All Products
Search
Document Center

Cloud Governance Center:Terms

Last Updated:Mar 14, 2024

This topic describes the terms of Cloud Governance Center.

Term

Description

landing zone

A landing zone is a framework that Alibaba Cloud provides for enterprises to migrate business to the cloud. Landing zones help enterprises plan and implement resource structures, access security, network architectures, and security compliance systems in the cloud. This way, enterprises can create a secure, efficient, and manageable cloud environment.

management account

A management account is an Alibaba Cloud account that has passed enterprise verification. After you use this Alibaba Cloud account to enable a resource directory, the account becomes the management account of the resource directory. The management account is the super administrator of the resource directory. It has all administrative permissions on the resource directory and the folders and members in the resource directory. Each resource directory has only one management account.

To ensure the security of a management account, we recommend that you perform the following operations:

  • Use an Alibaba Cloud account that has no resources as a management account to enable a resource directory.

  • Create a RAM user for the management account and attach the AliyunResourceDirectoryFullAccess policy to the RAM user. Then, use the RAM user to manage the resource directory.

Note

A management account does not belong to a resource directory and is not limited by the access control policies of a resource directory.

Root folder

The Root folder is the parent folder of all the other folders in a resource directory. Folders in the resource directory are organized in a hierarchy that starts from the Root folder.

Core folder

The Core folder stores information about the member accounts that are used for management purposes.

Applications folder

The Applications folder stores information about the member accounts that are used to perform specific business operations.

billing account

A billing account is used for unified settlement in an enterprise. After you specify a billing account, Cloud Governance Center records the specified account and recommends the account for unified settlement when you create a member account.

Note

The settlement methods of the member accounts that are created before you activate Cloud Governance Center are not affected.

shared service account

A shared service account is a resource-type member account that is used to deploy a shared service of an enterprise.

log archive account

A log archive account is a resource-type member account that is used to collect logs from all member accounts.