Viewing docs for MongoDB Atlas v4.5.0
published on Thursday, Mar 12, 2026 by Pulumi
published on Thursday, Mar 12, 2026 by Pulumi
Viewing docs for MongoDB Atlas v4.5.0
published on Thursday, Mar 12, 2026 by Pulumi
published on Thursday, Mar 12, 2026 by Pulumi
mongodbatlas.ServiceAccountProjectAssignment describes a Service Account assigned to a Project.
IMPORTANT WARNING: Managing Service Accounts with Terraform exposes sensitive organizational secrets in Terraform’s state. We suggest following Terraform’s best practices.
Example Usage
S
import * as pulumi from "@pulumi/pulumi";
import * as mongodbatlas from "@pulumi/mongodbatlas";
const thisServiceAccount = new mongodbatlas.ServiceAccount("this", {
orgId: orgId,
name: "example-service-account",
description: "Example Service Account",
roles: ["ORG_MEMBER"],
secretExpiresAfterHours: 2160,
});
const thisServiceAccountProjectAssignment = new mongodbatlas.ServiceAccountProjectAssignment("this", {
projectId: projectId,
clientId: thisServiceAccount.clientId,
roles: ["GROUP_READ_ONLY"],
});
const _this = mongodbatlas.getServiceAccountProjectAssignmentOutput({
projectId: thisServiceAccountProjectAssignment.projectId,
clientId: thisServiceAccountProjectAssignment.clientId,
});
const thisGetServiceAccountProjectAssignments = thisServiceAccount.clientId.apply(clientId => mongodbatlas.getServiceAccountProjectAssignmentsOutput({
orgId: orgId,
clientId: clientId,
}));
export const serviceAccountProjectRoles = _this.apply(_this => _this.roles);
export const serviceAccountAssignedProjects = thisGetServiceAccountProjectAssignments.apply(thisGetServiceAccountProjectAssignments => thisGetServiceAccountProjectAssignments.results);
import pulumi
import pulumi_mongodbatlas as mongodbatlas
this_service_account = mongodbatlas.ServiceAccount("this",
org_id=org_id,
name="example-service-account",
description="Example Service Account",
roles=["ORG_MEMBER"],
secret_expires_after_hours=2160)
this_service_account_project_assignment = mongodbatlas.ServiceAccountProjectAssignment("this",
project_id=project_id,
client_id=this_service_account.client_id,
roles=["GROUP_READ_ONLY"])
this = mongodbatlas.get_service_account_project_assignment_output(project_id=this_service_account_project_assignment.project_id,
client_id=this_service_account_project_assignment.client_id)
this_get_service_account_project_assignments = this_service_account.client_id.apply(lambda client_id: mongodbatlas.get_service_account_project_assignments_output(org_id=org_id,
client_id=client_id))
pulumi.export("serviceAccountProjectRoles", this.roles)
pulumi.export("serviceAccountAssignedProjects", this_get_service_account_project_assignments.results)
package main
import (
"github.com/pulumi/pulumi-mongodbatlas/sdk/v4/go/mongodbatlas"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
thisServiceAccount, err := mongodbatlas.NewServiceAccount(ctx, "this", &mongodbatlas.ServiceAccountArgs{
OrgId: pulumi.Any(orgId),
Name: pulumi.String("example-service-account"),
Description: pulumi.String("Example Service Account"),
Roles: pulumi.StringArray{
pulumi.String("ORG_MEMBER"),
},
SecretExpiresAfterHours: pulumi.Int(2160),
})
if err != nil {
return err
}
thisServiceAccountProjectAssignment, err := mongodbatlas.NewServiceAccountProjectAssignment(ctx, "this", &mongodbatlas.ServiceAccountProjectAssignmentArgs{
ProjectId: pulumi.Any(projectId),
ClientId: thisServiceAccount.ClientId,
Roles: pulumi.StringArray{
pulumi.String("GROUP_READ_ONLY"),
},
})
if err != nil {
return err
}
this := mongodbatlas.LookupServiceAccountProjectAssignmentOutput(ctx, mongodbatlas.GetServiceAccountProjectAssignmentOutputArgs{
ProjectId: thisServiceAccountProjectAssignment.ProjectId,
ClientId: thisServiceAccountProjectAssignment.ClientId,
}, nil);
thisGetServiceAccountProjectAssignments := thisServiceAccount.ClientId.ApplyT(func(clientId string) (mongodbatlas.GetServiceAccountProjectAssignmentsResult, error) {
return mongodbatlas.GetServiceAccountProjectAssignmentsResult(interface{}(mongodbatlas.LookupServiceAccountProjectAssignments(ctx, &mongodbatlas.LookupServiceAccountProjectAssignmentsArgs{
OrgId: orgId,
ClientId: clientId,
}, nil))), nil
}).(mongodbatlas.GetServiceAccountProjectAssignmentsResultOutput)
ctx.Export("serviceAccountProjectRoles", this.ApplyT(func(this mongodbatlas.GetServiceAccountProjectAssignmentResult) (interface{}, error) {
return this.Roles, nil
}).(pulumi.Interface{}Output))
ctx.Export("serviceAccountAssignedProjects", thisGetServiceAccountProjectAssignments.ApplyT(func(thisGetServiceAccountProjectAssignments mongodbatlas.GetServiceAccountProjectAssignmentsResult) ([]mongodbatlas.GetServiceAccountProjectAssignmentsResult, error) {
return []mongodbatlas.GetServiceAccountProjectAssignmentsResult(thisGetServiceAccountProjectAssignments.Results), nil
}).([]mongodbatlas.GetServiceAccountProjectAssignmentsResultOutput))
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Mongodbatlas = Pulumi.Mongodbatlas;
return await Deployment.RunAsync(() =>
{
var thisServiceAccount = new Mongodbatlas.ServiceAccount("this", new()
{
OrgId = orgId,
Name = "example-service-account",
Description = "Example Service Account",
Roles = new[]
{
"ORG_MEMBER",
},
SecretExpiresAfterHours = 2160,
});
var thisServiceAccountProjectAssignment = new Mongodbatlas.ServiceAccountProjectAssignment("this", new()
{
ProjectId = projectId,
ClientId = thisServiceAccount.ClientId,
Roles = new[]
{
"GROUP_READ_ONLY",
},
});
var @this = Mongodbatlas.GetServiceAccountProjectAssignment.Invoke(new()
{
ProjectId = thisServiceAccountProjectAssignment.ProjectId,
ClientId = thisServiceAccountProjectAssignment.ClientId,
});
var thisGetServiceAccountProjectAssignments = Mongodbatlas.GetServiceAccountProjectAssignments.Invoke(new()
{
OrgId = orgId,
ClientId = thisServiceAccount.ClientId,
});
return new Dictionary<string, object?>
{
["serviceAccountProjectRoles"] = @this.Apply(@this => @this.Apply(getServiceAccountProjectAssignmentResult => getServiceAccountProjectAssignmentResult.Roles)),
["serviceAccountAssignedProjects"] = thisGetServiceAccountProjectAssignments.Apply(getServiceAccountProjectAssignmentsResult => getServiceAccountProjectAssignmentsResult.Results),
};
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.mongodbatlas.ServiceAccount;
import com.pulumi.mongodbatlas.ServiceAccountArgs;
import com.pulumi.mongodbatlas.ServiceAccountProjectAssignment;
import com.pulumi.mongodbatlas.ServiceAccountProjectAssignmentArgs;
import com.pulumi.mongodbatlas.MongodbatlasFunctions;
import com.pulumi.mongodbatlas.inputs.GetServiceAccountProjectAssignmentArgs;
import com.pulumi.mongodbatlas.inputs.GetServiceAccountProjectAssignmentsArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var thisServiceAccount = new ServiceAccount("thisServiceAccount", ServiceAccountArgs.builder()
.orgId(orgId)
.name("example-service-account")
.description("Example Service Account")
.roles("ORG_MEMBER")
.secretExpiresAfterHours(2160)
.build());
var thisServiceAccountProjectAssignment = new ServiceAccountProjectAssignment("thisServiceAccountProjectAssignment", ServiceAccountProjectAssignmentArgs.builder()
.projectId(projectId)
.clientId(thisServiceAccount.clientId())
.roles("GROUP_READ_ONLY")
.build());
final var this = MongodbatlasFunctions.getServiceAccountProjectAssignment(GetServiceAccountProjectAssignmentArgs.builder()
.projectId(thisServiceAccountProjectAssignment.projectId())
.clientId(thisServiceAccountProjectAssignment.clientId())
.build());
final var thisGetServiceAccountProjectAssignments = thisServiceAccount.clientId().applyValue(_clientId -> MongodbatlasFunctions.getServiceAccountProjectAssignments(GetServiceAccountProjectAssignmentsArgs.builder()
.orgId(orgId)
.clientId(_clientId)
.build()));
ctx.export("serviceAccountProjectRoles", this_.applyValue(_this_ -> _this_.roles()));
ctx.export("serviceAccountAssignedProjects", thisGetServiceAccountProjectAssignments.applyValue(_thisGetServiceAccountProjectAssignments -> _thisGetServiceAccountProjectAssignments.results()));
}
}
resources:
thisServiceAccount:
type: mongodbatlas:ServiceAccount
name: this
properties:
orgId: ${orgId}
name: example-service-account
description: Example Service Account
roles:
- ORG_MEMBER
secretExpiresAfterHours: 2160 # 90 days
thisServiceAccountProjectAssignment:
type: mongodbatlas:ServiceAccountProjectAssignment
name: this
properties:
projectId: ${projectId}
clientId: ${thisServiceAccount.clientId}
roles:
- GROUP_READ_ONLY
variables:
this:
fn::invoke:
function: mongodbatlas:getServiceAccountProjectAssignment
arguments:
projectId: ${thisServiceAccountProjectAssignment.projectId}
clientId: ${thisServiceAccountProjectAssignment.clientId}
thisGetServiceAccountProjectAssignments:
fn::invoke:
function: mongodbatlas:getServiceAccountProjectAssignments
arguments:
orgId: ${orgId}
clientId: ${thisServiceAccount.clientId}
outputs:
serviceAccountProjectRoles: ${this.roles}
serviceAccountAssignedProjects: ${thisGetServiceAccountProjectAssignments.results}
Using getServiceAccountProjectAssignment
Two invocation forms are available. The direct form accepts plain arguments and either blocks until the result value is available, or returns a Promise-wrapped result. The output form accepts Input-wrapped arguments and returns an Output-wrapped result.
function getServiceAccountProjectAssignment(args: GetServiceAccountProjectAssignmentArgs, opts?: InvokeOptions): Promise<GetServiceAccountProjectAssignmentResult>
function getServiceAccountProjectAssignmentOutput(args: GetServiceAccountProjectAssignmentOutputArgs, opts?: InvokeOptions): Output<GetServiceAccountProjectAssignmentResult>def get_service_account_project_assignment(client_id: Optional[str] = None,
project_id: Optional[str] = None,
opts: Optional[InvokeOptions] = None) -> GetServiceAccountProjectAssignmentResult
def get_service_account_project_assignment_output(client_id: Optional[pulumi.Input[str]] = None,
project_id: Optional[pulumi.Input[str]] = None,
opts: Optional[InvokeOptions] = None) -> Output[GetServiceAccountProjectAssignmentResult]func LookupServiceAccountProjectAssignment(ctx *Context, args *LookupServiceAccountProjectAssignmentArgs, opts ...InvokeOption) (*LookupServiceAccountProjectAssignmentResult, error)
func LookupServiceAccountProjectAssignmentOutput(ctx *Context, args *LookupServiceAccountProjectAssignmentOutputArgs, opts ...InvokeOption) LookupServiceAccountProjectAssignmentResultOutput> Note: This function is named LookupServiceAccountProjectAssignment in the Go SDK.
public static class GetServiceAccountProjectAssignment
{
public static Task<GetServiceAccountProjectAssignmentResult> InvokeAsync(GetServiceAccountProjectAssignmentArgs args, InvokeOptions? opts = null)
public static Output<GetServiceAccountProjectAssignmentResult> Invoke(GetServiceAccountProjectAssignmentInvokeArgs args, InvokeOptions? opts = null)
}public static CompletableFuture<GetServiceAccountProjectAssignmentResult> getServiceAccountProjectAssignment(GetServiceAccountProjectAssignmentArgs args, InvokeOptions options)
public static Output<GetServiceAccountProjectAssignmentResult> getServiceAccountProjectAssignment(GetServiceAccountProjectAssignmentArgs args, InvokeOptions options)
fn::invoke:
function: mongodbatlas:index/getServiceAccountProjectAssignment:getServiceAccountProjectAssignment
arguments:
# arguments dictionaryThe following arguments are supported:
- client_
id str - The Client ID of the Service Account.
- project_
id str - Unique 24-hexadecimal digit string that identifies your project.
getServiceAccountProjectAssignment Result
The following output properties are available:
- client_
id str - The Client ID of the Service Account.
- id str
- The provider-assigned unique ID for this managed resource.
- project_
id str - Unique 24-hexadecimal digit string that identifies your project.
- roles Sequence[str]
- A list of Project roles associated with the Service Account.
Package Details
- Repository
- MongoDB Atlas pulumi/pulumi-mongodbatlas
- License
- Apache-2.0
- Notes
- This Pulumi package is based on the
mongodbatlasTerraform Provider.
Viewing docs for MongoDB Atlas v4.5.0
published on Thursday, Mar 12, 2026 by Pulumi
published on Thursday, Mar 12, 2026 by Pulumi
