yandex-cloud-cli

Manage Yandex Cloud infrastructure via the yc CLI. Use when the user asks to create, configure, manage, or troubleshoot any Yandex Cloud resource: VMs, disks, networks, security groups, databases (PostgreSQL, MySQL, ClickHouse, Redis/Valkey, MongoDB, OpenSearch, Greenplum, Kafka), Kubernetes, serverless functions/containers, S3 storage, CDN, load balancers, Lockbox secrets, KMS, certificates, DNS, container registry, DataProc, Data Transfer, logging, audit trails, organizations, WAF, or any other YC service. Triggers: Yandex Cloud, yc CLI, YC, managed-postgresql, managed-kubernetes, compute instance, serverless function, vpc network, alb, lockbox, yandex cloud.

Safety Notice

This listing is imported from skills.sh public index metadata. Review upstream SKILL.md and repository scripts before running.

Copy this and send it to your AI assistant to learn

Install skill "yandex-cloud-cli" with this command: npx skills add elsvv/yandex-cloud-cli-skill/elsvv-yandex-cloud-cli-skill-yandex-cloud-cli

Yandex Cloud CLI (yc)

Essentials

Command Structure

yc <service-group> <resource> <command> [<NAME|ID>] [flags] [global-flags]

Global Flags

FlagPurpose
--profile NAMEUse named profile
--cloud-id IDOverride cloud
--folder-id IDOverride folder
--folder-name NAMEOverride folder by name
--token TOKENOverride OAuth token
--impersonate-service-account-id IDAct as service account
--format text|yaml|json|json-restOutput format
--jq EXPRFilter JSON output (jq syntax)
--asyncNon-blocking (returns operation ID)
--retry NgRPC retries (0=disable, default 5)
--debugDebug logging
--no-user-outputSuppress user-facing output
-h, --helpHelp for any command

Output & Scripting

Always use --format json combined with jq for scripting:

# Get resource ID by name
yc compute instance get my-vm --format json | jq -r .id

# List all instance external IPs
yc compute instance list --format json | jq -r '.[].network_interfaces[0].primary_v4_address.one_to_one_nat.address'

# Use --jq shortcut (no piping needed)
yc compute instance get my-vm --format json --jq .id

# Get multiple fields
yc compute instance list --format json | jq -r '.[] | [.name, .status] | @tsv'

Configuration & Profiles

yc init                              # Interactive setup (OAuth, cloud, folder)
yc config list                       # Current config
yc config set folder-id <ID>         # Set default folder
yc config set compute-default-zone ru-central1-d
yc config set format json            # Default output format

# Profile management
yc config profile create <NAME>
yc config profile activate <NAME>
yc config profile list
yc config profile get <NAME>
yc config profile delete <NAME>

# S3 storage config
yc config set storage-endpoint storage.yandexcloud.net

Authentication Methods

  1. OAuth token (personal use): yc config set token <OAUTH-TOKEN>
  2. Service account key (automation): yc config set service-account-key key.json
  3. Instance metadata (on YC VMs): yc config set instance-service-account true
  4. Federation (SSO): yc init --federation-id <ID>
yc config list           # Show current profile, cloud, folder, token
yc iam create-token      # Get IAM token for API calls

Operations

Long-running operations (create cluster, etc.) can be tracked:

yc <service> <resource> create ... --async   # Returns operation ID
yc operation get <OPERATION-ID>              # Check status (poll until done=true)

Without --async, commands block until the operation completes.

Availability Zones

  • ru-central1-a — Moscow, zone A
  • ru-central1-b — Moscow, zone B
  • ru-central1-d — Moscow, zone D

Note: ru-central1-c is deprecated. Use ru-central1-d for new resources.

Service Quick Reference

All Service Groups

GroupAliasPurpose
Compute & Infrastructure
computeVMs, disks, images, snapshots, instance groups, filesystems, GPU clusters
vpcNetworks, subnets, security groups, addresses, gateways, route tables
dnsDNS zones and records
cdnCDN resources, origin groups, cache management
load-balancerlbNetwork Load Balancer (L4)
application-load-balanceralbApplication Load Balancer (L7)
Identity & Security
iamService accounts, roles, keys, tokens
resource-managerresourceClouds, folders
organization-managerOrganizations, federations, groups, OS Login
kmsSymmetric encryption keys
lockboxSecrets management
certificate-managercmTLS certificates (Let's Encrypt, imported)
smartwebsecurityswsWAF security profiles (rules, smart protection, geo/IP filtering)
smartcaptchascCaptcha management (checkbox, slider, challenges)
quota-managerView quotas and request limit increases
Containers & Serverless
managed-kubernetesk8sKubernetes clusters, node groups
containerContainer registry, repositories, images
serverlessslsFunctions, triggers, containers, API gateways
Databases
managed-postgresqlpostgresPostgreSQL clusters
managed-mysqlMySQL clusters
managed-clickhouseClickHouse clusters
managed-mongodbMongoDB clusters
managed-redisRedis clusters
managed-kafkaKafka clusters
managed-opensearchopensearchOpenSearch clusters
managed-greenplumGreenplum clusters
ydbYDB databases (serverless or dedicated)
Data & Analytics
dataprocDataProc (Hadoop/Spark) clusters and jobs
datatransferdtData Transfer endpoints and transfers
Storage
storageObject storage (S3-compatible), buckets
Observability
logginglogCloud Logging (groups, read, write)
audit-trailsAudit trail management
Other
backupCloud Backup (VMs, policies)
iotIoT Core (registries, devices, MQTT)
marketplaceMarketplace products
loadtestingLoad testing

Standard CRUD Pattern

Most resources follow:

yc <service> <resource> list [--folder-id ID]
yc <service> <resource> get <NAME|ID>
yc <service> <resource> create [<NAME>] [flags]
yc <service> <resource> update <NAME|ID> [flags]
yc <service> <resource> delete <NAME|ID>

Many also support: add-labels, remove-labels, list-operations, list-access-bindings, add-access-binding, remove-access-binding, move (between folders).

Detailed References

Read the reference file matching the service you need:

  • Compute (VMs, disks, images, snapshots, snapshot schedules, instance groups, filesystems, placement groups, GPU clusters) → references/compute.md
  • Networking (VPC networks, subnets, security groups, addresses, gateways, route tables, DNS zones/records) → references/networking.md
  • IAM & Resource Manager (service accounts, roles, all key types, access bindings, clouds, folders) → references/iam.md
  • Serverless (functions, versions, triggers, containers, API gateways, runtimes, scaling) → references/serverless.md
  • Kubernetes (clusters, node groups, kubeconfig, autoscaling, full setup example) → references/kubernetes.md
  • Databases (PostgreSQL, MySQL, ClickHouse, Redis, MongoDB, OpenSearch, Greenplum, YDB, Kafka — clusters, users, databases, backups, resource presets) → references/databases.md
  • Storage, Secrets, Certificates (S3 buckets, s3/s3api commands, Lockbox secrets, KMS encryption, Certificate Manager — Let's Encrypt & imported) → references/storage-secrets-certs.md
  • Container Registry (registries, repositories, images, Docker auth, lifecycle policies) → references/container-registry.md
  • Load Balancers (ALB — target groups, backend groups, HTTP routers, virtual hosts, routes, listeners; NLB — network load balancers, target groups, health checks) → references/load-balancers.md
  • CDN (origin groups, CDN resources, caching, SSL, compression, headers, security, cache purge/prefetch) → references/cdn.md
  • Logging & Audit (Cloud Logging groups/read/write, Audit Trails, Cloud Backup) → references/logging-audit.md
  • Data Platform (DataProc clusters/subclusters/jobs, Data Transfer endpoints/transfers) → references/data-platform.md
  • Organization, Security & Quotas (Organization Manager, federations, groups, OS Login, Smart Web Security WAF with rules/conditions, SmartCaptcha, Quota Manager, IoT Core) → references/organization.md

Guidelines

  • Always verify the active profile and folder before mutating commands: yc config list
  • Use --format json | jq for extracting IDs and values in scripts
  • Use --async for long operations, then check: yc operation get <OP-ID>
  • Prefer --name over --id in interactive use; prefer --id in scripts for reliability
  • For any unfamiliar command, run yc <service> <resource> <command> --help — the built-in help is authoritative and always up-to-date
  • When creating resources that depend on others (VM needs subnet, subnet needs network), create dependencies first
  • Use --deletion-protection on production databases, clusters, and secrets
  • For S3 operations, create a static access key via yc iam access-key create
  • Custom security groups with no rules deny all traffic; the auto-created default SG allows all — always create explicit SGs for production
  • Use labels consistently (--labels env=prod,team=backend) for cost tracking and filtering
  • For managed databases, always specify --security-group-ids to restrict access
  • When creating K8s clusters, specify two service accounts (can be the same): --service-account-name for cluster resources and --node-service-account-name for node operations (registry, logs)

Source Transparency

This detail page is rendered from real SKILL.md content. Trust labels are metadata-based hints, not a safety guarantee.

Open in GitHubOpen in ClawHub

Related Skills

Related by shared tags or category signals.

General

yandex-direct

No summary provided by upstream source.

Repository SourceNeeds Review
-15
elsvv
General

yandex-metrica

No summary provided by upstream source.

Repository SourceNeeds Review
-15
elsvv
General

tonapi

No summary provided by upstream source.

Repository SourceNeeds Review
-4
elsvv