The Resource Management service allows you to consolidate all your Alibaba Cloud accounts into a resource directory and move the accounts to desired folders to form a hierarchy. This way, you can manage the accounts and the resources within the accounts in a unified manner. You must enable a resource directory before you can use it.
Prerequisites
Before you can enable a resource directory, the Alibaba Cloud account must meet the following conditions:
The account has passed enterprise verification. Accounts that have only passed individual identity verification cannot be used.
The account has security information configured, such as a secure mobile phone number or email address.
The account is not a member of another resource directory.
Methods used to enable a resource directory
After an account meets the prerequisites, you can enable a resource directory. As a best practice, the management account of your resource directory should be a dedicated account, separate from those running business workloads. This separation of concerns simplifies governance and enhances security. Therefore, the method you choose to enable the directory depends on whether the current account already contains resources. You can go to the Resource Center to check whether the current account contains resources.
Use the current logon account to enable a resource directory
This method is suitable for accounts that do not have any existing resources or business workloads deployed.
Use a new account to enable a resource directory
This method is recommended if the current account already contains business resources or runs active workloads.
If you use this method, you must create an Alibaba Cloud account and use this account as the management account of the resource directory. The new account inherits the enterprise verification information of the current logon account. The current logon account becomes a member of the resource directory.
WarningAfter the current logon account becomes a member of the resource directory, you can remove the current logon account from the resource directory by using only the new account.
Use the current logon account to enable a resource directory
Log on to the Resource Management console.
In the left-side navigation pane, choose .
On the page that appears, click Enable Resource Directory.
After you enable the resource directory, the system creates the Root folder and uses the current logon account as the management account of the resource directory.
In addition, the system creates a service-linked role named AliyunServiceRoleForResourceDirectory within the management account. This role is used to grant access permissions on the resource directory to trusted services that are integrated with the Resource Directory service. For more information about service-linked roles, see RAM roles in a resource directory.
Use a new account to enable a resource directory
Log on to the Resource Management console.
In the left-side navigation pane, choose .
In the Best Practices section, click create a management account.
In the dialog box that appears, enter a custom name in the Account Name field.
Enter a mobile phone number in the Mobile Phone Number field, click Get verification code, and then enter the received verification code in the Verification code field.
Click Enable.
After you enable the resource directory, the system creates the Root folder and uses the new account as the management account of the resource directory. The current logon account becomes a member of the resource directory.
In addition, the system creates a service-linked role named AliyunServiceRoleForResourceDirectory within the management account. This role is used to grant access permissions on the resource directory to trusted services that are integrated with the Resource Directory service. For more information about service-linked roles, see RAM roles in a resource directory.
ImportantYou must specify a password for the management account on the password resetting page by using the mobile phone number that you specify in step 5. Then, you can use the management account to log on to the Resource Management console and manage your resource directory.