Contact UsGet started
© 2025 Direct Cursus Technology L.L.C.

yandex_iam_workload_identity_federated_credential (Resource)

Written by
Updated at October 2, 2025

A federated credential.

Example Usage

//
// Create a new IAM Workload Identity Federated Credential.
//
resource "yandex_iam_workload_identity_federated_credential" "fed_cred" {
  service_account_id  = "some_sa_id"
  federation_id       = "some_wli_federation_id"
  external_subject_id = "some_external_subject_id"
}

Schema

Required

  • external_subject_id (String) Id of the external subject.
  • federation_id (String) ID of the workload identity federation which is used for authentication.

Optional

  • federated_credential_id (String) ID of the federated credential to return.
    To get the federated credential ID, make a [FederatedCredentialService.List] request.
  • id (String) ID of the federated credential to return.
    To get the federated credential ID, make a [FederatedCredentialService.List] request.
  • service_account_id (String) Id of the service account that the federated credential belongs to.
  • timeouts (Block, Optional) (see below for nested schema)

Read-Only

  • created_at (String) Creation timestamp.

Nested Schema for timeouts

Optional:

  • create (String) A string that can be parsed as a duration consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). A string that can be parsed as a duration consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours).
  • delete (String) A string that can be parsed as a duration consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). Setting a timeout for a Delete operation is only applicable if changes are saved into state before the destroy operation occurs.
  • read (String) A string that can be parsed as a duration consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). Read operations occur during any refresh or planning operation when refresh is enabled.
  • update (String) A string that can be parsed as a duration consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours).

Import

The resource can be imported by using their resource ID. For getting the resource ID you can use Yandex Cloud Web Console or YC CLI.

# terraform import yandex_iam_workload_identity_federated_credential.<resource Name> <resource Id>
terraform import yandex_iam_workload_identity_federated_credential.fed_cred ...
Previous
iam_service_account_static_access_key
Next
iam_workload_identity_oidc_federation