Skip to content

Commit 1292d7d

Browse files
alexsergeyevalexsergeyev
authored
Add examples creating user with aws_iam_type (#426)
1 parent b84a663 commit 1292d7d

File tree

1 file changed

+25
-1
lines changed

1 file changed

+25
-1
lines changed

website/docs/r/database_user.html.markdown

Lines changed: 25 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -77,6 +77,30 @@ resource "mongodbatlas_database_user" "test" {
7777
}
7878
```
7979

80+
```hcl
81+
resource "mongodbatlas_database_user" "test" {
82+
username = aws_iam_role.test.arn
83+
project_id = "<PROJECT-ID>"
84+
auth_database_name = "$external"
85+
aws_iam_type = "ROLE"
86+
87+
roles {
88+
role_name = "readAnyDatabase"
89+
database_name = "admin"
90+
}
91+
92+
labels {
93+
key = "%s"
94+
value = "%s"
95+
}
96+
97+
scopes {
98+
name = "My cluster name"
99+
type = "CLUSTER"
100+
}
101+
}
102+
```
103+
80104
## Argument Reference
81105

82106
* `auth_database_name` - (Required) Database against which Atlas authenticates the user. A user must provide both a username and authentication database to log into MongoDB.
@@ -85,7 +109,7 @@ Accepted values include:
85109
* `$external` if `x509_type` is MANAGED or CUSTOMER or `aws_iam_type` is USER or ROLE.
86110
* `project_id` - (Required) The unique ID for the project to create the database user.
87111
* `roles` - (Required) List of user’s roles and the databases / collections on which the roles apply. A role allows the user to perform particular actions on the specified database. A role on the admin database can include privileges that apply to the other databases as well. See [Roles](#roles) below for more details.
88-
* `username` - (Required) Username for authenticating to MongoDB.
112+
* `username` - (Required) Username for authenticating to MongoDB. USER_ARN or ROLE_ARN if `aws_iam_type` is USER or ROLE.
89113
* `password` - (Required) User's initial password. A value is required to create the database user, however the argument but may be removed from your Terraform configuration after user creation without impacting the user, password or Terraform management. IMPORTANT --- Passwords may show up in Terraform related logs and it will be stored in the Terraform state file as plain-text. Password can be changed after creation using your preferred method, e.g. via the MongoDB Atlas UI, to ensure security. If you do change management of the password to outside of Terraform be sure to remove the argument from the Terraform configuration so it is not inadvertently updated to the original password.
90114

91115
* `x509_type` - (Optional) X.509 method by which the provided username is authenticated. If no value is given, Atlas uses the default value of NONE. The accepted types are:

0 commit comments

Comments
 (0)