Yandex Identity and Access Management release notes
Written by
Updated at March 19, 2025
Labels next to update description indicate the interface supporting the update: management console, CLI, API, or Terraform.
Q4 2024
- Added sending the
CreateIamToken
data event when creating an IAM token. - Expanded the scope of limited lifetime API keys to work with Yandex Managed Service for YDB in compatibility mode with PostgreSQL, Yandex Cloud Postbox, and Yandex Serverless Containers.
Management console
CLI
Terraform
API
- You can now see the service account's last authentication date and time. You can get the information in the
last_authenticated_at
field using theyc iam user-account get
Yandex Cloud CLI command.CLI
Q3 2024
- Added Workload Identity Federations that allow you to grant access to external applications without using long-lived access keys.
Management console
CLI
Terraform
API
- You can now create API keys with limited scope and validity period.
Management console
CLI
Terraform
API
- Added the ResolveAgent REST API method.
API
- Added the ability to revoke an IAM token using Yandex Cloud CLI.
CLI
- Added
All users in organization X
andAll users in federation N
system groups. - Added the Terraform data source used to get the service agent ID.
Terraform
Q2 2024
- Added the last used date info for service account access keys. You can find this info on the service account page in the management console
or in thelast_used_at
field when using the API to invoke access key management methods.Management console
API
Q1 2024
- Added the Security Token Service component to get temporary access keys compatible with AWS S3 API. This feature is at the Preview stage.
CLI
API
- Added OAuth client authentication support by authenticating a service account token.
- Added the option of using masked token ID for Audit Trails logs.
- Improved the key rotation mechanism in OpenID Connect
.