A resource structure is a logical structure that is used by an enterprise to manage cloud resources, such as Alibaba Cloud accounts, Elastic Compute Service (ECS) instances, and storage space. A good resource structure simplifies management and improves management efficiency. Cloud Governance Center runs the Initialize Resource Structure task to create folders, specify a main account, and create a core account.

Background information

Cloud Governance Center automatically checks whether a resource directory is created for the specified management account. If no resource directory is created for the management account, Cloud Governance Center automatically creates a resource directory for the management account.

Step 2: Create folders

A folder is an organizational unit in a resource directory. A folder may indicate a branch, a line of business, or a project of your enterprise. Each folder can contain members and subfolders, which forms a tree-shaped organizational structure. You can manage accounts and resources by using folders. For example, you can allocate resources, manage permissions, and implement security control and compliance control by using folders.

Cloud Governance Center automatically creates the following folders:

  • Core: This folder contains member accounts that are used to manage resources.
  • Applications: This folder contains member accounts that are used to perform specific business operations.

On the Task 2: Initialize Resource Structure page, you can view the names of the automatically generated folders in the Create Folder section. You can change the names of the folders. You can click Select Existing Resources to specify the existing level-1 folders in the Root folder as the Core folder and Applications folder.

Note In addition to the Core and Applications folders, you can create more fine-grained folders by department or business environment based on your business requirements. For more information, see Create a folder.

Optional. Step 2: Specify a main account.

You can specify a main account to manage the overall financial cost of your enterprise. We recommend that you specify a main account for all member accounts in the resource directory. This way, the specified main account is recommended for settlement each time when you create member accounts in Cloud Governance Center.

Note The specified main account applies only to the members that are created in Cloud Governance Center. The specified main account does not apply to the existing members in the resource directory or members that are created in the resource directory.

On the Task 2: Initialize Resource Structure page, you can specify a main account in the Main Account section.

  • Current Account: Specify the current logon management account as a main account.

    If a management account is not associated with a main financial account, we recommend that you specify the management account as a main account.

  • Other Accounts: Specify a member account in the resource directory as a main account.

    Cloud Governance Center automatically checks whether the member account meets the requirements for a main account. The next step varies based on the check result.

    • Select an existing member account as a main account.
      Note If you are prompted that the member does not meet the requirements, the financial information of the member may be incomplete. To complete the financial information, go to the User Center console.
    • Click Create Account and create an account as a main account.
    • Click Invite Other Accounts and invite the owner of an Alibaba Cloud account to join the resource directory. Then, specify the Alibaba Cloud account as a main account.
  • Main Financial Account: If the current logon management account is associated with the main financial account, specify the main financial account as a main account.
    Note Cloud Governance Center automatically checks whether the management account is associated with the main financial account. This option is displayed only if the management account is associated with the main financial account.
  • Optional: If you do not require a centralized trusteeship system or no accounts meet the requirements for a main account, you do not need to immediately specify a main account. You can specify a main account by using the account factory feature later.

Step 3: Create a core account.

You can create member accounts in folders and specify the purposes of the member accounts. This helps you perform governance tasks, such as allocating resources, managing permissions, and implementing security and compliance control.

Cloud Governance Center automatically creates the following core accounts based on best practices:

  • Shared service account: This account is used to deploy shared services for your enterprise.
  • Log archive account: This account is used to collect the logs of all member accounts.

On the Task 2: Initialize Resource Structure page, you can create or specify a core account in the Create Shared Service Account and Create Log Archive Account sections.

  • Click Create Account. Specify the basic information about the member account and create a shared service account or a log archive account. The basic information includes the following parameters:
    • Member Name

      The name of the member account is automatically generated. You can change the name.

    • Alibaba Cloud Account Name

      The name is used to uniquely identify the member account. The name must be unique in the resource directory. The name of the Alibaba Cloud account is automatically generated. You can change the name.

    • Settlement method
      Settlement method Description Supported feature Unsupported feature
      Finance Trusteeship Authorizes the main account to manage the financial assets, such as funds, bills, and invoices, of the created account. Contractual discount inheritance, centralized bill management, consolidated invoicing, payments made by the main account for other accounts, resource sharing, and tiered pricing for pay-as-you-go services. Payments made by the managed accounts, use of vouchers for the managed accounts, and budget control for the managed accounts, such as balance transfer and credit control transfer
      Self-pay Allows the created account to pay and manage its own bills. Independent bill management, payments made by themselves, independent invoicing, and the use of vouchers. Contractual discount inheritance, budget control, payments made for other accounts, resource sharing, and tiered pricing for pay-as-you-go services.
  • Click Select Account. Select an existing member account in the resource directory and specify the member account as a shared service account or a log archive account.
    Note The specified member account is automatically moved to the Core folder that you specified in Step 2: Create folders.