CfnCloudBackupSnapshotExportBucket requires iamRoleId, but it is unclear how to create this id / its creation does not seem to be supported in CDK.

[rory-wilson]

Is your feature request related to a problem? Please describe. Looking at the documentation for creating a snapshot extract bucket (https://github.com/mongodb/awscdk-resources-mongodbatlas/tree/ef4c0a5d15e15cac3a4f96d524aaf98e4a6966fa/src/l1-resources/cloud-backup-snapshot-export-bucket) this construct requires an iamRoleId of 24 characters. Using the Admin API, this can be created using the cloudProviderAccess endpoint (https://www.mongodb.com/docs/atlas/reference/api-resources-spec/v2/#tag/Cloud-Provider-Access/operation/createCloudProviderAccessRole) - this is then granted permission with a local IAM role with access to the bucket.

This operation does not appear to exist with the CDK at present, and so creation of a snapshot export bucket is not possible.

Describe the solution you'd like Either update the documentation with a practical example showing how it is possible with the current CDK implementation, or add the cloudProviderAccess endpoint support into the CDK.

Describe alternatives you've considered A mixed approach, using the CDK tools for project creation, and the API for cloud provider access, but with no success.

[github-actions[bot]]

Thanks for opening this issue! Please make sure to provide the following information to help us reproduce the issue:

• CDK code used by the customer
• The output of cdk synth
• List of Public CFN Resources that are activated in the AWS account with their release version
• AWS Region where the CFN stack is running

Thanks for opening this issue. The ticket CLOUDP-247452 was created for internal tracking.

[marcosuma]

Thanks @rory-wilson for opening this issue with us. You are right, we don't have cloud-provider-access in CDK, but most importantly we don't have it in our CFN resources. Right now as you have already figured out, you can use the Atlas Admin API to create that or even better our Atlas CLI.

I know it's not an ideal experience, so I am going to bring this in for prioritization with the team and see what we can do.

FYI I'll track this with an internal issue, sorry I won't be able to show updates on that side. Let me know how else I can help.

[marcosuma]

@rory-wilson in the meantime this is a good place where to leave this as a feature request

[github-actions[bot]]

This issue has gone 30 days without any activity and meets the project’s definition of "stale". This will be auto-closed if there is no new activity over the next 30 days. If the issue is still relevant and active, you can simply comment with a "bump" to keep it open, or add the label "not_stale". Thanks for keeping our repository healthy!