Yandex Identity and Access Management release notes

Labels next to update description indicate the interface supporting the update: management console, CLI, API, or Terraform.

Q4 2024Q4 2024

• Added sending the CreateIamToken data event when creating an IAM token.
• Expanded the scope of limited lifetime API keys to work with Yandex Managed Service for YDB in compatibility mode with PostgreSQL, Yandex Cloud Postbox, and Yandex Serverless Containers. Management console CLI Terraform API
• You can now see the service account's last authentication date and time. You can get the information in the last_authenticated_at field using the yc iam user-account get Yandex Cloud CLI command. CLI

Q3 2024Q3 2024

• Added Workload Identity Federations that allow you to grant access to external applications without using long-lived access keys. Management console CLI Terraform API
• You can now create API keys with limited scope and validity period. Management console CLI Terraform API
• Added the ResolveAgent REST API method. API
• Added the ability to revoke an IAM token using Yandex Cloud CLI. CLI
• Added All users in organization X and All users in federation N system groups.
• Added the Terraform data source used to get the service agent ID. Terraform

Q2 2024Q2 2024

• Added the last used date info for service account access keys. You can find this info on the service account page in the management console or in the last_used_at field when using the API to invoke access key management methods. Management console API

Q1 2024Q1 2024

• Added the Security Token Service component to get temporary access keys compatible with AWS S3 API. This feature is at the Preview stage. CLI API
• Added OAuth client authentication support by authenticating a service account token.
• Added the option of using masked token ID for Audit Trails logs.
• Improved the key rotation mechanism in OpenID Connect.