> ## Documentation Index
> Fetch the complete documentation index at: https://docs.nebius.com/llms.txt
> Use this file to discover all available pages before exploring further.

# How to manage service accounts

In this guide, you will learn how to create a service account, grant it access rights and delete it.

## Before you start

<Tip>
  You do not need to complete any prerequisites if you create a service account in the web console.
</Tip>

<Tabs>
  <Tab title="CLI">
    1. Install and initialize the [Nebius AI Cloud CLI](../../cli/quickstart).

    2. Check that your project ID is saved in the Nebius AI Cloud CLI profile configuration:
       ```bash theme={null}
       cat ~/.nebius/config.yaml
       ```

    3. Install [jq](https://jqlang.github.io/jq/download/) to extract IDs and tokens from JSON data returned by the Nebius AI Cloud CLI:

           <CodeGroup>
             ```bash Ubuntu theme={null}
             sudo apt-get install jq
             ```

             ```bash macOS theme={null}
             brew install jq
             ```
           </CodeGroup>

    4. [Get the tenant ID](/iam/get-tenants#cli) and save it to an environment variable:

       ```bash theme={null}
       export TENANT_ID=<tenant_id>
       ```
  </Tab>

  <Tab title="Terraform">
    [Install and configure](/terraform-provider/quickstart) the Nebius AI Cloud provider for Terraform.
  </Tab>
</Tabs>

## Create a service account

<Tabs>
  <Tab title="Web console">
    1. In the sidebar, go to <Icon icon="https://mintcdn.com/nebius-ai-cloud/1Ha0sWR6e1mnIaHS/_assets/sidebar/administration.svg?fit=max&auto=format&n=1Ha0sWR6e1mnIaHS&q=85&s=e6411dc023fd6972922c0a12a59ccf21" width="16" height="16" data-path="_assets/sidebar/administration.svg" /> **Administration** → **IAM**.
    2. Go to the **Service accounts** tab.
    3. Click **Create entity** and select **Service account**.
    4. In the window that opens, check the service account name and select the project where you will create a bucket.
    5. Click **Create and continue**.
  </Tab>

  <Tab title="CLI">
    Create a service account and save its ID to an environment variable:

    ```bash theme={null}
    export SA_ID=$(nebius iam service-account create \
      --name <service_account_name> \
      --format json | jq -r '.metadata.id')
    ```
  </Tab>

  <Tab title="Terraform">
    1. Create the following configuration file:

       ```hcl theme={null}
       resource "nebius_iam_v1_service_account" "<service_account_name>" {
           name = "<service_account_name>"
           parent_id = "<project_ID>"
           description = "My service account"
       }
       ```

       In the configuration, specify your [Project ID](/iam/manage-projects#terraform-3).

    2. Validate the configuration:

       Check that the configuration is correct:

       ```bash theme={null}
       terraform validate
       ```

    3. If the configuration is valid, apply it:

       Apply the changes:

       ```bash theme={null}
       terraform apply
       ```
  </Tab>
</Tabs>

## Grant editor access to the service account

<Tabs>
  <Tab title="Web console">
    1. In the **Service accounts** tab, locate the required service account and click <Icon icon="https://mintcdn.com/nebius-ai-cloud/1Ha0sWR6e1mnIaHS/_assets/button-vellipsis.svg?fit=max&auto=format&n=1Ha0sWR6e1mnIaHS&q=85&s=e80b8e57c43bfd117679262e6a1334ad" width="12" height="24" data-path="_assets/button-vellipsis.svg" /> → **Add to group**.
  </Tab>

  <Tab title="CLI">
    1. Get the ID of the default `editors` group:

       ```bash theme={null}
       nebius iam group get-by-name \
         --name editors --parent-id <tenant_id> \
         --format json | jq -r '.metadata.id'
       ```

       In the command, specify the [tenant ID](/iam/get-tenants#cli).

    2. Add the service account to the `editors` group:

       ```bash theme={null}
       nebius iam group-membership create \
         --parent-id <editors_group_ID> \
         --member-id <service_account_ID>
       ```
  </Tab>

  <Tab title="Terraform">
    1. Get and copy the ID of the default `editors` group:

       ```bash theme={null}
       nebius iam group get-by-name \
         --name editors --parent-id <tenant_id> \
         --format json | jq -r '.metadata.id'
       ```

       In the command, specify the [tenant ID](/iam/get-tenants#cli).

    2. Add the `nebius_iam_v1_group_membership` resource to the configuration file. By using this resource, you add the service account to the `editors` group:

       ```hcl theme={null}
       resource "nebius_iam_v1_group_membership" "<name>" {
          parent_id = "<editors_group_ID>"
          member_id = nebius_iam_v1_service_account.<service_account_name>.id
       }
       ```

    3. Check that the configuration is correct:
       ```bash theme={null}
       terraform validate
       ```

    4. Apply the changes:
       ```bash theme={null}
       terraform apply
       ```
  </Tab>
</Tabs>

## Delete a service account

<Warning>
  Deleting a service account cannot be reversed.
</Warning>

If you no longer need a service account:

<Tabs>
  <Tab title="Web console">
    1. Delete all resources associated with the account.
    2. In the **Service accounts** tab, find the required service account and click <Icon icon="https://mintcdn.com/nebius-ai-cloud/1Ha0sWR6e1mnIaHS/_assets/button-vellipsis.svg?fit=max&auto=format&n=1Ha0sWR6e1mnIaHS&q=85&s=e80b8e57c43bfd117679262e6a1334ad" width="12" height="24" data-path="_assets/button-vellipsis.svg" /> → **Delete service account**.
    3. In the window that opens, confirm the deletion.
  </Tab>

  <Tab title="CLI">
    1. Delete all resources associated with the account.

    2. Get the service account ID and save it to an environment variable:

       ```bash theme={null}
       export SA_ID=$(nebius iam service-account get-by-name \
         --name <service_account_name> \
         --format json | jq -r '.metadata.id')
       ```

    3. Delete the service account:

       ```bash theme={null}
       nebius iam service-account delete --id $SA_ID
       ```
  </Tab>

  <Tab title="Terraform">
    1. Delete all resources associated with the account.
    2. Remove the corresponding `nebius_iam_v1_service_account` resource from the configuration file.
    3. Check that the configuration is correct:
       ```bash theme={null}
       terraform validate
       ```
    4. Apply the changes:
       ```bash theme={null}
       terraform apply
       ```
  </Tab>
</Tabs>