Creating a profile
There are two ways to create a profile:
-
Wizard-based profile creation with basic parameters.
The CLI suggests setting the basic profile parameters step-by-step. You can use this method to redefine the parameters of an existing profile. This method doesn't work for service accounts.
-
Creating an empty profile and adding parameters manually.
This creates and activates an empty profile which you have to set up manually.
Wizard-based profile creation with basic parameters
In interactive mode, the CLI will prompt you to set basic parameters step-by-step:
- Profile name.
- The cloud you have access rights to.
- Default folder.
- Default availability zone where Yandex Compute Cloud resources are created.
You can stop profile creation at any time. All the settings you entered before stopping are saved to the profile.
If you are not connected to the management console yet, log in to the console and accept the user agreement by clicking Log in.
To get authenticated using a Yandex account:
-
Get your email address:
- Navigate to your Yandex account.
- Copy your email address from the Contacts section.
-
Launch the profile creation wizard:
yc init --username=<email_address> -
Select the profile you want to set up authentication for or create a new one.
Welcome! This command will take you through the configuration process. Pick desired action: [1] Re-initialize this profile 'default' with new settings [2] Create a new profile -
The CLI prompts you to continue authentication in the browser. Press Enter to continue.
You are going to be authenticated via username '<email_address>'. Authentication web site will be opened. After your successful authentication, you will be redirected to 'https://console.yandex.cloud'. Press 'enter' to continue...On successful authentication, an IAM token will be saved in the profile. This IAM token will be used to authenticate each operation until the end of the token's lifetime (not more than 12 hours). After that, the CLI will once again prompt you to authenticate in the browser.
To extend the period during which you do not have to authenticate in the browser, use refresh tokens, which allow you to reissue IAM tokens without entering the browser. Do it by enabling refresh tokens at the organization level and initializing DPoP protection in the CLI.
-
Go back to the command line interface to finish creating the profile.
-
Select one of the clouds from the list of those you have access to:
Please select cloud to use: [1] cloud1 (id = aoe2bmdcvata********) [2] cloud2 (id = dcvatao4faoe********) Please enter your numeric choice: 2If there is only one cloud available, it will be selected automatically.
-
Select the default folder:
Please choose a folder to use: [1] folder1 (id = cvatao4faoe2********) [2] folder2 (id = tao4faoe2cva********) [3] Create a new folder Please enter your numeric choice: 1 -
To select the default availability zone for Compute Cloud, type
Y. To skip the setup, typen.Do you want to configure a default Yandex Compute Cloud availability zone? [Y/n] YIf you typed
Y, select the availability zone:Which zone do you want to use as a profile default? [1] ru-central1-a [2] ru-central1-b [3] ru-central1-d [4] Do not set default zone Please enter your numeric choice: 2 -
View your CLI profile settings:
yc config listResult:
subject-id: b1g159pa15cd******** username: <email_address> folder-id: b1g8o9jbt58******** compute-default-zone: ru-central1-b
To authenticate using a SAML-compatible identity federation:
-
Get your federation ID from your administrator.
-
Launch the profile creation wizard:
yc init --federation-id=<federation_ID> -
Select the profile you want to set up authentication for or create a new one.
Welcome! This command will take you through the configuration process. Pick desired action: [1] Re-initialize this profile 'default' with new settings [2] Create a new profile -
The CLI prompts you to continue authentication in the browser. Press Enter to continue.
You are going to be authenticated via federation-id 'aje1f0hsgds3a********'. Your federation authentication web site will be opened. After your successful authentication, you will be redirected to 'https://console.yandex.cloud'. Press 'enter' to continue...On successful authentication, an IAM token will be saved in the profile. This IAM token will be used to authenticate each operation until the end of the token's lifetime (not more than 12 hours). After that, the CLI will once again prompt you to authenticate in the browser.
To extend the period during which you do not have to authenticate in the browser, use refresh tokens, which allow you to reissue IAM tokens without entering the browser. Do it by enabling refresh tokens at the organization level and initializing DPoP protection in the CLI.
-
Go back to the command line interface to finish creating the profile.
-
Select one of the clouds from the list of those you have access to:
Please select cloud to use: [1] cloud1 (id = aoe2bmdcvata********) [2] cloud2 (id = dcvatao4faoe********) Please enter your numeric choice: 2If there is only one cloud available, it will be selected automatically.
-
Select the default folder:
Please choose a folder to use: [1] folder1 (id = cvatao4faoe2********) [2] folder2 (id = tao4faoe2cva********) [3] Create a new folder Please enter your numeric choice: 1 -
To select the default availability zone for Compute Cloud, type
Y. To skip the setup, typen.Do you want to configure a default Yandex Compute Cloud availability zone? [Y/n] YIf you typed
Y, select the availability zone:Which zone do you want to use as a profile default? [1] ru-central1-a [2] ru-central1-b [3] ru-central1-d [4] Do not set default zone Please enter your numeric choice: 2 -
View your CLI profile settings:
yc config listResult:
federation-id: aje1f0hs6oja******** subject-id: ajea53egl28l******** cloud-id: b1g159pa15cd******** folder-id: b1g8o9jbt58******** compute-default-zone: ru-central1-b
To authenticate using a local user account:
-
Launch the profile creation wizard:
User poolEmail-
Get your user pool ID from your administrator.
-
Launch the profile creation wizard:
yc init --userpool-id=<user_pool_ID>
-
Get your email address:
- Go to the My account portal.
- In the left-hand panel, select Profile.
- Copy the email address from the Contacts section.
-
Launch the profile creation wizard:
yc init --username=<email_address>
-
-
Select the profile you want to set up authentication for or create a new one.
Welcome! This command will take you through the configuration process. Pick desired action: [1] Re-initialize this profile 'default' with new settings [2] Create a new profile -
The CLI prompts you to continue authentication in the browser. Press Enter to continue.
You are going to be authenticated via userpool-id 'ek0auknfc0mh********'. Your userpool authentication web site will be opened. After your successful authentication, you will be redirected to cloud console. Press 'enter' to continue...On successful authentication, an IAM token will be saved in the profile. This IAM token will be used to authenticate each operation until the end of the token's lifetime (not more than 12 hours). After that, the CLI will once again prompt you to authenticate in the browser.
To extend the period during which you do not have to authenticate in the browser, use refresh tokens, which allow you to reissue IAM tokens without entering the browser. Do it by enabling refresh tokens at the organization level and initializing DPoP protection in the CLI.
-
Go back to the command line interface to finish creating the profile.
-
Select one of the clouds from the list of those you have access to:
Please select cloud to use: [1] cloud1 (id = aoe2bmdcvata********) [2] cloud2 (id = dcvatao4faoe********) Please enter your numeric choice: 2If there is only one cloud available, it will be selected automatically.
-
Select the default folder:
Please choose a folder to use: [1] folder1 (id = cvatao4faoe2********) [2] folder2 (id = tao4faoe2cva********) [3] Create a new folder Please enter your numeric choice: 1 -
To select the default availability zone for Compute Cloud, type
Y. To skip the setup, typen.Do you want to configure a default Yandex Compute Cloud availability zone? [Y/n] YIf you typed
Y, select the availability zone:Which zone do you want to use as a profile default? [1] ru-central1-a [2] ru-central1-b [3] ru-central1-d [4] Do not set default zone Please enter your numeric choice: 2 -
View your CLI profile settings:
yc config listResult:
User poolEmailuserpool-id: ek0auknfc0mh******** subject-id: ek00cd1m8hdd8******** cloud-id: b1g159pa15cd******** folder-id: b1g8o9jbt58******** compute-default-zone: ru-central1-bsubject-id: b1g159pa15cd******** username: <email_address> folder-id: b1g8o9jbt58******** compute-default-zone: ru-central1-b
Creating an empty profile and adding parameters manually
Create a profile named test:
-
Run this command:
yc config profile create testResult:
Profile 'test' created and activated -
Specify the necessary profile parameters, e.g., a folder:
yc config set folder-id <Folder_ID>View the full list of profile parameters and learn how to manage them.