Access
By default, all operations in Instance Groups are performed on behalf of a service account.
Service accounts are special accounts that can be used by services and applications to work with other Yandex Cloud APIs on your behalf. For more information about service accounts and access management in Yandex Cloud, see the Yandex Identity and Access Management documentation.
Instance Groups use authorized keys of the service account to authorize in the APIs and perform operations on resources within the roles granted to this service account. For example, Instance Groups can use a service account to create, update, and delete VM instances.
An instance group may only have one service account created in the same folder as the group.
To enable a service account to create, modify, run, restart, stop, or delete VM instances in a group, you need to assign this service account the compute.editor role for the folder where you want to place your instance group.
If you want to integrate an instance group with a Yandex Network Load Balancer, you also need to assign the load-balancer.editor role to the service account.
To integrate an instance group with an L7 load balancer from Yandex Application Load Balancer, assign the alb.editor role to the service account.
For more information, see Integrating an instance group with Network Load Balancer or Application Load Balancer.
Note