Revoking an IAM token
You can revoke an IAM token you got earlier. You may need to do this, for example, if the token is compromised or if you are getting a new one.
To revoke an IAM token:
If you do not have the Yandex Cloud CLI yet, install and initialize it.
The folder used by default is the one specified when creating the CLI profile. To change the default folder, use the yc config set folder-id <folder_ID> command. You can also specify a different folder for any command using --folder-name or --folder-id. If you access a resource by its name, the search will be limited to the default folder. If you access a resource by its ID, the search will be global, i.e., through all folders based on access permissions.
-
Check out the description of the IAM token revocation command:
yc iam revoke-token --help -
Revoke the IAM token by specifying it in this command:
yc iam revoke-token \ --iam-token "<IAM_token>"Result:
subject_id: ajei280a73vc********
Run an http request specifying the IAM token to revoke:
curl \
--request POST \
--header 'Content-Type: application/json' \
--header "Authorization: Bearer <IAM_token>" \
--data '{
"iamToken": "<IAM_token>"
}' \
https://iam.api.cloud.yandex.net/iam/v1/tokens:revoke
Result:
{
"subjectId": "ajei280a73vc********"
}