The page has been translated by Gen AI.

How-to guides

The user must first create a landing zone to use the Cloud Control service. If a landing zone is created, you can use the management functions of Cloud Control.

Caution
Cloud Control services are not charged, but services such as Logging&Audit, Object Storage, Config Inspection used within Cloud Control may incur costs based on usage.

Create Landing Zone

To use Cloud Control in the Samsung Cloud Platform Console, you must first create a landing zone.

To create a landing zone, follow the steps below.

  1. All Services > Management > Cloud Control Click the menu. Navigate to Cloud Control’s Service Home page.

  2. Click the Landing Zone Creation button on the Service Home page. You will be taken to the Landing Zone Creation page.

  3. Fee Review and Organizational Unit Configuration area, after setting the configuration items, click the Next button.

    Category
    Required
    		Detailed description
    Home Region-Home Region of Cloud Control
    • Cloud Control designates the default region as the Home Region and cannot be changed
    • All regions other than the default region are under Cloud Control’s management
    Basic Organizational UnitRequiredEnter basic organizational unit within landing zone
    • Case-sensitive English letters, enter within 128 characters
    • Basic organizational unit includes shared Accounts (Log Account, Audit Account)
    • Security: Name of the basic organizational unit for shared Account
    • Can be modified after landing zone creation
    Additional Organizational UnitRequiredEnter additional organizational unit within landing zone
    • Case-sensitive English letters, enter within 128 characters
    • Can be added after landing zone creation
    Table. Landing Zone Creation - Fee Review and Organizational Unit Configuration Items

  4. Shared Account Configuration After setting the configuration items in the area, click the Next button.

    Category
    Required
    		Detailed description
    Management Account-Management Account name is displayed and cannot be edited
    Log AccountRequiredLog Account information input
    • Account name: Use Korean, English, numbers, spaces, special characters(+=-_@[](),.) to input within 3 ~ 30 characters
    • Email, Confirm Email: Input within 60 characters according to email address format
    Audit AccountRequiredEnter Log Account information
    • Account name: Use Korean, English, numbers, spaces, special characters(+=-_@[](),.) and enter within 3 to 30 characters
    • Email, Confirm Email: Enter within 60 characters following email address format
    • Cannot use the same email as Log Account
    Table. Landing Zone Creation - Shared Account Configuration Items
Note
  • Log Account is a repository of logs of API activity and resource configuration collected from all Accounts. Log Account cannot be changed.
  • Audit Account is a limited account, and the security and compliance team can obtain access rights to all accounts within the organization through the Audit Account.

  1. Additional configuration area, after setting the configuration items, click the Next button.

    Category
    Required
    		Detailed description
    Account access configurationRequiredSelect method to manage access to the Account
    • Account access via ID Center: Create pre-configured groups and permission sets to configure users who perform specific tasks in the Account
      • Automatically assign users when provisioning an Account with Account Factory or registering an existing Account
    • Self-managed Account access: Manage access to the Account via ID Center or other Account access methods
      • Cloud Control does not create directory groups or permission sets for the landing zone
      • No user creation when provisioning an Account with Account Factory or registering
    Trail configuration-Automatic configuration in progress
    Table. Landing Zone Creation - Additional Configuration Items

  2. Input Information Check area, after checking the landing zone configuration information and Service Permissions, check the agreement content for permissions and guidelines.

  3. Click the Complete button. A popup window notifying the creation of the landing zone will open.

  4. After checking the information about creating a landing zone, click the Confirm button. The landing zone creation request is completed.

    • Landing zone creation takes some time, and a notification will be sent when the task is completed.
    • When the landing zone creation is complete, you can check the full menu of Cloud Control and the organization status on the Service Home page.
Caution
  • You cannot cancel while creating a landing zone.
  • If you fail to create a landing zone, delete the landing zone and then create it again.
Reference

When a landing zone is created, you can check the following items in Cloud Control.

  • Two organizational units: shared Account, organizational unit for the Account that the user will provision
  • Shared Account 2: Log Archive and Security Audit Isolation Account
  • Selected IAM management configuration
  • 10 preventive guardrails: Settings for policy application
  • Organization Service Control Policy Activation

Check detailed landing zone information

Landing Zone Settings page allows you to view detailed information about the landing zone.

To check the detailed information of the landing zone, follow the steps below.

  1. All Services > Management > Cloud Control Click the menu. Navigate to Cloud Control’s Service Home page.
  2. Service Home on the page click the Landing Zone Settings menu. Navigate to the Landing Zone Settings page.
CategoryDetailed description
serviceservice name
Resource TypeResource Type
SRNUnique resource ID in Samsung Cloud Platform
  • In Cloud Control, it means the SRN of the resource type
Resource NameResource Name
Resource IDUnique resource ID in the service
CreatorUser who created the service
Creation timeService creation time
ModifierUser who edited the service information
Modification DateDate Service Information Was Modified
Home RegionHome region information of the landing zone
Account Access ConfigurationHow to manage access for Account
Trail configurationTrail configuration activation status
  • maintain active status
Landing Zone DeleteDelete landing zone
Table. Landing zone configuration items

Delete landing zone

If you fail to create a landing zone or do not use it, you can delete the landing zone.

Caution
  • Deleted resources cannot be recovered.
  • Organization unit, Account, bucket, ID Center resources are not automatically deleted.
    • If you want to use the same name as an existing resource that hasn’t been deleted when recreating a landing zone, you must delete the existing resource directly before creating the landing zone.
    • Existing resources can be deleted individually from the Organization, Object Storage, and ID Center services.

To delete the landing zone, follow the steps below.

  1. All Services > Management > Cloud Control Click the menu. Navigate to Cloud Control’s Service Home page.
  2. Click the Landing Zone Settings menu on the Service Home page. You will be taken to the Landing Zone Settings page.
  3. Landing Zone Settings page, click the Landing Zone Delete button. Landing Zone Delete popup opens.
  4. Landing Zone Deletion displayed in the popup window, enter the Cloud Contorl ID into the deletion confirmation area, then click the Confirm button. The landing zone deletion request is completed.
    • While deleting the landing zone, a description about the landing zone deletion process is displayed on the Service Home page.

Managing Organization Units and Accounts

You can check the list of organization units and accounts, and register and manage them in Cloud Control.

To view and manage the organization unit and Account list, follow the steps below.

  1. All Services > Management > Cloud Control Click the menu. Navigate to Cloud Control’s Service Home page.
  2. Service Home page, click the Organization menu. Move to the Organization unit and Account management page.
  3. Organization Unit and Account Management Select the view mode located at the top right of the page.
CategoryDetailed description
View HierarchyDisplay organizational units in a hierarchical structure
Account List ViewDisplay Account list within organization
Account creationCreate a new Account
  • When the Account creation button is clicked, navigate to the Account creation page
Table. Cloud Control organization unit and Account management items

View Hierarchy

Organizational Unit and Account Management page, when you click the View Hierarchy button, you can view and manage organizational units and accounts in a hierarchical structure.

CategoryDetailed description
Create Sub-Organization UnitAdd a new organization unit under the selected organization unit
  • Enabled only when exactly one organization unit is selected in the hierarchy
MoreManage organizational units or register a new Account
  • Click the button to select Delete Organizational Unit, Register Organizational Unit, Re-register Organizational Unit, Account registration
Organization Unit/Account NameDisplay organization unit and account names in a measurement structure format
  • Click the +, - buttons to expand or collapse the hierarchy
  • Click the organization unit/account name to go to the detail page
ID/emailOrganization unit shows ID, Account shows ID and email
StatusOrganization unit or Account’s Cloud Control registration status
  • Registered, Unregistered, Registering, Registration failed
  • No status displayed for Root
Registered organization unitCloud Control registration status of sub-organization units
  • number of registered organization units / total number of organization units displayed
Registered AccountSub Account’s Cloud Control registration status
  • Number of registered Accounts / total Accounts displayed
Table. Hierarchy View Items

View Account List

Organization Unit and Account Management on the page, when you click the View Account List button, you can view and manage the Account list that constitute Cloud Control.

CategoryDetailed description
Account registrationRegister the selected Account from the Account list to Cloud Control
  • If you select an Account that is in unregistered state from the Account list, it becomes active
Account nameAccount name
Account IDAccount’s ID
EmailAccount’s user email
StatusOrganization unit or Account’s Cloud Control registration status
  • Registered, Unregistered, Registering, Registration failed
  • No status displayed for Root
Table. Account list view items

Organization and Account Detailed Information Check

You can view and edit the detailed information of the organization unit and Account.

To view detailed information, follow the steps below.

  1. All Services > Management > Cloud Control Click the menu. Navigate to Cloud Control’s Service Home page.
  2. Service Home page, click the Organization menu. Move to the Organization unit and Account management page.
  3. Organization Unit and Account Management page’s View Hierarchy button, click it.
  4. Click the name of the resource whose detailed information you want to view in the hierarchy list. You will be taken to the detailed page of that resource.

Root Detailed Information

Root detail page allows you to view and manage the detailed information of the organization Root and the sub Account list. Root Details page consists of Basic Information, Sub Account tabs.

Basic Information

You can check the basic information about organization Root and the organizational units and account count registered in Cloud Control.

CategoryDetailed description
serviceservice name
Resource TypeService Type
SRNUnique resource ID in Samsung Cloud Platform
Resource NameResource Name
Resource IDUnique resource ID in the service
CreatorUser who created the service
Creation timeService creation time
ModifierUser who edited the service information
Modification DateDate Service Information Was Modified
Registered organization unitCloud Control registration status of Root sub-organization units
  • displayed as Number of registered organization units / total organization units
Registered AccountRoot sub Account’s Cloud Control registration status
  • Number of registered Accounts / total number of Accounts displayed
Table. Root Details - Basic Information Tab Items

Sub Account

You can view and manage the list of Accounts under Root and the registration status of Cloud Control.

CategoryDetailed description
Account registrationRegister the selected Account from the Account list to Cloud Control
  • Selecting an Account in the unregistered state from the Account list activates it
Account nameAccount name
EmailAccount’s user email
StatusOrganization unit or Account’s Cloud Control registration status
  • Registered, Unregistered, Registering, Registration failed
  • No status displayed for Root
Table. Root Details - Sub Account Tab Items

Organization Unit Detailed Information

Organizational Unit Details page allows you to view and manage detailed information of the organizational unit, sub Accounts, and applied preventive guardrails. Organization Unit Details page consists of Basic Information, Sub Account, Preventive Guardrails tabs.

Basic Information

You can view basic and detailed information about the organization unit.

CategoryDetailed description
serviceservice name
Resource TypeService Type
SRNUnique resource ID in Samsung Cloud Platform
Resource NameResource Name
Resource IDUnique resource ID in the service
CreatorUser who created the service
Creation timeService creation time
ModifierUser who edited the service information
Modification Date/TimeDate and time the service information was modified
Organizational unit nameName of the organizational unit
Applied GuardrailNumber of guardrail types applied to the current organization unit
Registered organization unitCurrent organization unit’s sub-unit Cloud Control registration status
  • displayed as number of registered organization units / total number of organization units
Registered AccountCurrent organization unit sub Account’s Cloud Control registration status
  • displayed as Number of registered Accounts / total Accounts
Higher organization unitHierarchy of higher organization units of the current organization unit
Re-registrationRe-register the current organization unit to Cloud Contorl
Table. Organization Unit Details - Basic Information Tab Items

Sub Account

You can view and manage the list of sub-accounts of the organization unit.

Notice
Security organization units cannot register Account.
CategoryDetailed description
Account registrationRegister the selected Account from the Account list to Cloud Control
  • If you select an Account in unregistered state from the Account list, it becomes active
Account nameAccount name
EmailAccount’s user email
StatusOrganization unit or Account’s Cloud Control registration status
  • Registered, Unregistered, Registering, Registration failed
  • Root No status displayed
Table. Organization Unit Details - Sub Account Tab Items

Preventive Guardrail

You can view and manage the list of preventive guardrails applied at the organizational unit level.

Notice
Security in the case of organization units, cannot apply or remove the guardrail.
CategoryDetailed description
Target Service NameGuardrail applicable service name
Guardrail NameName of the guardrail
  • Clicking the guardrail name allows you to view detailed information about that guardrail
TypeApplication method
Application methodDisplay of guardrail’s application method
  • inheritance method, you can click to view detailed organizational unit name
RemoveRemove the selected guardrail from the guardrail list
  • Enabled when a guardrail is selected from the guardrail list
Apply Preventive GuardrailNew preventive guardrail can be applied at the organizational level
  • When the button is clicked, navigate to the Apply Preventive Guardrail page
Table. Organization Unit Details - Prevention Guardrail Tab Items

Account Check detailed information

Account Details page you can view the detailed information of the Account and the list of applied preventive guardrails. Account Detail page consists of Basic Information, Prevention Guardrail tabs.

Basic Information

You can view basic and detailed information about the organization unit.

CategoryDetailed description
serviceservice name
Resource TypeService Type
SRNUnique resource ID in Samsung Cloud Platform
Resource NameResource Name
Resource IDUnique resource ID in the service
CreatorUser who created the service
Creation timeService creation time
EditorUser who edited the service information
Modification DateDate Service Information Was Modified
EmailAccount’s user email
Applied GuardrailNumber of guardrail types applied to the current organization unit
ID Center usernameID Center user email
Upper organizational unitCurrent Account’s upper organization unit hierarchy
RegisterCurrent Account’s organization unit can be changed
  • For detailed information on changing the organization unit see Move Account
Table. Account Details - Basic Information Tab Items

Prevention Guardrail

You can view the list of preventive guardrails applied to the Account.

CategoryDetailed description
Target Service NameGuardrail applicable target service name
Guardrail NameName of the guardrail
  • If you click the guardrail name, you can view detailed information about that guardrail
TypeApplication Method
Application methodDisplay of the guardrail’s application method
  • inheritance method, you can click to view the detailed organizational unit name
Table. Account Details - Preventive Guardrail Tab Items

Access Portal Check access information

User and Access page you can check the Access Portal connection URL and the password required for connection.

Access Portal to check the connection information, follow the steps below.

  1. All Services > Management > Cloud Control Click the menu. Navigate to Cloud Control’s Service Home page.
  2. Service Home page, click the User and Access menu. Navigate to the User and Access page.
  3. User and Access page’s Integrated Access Management area, check the information.
CategoryDetailed description
PasswordPassword for Access Portal access
Access Portal URLAccess Portal access URL
  • When clicking the URL, Access Portal login page can be viewed in a new tab
Permission SetA collection of admin policies used by ID Center to determine the valid permissions of users who can access a specific Account
Table. Shared Account Items
Note
For detailed information about credential sources and ID Center, refer to ID Center.
Notice

If the landing zone is configured with a self‑managed Account access, refer to the following.

  • Cloud Control does not automatically create directory groups or permission sets.
  • When provisioning an Account via the Account factory or registering an existing Account, the user is automatically assigned.
  • You can manage access to the Account via ID Center or other Account access methods.

Check user credential information

On the User and Access page, you can check the user credential source type and ID Center ID.

To verify user credential information, follow the steps below.

  1. All Services > Management > Cloud Control Please click the menu. Navigate to Cloud Control’s Service Home page.
  2. Click the User and Access menu on the Service Home page. You will be taken to the User and Access page.
  3. User and Access page’s User Credential Management area, check the information.
CategoryDetailed description
Credential SourceTypes of credential sources set in ID Center
  • ID Center’s own directory: Directory within ID Center
  • AD (Active Directory): Active Directory managed directly by the user
ID Center IDID Center’s ID
  • When ID is clicked, go to the ID Center Settings page
User GroupA group formed to classify workers who perform specific tasks in an organization
Table. User Credential Management Items
Reference
  • For detailed information about credential sources and ID Center, see ID Center.
  • Management > IAM You can add users and user groups in the service. For more details, refer to IAM.

Check shared Account

You can view the shared Account information of Cloud Control.

To check the shared Account information, follow the steps below.

  1. All Services > Management > Cloud Control Click the menu. Go to the Service Home page of Cloud Control.
  2. Click the Shared Account menu on the Service Home page. Navigate to the Shared Account page.
  • Shared Account page is composed of Management Account, Log Account, Audit Account widgets.
    • Each widget displays the Account name, Account ID, and email information, and clicking the widget name navigates to that Account’s detail page.
CategoryDetailed description
Management AccountAccount that creates new accounts and manages billing and access for all accounts in the organization
Log AccountAccount used as the repository for API activity and resource configuration logs collected from all Accounts
Audit AccountLimited account that allows the security and compliance team to obtain read and write access to all accounts
Table. Shared Account Items
Overview
Managing Guardrails