Cloud Account

Learn how to use the DNAnexus Platform API to create a new cloud account.

API Method Specifications

API method: /cloudaccount/new

A license is required to perform this operation. Contact DNAnexus Sales for more information.


The API will asynchronously create a cloud account entity on the DNAnexus Platform with the following user inputs: a handle, a name, a credential for the cloud account, and a combination of a billTo org and a DNAnexus defined region. Upon success, the requesting user will become the one and only adminUser of the cloud account, and DNAnexus will be able to perform DNAnexus platform functionality with the resource in customer cloud account. The account handle and name will be visible to all the members of the enabled billTo org.


  • handle string A unique handle for the cloud (i.e., the chosen handle must not already be in use by any other cloud accounts). A cloud account handle:
    • must start with an alphanumeric character
    • must be at least 3 characters long and less than 19 characters
    • may only contain alphanumeric characters (only lowercase) and periods
    • periods must be followed by an alphanumeric character and cannot end in a period
    • cannot begin with dnanexus prefix
    The lowercase of handle will be appended to "cloudaccount-" to form the ID of this org.
  • name string A descriptive name for the cloud account, with max 256 characters in length.
  • credential string a string that is credential to access the customer's cloud account, e.g. a cross-account role id for aws, see (how to create a cross-account role id for cloud account)
  • billToRegion mapping A mapping of an billable org and a DNAnexus enabled region that is permitted for the billable orgs, e.g. {org: org-yyyy, region: aws:us-east-1},
    • org org-id e.g. org-xxxx,
    • region string a string of a region, valid region names includes aws:us-east-1, aws:eu-centrol-1, aws:ap-southeast-2, azure:westus, azure:westeurope.
  • dryrun boolean (optional, default false).


  • dryrun is false
    • id string ID of the newly created cloud account ("cloudaccount-" + handle)
    • state string "Pending"
  • dryrun is true
    • region string input region.
    • commands array [aws/azure api calls and request bodies]
      Example: dryrun output for cloudaccount-0000000000000000001 in region aws:us-east-1:
      region: "aws:us-east-1",
      commands: [
      "CreateBucket": [
      {"Bucket": "dx-cloudaccount-0000000000000000001-us-east-1-live"},
      {"Bucket": "dx-cloudaccount-0000000000000000001-us-east-1-upload"},
      {"Bucket": "dx-cloudaccount-0000000000000000001-us-east-1-database"},
      {"Bucket": "dx-cloudaccount-0000000000000000001-us-east-1-archive"}


  • InvalidInput
    • The handle does not match the requirements.
    • The name cannot be longer than 256 characters
    • Failed to assume cross account role, please verify credential
    • The org of billToRegion is not found.
    • The region of billToRegion is not one of the permitted regions for the org of billToRegion.
  • InvalidState
    • The handle of the cloud account case-insensitively matches that of an existing cloud account
  • PermissionDenied
    • The requested user is NOT the org admin for the org of billToRegion.
    • The org of billToRegion does not have the license for cloud account.