Life ConnectLife Connect
Wiki index
Architecture
Services
Concepts
Runbooks
Infra
Swagger Docs
GitHub
Wiki index
Architecture
Services
Concepts
Runbooks
Infra
Swagger Docs
GitHub
  • Infrastructure

    • Infrastructure
    • Pulumi project — infra/
    • Current AWS + MongoDB Atlas state
    • MongoDB Atlas — Realm CLI setup
Last updated 2026-05-03

MongoDB Atlas — installing atlas CLI and realm-cli

AI-generated content

This document was generated by an AI assistant. Verify accuracy before relying on the details.

Source of truth: infra/MONGODB_REALM_CLI_SETUP.md on GitHub.

The producer side of the EventBridge fanout (Atlas Triggers + App Services / Realm) is managed via two separate CLIs. Keeping the install + auth steps written down so anyone (including future agents) can reproduce a producer-side audit.

What you'll install

  • atlas CLI — official MongoDB Atlas CLI. Lists clusters, databases, search indexes, network access lists, project users.
  • realm-cli — separate App Services CLI. Pulls Atlas Triggers and Realm functions definitions.

Quick steps (macOS)

brew tap mongodb/brew
brew install mongodb-atlas-cli         # provides `atlas`
npm install -g mongodb-realm-cli       # provides `realm-cli` (no longer in brew)

Then create an Organization Read-Only API key in the Atlas UI and add your IP to the API Key Access List (separate from the Project IP Access List — pitfall noted in the source doc).

Set in your shell or ~/.zshrc.local:

export MONGODB_ATLAS_PUBLIC_API_KEY=...
export MONGODB_ATLAS_PRIVATE_API_KEY=...
export MONGODB_ATLAS_ORG_ID=...
export MONGODB_ATLAS_PROJECT_ID=...

Login realm-cli once:

realm-cli login --api-key "$MONGODB_ATLAS_PUBLIC_API_KEY" \
  --private-api-key "$MONGODB_ATLAS_PRIVATE_API_KEY"

Reading the producer-side state

atlas projects list
atlas clusters list
atlas clusters describe adb-prod
atlas accessLists list
atlas dbusers list
realm-cli apps list
realm-cli pull --remote <app-id> --local /tmp/realm

The interesting file is triggers/<name>.json — its config field tells you the (database, collection, operation_types) and event_processors.AWS_EVENTBRIDGE.config tells you which AWS account/region the trigger publishes to.

The full step-by-step (token scopes, IP allowlist gotcha, what to do at each 403, cleanup) is in the source document.

Edit this page
Last Updated:
Contributors: Yevhenii Khudolii
Prev
Current AWS + MongoDB Atlas state