Community

Blog Events Webinars Tutorials Forum
  1. Blog
  2. Events
  3. Webinars
  4. Tutorials
  5. Forum
Create Account
×
Community Blog Developing Control Policies for Resource Management

Developing Control Policies for Resource Management

This article describes how to enable, create, and disable Alibaba Cloud Resource Management Control Policies from within your organization.

By Pablo Puig

What Is A Control Policy?

A Control Policy is a Resource Directory feature to manage permissions in your organization. You can centrally control the permissions for all accounts in your organization. You add an extra layer of security to your cloud environment using control policies.

Developing a Control Policy

The following step-by-step guide explains how to develop and create control policies from the Alibaba Cloud console:

  • Step 1: Log in to your Alibaba Cloud account and go to the Resource Management service
  • Step 2: In the Resource Directory section, click on Control Policy

Note: You have to enable Resource Directory in your account to create Control Policies. In addition, Resource Directory can only be enabled if you own an Enterprise account.

1

  • Step 3: Enable the control policies by clicking Enable Control Policy

2

  • Step 4: Confirm that you want to enable the control policy feature by clicking OK

3

  • Step 5: After enabling, you are ready to create your custom control policies. On the Policies tab, click on Create Policy:

4

  • Step 6: Provide a Name and a Description of the control policy you want to create. Next, you have to create a statement with the actions you want to deny on your account by adding them to the Document section. For example, you can deny that no one can create, modify, update, or delete ActionTrail trails. Lastly, click OK.

Note: You can only deny actions. All actions are enabled by default.

5

With all this done, you have created your first custom control policy. You will find it in the control policies list.

6

Attaching Control Policies to Member Accounts

Once you have created your control policy, follow the steps below to learn how have to attach it to a member account or folder of your Resource Directory:

  • Step 1: In the Control Policy section, click the Attachments tab:

7

  • Step 2: Select the folder or member account you want to attach the control policy and click Attach Policy:

8

  • Step 3: Select your control policy and click OK:

9

  • Step 4: Confirm the control policy attachment by clicking Confirm and Continue:

10

Disabling the Control Policy Feature

Go to Control Policy and click Disable Control Policy to disable the control policy feature from your Resource Directory:

11

Security Resource Management Tutorials IT Governance Resource Directory Account Control Policies Organizations
1 0 0
Share on

Read previous post:

Enabling Resource Directory for Your Organization

Read next post:

Run a Serverless “Hello World!” on Alibaba Cloud

Alibaba Cloud Community

1,292 posts | 455 followers

You may also like

Comments

5888339949934902 February 24, 2025 at 2:34 am

Does this mean that by default (without control policy), members of folder A can access resources in folder B, and a control policy have to be created to prevent access across different folders?How is this different with RAM Permissions? Can you also advise when to use RAM permission and when to use Control Permission? Thank you.

Alibaba Cloud Community

1,292 posts | 455 followers

Related Products

More Posts by Alibaba Cloud Community

See All