Authorization in Yandex.Cloud
When a user does something with a resource in Yandex.Cloud, IAM checks whether the user has the necessary access rights to perform this operation.
Users get permissions along with resource roles. For more information about how roles are assigned and how the list of permissions is checked, see How access management in Yandex.Cloud works.
Authorization is performed in different ways, depending on the type of account and the interface used.
Authorization with a Yandex.Passport account
Log in to your Yandex or Yandex.Connect account.
If you are the owner of the cloud and you use your own account to access the API, remember that the owner of the cloud can perform any operations with cloud resources.
We recommend using a service account to work with the API. This way, you can assign only the roles that are necessary.
To log in:
Specify the received IAM token when accessing Yandex.Cloud resources via the API. Pass the IAM token in the
Authorizationheader in the following format:
Authorization: Bearer <IAM-TOKEN>
The IAM token is valid for 12 hours. After that period expires, get a new IAM token.