Getting a list of supported access policy templates
Written by
Updated at April 3, 2026
Note
This feature is in the Preview stage. To get access, contact tech support or your account manager.
Access policies are a Yandex Identity and Access Management mechanism that allows you to manage permissions for specific operations with Yandex Cloud resources. Access policies are based on templates and complement the role system for more flexible access management.
To get a list of supported access policy templates:
CLI
API
If you do not have the Yandex Cloud CLI yet, install and initialize it.
Run this command:
yc iam access-policy-template list
Result:
+----------------------------------------------------+---------------------------------------------------------+--------------------------------+
| ID | NAME | DESCRIPTION |
+----------------------------------------------------+---------------------------------------------------------+--------------------------------+
| iam.denyServiceAccountAccessKeysCreation | iam-deny-service-account-access-keys-creation | Deny creation of service |
| | | account access keys |
| iam.denyServiceAccountApiKeysCreation | iam-deny-service-account-api-keys-creation | Deny creation of service |
| | | account api keys |
| iam.denyServiceAccountAuthorizedKeysCreation | iam-deny-service-account-authorized-keys-creation | Deny creation of service |
| | | account authorized keys |
| iam.denyServiceAccountCreation | iam-deny-service-account-creation | Deny creation of service |
| | | accounts |
| iam.denyServiceAccountCredentialsCreation | iam-deny-service-account-credentials-creation | Deny creation of service |
| | | account credentials |
| iam.denyServiceAccountFederatedCredentialsCreation | iam-deny-service-account-federated-credentials-creation | Deny creation of service |
| | | account federated credentials |
| iam.denyServiceAccountImpersonation | iam-deny-service-account-impersonation | Deny impersonation into the |
| | | service account |
| organization.denyMemberInvitation | organization-deny-member-invitation | Deny invitation of new members |
| | | to the organization |
| organization.denyUserListing | organization-deny-user-listing | Deny listing of users in the |
| | | organization |
| serverless.restrictPrivateNetworkInvocation | serverless-restrict-private-network-invocation | Restrict serverless functions |
| | | and containers invocation from |
| | | private vpc networks (by vpc |
| | | network ids and/or by private |
| | | vpc addresses) |
| serverless.restrictPublicInvocation | serverless-restrict-public-invocation | Restrict serverless functions |
| | | and containers invocation |
| | | from public ip addresses by |
| | | whitelist |
+----------------------------------------------------+---------------------------------------------------------+--------------------------------+
Use the list REST API method for the AccessPolicyTemplate resource or the AccessPolicyTemplateService/List gRPC API call.