Help Center> Resource Governance Center> User Guide> Organization Management> Enrolling an Account
Updated on 2024-05-24 GMT+08:00
View PDF

Enrolling an Account

Before your landing zone is set up, once you have created an account in Organizations or invited an account to your organization, you still need to manually enroll that account before it can be governed in your landing zone.

Constraints

  • If an account has enabled Config and had a resource recorder, exercise caution when enrolling the account because the recorder configurations will be overwritten after enrollment.
  • Before enrolling an invited account, make sure you have met the steps in Prerequisites. Otherwise, the account enrollment may fail.

Prerequisites

Perform the following steps only when you want to enroll accounts you invited into your organization. When enrolling accounts you created in the organization, skip the steps.

  1. Log in to Huawei Cloud using the account you want to enroll, and navigate to the IAM console.
  2. In the navigation pane, choose Agencies and click Create Agency in the upper right corner.

    Figure 1 Creating an agency

  3. Set the agency name to RGCServiceExecutionAgency.

    Figure 2 Specifying an agency name

  4. Set Agency Type to Account and Delegated Account to the RGC management account name.
  5. Configure a validity period and enter a description for the agency.
  6. Click Next. The authentication page is displayed.
  7. Select Security Administrator, FullAccess, and Tenant Guest.

    Figure 3 Permissions to be granted to the agency

  8. Click Next to set the authentication scope.
  9. Click OK. The agency is created. You can then follow the instructions in Procedure to enroll the account.

Procedure

  1. Log in to Huawei Cloud using the management account, navigate to the RGC console, and access the Organization page.
  2. Locate the account you want to enroll and click Enroll in the Operation column.

    Figure 4 Enrolling an account

  3. Select a registered OU where your account will be added, and enable all governance policies configured for the OU for the account.

    Figure 5 Selecting a registered OU

  4. (Optional) Configure an RFS template in the account factory. Select an RFS template and its version. If you select an RFS, you can copy and create accounts in batches.

    For more information about RFS templates, see Templates.
    • Template: Select a template you created in RFS.
    • Template Version: Select the version for the template.
    • Configuration Parameters: Modify parameter settings in the template based on service requirements.
      Figure 6 Configuring a template

  5. Click Enroll Account. You can view the enrollment status in the organizational structure. Once enrolled, the account will be governed in the landing zone.

Unmanaging an Account

If you no longer want an account to be managed, you can unmanage it from the RGC console.

  1. Log in to Huawei Cloud using the management account, navigate to the RGC console, and access the Organization page.
  2. Locate the account you want to unmanage and click Unmanage in the Operation column.

    Figure 7 Unmanaging an account

  3. Click OK. Exercise caution when unmanaging an account because this operation cannot be undone.

    You can view the management status in the organizational structure. After being unmanaged, the account is moved from its parent OU to the root OU.

Parent topic: Organization Management