Developing Control Policies for Resource Management

This article describes how to enable, create, and disable Alibaba Cloud Resource Management Control Policies from within your organization.

By Pablo Puig

What Is A Control Policy?

A Control Policy is a Resource Directory feature to manage permissions in your organization. You can centrally control the permissions for all accounts in your organization. You add an extra layer of security to your cloud environment using control policies.

Developing a Control Policy

The following step-by-step guide explains how to develop and create control policies from the Alibaba Cloud console:

Step 1: Log in to your Alibaba Cloud account and go to the Resource Management service
Step 2: In the Resource Directory section, click on Control Policy

Note: You have to enable Resource Directory in your account to create Control Policies. In addition, Resource Directory can only be enabled if you own an Enterprise account.

Step 3: Enable the control policies by clicking Enable Control Policy

Step 4: Confirm that you want to enable the control policy feature by clicking OK

Step 5: After enabling, you are ready to create your custom control policies. On the Policies tab, click on Create Policy:

Step 6: Provide a Name and a Description of the control policy you want to create. Next, you have to create a statement with the actions you want to deny on your account by adding them to the Document section. For example, you can deny that no one can create, modify, update, or delete ActionTrail trails. Lastly, click OK.

Note: You can only deny actions. All actions are enabled by default.

With all this done, you have created your first custom control policy. You will find it in the control policies list.

Attaching Control Policies to Member Accounts

Once you have created your control policy, follow the steps below to learn how have to attach it to a member account or folder of your Resource Directory: