Discuss with expertTry it for free
© 2026 Direct Cursus Technology L.L.C.

Making a container public

Written by
Updated at June 18, 2026

To allow any user to invoke a container without providing an authorization header, make the container public.

  1. In the management console, select the folder with your container.
  2. Navigate to Serverless Containers.
  3. Select the container you want to make public.
  4. On the Overview tab, enable Public container.

If you do not have the Yandex Cloud CLI yet, install and initialize it.

The folder used by default is the one specified when creating the CLI profile. To change the default folder, use the yc config set folder-id <folder_ID> command. You can also specify a different folder for any command using --folder-name or --folder-id. If you access a resource by its name, the search will be limited to the default folder. If you access a resource by its ID, the search will be global, i.e., through all folders based on access permissions.

To make a container public, run this command:

yc serverless container allow-unauthenticated-invoke <container_name>

Result:

done (1s)

To make a container public, use the setAccessBindings REST API method for the Container resource or the ContainerService/SetAccessBindings gRPC API call.

Request example

To use this example, install cURL and authenticate with the API.

  1. Create a file named body.json with the following request body:

    {
  "accessBindings": [
    {
      "roleId": "serverless-containers.containerInvoker",
      "subject": {
        "id": "allUsers",
        "type": "system"
      }
    }
  ]
}

    Where:

    • roleId: Role to assign. The serverless-containers.containerInvoker role allows you to invoke a container.
    • id: Subject getting the role. allUsers stands for any user and requires no authentication.
    • type: Type of the subject getting the role. system stands for a public group.

  2. Run the request, specifying the IAM token, path to the body.json file, and container ID:

    curl \
    --request POST \
    --header "Authorization: Bearer <IAM_token>" \
    --data "@<body.json_file_path>" \
    https://serverless-containers.api.cloud.yandex.net/containers/v1/containers/<container_ID>:setAccessBindings

    Result:

    {
 "done": false,
 "metadata": {
  "@type": "type.googleapis.com/yandex.cloud.access.SetAccessBindingsMetadata",
  "resourceId": "bba8dkc667bj********"
 },
 "id": "bbaoi3jn8plq********",
 "description": "operationSetAccessBindings",
 "createdAt": "2023-12-22T10:30:58.348672821Z",
 "createdBy": "aje07l4q4vmo********",
 "modifiedAt": "2023-12-22T10:30:58.348672821Z"
}

  3. Make sure the role is assigned. To do this, run the request, specifying the IAM token and container ID:

    curl \
    --request GET \
    --header "Authorization: Bearer <IAM_token>" \
    https://serverless-containers.api.cloud.yandex.net/containers/v1/containers/<container_ID>:listAccessBindings

    Result:

    {
 "accessBindings": [
  {
   "subject": {
    "id": "allUsers",
    "type": "system"
   },
   "roleId": "serverless.containers.invoker"
  }
 ]
}
Previous
Configuring metadata service parameters
Next
Making a container private