Suspending and restoring service access
Note
This feature is in the Preview stage.
In Yandex Identity and Access Management, you can suspend and restore service access to resources in the cloud.
Service access can be managed by users with the admin or owner roles for the cloud.
Suspending service access
You can suspend a service access to the cloud even if that service has resources that use the resources of other cloud services.
Alert
If the service's resources require access to other resources in the cloud, suspending access to the cloud for this service may cause disruptions in the resources, including data loss.
To suspend a service access to cloud resources:
If you do not have the Yandex Cloud command line interface yet, install and initialize it.
The cloud specified in the CLI profile is used by default. You can specify a different cloud in the --cloud-id
parameter.
-
View the description of the CLI command for suspending service access to cloud resources:
yc iam service-control pause --help
-
Get a list of services whose access can be managed.
-
Run the command by providing the ID of the service for which you want to suspend access to cloud resources:
yc iam service-control pause <service_ID> \ --force
--force
: Parameter allowing you to suspend service access if the service has resources requiring access to other cloud services. This is an optional parameter.Result:
done (11s) service_id: mdb resource: id: b1gmgc24pte8******** type: resource-manager.cloud updated_at: "2024-03-12T13:22:23.609016Z" status: PAUSED
Use the pause REST API method for the ServiceControl resource or the ServiceControlService/Pause gRPC API call.
Restoring service access
You can only restore access for a service whose access was previously suspended.
To restore service access to cloud resources:
If you do not have the Yandex Cloud command line interface yet, install and initialize it.
The cloud specified in the CLI profile is used by default. You can specify a different cloud in the --cloud-id
parameter.
-
View the description of the CLI command for restoring service access to cloud resources:
yc iam service-control resume --help
-
Get a list of services whose access can be managed.
-
Run the command by providing the ID of the service for which you want to restore access to cloud resources:
yc iam service-control resume <service_ID>
Result:
done (10s) service_id: mdb resource: id: b1gmgc24pte8******** type: resource-manager.cloud updated_at: "2024-03-12T13:22:58.247213Z" status: ENABLED
Use the resume REST API method for the ServiceControl resource or the ServiceControlService/Resume gRPC API call.