yc iam
Manage Yandex Identity and Access Manager resources
Command Usage
Syntax:
yc iam <group|command>
Command Tree
-
yc iam create-id-token — Create ID token and print to STDOUT
-
yc iam create-token — Create IAM token and print to STDOUT
-
yc iam revoke-token — Revoke IAM token
-
yc iam whoami — Print currently authenticated subject to STDOUT
-
yc iam access-analyzer — Manage access analyzer
- yc iam access-analyzer list-subject-access-bindings — List access bindings for the specified subject
-
yc iam access-key — Manage service account access keys
-
yc iam access-key create — Create an access key for the specified service account
-
yc iam access-key delete — Delete the specified access key
-
yc iam access-key get — Show information about the specified access key
-
yc iam access-key issue-ephemeral — Issue ephemeral access key
-
yc iam access-key list — List access keys for the specified service account
-
-
yc iam access-policy-template — Manage access policy templates
- yc iam access-policy-template list — List available access policy templates
-
yc iam api-key — Manage service account API keys
-
yc iam api-key create — Create an API key for the specified service account
-
yc iam api-key delete — Delete the specified API key
-
yc iam api-key get — Show information about the specified API key
-
yc iam api-key list — List API keys for the specified service account
-
yc iam api-key list-scopes — List of scopes
-
yc iam api-key update — Update an API key for the specified service account
-
-
yc iam key — Manage IAM keys
-
yc iam key create — Create an IAM key for for authenticated account or the specified service account
-
yc iam key delete — Delete the specified IAM key
-
yc iam key get — Show information about the specified IAM key
-
yc iam key list — List IAM keys for authenticated account or the specified service account
-
-
yc iam oauth-client — Manage oauth-clients
-
yc iam oauth-client create — Create an oauth-client in the specified folder
-
yc iam oauth-client delete — Delete the specified oauth-client
-
yc iam oauth-client get — Show information about state of a specified oauth-client
-
yc iam oauth-client list — List oauth-clients in the specified folder
-
yc iam oauth-client update — Update the specified oauth-client
-
-
yc iam oauth-client-secret — Manage oauth-client secrets
-
yc iam oauth-client-secret create — Create a secret for the specified oauth-client
-
yc iam oauth-client-secret delete — Delete the specified oauth-client secret
-
yc iam oauth-client-secret get — Show information about state of a specified oauth-client secret
-
yc iam oauth-client-secret list — List secrets of the specified oauth-client
-
-
yc iam refresh-token — Manage refresh tokens
-
yc iam refresh-token list — List subjects Refresh Tokens
-
yc iam refresh-token revoke — Revoke subjects Refresh Tokens. Refresh Tokens can be revoked by refresh token, refresh token id, or a group of subject id, client id and client instance info. If none of the flags are set, all Refresh Tokens for the authenticated user will be revoked.
-
-
yc iam role — Manage roles
-
yc iam role get — Show information about the specified role
-
yc iam role list — List roles
-
-
yc iam service-account — Manage service accounts
-
yc iam service-account add-access-binding — Add access binding to ACCESS the specified service account as a resource. To configure service account access to a resource use add-access-binding command for the corresponding resource
-
yc iam service-account add-labels — Add labels to specified service account
-
yc iam service-account create — Create a service account
-
yc iam service-account delete — Delete the specified service account
-
yc iam service-account get — Show information about the specified service account
-
yc iam service-account list — List service accounts
-
yc iam service-account list-access-bindings — List access bindings for ACCESSING the specified service account. To determine if a service account has an access to a resource, use list-access-bindings command for the corresponding resource
-
yc iam service-account list-operations — List operations for the specified service account
-
yc iam service-account remove-access-binding — Remove access binding for ACCESSING the specified service account as a resource. To configure service account access to a resource use remove-access-binding command for the corresponding resource
-
yc iam service-account remove-labels — Remove labels from specified service account
-
yc iam service-account set-access-bindings — Set access bindings for ACCESSING the specified service account and DELETE all existing access bindings for all accounts if there were any. To configure service account access to a resource use set-access-bindings command for the corresponding resource
-
yc iam service-account update — Update the specified service account
-
-
yc iam service-control — Manage service access to cloud
-
yc iam service-control disable — Disable service access to cloud
-
yc iam service-control enable — Enable service access to cloud
-
yc iam service-control get — Show information about state of specified service
-
yc iam service-control list — List service states
-
-
yc iam user-account — Manage user accounts
- yc iam user-account get — Show information about the specified user account
-
yc iam workload-identity — Manage workload identity
Global Flags
|
Flag |
Description |
|
|
Set the custom configuration file. |
|
|
Debug logging. |
|
|
Debug gRPC logging. Very verbose, used for debugging connection problems. |
|
|
Disable printing user intended output to stderr. |
|
|
Enable gRPC retries. By default, retries are enabled with maximum 5 attempts. |
|
|
Set the ID of the cloud to use. |
|
|
Set the ID of the folder to use. |
|
|
Set the name of the folder to use (will be resolved to id). |
|
|
Set the Cloud API endpoint (host:port). |
|
|
Set the OAuth token to use. |
|
|
Set the ID of the service account to impersonate. |
|
|
Disable opening browser for authentication. |
|
|
Set the output format: text (default), yaml, json, json-rest. |
|
|
Query to select values from the response using jq syntax |
|
|
Display help for the command. |