Help Center/ Resource Governance Center/ User Guide/ Landing Zone Governance Check/ Overview of Landing Zone Governance Check
Updated on 2025-05-23 GMT+08:00
View PDF
Share

Overview of Landing Zone Governance Check

Introduction

Landing Zone governance check helps you check whether your multi-account cloud environment adheres to the best practices for Landing Zone. The check results serve as a reference for you to optimize costs and improve security and operational efficiency. RGC comes with check items in alignment with best practices and scans resources in your organization. It provides check results and recommendations to fix any identified risks. If you want to obtain support from Huawei Cloud experts, you are advised to buy the Landing Zone Governance Check and Fix professional service. This service provides you with a well-architected cloud environment, all in one place.

Scenarios

After a landing zone is set up, your cloud environment may diverge from best practices due to the mobility of O&M personnel or their lack of experience. To make sure the environment continuously adheres to the best practices, you can run a Landing Zone governance check to identify and rectify any divergence in a timely manner.

Functions

In just one click, you can start a Landing Zone governance check to verify whether your multi-account cloud environment complies with the best practices for Landing Zone governance. You will receive a risk assessment result and can download a detailed check report. The check covers the following domains:

  • Organizations and accounts: In a well-designed organizational structure, accounts are centrally managed and separated based on responsibilities, avoiding any scattered arrangement.
  • Identities and permissions: Permissions are assigned in a refined manner, and identities are managed in a unified manner, reducing the risk of over-authorization.
  • Network planning: Public network resources are centrally managed, ensuring network security and high availability.
  • Security and compliance: Encryption is enabled so that hosts and data are securely protected.
  • Compliance audit: Comprehensive logs are collected and retained for a specified period, ensuring effective auditing.
  • Data perimeter: Permission boundaries are established to prevent unexpected access.
  • Financial management: Refined financial management avoids any waste or cost anomalies.
  • O&M monitoring: Basic cloud service metrics are collected based on best practices, monitored in real time, and promptly alerted when necessary.