Yandex Cloud
Search
Discuss with expertTry it for free
  • Customer Stories
  • Documentation
  • Blog
  • All Services
  • System Status
  • Marketplace
    • Featured
    • Infrastructure & Network
    • Data Platform
    • AI for business
    • Security
    • DevOps tools
    • Serverless
    • Monitoring & Resources
  • All Solutions
    • By industry
    • By use case
    • Economics and Pricing
    • Security
    • Technical Support
    • Start testing with double trial credits
    • Cloud credits to scale your IT product
    • Gateway to Russia
    • Cloud for Startups
    • Center for Technologies and Society
    • Yandex Cloud Partner program
    • Price calculator
    • Pricing plans
  • Customer Stories
  • Documentation
  • Blog
© 2026 Direct Cursus Technology L.L.C.
Yandex Identity and Access Management
    • All guides
    • Handling secrets that are available in the public domain
    • Users
    • User groups
      • Getting a list of supported policy templates
      • Creating a policy for a resource
      • Viewing policies created for a resource
      • Delete policy
  • Secure use of Yandex Cloud
  • Access management
  • Pricing policy
  • Role reference
  • Terraform reference
  • Monitoring metrics
  • Audit Trails events
  • Release notes
  1. Step-by-step guides
  2. Access policies
  3. Getting a list of supported policy templates

Getting a list of supported access policy templates

Written by
Yandex Cloud
Updated at July 8, 2026
View in Markdown

Note

This feature is in the Preview stage. To get access, contact tech support or your account manager.

Access policies are a Yandex Identity and Access Management mechanism that allows you to manage permissions for specific operations with Yandex Cloud resources. Access policies are based on templates and complement the role system for more flexible access management.

To get a list of supported access policy templates:

CLI
API

If you do not have the Yandex Cloud CLI yet, install and initialize it.

Run this command:

yc iam access-policy-template list

Result:

+----------------------------------------------------+---------------------------------------------------------+--------------------------------+
|                         ID                         |                          NAME                           |          DESCRIPTION           |
+----------------------------------------------------+---------------------------------------------------------+--------------------------------+
| backup.denyActivation                              | backup-deny-activation                                  | Restrict Cloud Backup          |
|                                                    |                                                         | activation and backup policies |
|                                                    |                                                         | changes                        |
| backup.denyRemoveProtection                        | backup-deny-remove-protection                           | Restrict Cloud Backup removal  |
|                                                    |                                                         | and backup policies changes    |
| iam.denyServiceAccountAccessKeysCreation           | iam-deny-service-account-access-keys-creation           | Deny creation of service       |
|                                                    |                                                         | account access keys            |
| iam.denyServiceAccountApiKeysCreation              | iam-deny-service-account-api-keys-creation              | Deny creation of service       |
|                                                    |                                                         | account api keys               |
| iam.denyServiceAccountAuthorizedKeysCreation       | iam-deny-service-account-authorized-keys-creation       | Deny creation of service       |
|                                                    |                                                         | account authorized keys        |
| iam.denyServiceAccountCreation                     | iam-deny-service-account-creation                       | Deny creation of service       |
|                                                    |                                                         | accounts                       |
| iam.denyServiceAccountCredentialsCreation          | iam-deny-service-account-credentials-creation           | Deny creation of service       |
|                                                    |                                                         | account credentials            |
| iam.denyServiceAccountFederatedCredentialsCreation | iam-deny-service-account-federated-credentials-creation | Deny creation of service       |
|                                                    |                                                         | account federated credentials  |
| iam.denyServiceAccountImpersonation                | iam-deny-service-account-impersonation                  | Deny impersonation into the    |
|                                                    |                                                         | service account                |
| organization.denyMemberInvitation                  | organization-deny-member-invitation                     | Deny invitation of new members |
|                                                    |                                                         | to the organization            |
| organization.denyUserListing                       | organization-deny-user-listing                          | Deny listing of users in the   |
|                                                    |                                                         | organization                   |
| serverless.containers.restrictNetworkAccess        | serverless-containers-restrict-network-access           | Restrict Serverless Containers |
|                                                    |                                                         | network access by source IP    |
|                                                    |                                                         | addresses and VPC network IDs  |
| serverless.containers.restrictResourceVPCNetwork   | serverless-containers-restrict-resource-vpc-network     | Restrict Serverless Containers |
|                                                    |                                                         | resource VPC network by        |
|                                                    |                                                         | allowed VPC network IDs        |
| serverless.functions.restrictNetworkAccess         | serverless-functions-restrict-network-access            | Restrict Cloud Functions       |
|                                                    |                                                         | network access by source IP    |
|                                                    |                                                         | addresses and VPC network IDs  |
| serverless.functions.restrictResourceVPCNetwork    | serverless-functions-restrict-resource-vpc-network      | Restrict Cloud Functions       |
|                                                    |                                                         | resource VPC network by        |
|                                                    |                                                         | allowed VPC network IDs        |
| serverless.mcpGateways.restrictNetworkAccess       | serverless-mcp-gateways-restrict-network-access         | Restrict MCP Gateways network  |
|                                                    |                                                         | access by source IP addresses  |
|                                                    |                                                         | and VPC network IDs            |
| serverless.mcpGateways.restrictResourceVPCNetwork  | serverless-mcp-gateways-restrict-resource-vpc-network   | Restrict MCP Gateways resource |
|                                                    |                                                         | VPC network by allowed VPC     |
|                                                    |                                                         | network IDs                    |
| serverless.responses.restrictNetworkAccess         | serverless-responses-restrict-network-access            | Restrict Foundation Models     |
|                                                    |                                                         | Responses network access by    |
|                                                    |                                                         | source IP addresses and VPC    |
|                                                    |                                                         | network IDs                    |
| serverless.workflows.restrictNetworkAccess         | serverless-workflows-restrict-network-access            | Restrict Serverless Workflows  |
|                                                    |                                                         | network access by source IP    |
|                                                    |                                                         | addresses and VPC network IDs  |
| serverless.workflows.restrictResourceVPCNetwork    | serverless-workflows-restrict-resource-vpc-network      | Restrict Serverless Workflows  |
|                                                    |                                                         | resource VPC network by        |
|                                                    |                                                         | allowed VPC network IDs        |
+----------------------------------------------------+---------------------------------------------------------+--------------------------------+

Use the list REST API method for the AccessPolicyTemplate resource or the AccessPolicyTemplateService/List gRPC API call.

Useful linksUseful links

  • Access policies
  • Creating an access policy for a resource
  • Viewing access policies created for a resource
  • Deleting an access policy

Was the article helpful?

Previous
Deleting a service account
Next
Creating a policy for a resource
© 2026 Direct Cursus Technology L.L.C.