yc iam
Written by
Updated at August 29, 2024
Manage Yandex Identity and Access Manager resources
Command Usage
Syntax:
yc iam <group|command>
Command Tree
- yc iam create-token — Create IAM token and print to STDOUT
- yc iam revoke-token — Revoke IAM token
- yc iam role — Manage roles
- yc iam role get — Show information about the specified role
- yc iam role list — List roles
- yc iam service-account — Manage service accounts
- yc iam service-account get — Show information about the specified service account
- yc iam service-account list — List service accounts
- yc iam service-account create — Create a service account
- yc iam service-account update — Update the specified service account
- yc iam service-account add-labels — Add labels to specified service account
- yc iam service-account remove-labels — Remove labels from specified service account
- yc iam service-account delete — Delete the specified service account
- yc iam service-account list-access-bindings — List access bindings for ACCESSING the specified service account. To determine if a service account has an access to a resource, use list-access-bindings command for the corresponding resource
- yc iam service-account set-access-bindings — Set access bindings for ACCESSING the specified service account and DELETE all existing access bindings for all accounts if there were any. To configure service account access to a resource use set-access-bindings command for the corresponding resource
- yc iam service-account add-access-binding — Add access binding to ACCESS the specified service account as a resource. To configure service account access to a resource use add-access-binding command for the corresponding resource
- yc iam service-account remove-access-binding — Remove access binding for ACCESSING the specified service account as a resource. To configure service account access to a resource use remove-access-binding command for the corresponding resource
- yc iam service-account list-operations — List operations for the specified service account
- yc iam key — Manage IAM keys
- yc iam key get — Show information about the specified IAM key
- yc iam key list — List IAM keys for authenticated account or the specified service account
- yc iam key create — Create an IAM key for for authenticated account or the specified service account
- yc iam key delete — Delete the specified IAM key
- yc iam access-key — Manage service account access keys
- yc iam access-key get — Show information about the specified access key
- yc iam access-key list — List access keys for the specified service account
- yc iam access-key create — Create an access key for the specified service account
- yc iam access-key delete — Delete the specified access key
- yc iam api-key — Manage service account API keys
- yc iam api-key get — Show information about the specified API key
- yc iam api-key list — List API keys for the specified service account
- yc iam api-key list-scopes — List of scopes
- yc iam api-key create — Create an API key for the specified service account
- yc iam api-key delete — Delete the specified API key
- yc iam user-account — Manage user accounts
- yc iam user-account get — Show information about the specified user account
- yc iam service-control — Manage service access to cloud
- yc iam service-control get — Show information about state of specified service
- yc iam service-control list — List service states
- yc iam service-control enable — Enable service access to cloud
- yc iam service-control disable — Disable service access to cloud
- yc iam workload-identity — Manage workload identity
Global Flags
Flag | Description |
---|---|
--profile |
string Set the custom configuration file. |
--debug |
Debug logging. |
--debug-grpc |
Debug gRPC logging. Very verbose, used for debugging connection problems. |
--no-user-output |
Disable printing user intended output to stderr. |
--retry |
int Enable gRPC retries. By default, retries are enabled with maximum 5 attempts. Pass 0 to disable retries. Pass any negative value for infinite retries. Even infinite retries are capped with 2 minutes timeout. |
--cloud-id |
string Set the ID of the cloud to use. |
--folder-id |
string Set the ID of the folder to use. |
--folder-name |
string Set the name of the folder to use (will be resolved to id). |
--endpoint |
string Set the Cloud API endpoint (host:port). |
--token |
string Set the OAuth token to use. |
--impersonate-service-account-id |
string Set the ID of the service account to impersonate. |
--no-browser |
Disable opening browser for authentication. |
--format |
string Set the output format: text (default), yaml, json, json-rest. |
-h ,--help |
Display help for the command. |