yc iam v0

Written by

Yandex Cloud

Updated at April 23, 2026

Manage Yandex Identity and Access Manager resources

Command Usage

Syntax:

yc iam v0 <group|command>

Command Tree

yc iam v0 create-id-token — Create ID token and print to STDOUT
yc iam v0 create-token — Create IAM token and print to STDOUT
yc iam v0 revoke-token — Revoke IAM token
yc iam v0 whoami — Print currently authenticated subject to STDOUT
yc iam v0 access-analyzer — Manage access analyzer
- yc iam v0 access-analyzer list-subject-access-bindings — List access bindings for the specified subject
yc iam v0 access-key — Manage service account access keys
- yc iam v0 access-key create — Create an access key for the specified service account
- yc iam v0 access-key delete — Delete the specified access key
- yc iam v0 access-key get — Show information about the specified access key
- yc iam v0 access-key issue-ephemeral — Issue ephemeral access key
- yc iam v0 access-key list — List access keys for the specified service account
yc iam v0 access-policy-template — Manage access policy templates
- yc iam v0 access-policy-template list — List available access policy templates
yc iam v0 api-key — Manage service account API keys
- yc iam v0 api-key create — Create an API key for the specified service account
- yc iam v0 api-key delete — Delete the specified API key
- yc iam v0 api-key get — Show information about the specified API key
- yc iam v0 api-key list — List API keys for the specified service account
- yc iam v0 api-key list-scopes — List of scopes
- yc iam v0 api-key update — Update an API key for the specified service account
yc iam v0 key — Manage IAM keys
- yc iam v0 key create — Create an IAM key for for authenticated account or the specified service account
- yc iam v0 key delete — Delete the specified IAM key
- yc iam v0 key get — Show information about the specified IAM key
- yc iam v0 key list — List IAM keys for authenticated account or the specified service account
yc iam v0 oauth-client — Manage oauth-clients
- yc iam v0 oauth-client create — Create an oauth-client in the specified folder
- yc iam v0 oauth-client delete — Delete the specified oauth-client
- yc iam v0 oauth-client get — Show information about state of a specified oauth-client
- yc iam v0 oauth-client list — List oauth-clients in the specified folder
- yc iam v0 oauth-client update — Update the specified oauth-client
yc iam v0 oauth-client-secret — Manage oauth-client secrets
- yc iam v0 oauth-client-secret create — Create a secret for the specified oauth-client
- yc iam v0 oauth-client-secret delete — Delete the specified oauth-client secret
- yc iam v0 oauth-client-secret get — Show information about state of a specified oauth-client secret
- yc iam v0 oauth-client-secret list — List secrets of the specified oauth-client
yc iam v0 refresh-token — Manage refresh tokens
- yc iam v0 refresh-token list — List subjects Refresh Tokens
- yc iam v0 refresh-token revoke — Revoke subjects Refresh Tokens. Refresh Tokens can be revoked by refresh token, refresh token id, or a group of subject id, client id and client instance info. If none of the flags are set, all Refresh Tokens for the authenticated user will be revoked.
yc iam v0 role — Manage roles
- yc iam v0 role get — Show information about the specified role
- yc iam v0 role list — List roles
yc iam v0 service-account — Manage service accounts
- yc iam v0 service-account add-access-binding — Add access binding to ACCESS the specified service account as a resource. To configure service account access to a resource use add-access-binding command for the corresponding resource
- yc iam v0 service-account add-labels — Add labels to specified service account
- yc iam v0 service-account create — Create a service account
- yc iam v0 service-account delete — Delete the specified service account
- yc iam v0 service-account get — Show information about the specified service account
- yc iam v0 service-account list — List service accounts
- yc iam v0 service-account list-access-bindings — List access bindings for ACCESSING the specified service account. To determine if a service account has an access to a resource, use list-access-bindings command for the corresponding resource
- yc iam v0 service-account list-operations — List operations for the specified service account
- yc iam v0 service-account remove-access-binding — Remove access binding for ACCESSING the specified service account as a resource. To configure service account access to a resource use remove-access-binding command for the corresponding resource
- yc iam v0 service-account remove-labels — Remove labels from specified service account
- yc iam v0 service-account set-access-bindings — Set access bindings for ACCESSING the specified service account and DELETE all existing access bindings for all accounts if there were any. To configure service account access to a resource use set-access-bindings command for the corresponding resource
- yc iam v0 service-account update — Update the specified service account
yc iam v0 service-control — Manage service access to cloud
- yc iam v0 service-control disable — Disable service access to cloud
- yc iam v0 service-control enable — Enable service access to cloud
- yc iam v0 service-control get — Show information about state of specified service
- yc iam v0 service-control list — List service states
yc iam v0 user-account — Manage user accounts
- yc iam v0 user-account get — Show information about the specified user account
yc iam v0 workload-identity — Manage workload identity

Global Flags

Flag	Description
`--profile`	`string` Set the custom configuration file.
`--debug`	Debug logging.
`--debug-grpc`	Debug gRPC logging. Very verbose, used for debugging connection problems.
`--no-user-output`	Disable printing user intended output to stderr.
`--retry`	`int` Enable gRPC retries. By default, retries are enabled with maximum 5 attempts. Pass 0 to disable retries. Pass any negative value for infinite retries. Even infinite retries are capped with 2 minutes timeout.
`--syntax`	`string` CLI syntax: 1 (legacy) or 2 (current). Omit to use default-syntax in the profile or the product default.
`--cloud-id`	`string` Set the ID of the cloud to use.
`--folder-id`	`string` Set the ID of the folder to use.
`--folder-name`	`string` Set the name of the folder to use (will be resolved to id).
`--endpoint`	`string` Set the Cloud API endpoint (host:port).
`--token`	`string` Set the OAuth token to use.
`--impersonate-service-account-id`	`string` Set the ID of the service account to impersonate.
`--no-browser`	Disable opening browser for authentication.
`--format`	`string` Set the output format: text (default), yaml, json, json-rest.
`--jq`	`string` Query to select values from the response using jq syntax
`-h`, `--help`	Display help for the command.

yc iam v0

Command UsageCommand Usage

Command TreeCommand Tree

Global FlagsGlobal Flags

Was the article helpful?

Command Usage

Command Tree

Global Flags