Making a container public

Written by

Yandex Cloud

Updated at May 5, 2026

If you want any user to be able to invoke a container without providing the authorization header, make it public.

Management console

CLI

API

In the management console, go to the folder with your container.
Go to Serverless Containers.
Select the container you want to make public.
On the Overview tab, enable Public container.

If you do not have the Yandex Cloud CLI yet, install and initialize it.

The folder used by default is the one specified when creating the CLI profile. To change the default folder, use the yc config set folder-id <folder_ID> command. You can also specify a different folder for any command using --folder-name or --folder-id. If you access a resource by its name, the search will be limited to the default folder. If you access a resource by its ID, the search will be global, i.e., through all folders based on access permissions.

To make a container public, run this command:

yc serverless container allow-unauthenticated-invoke <container_name>

Result:

done (1s)

To make a container public, use the setAccessBindings REST API method for the Container resource or the ContainerService/SetAccessBindings gRPC API call.

Request example

To use the example, install cURL and authenticate in the API.

Prepare a file named body.json with the following request body:
```
{
  "accessBindings": [
    {
      "roleId": "serverless-containers.containerInvoker",
      "subject": {
        "id": "allUsers",
        "type": "system"
      }
    }
  ]
}
```
Where:
- roleId: Role to assign. The serverless-containers.containerInvoker role allows you to invoke a container.
- id: Subject getting the role. allUsers: Any user. No authentication is required.
- type: Type of the subject getting the role. system: Public group.

Run the request stating the IAM token, path to the body.json file, and container ID:

curl \
    --request POST \
    --header "Authorization: Bearer <IAM_token>" \
    --data "@<body.json_file_path>" \
    https://serverless-containers.api.cloud.yandex.net/containers/v1/containers/<container_ID>:setAccessBindings

Result:

{
 "done": false,
 "metadata": {
  "@type": "type.googleapis.com/yandex.cloud.access.SetAccessBindingsMetadata",
  "resourceId": "bba8dkc667bj********"
 },
 "id": "bbaoi3jn8plq********",
 "description": "operationSetAccessBindings",
 "createdAt": "2023-12-22T10:30:58.348672821Z",
 "createdBy": "aje07l4q4vmo********",
 "modifiedAt": "2023-12-22T10:30:58.348672821Z"
}

Make sure the role is assigned. To do this, run the request stating the IAM token and container ID:

curl \
    --request GET \
    --header "Authorization: Bearer <IAM_token>" \
    https://serverless-containers.api.cloud.yandex.net/containers/v1/containers/<container_ID>:listAccessBindings

Result:

{
 "accessBindings": [
  {
   "subject": {
    "id": "allUsers",
    "type": "system"
   },
   "roleId": "serverless.containers.invoker"
  }
 ]
}

Making a container public

Was the article helpful?