Yandex Cloud
  • Services
  • Solutions
  • Why Yandex Cloud
  • Pricing
  • Documentation
  • Contact us
Get started
Language / Region
© 2022 Yandex.Cloud LLC
Yandex Identity and Access Management
  • Getting started
    • How to manage access to resources
    • How to work with service accounts
  • Step-by-step instructions
    • All instructions
    • Users
      • Adding users
      • Getting user ID or email
      • Deleting a user
    • Service accounts
      • Creating a service account
      • Updating a service account
      • Assigning roles to a service account
      • Setting up access rights for a service account
      • Creating static access keys
      • Getting the service account ID
      • Deleting service accounts
    • Roles
      • Assigning roles
      • Viewing assigned roles
      • Revoking roles
    • IAM tokens
      • Getting an IAM token for a Yandex account
      • Getting an IAM token for a service account
      • Getting an IAM token for a federated account
    • Keys
      • Creating API keys
      • Deleting API keys
      • Creating authorized keys
  • Concepts
    • Overview
    • How access management works
      • Overview
      • Roles
      • System groups
      • Resources that roles can be assigned for
    • Authorization
      • Overview
      • IAM token
      • OAuth token
      • API key
      • Authorized keys
      • AWS-compatible access keys
    • Service accounts
    • Identity federations
    • Quotas and limits
  • How to use Yandex Cloud securely
  • Access management
  • Pricing policy
  • API reference
    • Authentication in the API
    • gRPC
      • Overview
      • ApiKeyService
      • IamTokenService
      • KeyService
      • RoleService
      • ServiceAccountService
      • UserAccountService
      • YandexPassportUserAccountService
      • AccessKeyService
      • CertificateService
      • FederationService
      • OperationService
    • REST
      • Overview
      • ApiKey
        • Overview
        • create
        • delete
        • get
        • list
        • listOperations
        • update
      • IamToken
        • Overview
        • create
        • createForServiceAccount
      • Key
        • Overview
        • create
        • delete
        • get
        • list
        • listOperations
        • update
      • Role
        • Overview
        • get
        • list
      • ServiceAccount
        • Overview
        • create
        • delete
        • get
        • list
        • listAccessBindings
        • listOperations
        • setAccessBindings
        • update
        • updateAccessBindings
      • UserAccount
        • Overview
        • get
      • YandexPassportUserAccount
        • Overview
        • getByLogin
      • Operation
        • Overview
        • get
      • AccessKey
        • Overview
        • list
        • get
        • delete
        • update
        • listOperations
        • create
      • Federation
        • Overview
        • list
        • get
        • listUserAccounts
        • delete
        • addUserAccounts
        • update
        • listOperations
        • create
      • Certificate
        • Overview
        • list
        • get
        • delete
        • update
        • listOperations
        • create
  • Questions and answers
    • General questions
    • Logging in and accessing resources
    • All questions on the same page
  1. Step-by-step instructions
  2. Service accounts
  3. Creating a service account

Creating a service account

Written by
Yandex Cloud
  • Create a service account
  • Examples
    • Add a description when creating

Create a service account to manage resources under a different account.

Create a service account

Management console
CLI
API
  1. Log in to the management console.

  2. Click the line with the name of the folder where you want to create a service account.

  3. Go to the Service accounts tab.

  4. Click Create service account.

  5. Enter the name of the service account.

  6. To assign the service account a role for the current folder, click Add role and select a role, for example, editor.

    To assign a role for another resource, use the CLI or API following the instructions Assigning roles to a service account.

  7. Click Create.

The folder specified in the CLI profile is used by default. You can specify a different folder using the --folder-name or --folder-id parameter.

  1. See the description of the command for creating a service account:

    yc iam service-account create --help
    
  2. Create a service account named my-robot:

    yc iam service-account create --name my-robot
    

    Name format requirements:

    • The length can be from 3 to 63 characters.
    • It may contain lowercase Latin letters, numbers, and hyphens.
    • The first character must be a letter. The last character can't be a hyphen.

To create a service account, use the create method for the ServiceAccount resource.

Examples

Add a description when creating

Create a service account with the following name and description:

CLI
API
yc iam service-account create --name my-robot \
  --description "this is my favorite service account"
curl -X POST \
    -H 'Content-Type: application/json' \
    -H "Authorization: Bearer <IAM-TOKEN>" \
    -d '{
        "folderId": "b1gvmob95yysaplct532",
        "name": "my-robot",
        "description": "this is my favorite service account"
    }' \
    https://iam.api.cloud.yandex.net/iam/v1/serviceAccounts

What's next

  • Assigning roles to a service account
  • Creating static access keys
  • Setting up access rights for service accounts

Was the article helpful?

Language / Region
© 2022 Yandex.Cloud LLC
In this article:
  • Create a service account
  • Examples
  • Add a description when creating