To test a service, you must create a service consumer (client-side application), and use the service consumer to call the service provider (server-side application) that is deployed in your virtual private cloud (VPC). This topic describes how to grant a Resource Access Management (RAM) user the permissions that are required to test a service.
Before you begin
When you test a service as a RAM user, Alibaba Cloud performs RAM authentication to check whether the RAM user is granted the required permissions. Therefore, you must replace the permissions defined by Enterprise Distributed Application Service (EDAS) with RAM permissions. For more information, see Replace EDAS-defined permissions with RAM policies.
Create a custom policy in the RAM console and attach the policy to a RAM user
To test a service, a RAM user must be granted the following permissions: edas:ReadService
and edas:TestService
.
Log on to the RAM console with an Alibaba Cloud account.
In the left-side navigation pane, choose .
On the Policies page, click Create Policy.
- On the Create Policy page, click the JSON tab.
In the code editor, enter a custom policy and click Next to edit policy information.
The following example shows the code of a sample policy:
{ "Statement": [ { "Action": [ "edas:ReadService" ], "Effect": "Allow", "Resource": [ "acs:edas:$regionid:*:namespace/$namespace/application/$applicationId" ] }, { "Action": [ "edas:TestService" ], "Effect": "Allow", "Resource": [ "acs:edas:$regionid:*:namespace/$namespace/application/$applicationId" ] } ], "Version": "1" }
NoteReplace
$namespace
and$applicationId
with the microservices namespace and ID of the application that you want to test. To test applications in all microservices namespaces, replace both$namespace
and$applicationId
with an asterisk (*).Edit the basic information and click OK.
If the Created message appears, the custom policy is created.
Attach the custom policy to a RAM user. For more information, see Grant permissions to RAM users.