Yandex Cloud
Search
Contact UsGet started
  • Pricing
  • Customer Stories
  • Documentation
  • Blog
  • All Services
  • System Status
    • Featured
    • Infrastructure & Network
    • Data Platform
    • Containers
    • Developer tools
    • Serverless
    • Security
    • Monitoring & Resources
    • AI Studio
    • Business tools
  • All Solutions
    • By industry
    • By use case
    • Economics and Pricing
    • Security
    • Technical Support
    • Start testing with double trial credits
    • Cloud credits to scale your IT product
    • Gateway to Russia
    • Cloud for Startups
    • Center for Technologies and Society
    • Yandex Cloud Partner program
  • Pricing
  • Customer Stories
  • Documentation
  • Blog
© 2025 Direct Cursus Technology L.L.C.
Yandex Identity and Access Management
    • Overview
    • Service access to user resources
    • Identity federations
    • Workload identity federations
    • Quotas and limits
  • Secure use of Yandex Cloud
  • Access management
  • Pricing policy
  • Role reference
  • Terraform reference
  • Monitoring metrics
  • Audit Trails events
  • Release notes

In this article:

  • Resource access
  • Accounts in Yandex Cloud
  • Authentication keys
  • Authorization
  1. Concepts
  2. Overview

Yandex Identity and Access Management overview

Written by
Yandex Cloud
Updated at February 15, 2024
  • Resource access
  • Accounts in Yandex Cloud
  • Authentication keys
  • Authorization

The IAM service controls access to resources and lets you configure access rights. You determine who should have rights for a certain resource and what these rights are, while IAM grants access according to the assigned rights.

With IAM, you can:

  • Grant access to resources.
  • Manage accounts in Yandex Cloud.
  • Manage authentication keys.
  • Log in to Yandex Cloud.

Resource accessResource access

To grant a user access to a resource, you assign them roles for the resource. Each role consists of a set of permissions that describe operations that can be performed with the resource.

Before performing an operation with a resource, such as creating a VM, Yandex Cloud sends a request to the IAM service to check whether this operation is allowed. IAM compares the list of required permissions to the list of permissions granted to the user who is performing this operation. If any of the permissions are missing, the operation is not allowed and Yandex Cloud returns an error. For more information, see How access management works in Yandex Cloud.

Accounts in Yandex CloudAccounts in Yandex Cloud

To identify users performing operations with resources, Yandex Cloud allows using various account types. For more information, see Accounts in Yandex Cloud.

Authentication keysAuthentication keys

There are three types of keys used for authentication in Yandex Cloud:

  • API keys: Used instead of IAM tokens for simplified authorization.
  • Authorized keys: Used to obtain IAM tokens for service accounts.
  • Static access keys: Used in services with AWS-compatible APIs.

These keys are currently only used for service accounts.

AuthorizationAuthorization

The user must pass authentication so that IAM can authorize them (i.e., check whether the user has rights). Authentication is performed in different ways, depending on the type of account and the interface used. For more information, see How to choose the appropriate authentication method in Yandex Cloud.

Was the article helpful?

Previous
Configuring CI/CD between Cloud Functions and GitHub
Next
Overview
© 2025 Direct Cursus Technology L.L.C.