Basic Concepts

IaC

Infrastructure as Code (IaC) is the ability to provision and manage your computing infrastructure using code instead of manual processes.

Landing Zone

Landing Zone is short for basic multi-account environment that is initially deployed by RGC and complies with the best practice.

Account

An account functions as a resource container and resource isolation boundary. Resources in an account can only be accessed by the IAM users or IAM agencies in the account. An account in RGC refers to a Huawei Cloud account.

Management Account

A management account is the account you used to enable the Organizations service.

You can use the management account to create and manage your multi-account cloud architecture, as well as to manage organization-wide policies.

Member Account

A member account is the account you created or invited to join your organization via the Organizations service.

Member accounts are used to deploy and manage services or application resources.

Organization

An organization is an entity you create to manage multiple accounts. Each organization is composed of one management account, multiple member accounts, a root OU, and other OUs. An organization has exactly one management account along with several member accounts. You can organize the accounts in a hierarchical, tree-like structure with the root OU at the top and nested OUs under it. Each member account can be directly under the root OU or placed under one of the other OUs.

Root OU

After you enable Organizations and create an organization, Organizations automatically generates the root OU. The root OU is located at the top of the organizational tree, and the branches representing other OUs and accounts reach down.

OU

An organizational unit (OU) is a container or grouping unit for member accounts. It can be understood as a department, a subsidiary, a project family, or the like, of your enterprise. An OU can also contain other OUs. Each OU can have exactly one parent OU, but a parent OU can have multiple child OUs or nested member accounts.

Multi-Account Environment

A multi-account environment is a cloud architecture for organizations or enterprises. It consists of one management account and multiple member accounts.

Best Practices

Best practices are the proven architectures, processes, or methods that produce the best results. In RGC, best practices refer to the cloud service configurations that ensure a secure, scalable multi-account environment.

Basic Environment

A basic environment is a multi-account cloud environment that is initially deployed by RGC, following best practices. In this environment, there are one management account and two member accounts (an audit account and a log archive account). This environment is preconfigured with organization-wide SSO access as well as centralized logging and auditing capabilities.

Account Enrollment

Account enrollment means RGC enrolls accounts that are not created in RGC. When an account is enrolled in RGC, RGC applies the best practices to that account.

Templates

A template is an HCL-formatted text file that describes your cloud resources. Its format can be .tf, .tf.json, or .zip.

Governance Policies

Governance policies refer to rules predefined for continuous governance of multi-account environments on the cloud.

Service Control Policies

Service control policies (SCPs) are a type of organization policy that you can use to manage permissions in your organization. The organization management account can use SCPs to limit which permissions can be assigned to member accounts to ensure that they stay within your organization's access control guidelines. SCPs can be attached to an organization, OUs, and member accounts. Any SCP attached to an organization or OU affects all the accounts within the organization or under the OU.