Making a container public
Written by
Updated at February 12, 2025
If you want any user to be able to invoke a container without providing the authorization header, make it public.
Management console
CLI
API
- In the management console
, select the folder with your container. - Select Serverless Containers.
- Select the container you want to make public.
- On the Overview tab, enable Public container.
To make a container public, run this command:
yc serverless container allow-unauthenticated-invoke <container_name>
Result:
done (1s)
To make a container public, use the setAccessBindings REST API method for the Container resource or the ContainerService/SetAccessBindings gRPC API call.
Request example
To use the example, install cURL
-
Prepare a file named
body.json
with the following request body:{ "accessBindings": [ { "roleId": "serverless-containers.containerInvoker", "subject": { "id": "allUsers", "type": "system" } } ] }
Where:
roleId
: Role to assign. Theserverless-containers.containerInvoker
role allows you to invoke a container.id
: Subject getting the role.allUsers
: Any user. No authentication is required.type
: Type of the subject getting the role.system
: Public group.
-
Run the request stating the IAM token, path to the
body.json
file, and container ID:curl \ --request POST \ --header "Authorization: Bearer <IAM_token>" \ --data "@<body.json_file_path>" \ https://serverless-containers.api.cloud.yandex.net/containers/v1/containers/<container_ID>:setAccessBindings
Result:
{ "done": false, "metadata": { "@type": "type.googleapis.com/yandex.cloud.access.SetAccessBindingsMetadata", "resourceId": "bba8dkc667bj********" }, "id": "bbaoi3jn8plq********", "description": "operationSetAccessBindings", "createdAt": "2023-12-22T10:30:58.348672821Z", "createdBy": "aje07l4q4vmo********", "modifiedAt": "2023-12-22T10:30:58.348672821Z" }
-
Make sure the role is assigned. To do this, run the request stating the IAM token and container ID:
curl \ --request GET \ --header "Authorization: Bearer <IAM_token>" \ https://serverless-containers.api.cloud.yandex.net/containers/v1/containers/<container_ID>:listAccessBindings
Result:
{ "accessBindings": [ { "subject": { "id": "allUsers", "type": "system" }, "roleId": "serverless.containers.invoker" } ] }