Getting a list of supported access policy templates
Written by
Updated at July 8, 2026
Note
This feature is in the Preview stage. To get access, contact tech support
Access policies are a Yandex Identity and Access Management mechanism that allows you to manage permissions for specific operations with Yandex Cloud resources. Access policies are based on templates and complement the role system for more flexible access management.
To get a list of supported access policy templates:
CLI
API
If you do not have the Yandex Cloud CLI yet, install and initialize it.
Run this command:
yc iam access-policy-template list
Result:
+----------------------------------------------------+---------------------------------------------------------+--------------------------------+
| ID | NAME | DESCRIPTION |
+----------------------------------------------------+---------------------------------------------------------+--------------------------------+
| backup.denyActivation | backup-deny-activation | Restrict Cloud Backup |
| | | activation and backup policies |
| | | changes |
| backup.denyRemoveProtection | backup-deny-remove-protection | Restrict Cloud Backup removal |
| | | and backup policies changes |
| iam.denyServiceAccountAccessKeysCreation | iam-deny-service-account-access-keys-creation | Deny creation of service |
| | | account access keys |
| iam.denyServiceAccountApiKeysCreation | iam-deny-service-account-api-keys-creation | Deny creation of service |
| | | account api keys |
| iam.denyServiceAccountAuthorizedKeysCreation | iam-deny-service-account-authorized-keys-creation | Deny creation of service |
| | | account authorized keys |
| iam.denyServiceAccountCreation | iam-deny-service-account-creation | Deny creation of service |
| | | accounts |
| iam.denyServiceAccountCredentialsCreation | iam-deny-service-account-credentials-creation | Deny creation of service |
| | | account credentials |
| iam.denyServiceAccountFederatedCredentialsCreation | iam-deny-service-account-federated-credentials-creation | Deny creation of service |
| | | account federated credentials |
| iam.denyServiceAccountImpersonation | iam-deny-service-account-impersonation | Deny impersonation into the |
| | | service account |
| organization.denyMemberInvitation | organization-deny-member-invitation | Deny invitation of new members |
| | | to the organization |
| organization.denyUserListing | organization-deny-user-listing | Deny listing of users in the |
| | | organization |
| serverless.containers.restrictNetworkAccess | serverless-containers-restrict-network-access | Restrict Serverless Containers |
| | | network access by source IP |
| | | addresses and VPC network IDs |
| serverless.containers.restrictResourceVPCNetwork | serverless-containers-restrict-resource-vpc-network | Restrict Serverless Containers |
| | | resource VPC network by |
| | | allowed VPC network IDs |
| serverless.functions.restrictNetworkAccess | serverless-functions-restrict-network-access | Restrict Cloud Functions |
| | | network access by source IP |
| | | addresses and VPC network IDs |
| serverless.functions.restrictResourceVPCNetwork | serverless-functions-restrict-resource-vpc-network | Restrict Cloud Functions |
| | | resource VPC network by |
| | | allowed VPC network IDs |
| serverless.mcpGateways.restrictNetworkAccess | serverless-mcp-gateways-restrict-network-access | Restrict MCP Gateways network |
| | | access by source IP addresses |
| | | and VPC network IDs |
| serverless.mcpGateways.restrictResourceVPCNetwork | serverless-mcp-gateways-restrict-resource-vpc-network | Restrict MCP Gateways resource |
| | | VPC network by allowed VPC |
| | | network IDs |
| serverless.responses.restrictNetworkAccess | serverless-responses-restrict-network-access | Restrict Foundation Models |
| | | Responses network access by |
| | | source IP addresses and VPC |
| | | network IDs |
| serverless.workflows.restrictNetworkAccess | serverless-workflows-restrict-network-access | Restrict Serverless Workflows |
| | | network access by source IP |
| | | addresses and VPC network IDs |
| serverless.workflows.restrictResourceVPCNetwork | serverless-workflows-restrict-resource-vpc-network | Restrict Serverless Workflows |
| | | resource VPC network by |
| | | allowed VPC network IDs |
+----------------------------------------------------+---------------------------------------------------------+--------------------------------+
Use the list REST API method for the AccessPolicyTemplate resource or the AccessPolicyTemplateService/List gRPC API call.