Yandex Cloud
  • Services
  • Solutions
  • Why Yandex Cloud
  • Pricing
  • Documentation
  • Contact us
Get started
Language / Region
© 2022 Yandex.Cloud LLC
Yandex Identity and Access Management
  • Getting started
    • How to manage access to resources
    • How to work with service accounts
  • Step-by-step instructions
    • All instructions
    • Users
      • Adding users
      • Getting user ID or email
      • Deleting a user
    • Service accounts
      • Creating a service account
      • Updating a service account
      • Assigning roles to a service account
      • Setting up access rights for a service account
      • Creating static access keys
      • Getting the service account ID
      • Deleting service accounts
    • Roles
      • Assigning roles
      • Viewing assigned roles
      • Revoking roles
    • IAM tokens
      • Getting an IAM token for a Yandex account
      • Getting an IAM token for a service account
      • Getting an IAM token for a federated account
    • Keys
      • Creating API keys
      • Deleting API keys
      • Creating authorized keys
  • Concepts
    • Overview
    • How access management works
      • Overview
      • Roles
      • System groups
      • Resources that roles can be assigned for
    • Authorization
      • Overview
      • IAM token
      • OAuth token
      • API key
      • Authorized keys
      • AWS-compatible access keys
    • Service accounts
    • Identity federations
    • Quotas and limits
  • How to use Yandex Cloud securely
  • Access management
  • Pricing policy
  • API reference
    • Authentication in the API
    • gRPC
      • Overview
      • ApiKeyService
      • IamTokenService
      • KeyService
      • RoleService
      • ServiceAccountService
      • UserAccountService
      • YandexPassportUserAccountService
      • AccessKeyService
      • CertificateService
      • FederationService
      • OperationService
    • REST
      • Overview
      • ApiKey
        • Overview
        • create
        • delete
        • get
        • list
        • listOperations
        • update
      • IamToken
        • Overview
        • create
        • createForServiceAccount
      • Key
        • Overview
        • create
        • delete
        • get
        • list
        • listOperations
        • update
      • Role
        • Overview
        • get
        • list
      • ServiceAccount
        • Overview
        • create
        • delete
        • get
        • list
        • listAccessBindings
        • listOperations
        • setAccessBindings
        • update
        • updateAccessBindings
      • UserAccount
        • Overview
        • get
      • YandexPassportUserAccount
        • Overview
        • getByLogin
      • Operation
        • Overview
        • get
      • AccessKey
        • Overview
        • list
        • get
        • delete
        • update
        • listOperations
        • create
      • Federation
        • Overview
        • list
        • get
        • listUserAccounts
        • delete
        • addUserAccounts
        • update
        • listOperations
        • create
      • Certificate
        • Overview
        • list
        • get
        • delete
        • update
        • listOperations
        • create
  • Questions and answers
    • General questions
    • Logging in and accessing resources
    • All questions on the same page
  1. Step-by-step instructions
  2. Service accounts
  3. Creating static access keys

Creating static access keys

Written by
Yandex Cloud
  • Examples
    • Add a description when creating

These are instructions for how to create static access keys for a service account.

If you don't have a service account yet, create one and assign it roles.

To create a static access key:

Management console
CLI
API
  1. In the management console, select the folder the service account belongs to.

  2. Go to the Service accounts tab.

  3. Choose a service account and click the line with its name.

  4. Click Create new key in the top panel.

  5. Specify the key description and click Create.

  6. Save the ID and private key.

    Alert

    After the dialog is closed, the private key value will be unavailable.

If you don't have the Yandex Cloud command line interface yet, install and initialize it.

The folder specified in the CLI profile is used by default. You can specify a different folder using the --folder-name or --folder-id parameter.

  1. See the description of the create static access key command:

    yc iam access-key create --help
    
  2. Select a service account (for example, my-robot):

    yc iam service-account list
    

    Result:

    +----------------------+------------------+-------------------------------+
    |          ID          |       NAME       |          DESCRIPTION          |
    +----------------------+------------------+-------------------------------+
    | aje6o61dvog2h6g9a33s | my-robot         |                               |
    | aje9sda1ufvqcmfksd3f | blabla           | bla bla bla is my description |
    +----------------------+------------------+-------------------------------+
    
  3. Create an access key for the my-robot service account:

    yc iam access-key create --service-account-name my-robot
    

    Result:

    access_key:
      id: aje6t3vsbj8lp9r4vk2u
      service_account_id: ajepg0mjt06siuj65usm
      created_at: "2018-11-22T14:37:51Z"
      key_id: 0n8X6WY6S24N7OjXQ0YQ
    secret: JyTRFdqw8t1kh2-OJNz4JX5ZTz9Dj1rI9hxtzMP1
    
  4. Save the ID key_id and secret key. You will not be able to get the key value again.

To create an access key, use the create method for the AccessKey resource.

Examples

Add a description when creating

Add a description when creating an access key.

CLI
API
yc iam access-key create --service-account-name my-robot \
  --description "this key is for my bucket"
curl -X POST \
  -H 'Content-Type: application/json' \
  -H "Authorization: Bearer <IAM-TOKEN>" \
  -d '{
      "serviceAccountId": "aje6o61dvog2h6g9a33s",
      "description": "this key is for my bucket"
  }' \
  https://iam.api.cloud.yandex.net/iam/aws-compatibility/v1/accessKeys

What's next

  • Configuring tools to work with Object Storage
  • Assigning roles to a service account

Was the article helpful?

Language / Region
© 2022 Yandex.Cloud LLC
In this article:
  • Examples
  • Add a description when creating