidr_block)
# Data source to read all Access List entries for the Service Account
this_get_service_account_access_list_entries = mongodbatlas.get_service_account_access_list_entries_output(org_id=this_service_account.org_id,
client_id=this_service_account.client_id)
pulumi.export("allAccessListEntries", this_get_service_account_access_list_entries.results)
package main
import (
"github.com/pulumi/pulumi-mongodbatlas/sdk/v4/go/mongodbatlas"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
thisServiceAccount, err := mongodbatlas.NewServiceAccount(ctx, "this", &mongodbatlas.ServiceAccountArgs{
OrgId: pulumi.Any(orgId),
Name: pulumi.String("example-service-account"),
Description: pulumi.String("Example Service Account"),
Roles: pulumi.StringArray{
pulumi.String("ORG_READ_ONLY"),
},
SecretExpiresAfterHours: pulumi.Int(2160),
})
if err != nil {
return err
}
// Add IP Access List Entry to Service Account using CIDR Block
cidr, err := mongodbatlas.NewServiceAccountAccessListEntry(ctx, "cidr", &mongodbatlas.ServiceAccountAccessListEntryArgs{
OrgId: pulumi.Any(orgId),
ClientId: thisServiceAccount.ClientId,
CidrBlock: pulumi.String("1.2.3.4/32"),
})
if err != nil {
return err
}
// Add IP Access List Entry to Service Account using IP Address
_, err = mongodbatlas.NewServiceAccountAccessListEntry(ctx, "ip", &mongodbatlas.ServiceAccountAccessListEntryArgs{
OrgId: pulumi.Any(orgId),
ClientId: thisServiceAccount.ClientId,
IpAddress: pulumi.String("2.3.4.5"),
})
if err != nil {
return err
}
// Data source to read a single Access List entry for the Service Account
this := mongodbatlas.LookupServiceAccountAccessListEntryOutput(ctx, mongodbatlas.GetServiceAccountAccessListEntryOutputArgs{
OrgId: cidr.OrgId,
ClientId: cidr.ClientId,
CidrBlock: cidr.CidrBlock,
}, nil)
ctx.Export("accessListEntryCidrBlock", this.ApplyT(func(this mongodbatlas.GetServiceAccountAccessListEntryResult) (*string, error) {
return &this.CidrBlock, nil
}).(pulumi.StringPtrOutput))
// Data source to read all Access List entries for the Service Account
thisGetServiceAccountAccessListEntries := mongodbatlas.LookupServiceAccountAccessListEntriesOutput(ctx, mongodbatlas.GetServiceAccountAccessListEntriesOutputArgs{
OrgId: thisServiceAccount.OrgId,
ClientId: thisServiceAccount.ClientId,
}, nil)
ctx.Export("allAccessListEntries", thisGetServiceAccountAccessListEntries.ApplyT(func(thisGetServiceAccountAccessListEntries mongodbatlas.GetServiceAccountAccessListEntriesResult) ([]mongodbatlas.GetServiceAccountAccessListEntriesResult, error) {
return []mongodbatlas.GetServiceAccountAccessListEntriesResult(thisGetServiceAccountAccessListEntries.Results), nil
}).([]mongodbatlas.GetServiceAccountAccessListEntriesResultOutput))
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Mongodbatlas = Pulumi.Mongodbatlas;
return await Deployment.RunAsync(() =>
{
var thisServiceAccount = new Mongodbatlas.ServiceAccount("this", new()
{
OrgId = orgId,
Name = "example-service-account",
Description = "Example Service Account",
Roles = new[]
{
"ORG_READ_ONLY",
},
SecretExpiresAfterHours = 2160,
});
// Add IP Access List Entry to Service Account using CIDR Block
var cidr = new Mongodbatlas.ServiceAccountAccessListEntry("cidr", new()
{
OrgId = orgId,
ClientId = thisServiceAccount.ClientId,
CidrBlock = "1.2.3.4/32",
});
// Add IP Access List Entry to Service Account using IP Address
var ip = new Mongodbatlas.ServiceAccountAccessListEntry("ip", new()
{
OrgId = orgId,
ClientId = thisServiceAccount.ClientId,
IpAddress = "2.3.4.5",
});
// Data source to read a single Access List entry for the Service Account
var @this = Mongodbatlas.GetServiceAccountAccessListEntry.Invoke(new()
{
OrgId = cidr.OrgId,
ClientId = cidr.ClientId,
CidrBlock = cidr.CidrBlock,
});
// Data source to read all Access List entries for the Service Account
var thisGetServiceAccountAccessListEntries = Mongodbatlas.GetServiceAccountAccessListEntries.Invoke(new()
{
OrgId = thisServiceAccount.OrgId,
ClientId = thisServiceAccount.ClientId,
});
return new Dictionary<string, object?>
{
["accessListEntryCidrBlock"] = @this.Apply(@this => @this.Apply(getServiceAccountAccessListEntryResult => getServiceAccountAccessListEntryResult.CidrBlock)),
["allAccessListEntries"] = thisGetServiceAccountAccessListEntries.Apply(getServiceAccountAccessListEntriesResult => getServiceAccountAccessListEntriesResult.Results),
};
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.mongodbatlas.ServiceAccount;
import com.pulumi.mongodbatlas.ServiceAccountArgs;
import com.pulumi.mongodbatlas.ServiceAccountAccessListEntry;
import com.pulumi.mongodbatlas.ServiceAccountAccessListEntryArgs;
import com.pulumi.mongodbatlas.MongodbatlasFunctions;
import com.pulumi.mongodbatlas.inputs.GetServiceAccountAccessListEntryArgs;
import com.pulumi.mongodbatlas.inputs.GetServiceAccountAccessListEntriesArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var thisServiceAccount = new ServiceAccount("thisServiceAccount", ServiceAccountArgs.builder()
.orgId(orgId)
.name("example-service-account")
.description("Example Service Account")
.roles("ORG_READ_ONLY")
.secretExpiresAfterHours(2160)
.build());
// Add IP Access List Entry to Service Account using CIDR Block
var cidr = new ServiceAccountAccessListEntry("cidr", ServiceAccountAccessListEntryArgs.builder()
.orgId(orgId)
.clientId(thisServiceAccount.clientId())
.cidrBlock("1.2.3.4/32")
.build());
// Add IP Access List Entry to Service Account using IP Address
var ip = new ServiceAccountAccessListEntry("ip", ServiceAccountAccessListEntryArgs.builder()
.orgId(orgId)
.clientId(thisServiceAccount.clientId())
.ipAddress("2.3.4.5")
.build());
// Data source to read a single Access List entry for the Service Account
final var this = MongodbatlasFunctions.getServiceAccountAccessListEntry(GetServiceAccountAccessListEntryArgs.builder()
.orgId(cidr.orgId())
.clientId(cidr.clientId())
.cidrBlock(cidr.cidrBlock())
.build());
ctx.export("accessListEntryCidrBlock", this_.applyValue(_this_ -> _this_.cidrBlock()));
// Data source to read all Access List entries for the Service Account
final var thisGetServiceAccountAccessListEntries = MongodbatlasFunctions.getServiceAccountAccessListEntries(GetServiceAccountAccessListEntriesArgs.builder()
.orgId(thisServiceAccount.orgId())
.clientId(thisServiceAccount.clientId())
.build());
ctx.export("allAccessListEntries", thisGetServiceAccountAccessListEntries.applyValue(_thisGetServiceAccountAccessListEntries -> _thisGetServiceAccountAccessListEntries.results()));
}
}
resources:
thisServiceAccount:
type: mongodbatlas:ServiceAccount
name: this
properties:
orgId: ${orgId}
name: example-service-account
description: Example Service Account
roles:
- ORG_READ_ONLY
secretExpiresAfterHours: 2160 # 90 days
# Add IP Access List Entry to Service Account using CIDR Block
cidr:
type: mongodbatlas:ServiceAccountAccessListEntry
properties:
orgId: ${orgId}
clientId: ${thisServiceAccount.clientId}
cidrBlock: 1.2.3.4/32
# Add IP Access List Entry to Service Account using IP Address
ip:
type: mongodbatlas:ServiceAccountAccessListEntry
properties:
orgId: ${orgId}
clientId: ${thisServiceAccount.clientId}
ipAddress: 2.3.4.5
variables:
# Data source to read a single Access List entry for the Service Account
this:
fn::invoke:
function: mongodbatlas:getServiceAccountAccessListEntry
arguments:
orgId: ${cidr.orgId}
clientId: ${cidr.clientId}
cidrBlock: ${cidr.cidrBlock}
# Data source to read all Access List entries for the Service Account
thisGetServiceAccountAccessListEntries:
fn::invoke:
function: mongodbatlas:getServiceAccountAccessListEntries
arguments:
orgId: ${thisServiceAccount.orgId}
clientId: ${thisServiceAccount.clientId}
outputs:
accessListEntryCidrBlock: ${this.cidrBlock}
allAccessListEntries: ${thisGetServiceAccountAccessListEntries.results}
Using getServiceAccountAccessListEntry
Two invocation forms are available. The direct form accepts plain arguments and either blocks until the result value is available, or returns a Promise-wrapped result. The output form accepts Input-wrapped arguments and returns an Output-wrapped result.
function getServiceAccountAccessListEntry(args: GetServiceAccountAccessListEntryArgs, opts?: InvokeOptions): Promise<GetServiceAccountAccessListEntryResult>
function getServiceAccountAccessListEntryOutput(args: GetServiceAccountAccessListEntryOutputArgs, opts?: InvokeOptions): Output<GetServiceAccountAccessListEntryResult>def get_service_account_access_list_entry(cidr_block: Optional[str] = None,
client_id: Optional[str] = None,
ip_address: Optional[str] = None,
org_id: Optional[str] = None,
opts: Optional[InvokeOptions] = None) -> GetServiceAccountAccessListEntryResult
def get_service_account_access_list_entry_output(cidr_block: Optional[pulumi.Input[str]] = None,
client_id: Optional[pulumi.Input[str]] = None,
ip_address: Optional[pulumi.Input[str]] = None,
org_id: Optional[pulumi.Input[str]] = None,
opts: Optional[InvokeOptions] = None) -> Output[GetServiceAccountAccessListEntryResult]func LookupServiceAccountAccessListEntry(ctx *Context, args *LookupServiceAccountAccessListEntryArgs, opts ...InvokeOption) (*LookupServiceAccountAccessListEntryResult, error)
func LookupServiceAccountAccessListEntryOutput(ctx *Context, args *LookupServiceAccountAccessListEntryOutputArgs, opts ...InvokeOption) LookupServiceAccountAccessListEntryResultOutput> Note: This function is named LookupServiceAccountAccessListEntry in the Go SDK.
public static class GetServiceAccountAccessListEntry
{
public static Task<GetServiceAccountAccessListEntryResult> InvokeAsync(GetServiceAccountAccessListEntryArgs args, InvokeOptions? opts = null)
public static Output<GetServiceAccountAccessListEntryResult> Invoke(GetServiceAccountAccessListEntryInvokeArgs args, InvokeOptions? opts = null)
}public static CompletableFuture<GetServiceAccountAccessListEntryResult> getServiceAccountAccessListEntry(GetServiceAccountAccessListEntryArgs args, InvokeOptions options)
public static Output<GetServiceAccountAccessListEntryResult> getServiceAccountAccessListEntry(GetServiceAccountAccessListEntryArgs args, InvokeOptions options)
fn::invoke:
function: mongodbatlas:index/getServiceAccountAccessListEntry:getServiceAccountAccessListEntry
arguments:
# arguments dictionaryThe following arguments are supported:
- Client
Id string - The Client ID of the Service Account.
- Org
Id string - Unique 24-hexadecimal digit string that identifies the organization that contains your projects.
- Cidr
Block string - Range of IP addresses in CIDR notation to be added to the access list. You can set a value for this parameter or ip_address, but not for both.
- Ip
Address string - IP address to be added to the access list. You can set a value for this parameter or cidr_block, but not for both.
- Client
Id string - The Client ID of the Service Account.
- Org
Id string - Unique 24-hexadecimal digit string that identifies the organization that contains your projects.
- Cidr
Block string - Range of IP addresses in CIDR notation to be added to the access list. You can set a value for this parameter or ip_address, but not for both.
- Ip
Address string - IP address to be added to the access list. You can set a value for this parameter or cidr_block, but not for both.
- client
Id String - The Client ID of the Service Account.
- org
Id String - Unique 24-hexadecimal digit string that identifies the organization that contains your projects.
- cidr
Block String - Range of IP addresses in CIDR notation to be added to the access list. You can set a value for this parameter or ip_address, but not for both.
- ip
Address String - IP address to be added to the access list. You can set a value for this parameter or cidr_block, but not for both.
- client
Id string - The Client ID of the Service Account.
- org
Id string - Unique 24-hexadecimal digit string that identifies the organization that contains your projects.
- cidr
Block string - Range of IP addresses in CIDR notation to be added to the access list. You can set a value for this parameter or ip_address, but not for both.
- ip
Address string - IP address to be added to the access list. You can set a value for this parameter or cidr_block, but not for both.
- client_
id str - The Client ID of the Service Account.
- org_
id str - Unique 24-hexadecimal digit string that identifies the organization that contains your projects.
- cidr_
block str - Range of IP addresses in CIDR notation to be added to the access list. You can set a value for this parameter or ip_address, but not for both.
- ip_
address str - IP address to be added to the access list. You can set a value for this parameter or cidr_block, but not for both.
- client
Id String - The Client ID of the Service Account.
- org
Id String - Unique 24-hexadecimal digit string that identifies the organization that contains your projects.
- cidr
Block String - Range of IP addresses in CIDR notation to be added to the access list. You can set a value for this parameter or ip_address, but not for both.
- ip
Address String - IP address to be added to the access list. You can set a value for this parameter or cidr_block, but not for both.
getServiceAccountAccessListEntry Result
The following output properties are available:
- Cidr
Block string - Range of IP addresses in CIDR notation to be added to the access list. You can set a value for this parameter or ip_address, but not for both.
- Client
Id string - The Client ID of the Service Account.
- Created
At string - Date the entry was added to the access list. This attribute expresses its value in the ISO 8601 timestamp format in UTC.
- Id string
- The provider-assigned unique ID for this managed resource.
- Ip
Address string - IP address to be added to the access list. You can set a value for this parameter or cidr_block, but not for both.
- Last
Used stringAddress - Network address that issued the most recent request to the API.
- Last
Used stringAt - Date when the API received the most recent request that originated from this network address.
- Org
Id string - Unique 24-hexadecimal digit string that identifies the organization that contains your projects.
- Request
Count int - The number of requests that has originated from this network address.
- Cidr
Block string - Range of IP addresses in CIDR notation to be added to the access list. You can set a value for this parameter or ip_address, but not for both.
- Client
Id string - The Client ID of the Service Account.
- Created
At string - Date the entry was added to the access list. This attribute expresses its value in the ISO 8601 timestamp format in UTC.
- Id string
- The provider-assigned unique ID for this managed resource.
- Ip
Address string - IP address to be added to the access list. You can set a value for this parameter or cidr_block, but not for both.
- Last
Used stringAddress - Network address that issued the most recent request to the API.
- Last
Used stringAt - Date when the API received the most recent request that originated from this network address.
- Org
Id string - Unique 24-hexadecimal digit string that identifies the organization that contains your projects.
- Request
Count int - The number of requests that has originated from this network address.
- cidr
Block String - Range of IP addresses in CIDR notation to be added to the access list. You can set a value for this parameter or ip_address, but not for both.
- client
Id String - The Client ID of the Service Account.
- created
At String - Date the entry was added to the access list. This attribute expresses its value in the ISO 8601 timestamp format in UTC.
- id String
- The provider-assigned unique ID for this managed resource.
- ip
Address String - IP address to be added to the access list. You can set a value for this parameter or cidr_block, but not for both.
- last
Used StringAddress - Network address that issued the most recent request to the API.
- last
Used StringAt - Date when the API received the most recent request that originated from this network address.
- org
Id String - Unique 24-hexadecimal digit string that identifies the organization that contains your projects.
- request
Count Integer - The number of requests that has originated from this network address.
- cidr
Block string - Range of IP addresses in CIDR notation to be added to the access list. You can set a value for this parameter or ip_address, but not for both.
- client
Id string - The Client ID of the Service Account.
- created
At string - Date the entry was added to the access list. This attribute expresses its value in the ISO 8601 timestamp format in UTC.
- id string
- The provider-assigned unique ID for this managed resource.
- ip
Address string - IP address to be added to the access list. You can set a value for this parameter or cidr_block, but not for both.
- last
Used stringAddress - Network address that issued the most recent request to the API.
- last
Used stringAt - Date when the API received the most recent request that originated from this network address.
- org
Id string - Unique 24-hexadecimal digit string that identifies the organization that contains your projects.
- request
Count number - The number of requests that has originated from this network address.
- cidr_
block str - Range of IP addresses in CIDR notation to be added to the access list. You can set a value for this parameter or ip_address, but not for both.
- client_
id str - The Client ID of the Service Account.
- created_
at str - Date the entry was added to the access list. This attribute expresses its value in the ISO 8601 timestamp format in UTC.
- id str
- The provider-assigned unique ID for this managed resource.
- ip_
address str - IP address to be added to the access list. You can set a value for this parameter or cidr_block, but not for both.
- last_
used_ straddress - Network address that issued the most recent request to the API.
- last_
used_ strat - Date when the API received the most recent request that originated from this network address.
- org_
id str - Unique 24-hexadecimal digit string that identifies the organization that contains your projects.
- request_
count int - The number of requests that has originated from this network address.
- cidr
Block String - Range of IP addresses in CIDR notation to be added to the access list. You can set a value for this parameter or ip_address, but not for both.
- client
Id String - The Client ID of the Service Account.
- created
At String - Date the entry was added to the access list. This attribute expresses its value in the ISO 8601 timestamp format in UTC.
- id String
- The provider-assigned unique ID for this managed resource.
- ip
Address String - IP address to be added to the access list. You can set a value for this parameter or cidr_block, but not for both.
- last
Used StringAddress - Network address that issued the most recent request to the API.
- last
Used StringAt - Date when the API received the most recent request that originated from this network address.
- org
Id String - Unique 24-hexadecimal digit string that identifies the organization that contains your projects.
- request
Count Number - The number of requests that has originated from this network address.
Package Details
- Repository
- MongoDB Atlas pulumi/pulumi-mongodbatlas
- License
- Apache-2.0
- Notes
- This Pulumi package is based on the
mongodbatlasTerraform Provider.
Viewing docs for MongoDB Atlas v4.5.0
published on Thursday, Mar 12, 2026 by Pulumi
published on Thursday, Mar 12, 2026 by Pulumi
