Yandex.Cloud Connection¶
The Yandex.Cloud connection type enables the authentication in Yandex.Cloud services.
Configuring the Connection¶
- Service account auth JSON
JSON object as a string.
Example:
{"id": "...", "service_account_id": "...", "private_key": "..."}- Service account auth JSON file path
Path to the file containing service account auth JSON.
Example:
/home/airflow/authorized_key.json- OAuth Token
User account OAuth token as a string.
Example:
y3_Vd3eub7w9bIut67GHeL345gfb5GAnd3dZnf08FR1vjeUFve7Yi8hGvc- SSH public key (optional)
The key will be placed to all created Compute nodes, allowing you to have a root shell there.
- Folder ID (optional)
A folder is an entity to separate different projects within the cloud.
If specified, this ID will be used by default when creating nodes and clusters.
See this guide for details.
- Endpoint (optional)
Use this setting to configure your API endpoint.
Leave blank to use default endpoints.
Default Connection IDs¶
All hooks and operators related to Yandex.Cloud use the yandexcloud_default connection by default.
Authenticating to Yandex.Cloud¶
Using authorized keys to authorize as a service account¶
Before you start, make sure you have created a Yandex Cloud service account.
First, you need to create an authorized key for your service account and save the generated JSON file with both public and private key parts.
Then, you need to specify the key in the Service account auth JSON field.
Alternatively, you can specify the path to the JSON file in the Service account auth JSON file path field.
Using an OAuth token to authorize as a user account¶
First, you need to create
an OAuth token for your user account.
Your token will look like this: y3_Vd3eub7w9bIut67GHeL345gfb5GAnd3dZnf08FR1vjeUFve7Yi8hGvc.
Then you need to specify your token in the OAuth Token field.
Using metadata service¶
If you do not specify any credentials, the connection will attempt to use the metadata service for authentication.
To do this, you need to link your service account with your VM.