Help Center/ Resource Governance Center/ User Guide/ Account Management/ Enrolling an Account
Updated on 2025-02-21 GMT+08:00
View PDF
Share

Enrolling an Account

If you created an account via Organizations or invited an account to your organization before setting up a landing zone via RGC, the account will not be automatically enrolled in the landing zone, and you need to manually enroll the account so that it will be governed in the landing zone.

Constraints

  • If an account has enabled Config and has a resource recorder, exercise caution when enrolling the account because the recorder configurations will be overwritten after enrollment.
  • If you want to transfer an account from one landing zone to another one by performing an account enrollment, unmanage the account from the original landing zone and then enroll it in the new landing zone. If you have enrolled the account in the new landing zone, manually delete the resources, such as agencies and policies, of the account from the original landing zone, or an error will occur.
  • Before enrolling an invited account, make sure you have met the requirements in Prerequisites. Otherwise, the account enrollment may fail.

Prerequisites

Perform the following steps only when you want to enroll accounts you invited into your organization. When enrolling accounts you created in the organization, skip the steps.

  1. Log in to Huawei Cloud using the account you want to enroll, and navigate to the IAM console.
  2. In the navigation pane, choose Agencies and click Create Agency in the upper right corner.

    Figure 1 Creating an agency

  3. Set the agency name to RGCServiceExecutionAgency.

    Figure 2 Specifying an agency name

  4. Set Agency Type to Account and Delegated Account to the RGC management account name.
  5. Configure a validity period and enter a description for the agency.
  6. Click OK.
  7. In the displayed dialog box, click Authorize.
  8. Select Security Administrator, FullAccess, and Tenant Guest.

    Figure 3 Permissions to be granted to the agency

  9. Click Next to set the authentication scope.
  10. Click OK. The agency is created. You can then follow the instructions in Procedure to enroll the account.

    Once the RGCServiceExecutionAgency agency is created, it cannot be deleted, or RGC services will become unavailable.

Procedure

  1. Log in to Huawei Cloud using the management account, and navigate to the RGC console.
  2. Access the Organization page, locate the account you want to enroll, and click Enroll in the Operation column.

    Figure 4 Enrolling an account

  3. Select a registered OU where your account will be added, and enable all governance policies configured for the OU for the account.

    Figure 5 Selecting a registered OU

  4. (Optional) Configure an RFS template in the account factory. Select an RFS template and its version. If you select an RFS, you can copy and create accounts in batches.

    For more information about RFS templates, see Templates.
    • Select Template: Select a template you created in RFS.
    • Template Version: Select the version for the template.
    • Configuration Parameters: Modify parameter settings in the template based on service requirements.
      Figure 6 Configuring a template

  5. Click Enroll Account. You can view the enrollment status in the organizational structure. Once enrolled, the account will be governed in the landing zone.
Parent topic: Account Management