To test a service, you must create a service consumer (client-side application), and use the service consumer to call the service provider (server-side application) that is deployed in your virtual private cloud (VPC). This topic describes how to grant a Resource Access Management (RAM) user the permissions that are required to test a service.

Prerequisites

When you test a service, Alibaba Cloud performs RAM authentication to check whether the RAM user is authorized. Therefore, you must replace Enterprise Distributed Application Service (EDAS)-defined permissions with RAM permissions. For more information, see Replace EDAS-defined permissions with RAM permission policies.

Create a custom permission policy in the RAM console and attach the policy to the RAM user

To test a service, a RAM user must be granted the following permissions: edas:ReadService and edas:TestService.

  1. Log on to the RAM console.
  2. In the left-side navigation pane, choose Permissions > Policies.
  3. On the Policies page, click Create Policy.
  4. On the Create Custom Policy page, specify Policy Name, select Script as Configuration Mode, enter the policy content in the Policy Document field, and click OK.

    The following custom permission policy is created for service testing:

    {
        "Statement": [
            {
                "Action": [
                    "edas:ReadService"
                ],
                "Effect": "Allow",
                "Resource": [
                    "acs:edas:$regionid:*:namespace/$namespace/application/$applicationId"
                ]
            },
            {
                "Action": [
                    "edas:TestService"
                ],
                "Effect": "Allow",
                "Resource": [
                    "acs:edas:$regionid:*:namespace/$namespace/application/$applicationId"
                ]
            }
        ],
        "Version": "1"
    }
    Note Replace $applicationId and $namespace with the ID and namespace of the application that you want to test. To test applications in all namespaces, replace both $namespace and $applicationId with an asterisk (*).
    When the message The custom policy is created. appears, the custom permission policy is created.
  5. For more information about how to attach the custom permission policy to a RAM user, see Grant permissions to a RAM user.