This topic describes the terms of Cloud Governance Center.

Term Description
landing zone A landing zone is a framework that Alibaba Cloud provides for enterprises to migrate business to the cloud. Landing zones help enterprises plan and implement resource structures, access security, network architectures, and security compliance systems in the cloud. This way, enterprises can build secure, effective, and manageable cloud environments.
management account

A management account is an account that is used to enable a resource directory and is the super administrator of the resource directory. The management account has all administrative permissions on the resource directory and the member accounts in the resource directory. Only an Alibaba Cloud account that has passed the enterprise real-name verification can be used as a management account. Each resource directory has only one management account.

To ensure the security of the management account, we recommend that you use a new Alibaba Cloud account as the management account. In addition, you can create a RAM user for the management account and grant administrator permissions to the RAM user. This way, you can use this RAM user to manage the entire resource directory. All operations in a resource directory must be performed by its management account or a RAM user that has the required permissions.

Note A management account does not belong to a resource directory and is not limited by the control policies of a resource directory.
Root folder The Root folder is the parent folder of all the other folders in a resource directory. These folders are organized in a hierarchy that starts from the Root folder.
Core folder The Core folder stores the member accounts that are used for management purposes.
Applications folder The Applications folder stores the member accounts that are used for specific business purposes.
billing account A billing account is used for unified settlement within an enterprise. After you specify a billing account, Cloud Governance Center records the specified account and preferentially recommends this account for unified settlement when you create a member account later.
Note The settlement methods of the member accounts created before you activate Cloud Governance Center are not affected.
shared service account A shared service account is a resource-type member account that is used to deploy a shared service of an enterprise.
log archive account A log archive account is a resource-type member account that is used to collect logs from all member accounts.