This is the multi-page printable view of this section. Click here to print.

Return to the regular view of this page.

Cloud Control

1: Overview

2: How-to guides

2.1: Managing Guardrails
2.2: Managing an Organization

3: API Reference

4: CLI Reference

5: Release Note

1 - Overview

Service Overview

Cloud Control service is a managed service that supports building, operating, and managing a multi-account environment easily and securely on the Samsung Cloud Platform.
Cloud Control service automates an organization’s cloud governance (security, compliance, standardization, etc.) and provides consistent centralized account and resource management based on Samsung Cloud Platform best practices.

Features

Cloud Control service provides the following special features.

Landing Zone Automatic Setup: Samsung Cloud Platform accounts, organizational units (OU), guardrails, logging, etc. are automatically configured. In a standardized environment, new account creation and invitation of existing accounts are possible.
Centralized Governance and Policy Enforcement: Automatically applies security, compliance, and operational policies (guardrails) across the organization. Provides policy violation detection and monitoring capabilities.
Multi-Region and Scalability: You can apply the same governance and policies across multiple Samsung Cloud Platform regions.

Provided Features

Cloud Control service provides the following features.

Automated Landing Zone (Landing Zone) Construction: Security, logging, and account structure based on Samsung Cloud Platform best practices are automatically set.
Guardrail applied
- Preventive guardrail : block the creation of policy-violating resources itself
- Detective Guardrail : Automatically detect policy-violating resources and notify
- Integration with Samsung Cloud Platform Organization’s ACP, Samsung Cloud Platform Config Inspection, etc.
Dashboard Provision: You can visually monitor the accounts, OUs, guardrail implementation status, and compliance status of the entire organization.
Centralized logging and auditing
- Logging&Audit, Object Storage, Config Inspection through which provide centralized log storage for all accounts and an audit account
ID and Permission Management Integration: By integrating with Samsung Cloud Platform ID Center, you can manage account-based access control and permission groups.
Monitoring and Notification (Notification) Feature: Provides real-time alerts for policy violations, Cloud Control setting changes, etc.

Information

Detection Guardrail, Config Inspection integration feature is scheduled for March 2026, Monitoring and Alerting feature is scheduled for July 2026.

Components

Landing Zone(Landing Zone)

Governance, security, network, logging, etc. The basic structure of the standardized Samsung Cloud Platform environment is as follows.

Category	Detailed description
Management Account	Organization and account structure management, policy (SCP) application, new account creation automation Highest authority across the organization, governance-focused operation
Log Account	Central collection and storage of all account logs, log integrity and long-term retention Independent account operation, strict access control and encryption
Audit Account	Organization-wide security and compliance monitoring and audit, automated security checks Apply principle of least privilege, cross-account role assumption

Category

Detailed description

Management Account

Organization and account structure management, policy (SCP) application, new account creation automation

Highest authority across the organization, governance-focused operation

Log Account

Central collection and storage of all account logs, log integrity and long-term retention

Independent account operation, strict access control and encryption

Audit Account

Organization-wide security and compliance monitoring and audit, automated security checks

Apply principle of least privilege, cross-account role assumption

Table. Cloud Control Landing Zone

Guardrails(Guardrails)

The guardrails that automatically apply policy violation detection and prevention (detection/prevention type) rules, security and compliance standards are as follows.

Category	Detailed description
Preventive Guardrail	Role of preemptively blocking to prevent policy violations Implementation method: Using Access Control Policy(ACP) to prohibit or limit the scope of actions on specific Samsung Cloud Platform services Example: Prohibit creation of root user access keys Block resource creation in specific regions Block public read/write on S3 buckets Feature: Fundamentally prevent the violation act itself, preemptively block policy violations
Detection Guardrail	Continuously monitor for policy violations or abnormal configurations, and provide alerts when violations occur Implementation Method: Based on the Samsung Cloud Platform Config Inspection checklist, evaluate resource status and notify via dashboard or alerts when violations are found Example: Detect S3 bucket encryption not applied Detect CloudTrail disabled Detect whether EBS volume encryption is enabled Feature: Detect violating resources in real-time and deliver to the administrator

Category

Detailed description

Preventive Guardrail

Role of preemptively blocking to prevent policy violations

Implementation method: Using Access Control Policy(ACP) to prohibit or limit the scope of actions on specific Samsung Cloud Platform services

Example:
- Prohibit creation of root user access keys
- Block resource creation in specific regions
- Block public read/write on S3 buckets

Feature: Fundamentally prevent the violation act itself, preemptively block policy violations

Detection Guardrail

Continuously monitor for policy violations or abnormal configurations, and provide alerts when violations occur

Implementation Method: Based on the Samsung Cloud Platform Config Inspection checklist, evaluate resource status and notify via dashboard or alerts when violations are found

Example:
- Detect S3 bucket encryption not applied
- Detect CloudTrail disabled
- Detect whether EBS volume encryption is enabled

Feature: Detect violating resources in real-time and deliver to the administrator

Table. Cloud Control Guardrail

Notice

Detection Guardrails will be provided in March 2026.

Baseline(Baseline)

The essential resources and configuration sets, such as security, logging, and network, automatically deployed per account, are as follows.

Category	Detailed description
AuditBaseline	Configure security and audit roles, policies on the central audit account Check the security status and compliance status of all accounts centrally
LogArchiveBaseline	Aggregate logs of all accounts’ Trail to a central bucket Used for log integrity, long-term storage, and audit tracing
IDCenterBaseline	Automatic configuration of resources linked with ID Center Integrate user/group/permission management within the organization

Category

Detailed description

AuditBaseline

Configure security and audit roles, policies on the central audit account

Check the security status and compliance status of all accounts centrally

LogArchiveBaseline

Aggregate logs of all accounts’ Trail to a central bucket

Used for log integrity, long-term storage, and audit tracing

IDCenterBaseline

Automatic configuration of resources linked with ID Center

Integrate user/group/permission management within the organization

Table. Cloud Control Baseline

Guide

AuditBaseline is scheduled to be provided in July 2026.

Region-specific provision status

Cloud Control service is available in the following environments.

Region	Availability
Korea West 1 (kr-west1)	Provided
Korea East1 (kr-east1)	Provided
Korea South1(kr-south1)	Provided
South Korea 2(kr-south2)	Provided
South Korea South 3(kr-south3)	Provided

Table. Cloud Control Region-wise Provision Status

Pre-service

This is a list of services that must be pre-configured before creating the service. For detailed information, please refer to the guide provided for each service and prepare in advance.

Service Category	Service	Detailed Description
Storage	Object Storage	Object storage that facilitates data storage and retrieval
Management	Loggin&Audit	A service that collects and analyzes user activity history
Management	Organization	A service that organizes accounts by organizational units, manages them hierarchically, and controls resource access permissions.
Management	ID Center	A service that allows you to easily manage access permissions for resources per account centrally.

Table. Cloud Control Preceding Service

2 - How-to guides

The user must first create a landing zone to use the Cloud Control service. If a landing zone is created, you can use the management functions of Cloud Control.

Caution

Cloud Control services are not charged, but services such as Logging&Audit, Object Storage, Config Inspection used within Cloud Control may incur costs based on usage.

Create Landing Zone

To use Cloud Control in the Samsung Cloud Platform Console, you must first create a landing zone.

To create a landing zone, follow the steps below.

All Services > Management > Cloud Control Click the menu. Navigate to Cloud Control’s Service Home page.
Click the Landing Zone Creation button on the Service Home page. You will be taken to the Landing Zone Creation page.

Fee Review and Organizational Unit Configuration area, after setting the configuration items, click the Next button.

Category	Required	Detailed description
Home Region	-	Home Region of Cloud Control Cloud Control designates the default region as the Home Region and cannot be changed All regions other than the default region are under Cloud Control’s management
Basic Organizational Unit	Required	Enter basic organizational unit within landing zone Case-sensitive English letters, enter within 128 characters Basic organizational unit includes shared Accounts (Log Account, Audit Account) Security: Name of the basic organizational unit for shared Account Can be modified after landing zone creation
Additional Organizational Unit	Required	Enter additional organizational unit within landing zone Case-sensitive English letters, enter within 128 characters Can be added after landing zone creation

Category

Required

Detailed description

Home Region

Home Region of Cloud Control

Cloud Control designates the default region as the Home Region and cannot be changed

All regions other than the default region are under Cloud Control’s management

Basic Organizational Unit

Required

Enter basic organizational unit within landing zone

Case-sensitive English letters, enter within 128 characters

Basic organizational unit includes shared Accounts (Log Account, Audit Account)

Security: Name of the basic organizational unit for shared Account

Can be modified after landing zone creation

Additional Organizational Unit

Required

Enter additional organizational unit within landing zone

Case-sensitive English letters, enter within 128 characters

Can be added after landing zone creation

Table. Landing Zone Creation - Fee Review and Organizational Unit Configuration Items

Shared Account Configuration After setting the configuration items in the area, click the Next button.

Category

Category	Required	Detailed description
Management Account	-	Management Account name is displayed and cannot be edited
Log Account	Required	Log Account information input Account name: Use Korean, English, numbers, spaces, special characters(`+=-_@[](),.`) to input within 3 ~ 30 characters Email, Confirm Email: Input within 60 characters according to email address format
Audit Account	Required	Enter Log Account information Account name: Use Korean, English, numbers, spaces, special characters(`+=-_@[](),.`) and enter within 3 to 30 characters Email, Confirm Email: Enter within 60 characters following email address format Cannot use the same email as Log Account

Required

Detailed description

Management Account - Management Account name is displayed and cannot be edited

Log Account

Required

Log Account information input

Account name: Use Korean, English, numbers, spaces, special characters(+=-_@[](),.) to input within 3 ~ 30 characters

Email, Confirm Email: Input within 60 characters according to email address format

Audit Account

Required

Enter Log Account information

Account name: Use Korean, English, numbers, spaces, special characters(+=-_@[](),.) and enter within 3 to 30 characters

Email, Confirm Email: Enter within 60 characters following email address format

Cannot use the same email as Log Account

Table. Landing Zone Creation - Shared Account Configuration Items

Note

Log Account is a repository of logs of API activity and resource configuration collected from all Accounts. Log Account cannot be changed.
Audit Account is a limited account, and the security and compliance team can obtain access rights to all accounts within the organization through the Audit Account.

Additional configuration area, after setting the configuration items, click the Next button.

Category	Required	Detailed description
Account access configuration	Required	Select method to manage access to the Account Account access via ID Center: Create pre-configured groups and permission sets to configure users who perform specific tasks in the Account Automatically assign users when provisioning an Account with Account Factory or registering an existing Account Self-managed Account access: Manage access to the Account via ID Center or other Account access methods Cloud Control does not create directory groups or permission sets for the landing zone No user creation when provisioning an Account with Account Factory or registering
Trail configuration	-	Automatic configuration in progress

Category

Required

Detailed description

Account access configuration

Required

Select method to manage access to the Account

Account access via ID Center: Create pre-configured groups and permission sets to configure users who perform specific tasks in the Account
- Automatically assign users when provisioning an Account with Account Factory or registering an existing Account

Self-managed Account access: Manage access to the Account via ID Center or other Account access methods
- Cloud Control does not create directory groups or permission sets for the landing zone
- No user creation when provisioning an Account with Account Factory or registering

Trail configuration

Automatic configuration in progress

Table. Landing Zone Creation - Additional Configuration Items

Input Information Check area, after checking the landing zone configuration information and Service Permissions, check the agreement content for permissions and guidelines.
Click the Complete button. A popup window notifying the creation of the landing zone will open.
After checking the information about creating a landing zone, click the Confirm button. The landing zone creation request is completed.
- Landing zone creation takes some time, and a notification will be sent when the task is completed.
- When the landing zone creation is complete, you can check the full menu of Cloud Control and the organization status on the Service Home page.

Caution

You cannot cancel while creating a landing zone.
If you fail to create a landing zone, delete the landing zone and then create it again.

Reference

When a landing zone is created, you can check the following items in Cloud Control.

Two organizational units: shared Account, organizational unit for the Account that the user will provision
Shared Account 2: Log Archive and Security Audit Isolation Account
Selected IAM management configuration
10 preventive guardrails: Settings for policy application
Organization Service Control Policy Activation

Check detailed landing zone information

Landing Zone Settings page allows you to view detailed information about the landing zone.

To check the detailed information of the landing zone, follow the steps below.

All Services > Management > Cloud Control Click the menu. Navigate to Cloud Control’s Service Home page.
Service Home on the page click the Landing Zone Settings menu. Navigate to the Landing Zone Settings page.

Category	Detailed description
service	service name
Resource Type	Resource Type
SRN	Unique resource ID in Samsung Cloud Platform In Cloud Control, it means the SRN of the resource type
Resource Name	Resource Name
Resource ID	Unique resource ID in the service
Creator	User who created the service
Creation time	Service creation time
Modifier	User who edited the service information
Modification Date	Date Service Information Was Modified
Home Region	Home region information of the landing zone
Account Access Configuration	How to manage access for Account
Trail configuration	Trail configuration activation status maintain active status
Landing Zone Delete	Delete landing zone For detailed information about landing zone deletion, see Delete Landing Zone

Table. Landing zone configuration items

Delete landing zone

If you fail to create a landing zone or do not use it, you can delete the landing zone.

Caution

Deleted resources cannot be recovered.
Organization unit, Account, bucket, ID Center resources are not automatically deleted.
- If you want to use the same name as an existing resource that hasn’t been deleted when recreating a landing zone, you must delete the existing resource directly before creating the landing zone.
- Existing resources can be deleted individually from the Organization, Object Storage, and ID Center services.

To delete the landing zone, follow the steps below.

All Services > Management > Cloud Control Click the menu. Navigate to Cloud Control’s Service Home page.
Click the Landing Zone Settings menu on the Service Home page. You will be taken to the Landing Zone Settings page.
Landing Zone Settings page, click the Landing Zone Delete button. Landing Zone Delete popup opens.
Landing Zone Deletion displayed in the popup window, enter the Cloud Contorl ID into the deletion confirmation area, then click the Confirm button. The landing zone deletion request is completed.
- While deleting the landing zone, a description about the landing zone deletion process is displayed on the Service Home page.

Managing Organization Units and Accounts

You can check the list of organization units and accounts, and register and manage them in Cloud Control.

To view and manage the organization unit and Account list, follow the steps below.

All Services > Management > Cloud Control Click the menu. Navigate to Cloud Control’s Service Home page.
Service Home page, click the Organization menu. Move to the Organization unit and Account management page.
Organization Unit and Account Management Select the view mode located at the top right of the page.

Category	Detailed description
View Hierarchy	Display organizational units in a hierarchical structure
Account List View	Display Account list within organization
Account creation	Create a new Account When the Account creation button is clicked, navigate to the Account creation page For detailed information about Account creation, see Create Account

Category

Detailed description

View Hierarchy

Display organizational units in a hierarchical structure

Account List View

Display Account list within organization

Account creation

Create a new Account

When the Account creation button is clicked, navigate to the Account creation page

For detailed information about Account creation, see Create Account

Table. Cloud Control organization unit and Account management items

View Hierarchy

Organizational Unit and Account Management page, when you click the View Hierarchy button, you can view and manage organizational units and accounts in a hierarchical structure.

Category	Detailed description
Create Sub-Organization Unit	Add a new organization unit under the selected organization unit Enabled only when exactly one organization unit is selected in the hierarchy For details, see Create Organization Unit
More	Manage organizational units or register a new Account Click the button to select Delete Organizational Unit, Register Organizational Unit, Re-register Organizational Unit, Account registration For detailed information on managing organizational units, see Managing Organizational Units refer For detailed information on Account registration, see Register Account refer
Organization Unit/Account Name	Display organization unit and account names in a measurement structure format Click the +, - buttons to expand or collapse the hierarchy Click the organization unit/account name to go to the detail page
ID/email	Organization unit shows ID, Account shows ID and email
Status	Organization unit or Account’s Cloud Control registration status Registered, Unregistered, Registering, Registration failed No status displayed for Root
Registered organization unit	Cloud Control registration status of sub-organization units number of registered organization units / total number of organization units displayed
Registered Account	Sub Account’s Cloud Control registration status Number of registered Accounts / total Accounts displayed

Table. Hierarchy View Items

View Account List

Organization Unit and Account Management on the page, when you click the View Account List button, you can view and manage the Account list that constitute Cloud Control.

Category	Detailed description
Account registration	Register the selected Account from the Account list to Cloud Control If you select an Account that is in unregistered state from the Account list, it becomes active For detailed information about Account registration, see Register Account
Account name	Account name
Account ID	Account’s ID
Email	Account’s user email
Status	Organization unit or Account’s Cloud Control registration status Registered, Unregistered, Registering, Registration failed No status displayed for Root

Table. Account list view items

Organization and Account Detailed Information Check

You can view and edit the detailed information of the organization unit and Account.

To view detailed information, follow the steps below.

All Services > Management > Cloud Control Click the menu. Navigate to Cloud Control’s Service Home page.
Service Home page, click the Organization menu. Move to the Organization unit and Account management page.
Organization Unit and Account Management page’s View Hierarchy button, click it.
Click the name of the resource whose detailed information you want to view in the hierarchy list. You will be taken to the detailed page of that resource.
- Root: Root Details go to the page. For more details, please refer to Root Details Info.
- Organization unit name: Organization unit details navigate to the page. For more details, see Organization unit detailed information.
- Account name: Account details navigate to the page. For more details, refer to Account detailed information.

Root Detailed Information

Root detail page allows you to view and manage the detailed information of the organization Root and the sub Account list. Root Details page consists of Basic Information, Sub Account tabs.

Basic Information

You can check the basic information about organization Root and the organizational units and account count registered in Cloud Control.

Category	Detailed description
service	service name
Resource Type	Service Type
SRN	Unique resource ID in Samsung Cloud Platform
Resource Name	Resource Name
Resource ID	Unique resource ID in the service
Creator	User who created the service
Creation time	Service creation time
Modifier	User who edited the service information
Modification Date	Date Service Information Was Modified
Registered organization unit	Cloud Control registration status of Root sub-organization units displayed as Number of registered organization units / total organization units
Registered Account	Root sub Account’s Cloud Control registration status Number of registered Accounts / total number of Accounts displayed

Table. Root Details - Basic Information Tab Items

Sub Account

You can view and manage the list of Accounts under Root and the registration status of Cloud Control.

Category	Detailed description
Account registration	Register the selected Account from the Account list to Cloud Control Selecting an Account in the unregistered state from the Account list activates it For detailed information about Account registration, see Register Account
Account name	Account name
Email	Account’s user email
Status	Organization unit or Account’s Cloud Control registration status Registered, Unregistered, Registering, Registration failed No status displayed for Root

Table. Root Details - Sub Account Tab Items

Organization Unit Detailed Information

Organizational Unit Details page allows you to view and manage detailed information of the organizational unit, sub Accounts, and applied preventive guardrails. Organization Unit Details page consists of Basic Information, Sub Account, Preventive Guardrails tabs.

Basic Information

You can view basic and detailed information about the organization unit.

Category	Detailed description
service	service name
Resource Type	Service Type
SRN	Unique resource ID in Samsung Cloud Platform
Resource Name	Resource Name
Resource ID	Unique resource ID in the service
Creator	User who created the service
Creation time	Service creation time
Modifier	User who edited the service information
Modification Date/Time	Date and time the service information was modified
Organizational unit name	Name of the organizational unit
Applied Guardrail	Number of guardrail types applied to the current organization unit
Registered organization unit	Current organization unit’s sub-unit Cloud Control registration status displayed as number of registered organization units / total number of organization units
Registered Account	Current organization unit sub Account’s Cloud Control registration status displayed as Number of registered Accounts / total Accounts
Higher organization unit	Hierarchy of higher organization units of the current organization unit
Re-registration	Re-register the current organization unit to Cloud Contorl For detailed information on organization unit re-registration, refer to Re-register Organization Unit

Table. Organization Unit Details - Basic Information Tab Items

Sub Account

You can view and manage the list of sub-accounts of the organization unit.

Notice

Security organization units cannot register Account.

Category	Detailed description
Account registration	Register the selected Account from the Account list to Cloud Control If you select an Account in unregistered state from the Account list, it becomes active For details on Account registration, see Register Account
Account name	Account name
Email	Account’s user email
Status	Organization unit or Account’s Cloud Control registration status Registered, Unregistered, Registering, Registration failed Root No status displayed

Table. Organization Unit Details - Sub Account Tab Items

Preventive Guardrail

You can view and manage the list of preventive guardrails applied at the organizational unit level.

Notice

Security in the case of organization units, cannot apply or remove the guardrail.

Category	Detailed description
Target Service Name	Guardrail applicable service name
Guardrail Name	Name of the guardrail Clicking the guardrail name allows you to view detailed information about that guardrail
Type	Application method
Application method	Display of guardrail’s application method inheritance method, you can click to view detailed organizational unit name
Remove	Remove the selected guardrail from the guardrail list Enabled when a guardrail is selected from the guardrail list
Apply Preventive Guardrail	New preventive guardrail can be applied at the organizational level When the button is clicked, navigate to the Apply Preventive Guardrail page

Table. Organization Unit Details - Prevention Guardrail Tab Items

Account Check detailed information

Account Details page you can view the detailed information of the Account and the list of applied preventive guardrails. Account Detail page consists of Basic Information, Prevention Guardrail tabs.

Basic Information

You can view basic and detailed information about the organization unit.

Category	Detailed description
service	service name
Resource Type	Service Type
SRN	Unique resource ID in Samsung Cloud Platform
Resource Name	Resource Name
Resource ID	Unique resource ID in the service
Creator	User who created the service
Creation time	Service creation time
Editor	User who edited the service information
Modification Date	Date Service Information Was Modified
Email	Account’s user email
Applied Guardrail	Number of guardrail types applied to the current organization unit
ID Center username	ID Center user email
Upper organizational unit	Current Account’s upper organization unit hierarchy
Register	Current Account’s organization unit can be changed For detailed information on changing the organization unit see Move Account

Table. Account Details - Basic Information Tab Items

Prevention Guardrail

You can view the list of preventive guardrails applied to the Account.

Category	Detailed description
Target Service Name	Guardrail applicable target service name
Guardrail Name	Name of the guardrail If you click the guardrail name, you can view detailed information about that guardrail
Type	Application Method
Application method	Display of the guardrail’s application method inheritance method, you can click to view the detailed organizational unit name

Table. Account Details - Preventive Guardrail Tab Items

Access Portal Check access information

User and Access page you can check the Access Portal connection URL and the password required for connection.

Access Portal to check the connection information, follow the steps below.

All Services > Management > Cloud Control Click the menu. Navigate to Cloud Control’s Service Home page.
Service Home page, click the User and Access menu. Navigate to the User and Access page.
User and Access page’s Integrated Access Management area, check the information.

Category	Detailed description
Password	Password for Access Portal access
Access Portal URL	Access Portal access URL When clicking the URL, Access Portal login page can be viewed in a new tab
Permission Set	A collection of admin policies used by ID Center to determine the valid permissions of users who can access a specific Account

Table. Shared Account Items

Note

For detailed information about credential sources and ID Center, refer to ID Center.

Notice

If the landing zone is configured with a self‑managed Account access, refer to the following.

Cloud Control does not automatically create directory groups or permission sets.
When provisioning an Account via the Account factory or registering an existing Account, the user is automatically assigned.
You can manage access to the Account via ID Center or other Account access methods.

Check user credential information

On the User and Access page, you can check the user credential source type and ID Center ID.

To verify user credential information, follow the steps below.

All Services > Management > Cloud Control Please click the menu. Navigate to Cloud Control’s Service Home page.
Click the User and Access menu on the Service Home page. You will be taken to the User and Access page.
User and Access page’s User Credential Management area, check the information.

Category	Detailed description
Credential Source	Types of credential sources set in ID Center ID Center’s own directory: Directory within ID Center AD (Active Directory): Active Directory managed directly by the user
ID Center ID	ID Center’s ID When ID is clicked, go to the ID Center Settings page
User Group	A group formed to classify workers who perform specific tasks in an organization

Category

Detailed description

Credential Source

Types of credential sources set in ID Center

ID Center’s own directory: Directory within ID Center

AD (Active Directory): Active Directory managed directly by the user

ID Center ID

ID Center’s ID

When ID is clicked, go to the ID Center Settings page

User Group

A group formed to classify workers who perform specific tasks in an organization

Table. User Credential Management Items

Reference

For detailed information about credential sources and ID Center, see ID Center.
Management > IAM You can add users and user groups in the service. For more details, refer to IAM.

Check shared Account

You can view the shared Account information of Cloud Control.

To check the shared Account information, follow the steps below.

All Services > Management > Cloud Control Click the menu. Go to the Service Home page of Cloud Control.
Click the Shared Account menu on the Service Home page. Navigate to the Shared Account page.

Shared Account page is composed of Management Account, Log Account, Audit Account widgets.
- Each widget displays the Account name, Account ID, and email information, and clicking the widget name navigates to that Account’s detail page.

Category	Detailed description
Management Account	Account that creates new accounts and manages billing and access for all accounts in the organization
Log Account	Account used as the repository for API activity and resource configuration logs collected from all Accounts
Audit Account	Limited account that allows the security and compliance team to obtain read and write access to all accounts

Table. Shared Account Items

2.1 - Managing Guardrails

Policy violation detection and prevention (detection/prevention type) rules, and the guardrails automatically applied to security and compliance standards are as follows.

Prevention Guardrail

You can apply preventive guardrails to block in advance so that policy violations do not occur.

Applying preventive guardrails

It can be applied to preventive guardrails at the organizational level. To apply preventive guardrails at the organizational level, follow the steps below.

All Services > Management > Cloud Control Click the menu. Navigate to Cloud Control’s Service Home page.
Service Home on the page click Guardrail > Preventive Guardrail menu. Preventive Guardrail List navigate to the page.
After selecting the prevention guardrail to apply to the organizational unit from the Prevention Guardrail List, click the Apply to Organizational Unit button. You will be taken to the Apply to Organizational Unit page.
- Multiple preventive guardrails can be selected and applied simultaneously.

After selecting the organizational unit to apply the preventive guardrail, click the Complete button.

Category	Required	Detailed description
Preventive guardrails to apply	-	List of preventive guardrails to apply at the organizational unit
Organization Unit Name	Required	Select organization unit to apply preventive guardrails Registered, Registration Failed status organization units only selectable Click on organization unit name, parent organization unit name to view detailed information

Category

Required

Detailed description

Preventive guardrails to apply

List of preventive guardrails to apply at the organizational unit

Organization Unit Name

Required

Select organization unit to apply preventive guardrails

Registered, Registration Failed status organization units only selectable

Click on organization unit name, parent organization unit name to view detailed information

Table. Prevention Guardrail Application Items

When a pop-up window that notifies the application of the preventive guardrail opens, click the Confirm button.

Check detailed guardrail information

You can view detailed information about the preventive guardrail, the organizational units applied to the preventive guardrail, and the list of Accounts. To disable the preventive guardrail, follow the steps below.

All Services > Management > Cloud Control Click the menu. Navigate to Cloud Control’s Service Home page.
Service Home on the page click the Guardrail > Preventive Guardrail menu. Navigate to the Preventive Guardrail List page.
Prevention Guardrail List Click the prevention guardrail name to view detailed information. Prevention Guardrail Details page
- Prevention Guardrail Details page consists of Basic Information, Applicable Organization Unit, Account tabs.

Basic Information

You can view basic and detailed information about preventive guardrails.

Category	Detailed description
service	service name
Resource Type	Service Type
SRN	Unique resource ID in Samsung Cloud Platform
Resource Name	Resource Name
Resource ID	Unique resource ID in the service
Creator	User who created the service
Creation time	Service creation time
Editor	User who edited the service information
Modification date/time	Date and time the service information was modified
Guardrail name	Guardrail’s name
type	guardrail type
Target Service Name	Guardrail’s target service name
Status	Guardrail application status
Description	Description of guardrails

Table. Guardrail Details - Basic Information Tab Items

Applied Organization Unit

You can view the list of organizational units with preventive guardrails applied.

Category	Detailed description
Organizational unit name	Name of the organizational unit Click the organizational unit name to view detailed information
Parent Organization Unit Name	Name of the parent organization unit of the organization unit Click the parent organization unit name to view detailed information
Status	Organization unit’s Cloud Control registration status Registered, Unregistered, Registering, Registration failed No status displayed when Root

Category

Detailed description

Organizational unit name

Name of the organizational unit

Click the organizational unit name to view detailed information

Parent Organization Unit Name

Name of the parent organization unit of the organization unit

Click the parent organization unit name to view detailed information

Status

Organization unit’s Cloud Control registration status

Registered, Unregistered, Registering, Registration failed

No status displayed when Root

Table. Root Details - Sub Account Tab Items

Account

You can check the list of sub Accounts of the organization unit where the preventive guardrail is directly applied.

Category	Detailed description
Account name	Account name
Email	Account’s user email
Organization Unit Name	Name of the organization unit Click the organization unit name to view detailed information
Status	Organization unit or Account’s Cloud Control registration status Registered, Unregistered, Registering, Registration failed Root No status displayed

Table. Root Details - Sub Account Tab Items

Note

Preventive guardrails are inherited and applied from all higher organizational units, so even accounts not in the account list can have preventive guardrails applied.

Disable Guardrail

The preventive guardrail applied to the organizational unit can be disabled. To disable the preventive guardrail, follow the steps below.

All Services > Management > Cloud Control Click the menu. Navigate to Cloud Control’s Service Home page.
Service Home on the page, click the Guardrail > Preventive Guardrail menu. Navigate to the Preventive Guardrail List page.
Prevention Guardrail List after selecting the prevention guardrail to remove organization unit application, click the More > Remove Organization Unit Application button. You will be taken to the Remove Organization Unit Application page.
- Multiple preventive guardrails can be selected simultaneously and disabled.

After selecting the organizational unit to remove the preventive guardrail, click the Complete button.

Category	Required	Detailed description
Preventive guardrails to apply	-	List of preventive guardrails to deactivate
Organization Unit Name	Required	Select organization unit to disable preventive guardrail application Registered, Registration Failed status only organization units can be selected Click organization unit name, parent organization unit name to view detailed information

Category

Required

Detailed description

Preventive guardrails to apply

List of preventive guardrails to deactivate

Organization Unit Name

Required

Select organization unit to disable preventive guardrail application

Registered, Registration Failed status only organization units can be selected

Click organization unit name, parent organization unit name to view detailed information

Table. Prevention Guardrail Deactivation Items

When the popup notifying the removal of the preventive guardrail is opened, click the Confirm button.

2.2 - Managing an Organization

The user must first create a landing zone in order to use the Cloud Control service. When a landing zone is created, you can use Cloud Control’s management functions.

Caution

Cloud Control service is not charged, but services such as Logging&Audit, Object Storage, Config Inspection used within Cloud Control may incur costs based on usage.

Managing organizational units

You can register and manage the organizational units that constitute the Organization in Cloud Control.

Create Organizational Unit

You can create a new organizational unit and register it in Cloud Control.

Create an organizational unit and follow the steps below to register it with Cloud Control.

All Services > Management > Cloud Control Click the menu. Go to Cloud Control’s Service Home page.
Click the Organization menu on the Service Home page. Navigate to the Organization Unit and Account Management page.
Organizational Unit and Account Management page’s top right corner, click the View Hierarchy button.
After selecting the location to add an organizational unit in the hierarchy list, click the Create Sub-Organizational Unit button. The Create Organizational Unit popup opens.
- Root or only one organizational unit can be selected.
- Root can be used as a basis to create organizational units within 5 levels below.

Create Organizational Unit After entering the organizational unit information to add in the popup window, click the Confirm button.

Category	Required status	Detailed description
Parent organization unit name	-	Name of the parent organization unit for the organization unit to be created
Organization Unit Name	Required	Enter the name of the organization unit to be created within 128 characters Organization names distinguish between uppercase and lowercase English letters
Description	Select	Enter a description of the organizational unit within 1,000 characters

Table. Organization unit creation items

When the popup notifying the creation of an organizational unit opens, click the Confirm button.
- It may take several tens of minutes depending on the number of Accounts under the organizational unit.
- When the organization unit creation is completed, it will be delivered as a notification.

Register Organizational Unit

You can register organizational units that are not registered in Cloud Control or that failed to register in Cloud Control.

Notice

When registering an organizational unit, all parent organizational units of the unit to be registered must be in a registered state.
If there is an organization unit in the registering state under the organization unit you want to register, you cannot register.
Subordinate organizational units of the organizational unit to be registered must be registered separately.

To register an organizational unit in Cloud Control, follow the steps below.

All Services > Management > Cloud Control Click the menu. Navigate to Cloud Control’s Service Home page.
Click the Organization menu on the Service Home page. Navigate to the Organization Unit and Account Management page.
Organizational Unit and Account Management in the top right corner of the page, click the View Hierarchy button.
After selecting the organizational unit to register from the hierarchy list, click the More > Register Organizational Unit button. You will be taken to the Register Organizational Unit page.

Organization Unit Registration Check the information of the organization unit to be registered on the page.

Category	Required	Detailed description
Sub Account	-	List of Accounts included under the sub-unit of the organization unit to be registered Automatically registered in Cloud Control when registering the organization unit
Guardrails to be applied to the organizational unit	-	List of guardrails inherited from the upper organizational unit and guardrails directly applied to the organizational unit Clicking the guardrail name allows you to view detailed information about that guardrail To remove a guardrail applied to the organizational unit, remove its application from the upper organizational unit

Category

Required

Detailed description

Sub Account

List of Accounts included under the sub-unit of the organization unit to be registered

Automatically registered in Cloud Control when registering the organization unit

Guardrails to be applied to the organizational unit

List of guardrails inherited from the upper organizational unit and guardrails directly applied to the organizational unit

Clicking the guardrail name allows you to view detailed information about that guardrail

To remove a guardrail applied to the organizational unit, remove its application from the upper organizational unit

Table. Organization Unit Registration Items

Terms Agreement after checking the content, check the checkbox and click the Complete button.
When the popup notifying the registration of the organizational unit opens, click the Confirm button. The organizational unit registration request will be completed.
- Depending on the number of Accounts under the organization unit, it may take more than tens of minutes.
- When the organization unit registration is completed, it will be delivered as a notification.

Re-register Organization Unit

You can re-register the organizational unit registered in Cloud Control to Cloud Control.

Notice

If there is an organization unit in the registering state under the organization unit you want to register, you cannot register.
The subordinate organizational unit of the organization unit you want to register must be registered separately.

To re-register an organizational unit in Cloud Control, follow these steps.

All Services > Management > Cloud Control Click the menu. Navigate to Cloud Control’s Service Home page.
Service Home page, click the Organization menu. Navigate to the Organization Unit and Account Management page.
Organization Unit and Account Management page’s top right corner View Hierarchy button click.
After selecting the organizational unit to re-register from the hierarchy list, click the More > Re-register Organizational Unit button. You will be taken to the Re-register Organizational Unit page.

Organizational Unit Re-registration Check the information of the organizational unit to be re-registered on the page.

Category	Required status	Detailed description
Sub Account	-	List of Accounts included under the sub-unit to be re-registered Automatically registered in Cloud Control when registering the organizational unit
Guardrails to be applied to the organizational unit	-	List of guardrails inherited from the upper organizational unit and guardrails directly applied to the organizational unit Clicking the guardrail name allows you to view detailed information about that guardrail To remove a guardrail applied to the organizational unit, remove its application from the upper organizational unit

Category

Required status

Detailed description

Sub Account

List of Accounts included under the sub-unit to be re-registered

Automatically registered in Cloud Control when registering the organizational unit

Guardrails to be applied to the organizational unit

List of guardrails inherited from the upper organizational unit and guardrails directly applied to the organizational unit

Clicking the guardrail name allows you to view detailed information about that guardrail

To remove a guardrail applied to the organizational unit, remove its application from the upper organizational unit

Table. Organization Unit Re-registration Items

Terms Agreement after reviewing the content, check the checkbox and click the Complete button.
When the popup notifying re-registration of the organization unit opens, click the Confirm button. The organization unit re-registration request will be completed.
- Depending on the number of Accounts under the organization unit, it may take more than tens of minutes.
- When the organization unit re-registration is completed, it will be delivered as a notification.

Delete organization unit

You can delete the organization unit.

Notice

Only organization units that are in an unregistered state in Cloud Control can be deleted.
Before deleting the organization unit, remove all sub-elements of that organization unit.

To delete an organizational unit, follow the steps below.

All Services > Management > Cloud Control Please click the menu. Navigate to Cloud Control’s Service Home page.
Click the Organization menu on the Service Home page. Navigate to the Organization Unit and Account Management page.
Organizational unit and Account management in the top right corner of the page, click the View Hierarchy button.
After selecting the organizational unit to delete from the hierarchy list, click the More > Delete Organizational Unit button.
When the popup notifying the deletion of the organizational unit opens, click the Confirm button.

Account Management

You can register and manage the list of Accounts that constitute the Organization in Cloud Control.

Account Create

Account factory to create Account and apply Cloud Control directly without separate work.

To create an Account, follow the steps below.

All Services > Management > Cloud Control Click the menu. Navigate to Cloud Control’s Service Home page.
Click the Account Factory menu on the Service Home page. Navigate to the Account Factory page.
Account Factory on the page Account Creation button click the button. Account Creation page will be navigated.

Account creation on the page, enter the required information for creating an Account and select the organizational unit, then click the Complete button. A popup notifying the Account creation opens.

Category

Category	Required	Detailed description
Account information	Required	Enter the name and email information of the Account Account name: Use Korean, English, numbers, spaces, special characters(`+=-_@[](),.`) to input within 3 ~ 30 characters Email, Confirm Email: Input within 60 characters according to email address format
ID Center Information	Required	Enter ID Center user information that can access the Account to be created Username: Enter using English letters, numbers, special characters(`+=-_@,.`) within 128 characters User Real Name: Enter the user’s actual name (surname and given name) If the Account access configuration uses Self-Managed Account Access, ID Center Information cannot be set
Organization unit selection	Required	Select the parent organization that will include the Account to be created registered status organization units only can be selected Clicking the organization unit name allows navigation to its detail page

Required

Detailed description

Account information

Required

Enter the name and email information of the Account

Account name: Use Korean, English, numbers, spaces, special characters(+=-_@[](),.) to input within 3 ~ 30 characters

Email, Confirm Email: Input within 60 characters according to email address format

ID Center Information

Required

Enter ID Center user information that can access the Account to be created

Username: Enter using English letters, numbers, special characters(+=-_@,.) within 128 characters

User Real Name: Enter the user’s actual name (surname and given name)

If the Account access configuration uses Self-Managed Account Access, ID Center Information cannot be set

Organization unit selection

Required

Select the parent organization that will include the Account to be created

registered status organization units only can be selected

Clicking the organization unit name allows navigation to its detail page

Table. Landing Zone Creation - Fee Review and Organizational Unit Configuration Items

Caution

An Excel file containing Access Portal user login information will be sent to the email entered in the ID Center. Be sure to verify that the email information is correct.

Confirm Click the button. Account creation request is completed.
- Account creation takes some time, and a notification will be sent when the task is completed.

Account Register

You can register organizational units that are not registered in Cloud Control or failed to register in Cloud Control.

Notice

Only accounts of organizational units registered in Cloud Control can be registered.
If there is an organizational unit or Account in the registering state under the organizational unit you want to register, you cannot register.
If you select and register a different organizational unit from the current one, the corresponding ACcount will be moved to the newly selected organizational unit.

To register an Account, follow the next steps.

All Services > Management > Cloud Control Click the menu. Go to Cloud Control’s Service Home page.
Click the Organization menu on the Service Home page. Navigate to the Organization Unit and Account Management page.
Organization Unit and Account Management page’s top right corner, click the View Account List button.

After selecting the Account to register in Cloud Control from the Account list, click the Account registration button. It navigates to the Account registration page.

Category	Required	Detailed description
Current organizational unit	-	Organizational unit that the Account belongs to
Register organization unit	-	Select the organization unit to register the Account Only organization units in registration status can be selected Current organization unit: Register as is in the current organization unit Other organization unit: Directly select another organization unit

Category

Required

Detailed description

Current organizational unit

Organizational unit that the Account belongs to

Select the organization unit to register the Account

Only organization units in registration status can be selected

Current organization unit: Register as is in the current organization unit

Other organization unit: Directly select another organization unit

Table. Account registration items

Account when the registration notification popup opens Click the Confirm button.

Account Move

You can change the organizational unit of the Account registered in Cloud Control and move it.

Notice

If there is an organization unit or Account in the registering state under the organization unit you want to register, you cannot move.
If you select and register a different organizational unit from the current one, the corresponding ACcount will be moved to the newly selected organizational unit.

To move the Account, follow the steps below.

All Services > Management > Cloud Control Please click the menu. Navigate to Cloud Control’s Service Home page.
Click the Organization menu on the Service Home page. Navigate to the Organization Unit and Account Management page.
Organization Unit and Account Management on the top right of the page, click the View Account List button.
Click the Account name to change the organizational unit from the Account list. Account Details page will be navigated.
Click the Register button on the Account Details page. You will be taken to the Account Registration page.
Register Organization Unit from the list, after selecting the organization unit to move the Account, click the Complete button.
- Registration status organizational units can only be selected.
When the popup notifying Account registration opens, click the Confirm button.

Account Exclude

You can exclude the Account from the Organization.

To exclude Account from Organization, follow the steps below.

All Services > Management > Organization Click the menu. Go to the Service Home page of Organization.
Click the Organization Configuration menu on the Service Home page. Navigate to the Organization Configuration page.
Organization Structure page click the Account List View button.
After selecting the Account to exclude from Organization, click the More > Exclude Account button.
When a popup that notifies the exclusion of the Account opens, click the Confirm button.
Notice
In the following cases, Account cannot be excluded.
- Account with unregistered payment method
- If there is credit assigned to the account
- When the exclusion point is the cost settlement date (the 1st of each month, Asia/Seoul GMT +09:00)

Account Delete

You can delete the Account.

To delete the Account, follow the steps below.

All Services > Management > Organization Click the menu. Go to the Service Home page of Organization.
Service Home on the page, click the Organizational Structure menu. Navigate to the Organizational Structure page.
Organization Setup on the page click the Account List View button.
After selecting the Account to delete from the Account list, click the More > Delete Account button. The Delete Account popup window opens.
- After clicking the Account name of the Account to be deleted, you can also delete by clicking the Delete Account button on the Account Details page.
After entering the Account name to delete, click the Confirm button.

Reference

If you delete Account, a Account deletion notification email will be sent to the next user.

Administrator who created Organization
Root user of the created Account
User with delegation for the created Account

Notice

When deleting from the Account list, you must select only one Account to delete.
Before deletion, all resources within the Account must be deleted.
Management Account and accounts that joined through invitation cannot be deleted.

3 - API Reference

API Reference

4 - CLI Reference

CLI Reference

5 - Release Note

Cloud Control

2025.10.23

NEW Official Service Version Release

Cloud Control service official version has been released.
- You can easily and safely build, operate, and manage a multi-account environment on Samsung Cloud Platform.
- The organization’s cloud governance (security, compliance, standardization, etc.) can be automated and managed through policy violation detection and monitoring functions.