Contact UsTry it for free
© 2026 Direct Cursus Technology L.L.C.

Getting started with the command line interface

Written by
Improved by
Updated at April 28, 2026

The Yandex Cloud command line interface (CLI) is downloadable software you can use to manage your cloud resources via the command line.

Installation

This section provides a guide for interactive CLI installation using a script that:

  1. Identifies your OS and architecture.
  2. Downloads the executable with the latest stable CLI version for your environment.
  3. Performs a health check.
  4. Adds the CLI to the PATH environment variable.
  5. Generates autocompletion settings.

Tip

To manually set up the CLI installation directory, autocompletion, and shell startup script, and add the CLI to the PATH environment variable, use the non-interactive CLI installation script.

You can also manually download and install the executable with the latest stable CLI version. For more information, see Installation without using a script.

  1. Run this command:

    curl -sSL https://storage.yandexcloud.net/yandexcloud-yc/install.sh | bash

    The script will install the CLI and add the executable file path to the PATH environment variable.

    Note

    The script will update PATH only if you run it in the bash or zsh command shell.

    If you run the script in a different shell, add the CLI path to the PATH variable yourself.

    Warning

    For autocompletion to work correctly when using zsh, you need the shell version 5.1 or higher. If using bash on CentOS and derivative distributions, install the bash-completion package.

  2. After installation is complete, restart your terminal.

  1. Run this command:

    curl -sSL https://storage.yandexcloud.net/yandexcloud-yc/install.sh | bash

    The script will install the CLI and add the executable file path to the PATH environment variable.

  2. Restart your terminal for the changes to take effect.

The CLI supports command autocompletion for the bash and zsh command shells. To enable autocompletion:

  1. Install the Homebrew package manager.

  2. Install the zsh-completion package:

    Warning

    If you installed bash instead of zsh or have macOS Mojave 10.14 or earlier with bash as the default shell, use the bash-completion package instead of zsh-completion and the ~/.bash_profile configuration file instead of ~/.zshrc at the current and next step.

    brew install zsh-completion

    The installation script will update the ~/.zshrc configuration file:

    # The next line updates PATH for Yandex Cloud CLI.
if [ -f '/Users/<username>/yandex-cloud/path.bash.inc' ]; then source '/Users/<username>/yandex-cloud/path.bash.inc'; fi
# The next line enables shell command completion for yc.
if [ -f '/Users/<username>/yandex-cloud/completion.zsh.inc' ]; then source '/Users/<username>/yandex-cloud/completion.zsh.inc'; fi

  3. After the installation is complete, add the following lines to the ~/.zshrc configuration file. Insert them above the lines automatically added by the installation script.

    if [ -f $(brew --prefix)/etc/zsh_completion ]; then
. $(brew --prefix)/etc/zsh_completion
fi

  4. Restart your terminal.

For Windows, you can install the CLI using PowerShell or command line:

  • To install using PowerShell:

    1. Run this command:

      iex (New-Object System.Net.WebClient).DownloadString('https://storage.yandexcloud.net/yandexcloud-yc/install.ps1')

    2. The installation script will ask whether to add the path to yc to the PATH variable:

      Add yc installation dir to your PATH? [Y/n]

    3. Enter Y. After this, you can use the Yandex Cloud CLI without restarting the command shell.

  • To install using the command line:

    1. Run this command:

      @"%SystemRoot%\System32\WindowsPowerShell\v1.0\powershell.exe" -Command "iex ((New-Object System.Net.WebClient).DownloadString('https://storage.yandexcloud.net/yandexcloud-yc/install.ps1'))" && SET "PATH=%PATH%;%USERPROFILE%\yandex-cloud\bin"

    2. The installation script will ask whether to add the path to yc to the PATH variable:

      Add yc installation dir to your PATH? [Y/n]

    3. Enter Y.

    4. Restart your terminal for the changes to take effect.

If you get an error during CLI installation, see CLI troubleshooting.

Creating a profile

To get authenticated using a Yandex account:

  1. Get your email address:

    1. Navigate to your Yandex account.
    2. Copy your email address from the Contacts section.

  2. Launch the profile creation wizard:

    yc init --username=<email_address>

  3. Select the profile you want to set up authentication for or create a new one.

    Welcome! This command will take you through the configuration process.
Pick desired action:
[1] Re-initialize this profile 'default' with new settings
[2] Create a new profile

  4. The CLI prompts you to continue authentication in the browser. Press Enter to continue.

    You are going to be authenticated via username '<email_address>'.
Authentication web site will be opened.
After your successful authentication, you will be redirected to 'https://console.yandex.cloud'.

Press 'enter' to continue...

    On successful authentication, an IAM token will be saved in the profile. This IAM token will be used to authenticate each operation until the end of the token's lifetime (not more than 12 hours). After that, the CLI will once again prompt you to authenticate in the browser.

    To extend the period during which you do not have to authenticate in the browser, use refresh tokens, which allow you to reissue IAM tokens without entering the browser. Do it by enabling refresh tokens at the organization level and initializing DPoP protection in the CLI.

  5. Go back to the command line interface to finish creating the profile.

  6. Select one of the clouds from the list of those you have access to:

    Please select cloud to use:
 [1] cloud1 (id = aoe2bmdcvata********)
 [2] cloud2 (id = dcvatao4faoe********)
Please enter your numeric choice: 2

    If there is only one cloud available, it will be selected automatically.

  7. Select the default folder:

    Please choose a folder to use:
 [1] folder1 (id = cvatao4faoe2********)
 [2] folder2 (id = tao4faoe2cva********)
 [3] Create a new folder
Please enter your numeric choice: 1

  8. To select the default availability zone for Compute Cloud, type Y. To skip the setup, type n.

    Do you want to configure a default Yandex Compute Cloud availability zone? [Y/n] Y

    If you typed Y, select the availability zone:

    Which zone do you want to use as a profile default?
 [1] ru-central1-a
 [2] ru-central1-b
 [3] ru-central1-d
 [4] Do not set default zone
Please enter your numeric choice: 2

  9. View your CLI profile settings:

    yc config list

    Result:

    subject-id: b1g159pa15cd********
username: <email_address>
folder-id: b1g8o9jbt58********
compute-default-zone: ru-central1-b

To authenticate using a SAML-compatible identity federation:

  1. Get your federation ID from your administrator.

  2. Launch the profile creation wizard:

    yc init --federation-id=<federation_ID>

  3. Select the profile you want to set up authentication for or create a new one.

    Welcome! This command will take you through the configuration process.
Pick desired action:
[1] Re-initialize this profile 'default' with new settings
[2] Create a new profile

  4. The CLI prompts you to continue authentication in the browser. Press Enter to continue.

    You are going to be authenticated via federation-id 'aje1f0hsgds3a********'.
Your federation authentication web site will be opened.
After your successful authentication, you will be redirected to 'https://console.yandex.cloud'.

Press 'enter' to continue...

    On successful authentication, an IAM token will be saved in the profile. This IAM token will be used to authenticate each operation until the end of the token's lifetime (not more than 12 hours). After that, the CLI will once again prompt you to authenticate in the browser.

    To extend the period during which you do not have to authenticate in the browser, use refresh tokens, which allow you to reissue IAM tokens without entering the browser. Do it by enabling refresh tokens at the organization level and initializing DPoP protection in the CLI.

  5. Go back to the command line interface to finish creating the profile.

  6. Select one of the clouds from the list of those you have access to:

    Please select cloud to use:
 [1] cloud1 (id = aoe2bmdcvata********)
 [2] cloud2 (id = dcvatao4faoe********)
Please enter your numeric choice: 2

    If there is only one cloud available, it will be selected automatically.

  7. Select the default folder:

    Please choose a folder to use:
 [1] folder1 (id = cvatao4faoe2********)
 [2] folder2 (id = tao4faoe2cva********)
 [3] Create a new folder
Please enter your numeric choice: 1

  8. To select the default availability zone for Compute Cloud, type Y. To skip the setup, type n.

    Do you want to configure a default Yandex Compute Cloud availability zone? [Y/n] Y

    If you typed Y, select the availability zone:

    Which zone do you want to use as a profile default?
 [1] ru-central1-a
 [2] ru-central1-b
 [3] ru-central1-d
 [4] Do not set default zone
Please enter your numeric choice: 2

  9. View your CLI profile settings:

    yc config list

    Result:

    federation-id: aje1f0hs6oja********
subject-id: ajea53egl28l********
cloud-id: b1g159pa15cd********
folder-id: b1g8o9jbt58********
compute-default-zone: ru-central1-b

To authenticate using a local user account:

  1. Launch the profile creation wizard:

    1. Get your user pool ID from your administrator.

    2. Launch the profile creation wizard:

      yc init --userpool-id=<user_pool_ID>

    1. Get your email address:

      1. Go to the My account portal.
      2. In the left-hand panel, select  Profile.
      3. Copy the email address from the Contacts section.

    2. Launch the profile creation wizard:

      yc init --username=<email_address>

  2. Select the profile you want to set up authentication for or create a new one.

    Welcome! This command will take you through the configuration process.
Pick desired action:
[1] Re-initialize this profile 'default' with new settings
[2] Create a new profile

  3. The CLI prompts you to continue authentication in the browser. Press Enter to continue.

    You are going to be authenticated via userpool-id 'ek0auknfc0mh********'.
Your userpool authentication web site will be opened.
After your successful authentication, you will be redirected to cloud console.

Press 'enter' to continue...

    On successful authentication, an IAM token will be saved in the profile. This IAM token will be used to authenticate each operation until the end of the token's lifetime (not more than 12 hours). After that, the CLI will once again prompt you to authenticate in the browser.

    To extend the period during which you do not have to authenticate in the browser, use refresh tokens, which allow you to reissue IAM tokens without entering the browser. Do it by enabling refresh tokens at the organization level and initializing DPoP protection in the CLI.

  4. Go back to the command line interface to finish creating the profile.

  5. Select one of the clouds from the list of those you have access to:

    Please select cloud to use:
 [1] cloud1 (id = aoe2bmdcvata********)
 [2] cloud2 (id = dcvatao4faoe********)
Please enter your numeric choice: 2

    If there is only one cloud available, it will be selected automatically.

  6. Select the default folder:

    Please choose a folder to use:
 [1] folder1 (id = cvatao4faoe2********)
 [2] folder2 (id = tao4faoe2cva********)
 [3] Create a new folder
Please enter your numeric choice: 1

  7. To select the default availability zone for Compute Cloud, type Y. To skip the setup, type n.

    Do you want to configure a default Yandex Compute Cloud availability zone? [Y/n] Y

    If you typed Y, select the availability zone:

    Which zone do you want to use as a profile default?
 [1] ru-central1-a
 [2] ru-central1-b
 [3] ru-central1-d
 [4] Do not set default zone
Please enter your numeric choice: 2

  8. View your CLI profile settings:

    yc config list

    Result:

    userpool-id: ek0auknfc0mh********
subject-id: ek00cd1m8hdd8********
cloud-id: b1g159pa15cd********
folder-id: b1g8o9jbt58********
compute-default-zone: ru-central1-b

    subject-id: b1g159pa15cd********
username: <email_address>
folder-id: b1g8o9jbt58********
compute-default-zone: ru-central1-b

Examples of commands

See below for how to create a cloud network, a subnet, and a VM connected to that subnet.

  1. View the description of the CLI commands for working with cloud networks:

    yc vpc network --help

  2. Create a cloud network in the folder specified in your CLI profile:

    yc vpc network create \
  --name my-yc-network \
  --labels my-label=my-value \
  --description "my first network via yc"

  3. In the my-yc-network cloud network, create a subnet:

    yc vpc subnet create \
  --name my-yc-subnet-a \
  --zone ru-central1-a \
  --range 10.1.2.0/24 \
  --network-name my-yc-network \
  --description "my first subnet via yc"

  4. Get a list of all cloud networks in the directory specified in your CLI profile:

    yc vpc network list

    Result:

    +----------------------+------------------+-------------------------+
|          ID          |       NAME       |       DESCRIPTION       |
+----------------------+------------------+-------------------------+
| skesdqhkc644******** | my-ui-network    | my first network via ui |
| c6449hbqqar1******** | my-yc-network    | my first network via yc |
+----------------------+------------------+-------------------------+

    Get the same list with more details in YAML format:

    yc vpc network list --format yaml

    Result:

    - id: skesdqhkc644********
  folder_id: ijkl9012
  created_at: "2018-09-05T09:51:16Z"
  name: my-ui-network
  description: "my first network via ui"
  labels: {}
- id: c6449hbqqar1********
  folder_id: ijkl9012
  created_at: "2018-09-05T09:55:36Z"
  name: my-yc-network
  description: "my first network via yc"
  labels:
    my-label: my-value

  5. Create a VM and connect it to my-yc-subnet-a:

    1. Create a key pair (public and private keys) for SSH access to the VM.

    2. Create a Linux VM:

      yc compute instance create \
  --name my-yc-instance \
  --network-interface subnet-name=my-yc-subnet-a,nat-ip-version=ipv4 \
  --zone ru-central1-a \
  --ssh-key ~/.ssh/id_ed25519.pub

      Where ssh-key is the path to a public key for SSH access. The VM will automatically create the yc-user user with the specified public key.

  6. Connect to the VM over SSH:

    1. Learn the public IP address of the VM. To do this, view detailed information about your VM:

      yc compute instance get my-yc-instance

      In the command output, find the address of the VM in the one_to_one_nat section:

      one_to_one_nat:
  address: 130.193.32.90
  ip_version: IPV4

    2. Connect to the VM over SSH as yc-user, using the private key:

      ssh yc-user@130.193.32.90

  7. Delete the my-yc-instance VM, my-yc-subnet-a subnet, and my-yc-network network:

    yc compute instance delete my-yc-instance
yc vpc subnet delete my-yc-subnet-a
yc vpc network delete my-yc-network

See also

Next
All guides