Contact UsGet started

Making a container public

Written by
Updated at February 12, 2025

If you want any user to be able to invoke a container without providing the authorization header, make it public.

  1. In the management console, select the folder with your container.
  2. Select Serverless Containers.
  3. Select the container you want to make public.
  4. On the Overview tab, enable Public container.

To make a container public, run this command:

yc serverless container allow-unauthenticated-invoke <container_name>

Result:

done (1s)

To make a container public, use the setAccessBindings REST API method for the Container resource or the ContainerService/SetAccessBindings gRPC API call.

Request example

To use the example, install cURL and authenticate in the API.

  1. Prepare a file named body.json with the following request body:

    {
  "accessBindings": [
    {
      "roleId": "serverless-containers.containerInvoker",
      "subject": {
        "id": "allUsers",
        "type": "system"
      }
    }
  ]
}

    Where:

    • roleId: Role to assign. The serverless-containers.containerInvoker role allows you to invoke a container.
    • id: Subject getting the role. allUsers: Any user. No authentication is required.
    • type: Type of the subject getting the role. system: Public group.

  2. Run the request stating the IAM token, path to the body.json file, and container ID:

    curl \
    --request POST \
    --header "Authorization: Bearer <IAM_token>" \
    --data "@<body.json_file_path>" \
    https://serverless-containers.api.cloud.yandex.net/containers/v1/containers/<container_ID>:setAccessBindings

    Result:

    {
 "done": false,
 "metadata": {
  "@type": "type.googleapis.com/yandex.cloud.access.SetAccessBindingsMetadata",
  "resourceId": "bba8dkc667bj********"
 },
 "id": "bbaoi3jn8plq********",
 "description": "operationSetAccessBindings",
 "createdAt": "2023-12-22T10:30:58.348672821Z",
 "createdBy": "aje07l4q4vmo********",
 "modifiedAt": "2023-12-22T10:30:58.348672821Z"
}

  3. Make sure the role is assigned. To do this, run the request stating the IAM token and container ID:

    curl \
    --request GET \
    --header "Authorization: Bearer <IAM_token>" \
    https://serverless-containers.api.cloud.yandex.net/containers/v1/containers/<container_ID>:listAccessBindings

    Result:

    {
 "accessBindings": [
  {
   "subject": {
    "id": "allUsers",
    "type": "system"
   },
   "roleId": "serverless.containers.invoker"
  }
 ]
}
Previous
Configuring metadata service parameters
Next
Making a container private