Yandex Cloud
Search
Contact UsGet started
  • Blog
  • Pricing
  • Documentation
  • All Services
  • System Status
    • Featured
    • Infrastructure & Network
    • Data Platform
    • Containers
    • Developer tools
    • Serverless
    • Security
    • Monitoring & Resources
    • ML & AI
    • Business tools
  • All Solutions
    • By industry
    • By use case
    • Economics and Pricing
    • Security
    • Technical Support
    • Customer Stories
    • Cloud credits to scale your IT product
    • Gateway to Russia
    • Cloud for Startups
    • Education and Science
    • Yandex Cloud Partner program
  • Blog
  • Pricing
  • Documentation
© 2025 Direct Cursus Technology L.L.C.
Yandex Identity and Access Management
    • All guides
    • Handling secrets that are available in the public domain
      • Creating a service account
      • Updating a service account
      • Assigning roles to a service account
      • Setting up service account access permissions
      • Getting information about a service account
      • Getting an ID token for a service account
      • Deleting a service account
  • Secure use of Yandex Cloud
  • Access management
  • Pricing policy
  • Role reference
  • Terraform reference
  • Monitoring metrics
  • Audit Trails events
  • Release notes

In this article:

  • Create a service account
  • Examples
  • Add a description when creating a service account
  1. Step-by-step guides
  2. Service accounts
  3. Creating a service account

Creating a service account

Written by
Yandex Cloud
Improved by
Danila N.
Updated at May 5, 2025
  • Create a service account
  • Examples
    • Add a description when creating a service account

Create a service account to manage resources under a different account.

You must have the iam.serviceAccounts.admin role or higher for the folder to create a service account.

Note

A service account is created inside a folder. Once a service account has been created, you cannot change the folder.

You can assign roles to a service account for any resources in any cloud if these resources belong to the same organization as the service account. You can also assign roles to a service account for the organization.

Create a service accountCreate a service account

Management console
CLI
Terraform
API
  1. Go to the management console.

  2. On the left side of the screen, click the line with the name of the folder where you want to create a service account.

  3. In the list of services, select Identity and Access Management.

  4. Click Create service account.

  5. Enter a name for the service account.

    The name format requirements are as follows:

    • It must be from 2 to 63 characters long.
    • It may contain lowercase Latin letters, numbers, and hyphens.
    • It must start with a letter and cannot end with a hyphen.

    Make sure the service account name is unique within your cloud.

  6. Click Create.

If you do not have the Yandex Cloud CLI yet, install and initialize it.

The folder specified when creating the CLI profile is used by default. To change the default folder, use the yc config set folder-id <folder_ID> command. You can specify a different folder using the --folder-name or --folder-id parameter.

  1. Check the description of the command for creating a service account:

    yc iam service-account create --help
    
  2. Create a service account named my-robot:

    yc iam service-account create --name my-robot
    

    The name should match the following format:

    • It must be from 2 to 63 characters long.
    • It may contain lowercase Latin letters, numbers, and hyphens.
    • It must start with a letter and cannot end with a hyphen.

If you do not have Terraform yet, install it and configure its Yandex Cloud provider.

  1. In the configuration file, define the parameters of the resources you want to create:

    resource "yandex_iam_service_account" "sa" {
      name        = "<service_account_name>"
      description = "<service_account_description>"
      folder_id   = "<folder_ID>"
    }
    
    • name: Service account name. This is a required parameter.
    • description: Service account description. This is an optional parameter.
    • folder_id: Folder ID. This is an optional parameter. By default, the value specified in the provider settings is used.

    For more information about the yandex_iam_service_account resource parameters in Terraform, see the provider documentation.

  2. Make sure the configuration files are correct.

    1. In the command line, go to the directory where you created the configuration file.

    2. Run a check using this command:

      terraform plan
      

    If the configuration is specified correctly, the terminal will display information about the service account. If there are errors in the configuration, Terraform will point them out.

  3. Deploy the cloud resources.

    1. If the configuration does not contain any errors, run this command:

      terraform apply
      
    2. Confirm creating the service account: type yes in the terminal and press Enter.

      The service account will then be created. You can check the new service account using the management console or this CLI command:

      yc iam service-account list
      

To create a service account, use the create REST API method for the ServiceAccount resource or the ServiceAccountService/Create gRPC API call.

ExamplesExamples

Add a description when creating a service accountAdd a description when creating a service account

Create a service account with the following name and description:

CLI
Terraform
API
yc iam service-account create --name my-robot \
  --description "this is my favorite service account"
 resource "yandex_iam_service_account" "sa" {
   name        = "my-robot"
   description = "this is my favorite service account"
 }
curl \
  --request POST \
  --header 'Content-Type: application/json' \
  --header "Authorization: Bearer <IAM_token>" \
  --data '{
    "folderId": "b1gvmob95yys********",
    "name": "my-robot",
    "description": "this is my favorite service account"
  }' \
  https://iam.api.cloud.yandex.net/iam/v1/serviceAccounts

See alsoSee also

  • Assigning roles to a service account.
  • Setting up service account access permissions.
  • Service account keys.

Was the article helpful?

Previous
Granting group permissions
Next
Updating a service account
© 2025 Direct Cursus Technology L.L.C.