Help Center/ Resource Governance Center/ API Reference/ APIs/ Managing the Landing Zone/ Setting up Landing Zone
Updated on 2026-02-27 GMT+08:00
View PDF
Share

Setting up Landing Zone

Function

This API is used to create or update a landing zone in the current region.

Authorization Information

Each account root user has all the permissions required to call all APIs, but IAM users must be assigned the following required identity policy-based permissions. For details about the required permissions, see Permissions Policies and Supported Actions.

Action

Access Level

Resource Type (*: required)

Condition Key

Alias

Dependencies

rgc:landingZone:setup

Write

-

-

-

-

URI

POST /v1/landing-zone/setup

Request Parameters

Table 1 Request body parameters

Parameter

Mandatory

Type

Description

identity_store_email

No

String

Email address used by the administrator to create an Identity Center user for enrolling accounts.

home_region

Yes

String

Home region.

setup_landing_zone_action_type

Yes

String

Type of a landing zone, which can be CREATE, REPAIR, or UPDATE.

region_configuration_list

Yes

Array of RegionConfigurationList objects

Region where the account is enrolled.

identity_center_status

No

String

Whether to configure IAM Identity Center for a landing zone. There are two options: ENABLE and DISABLE.

organization_structure_type

No

String

Organization type, which can be STANDARD or NON_STANDARD.

organization_structure

Yes

Array of OrganizationStructureBaseLine objects

Account management system of the basic environment.

deny_ungoverned_regions

No

Boolean

Whether the governance policy for region deny is allowed. The default value is false.

cloud_trail_type

No

Boolean

Controls if organization aggregation is configured.

kms_key_id

No

String

Encrypted field.

logging_configuration

Yes

LoggingConfiguration object

Log configurations of the landing zone.

baseline_version

No

String

Baseline version.
Table 2 RegionConfigurationList

Parameter

Mandatory

Type

Description

region

Yes

String

Region name.

region_configuration_status

Yes

String

Region status, which can be ENABLE or DISABLE.
Table 3 OrganizationStructureBaseLine

Parameter

Mandatory

Type

Description

organizational_unit_name

No

String

Name of a registered OU.

organizational_unit_type

Yes

String

Type of a registered OU, which can be CORE or CUSTOM.

accounts

No

Array of AccountBaseline objects

Basic information about an enrolled account.
Table 4 AccountBaseline

Parameter

Mandatory

Type

Description

account_name

Yes

String

Name of an enrolled account.

account_id

No

String

A unique ID of an enrolled account.

phone

No

String

Mobile number.

account_email

No

String

Email address of an enrolled account.

account_type

Yes

String

Type of an enrolled account, which can be LOGGING (logging account) or SECURITY (security account).
Table 5 LoggingConfiguration

Parameter

Mandatory

Type

Description

logging_bucket_name

No

String

Name of a log aggregation bucket.

access_logging_bucket

No

AccessLoggingBucketBaseline object

Basic settings of access logs.

logging_bucket

No

LoggingBucketBaseline object

Basic log settings.
Table 6 AccessLoggingBucketBaseline

Parameter

Mandatory

Type

Description

retention_days

Yes

Integer

Retention days of a bucket.

enable_multi_az

No

Boolean

Whether multi-AZ storage is allowed.
Table 7 LoggingBucketBaseline

Parameter

Mandatory

Type

Description

retention_days

Yes

Integer

Retention days of a bucket.

enable_multi_az

No

Boolean

Whether multi-AZ storage is allowed.

Response Parameters

Status code: 200

Request succeeded.

Status code: 403

Table 8 Response body parameters

Parameter

Type

Description

error_code

String

Error code.

error_msg

String

Error message.

request_id

String

Unique ID of the request.

encoded_authorization_message

String

Encrypted error message.

details

Array of ForbiddenErrorDetail objects

Error message indicating no permissions for cross-service invoking.
Table 9 ForbiddenErrorDetail

Parameter

Type

Description

error_code

String

Error code.

error_msg

String

Error message.

Example Requests

Creating or updating a landing zone in the current region

POST https://{endpoint}/v1/landing-zone/setup

{
  "identity_store_email" : "string",
  "home_region" : "string",
  "setup_landing_zone_action_type" : "string",
  "region_configuration_list" : [ {
    "region" : "string",
    "region_configuration_status" : "ENABLED"
  } ],
  "organization_structure" : [ {
    "organizational_unit_name" : "string",
    "organizational_unit_type" : "CORE",
    "accounts" : [ {
      "account_name" : "string",
      "account_id" : "string",
      "phone" : "string",
      "account_email" : "string",
      "account_type" : "LOGGING"
    } ]
  } ],
  "deny_ungoverned_regions" : false,
  "cloud_trail_type" : true,
  "kms_key_id" : "",
  "logging_configuration" : {
    "logging_bucket" : {
      "retention_days" : 5475
    },
    "access_logging_bucket" : {
      "retention_days" : 5475
    }
  }
}

Example Responses

None

Status Codes

Status Code

Description

200

Request succeeded.

403

No permissions.

Error Codes

See Error Codes.