Yandex Cloud
Search
Contact UsGet started
  • Pricing
  • Customer Stories
  • Documentation
  • Blog
  • All Services
  • System Status
    • Featured
    • Infrastructure & Network
    • Data Platform
    • Containers
    • Developer tools
    • Serverless
    • Security
    • Monitoring & Resources
    • AI Studio
    • Business tools
  • All Solutions
    • By industry
    • By use case
    • Economics and Pricing
    • Security
    • Technical Support
    • Start testing with double trial credits
    • Cloud credits to scale your IT product
    • Gateway to Russia
    • Cloud for Startups
    • Education and Science
    • Yandex Cloud Partner program
  • Pricing
  • Customer Stories
  • Documentation
  • Blog
© 2025 Direct Cursus Technology L.L.C.
Yandex Identity and Access Management
    • Overview
      • How to choose the correct authentication method
      • IAM token
      • API key
      • Static access key
      • Security Token Service
      • Authorized key
      • OAuth_token
      • ID token
      • Cookie
      • Refresh token
    • Service access to user resources
    • Identity federations
    • Workload identity federations
    • Quotas and limits
  • Secure use of Yandex Cloud
  • Access management
  • Pricing policy
  • Role reference
  • Terraform reference
  • Monitoring metrics
  • Audit Trails events
  • Release notes

In this article:

  • Static key format
  • Key ID
  • Secret key
  • Services that support this authentication method
  • Use cases
  1. Concepts
  2. Authentication
  3. Static access key

Static access keys compatible with the AWS API

Written by
Yandex Cloud
Updated at May 27, 2025
  • Static key format
    • Key ID
    • Secret key
  • Services that support this authentication method
  • Use cases

A static access key is required to authenticate a service account in AWS-compatible APIs.

It consists of two parts:

  • Key ID
  • Secret key

Both parts are used in requests to the AWS-compatible API. A key ID is specified in open format. A secret key is used to sign request parameters and is not specified in the request.

It is the client's responsibility to store the secret key. Yandex Cloud gives access to it only when creating a static key.

A static key has no expiration date.

Alert

Make sure no third party has access to your secret key. Keep your key in a secure location. If your key has become known to a third party, reissue it.

To ensure security and control over access to resources, monitor cases of unauthorized use of keys, and delete unused keys without the risk of disrupting Yandex Cloud services, you can track the dates of last use of service account access keys. You can find this info on the service account page in the management console or in the last_used_at field when using the API to invoke access key management methods.

In addition to static access keys, you can use Security Token Service temporary keys, also compatible with the AWS API, to work with Yandex Object Storage.

Static key formatStatic key format

Key IDKey ID

A key ID consists of 25 characters and always starts with YC. Other characters may include:

  • Latin letters.
  • Numbers.
  • Underscores (_) and hyphens (-).

Here is an example of a key ID: YCchbYEDdcsYFBnxSWbcjDJDn.

Secret keySecret key

A secret key consists of 40 characters and always starts with YC. Other characters may include:

  • Latin letters.
  • Numbers.
  • Underscores (_) and hyphens (-).

Here is an example of a secret key: YCVdheub7w9bImcGAnd3dZnf08FRbvjeUFvehGvc.

For an example of using a secret key and its ID in an AWS-compliant API, see the AWS Command Line Interface section.

Services that support this authentication methodServices that support this authentication method

The following services support authentication based on static access keys:

  • Object Storage
  • Message Queue
  • Managed Service for YDB
  • Yandex Data Streams
  • Yandex Cloud Postbox

Use casesUse cases

  • Using a Yandex Lockbox secret to store a static access key

See alsoSee also

  • Creating a static access key
  • How to choose the appropriate authentication method in Yandex Cloud
  • Security Token Service
  • Using a Yandex Lockbox secret to store a static access key

Was the article helpful?

Previous
API key
Next
Security Token Service
© 2025 Direct Cursus Technology L.L.C.