All operations in Instance Groups are performed on behalf of the service account.
Service accounts are special accounts that can be used by services and applications to interact with other Yandex.Cloud APIs on your behalf. For more information about service accounts and access management in Yandex.Cloud, see Yandex Identity and Access Management documentation.
Instance Groups applications use the service account's authorized keys for authorization in the set of APIs and to perform operations on resources within the roles granted to this service account. For example, Instance Groups uses a service account for creating, updating, and deleting instances. Instance Groups is easily authenticated in the Compute Cloud API without embedding private keys or user credentials in the application code.
An instance group can have only one service account created in the same folder as the group.