The Resource Directory service allows you to manage the relationships among a number of accounts and resources.

Scenarios

Resource Directory allows you to quickly establish an organizational structure based on your business requirements and consolidate the accounts of your enterprise into this structure to form a hierarchy for the resources of your enterprise. This way, you can manage your accounts and resources in a centralized manner. Resource Directory can meet your management requirements in aspects such as network deployment, settlement, user permissions, security compliance, and log auditing. The following descriptions provide the use scenarios of Resource Directory:

  • Business environment-based creation of organizational structures

    Your enterprise may have various branches, departments, or projects. Resource Directory allows you to build an organizational structure on the cloud based on your business environment.

  • Centralized management of all Alibaba Cloud accounts and resources

    If your enterprise has multiple Alibaba Cloud accounts, you can enable a resource directory and place the accounts in it. This way, you can manage the accounts and the resources within them in a centralized manner.

  • Centralized management of bills and invoices

    You can create a member in your resource directory and use this member for the settlement of all bills and invoices. After an account joins your resource directory, you can change the payment account of the account to facilitate bill management.

  • Implementation of permission and compliance requirements

    You can set different resource access rules for different accounts and directory structures by using the permission policies of Resource Access Management (RAM) and the access control policies of Resource Directory. This enables the authorization and management channel between personnel and resources and ensures the security of the resources.

  • Integration with a variety of enterprise-level Alibaba Cloud applications

    Resource Directory is integrated with the Alibaba Cloud finance, compliance auditing, cloud security, and network platforms. This way, you can use the same organizational structure to manage all your enterprise accounts and resources.

Terms

Resource Management
Term Description
management account

A management account is an account that is used to enable a resource directory and is the super administrator of the resource directory. The management account has all administrative permissions on the resource directory and the members in the resource directory. Only an Alibaba Cloud account that has passed enterprise real-name verification can be used as a management account. Each resource directory has only one management account.

To ensure the security of the management account, we recommend that you create an Alibaba Cloud account and use this Alibaba Cloud account as the root user of the management account. Do not use an existing Alibaba Cloud account to enable a resource directory. In addition, you can create a RAM user for the management account, grant administrator permissions to the RAM user, and use this RAM user to manage the entire resource directory. Only the management account of a resource directory or a RAM user that has administrator permissions can be used to perform operations in the resource directory.

Note A management account does not belong to a resource directory and is not limited by the access control policies of a resource directory.
Root folder The Root folder is the parent folder of all the other folders in a resource directory. These folders are organized in a hierarchy that starts from the Root folder.
folder A folder is an organizational unit in a resource directory. A folder may indicate a branch, line of business, or project of an enterprise. Each folder can contain members and subfolders, which forms a tree-shaped organizational structure.
member

A member serves as a container for resources and is also an organizational unit in a resource directory. A member indicates a project or application. The resources of different members are isolated. You can use a management account to grant the required permissions to a RAM user or RAM role and use this RAM user or RAM role to log on to or access members.

The following types of members are supported:

  • Resource account

    A member that you create in a resource directory is a resource account. Root permissions are not granted to resource accounts. Therefore, resource accounts provide higher security. For more information about how to create a resource account, see Create a member.

  • Cloud account

    A cloud account is another name for an Alibaba Cloud account in a resource directory. You can invite an existing Alibaba Cloud account to join your resource directory. Cloud accounts have root permissions. For more information about how to invite an Alibaba Cloud account to join a resource directory, see Invite an Alibaba Cloud account to join a resource directory.

RDP A resource directory path (RDP) indicates the location of a resource entity (folder or member) in a resource directory. The RDP of a resource entity consists of the ID of the resource entity, the IDs of all the parent folders of the resource entity, and the ID of the resource directory to which the resource entity belongs. An RDP is in one of the following formats:
  • RDP of a folder: <ID of the resource directory to which the folder belongs>/<ID of the Root folder in the resource directory>/.../<ID of the folder>.
  • RDP of a member: <ID of the resource directory to which the member belongs>/<ID of the Root folder in the resource directory>/.../<ID of the member>. For example, the RDP of the member 181761095690**** is rd-r4****/r-oG****/fd-RIErN0****/fd-XVxh6D****/181761095690****.

For more information about how to view the RDP of a folder or member, see View the basic information of a folder or View the detailed information of a member.

Procedure

  1. Log on to the Resource Management console by using an account that can be used as a management account.
  2. Enable a resource directory.

    For more information, see Enable a resource directory.

  3. Create folders to build an organizational structure for your enterprise.

    For more information, see Create a folder.

  4. Create members in the resource directory or invite existing Alibaba Cloud accounts to join the resource directory. Then, move all members to the folders that you created based on your business requirements.

    For more information, see Create a member, Invite an Alibaba Cloud account to join a resource directory, and Move a member.

Limits

Item Upper limit Adjustable Remarks
Number of resource directories that you can create by using an Alibaba Cloud account 1 N/A The members of a resource directory cannot be used to create resource directories.
Number of Root folders in a resource directory 1 N/A None.
Number of folders in a resource directory 100 Apply for a quota. The Root folder is not included.
Number of folder levels 5 N/A The Root folder is not included.
Number of members in a resource directory 20 Apply for a quota. None.
Number of valid invitations per day 20 Apply for a quota. Accepted invitations are not included.
Duration of account creation confirmation 24 hours N/A None.
Duration of account upgrade confirmation 24 hours N/A None.
Duration of invitation expiration 14 days N/A None.