Yandex Cloud
Search
Contact UsGet started
  • Blog
  • Pricing
  • Documentation
  • All Services
  • System Status
    • Featured
    • Infrastructure & Network
    • Data Platform
    • Containers
    • Developer tools
    • Serverless
    • Security
    • Monitoring & Resources
    • ML & AI
    • Business tools
  • All Solutions
    • By industry
    • By use case
    • Economics and Pricing
    • Security
    • Technical Support
    • Customer Stories
    • Gateway to Russia
    • Cloud for Startups
    • Education and Science
  • Blog
  • Pricing
  • Documentation
Yandex project
© 2025 Yandex.Cloud LLC
Yandex Identity and Access Management
    • All guides
    • Handling secrets that are available in the public domain
        • Getting an IAM token for a Yandex account
        • Getting an IAM token for a service account
        • Getting an IAM token for a federated account
        • Revoking an IAM token
      • Managing static access keys
      • Managing API keys
      • Managing authorized keys
      • Creating a temporary access key using Security Token Service
  • Secure use of Yandex Cloud
  • Access management
  • Pricing policy
  • Role reference
  • Terraform reference
  • Monitoring metrics
  • Audit Trails events
  • Release notes

In this article:

  • Examples
  • Using an IAM token obtained via the CLI
  1. Step-by-step guides
  2. Authentication
  3. IAM tokens
  4. Getting an IAM token for a federated account

Getting an IAM token for a federated account

Written by
Yandex Cloud
Updated at March 28, 2025
  • Examples
    • Using an IAM token obtained via the CLI

Note

The IAM token lifetime cannot exceed 12 hours and is limited by the cookie lifetime for the federation.

CLI

If you do not have the Yandex Cloud CLI yet, install and initialize it.

  1. Authenticate with the CLI as a federated user.

  2. Get an IAM token:

    yc iam create-token
    

Specify the received IAM token when accessing Yandex Cloud resources via the API. Provide the IAM token in the Authorization header in the following format:

Authorization: Bearer <IAM_token>

ExamplesExamples

Using an IAM token obtained via the CLIUsing an IAM token obtained via the CLI

Sending a request to get a list of clouds using an IAM token:

Bash
PowerShell
  1. Get an IAM token and write it to the variable:

    export IAM_TOKEN=`yc iam create-token`
    
  2. Send a request to get a list of clouds:

    curl \
      --request GET \
      --header "Authorization: Bearer ${IAM_TOKEN}" \
      https://resource-manager.api.cloud.yandex.net/resource-manager/v1/clouds
    
  3. Result:

    {
    "clouds": [
      {
      "id": "b1gia87mbaom********",
      "createdAt": "2019-08-19T06:15:54Z",
      "name": "my-cloud-1",
      "organizationId": "my-organization"
      },
      {
      "id": "b1gue7m154kt********",
      "createdAt": "2022-08-29T13:27:03Z",
      "name": "my-cloud-2",
      "organizationId": "my-organization"
      }
    ]
    }
    
  1. Get an IAM token and write it to the variable:

    $IAM_TOKEN=yc iam create-token
    
  2. Send a request to get a list of clouds:

    curl.exe ` 
      --request GET ` 
      --header "Authorization: Bearer $IAM_TOKEN" ` 
      https://resource-manager.api.cloud.yandex.net/resource-manager/v1/clouds 
    
  3. Result:

    {
    "clouds": [
      {
      "id": "b1gia87mbaom********",
      "createdAt": "2019-08-19T06:15:54Z",
      "name": "my-cloud-1",
      "organizationId": "my-organization"
      },
      {
      "id": "b1gue7m154kt********",
      "createdAt": "2022-08-29T13:27:03Z",
      "name": "my-cloud-2",
      "organizationId": "my-organization"
      }
    ]
    }
    

See alsoSee also

  • Revoking an IAM token

Was the article helpful?

Previous
Getting an IAM token for a service account
Next
Revoking an IAM token
Yandex project
© 2025 Yandex.Cloud LLC