Resource Access Management - RAM Test

Resource Access Management (RAM) is a service provided by Alibaba Cloud. It allows you to manage user identities and resource access permissions. RAM allows you to create and manage multiple identities under an Alibaba Cloud account, and grant diverse permissions to a single identity or a group of identities. In this way, you can authorize different identities to access different Alibaba Cloud resources.

The Resource Access Management - RAM test enables you to determine the number and names of users, groups, custom policies, and roles created using RAM for the monitored Alibaba cloud account.

Target of the test : An Alibaba Cloud Account

Agent deploying the test : A remote agent

Outputs of the test : One set of results for the target Alibaba cloud account

Configurable parameters for the test
Parameters Description

Test period

How often should the test be executed

Host

The host for which the test is to be configured.

Alibaba Access Key and Alibaba Secret Key

This test makes REST API requests to the Alibaba cloud to pull the metrics. For this purpose, the test needs to be configured with an AccessKey pair. An AccessKey pair is typically used to call an operation of an Alibaba Cloud service. It is also used to initiate an API request or use a cloud service SDK to manager cloud resources. An AccessKey pair is characterized by an AccessKey ID and an AccessKey Secret. The AccessKey ID is used to identify a user/cloud account. The AccessKey Secret is used to verify a user/cloud account.

The first step to configuring the eG agent with an AccessKey pair is to create an AccessKey pair for the target cloud acount. To achieve this, follow the steps below:

  1. Log on to the RAM console by using an Alibaba Cloud account.
  2. In the left-side navigation pane, click Users under Identities.
  3. On the Users page, click the username of the RAM user for which you want to create an AccessKey pair in the User Logon Name/Display Name column.
  4. On the page that appears, click Create AccessKey in the User AccessKeys section.

    Note:

    You must enter a verification code if you create an AccessKey pair for the first time.

  5. Click Close.

    Note:

    • The AccessKey secret is displayed only when you create an AccessKey pair.
    • If the AccessKey pair is leaked or lost, you must create a new one. You can create a maximum of two AccessKey pairs.

  6. Make note of the AccessKey ID and AccessKey secret, once they are displayed.
  7. Then, configure the Alibaba Access Key parameter of the test with the AccessKey ID, and the Alibaba Secret Key parameter with the AccessKey Secret you made note of.

If you failed to make note of the AccessKey ID and AccessKey Secret at the time of creating the AccessKey pair, then you can obtain the same at a later point in time. Similarly, if an AccessKey pair pre-exists for the target cloud account, then you do not have to create another one. Instead, you can obtain the AccessKey ID and AccessKey Secret of the existing AccessKey pair and configure the eG agent with the same. For this, follow the steps below:

  1. Use an Alibaba Cloud account to log on to the Alibaba Cloud Management console.
  2. Move the pointer over the profile picture in the upper-right corner, and click AccessKey.
  3. In the Security Tips message that appears, click Continue to manage AccessKey. AccessKey ID and AccessKey Secret are displayed. 
  4. Make note of the displayed ID and secret.
  5. Then, configure the Alibaba Access Key parameter of the test with the AccessKey ID, and the Alibaba Secret Key parameter with the AccessKey Secret you made note of.

Detailed Diagnosis

To make diagnosis more efficient and accurate, the eG Enterprise embeds an optional detailed diagnostic capability. With this capability, the eG agents can be configured to run detailed, more elaborate tests as and when specific problems are detected. To enable the detailed diagnosis capability of this test for a particular server, choose the On option. To disable the capability, click on the Off option.

The option to selectively enable/disable the detailed diagnosis capability will be available only if the following conditions are fulfilled:

  • The eG manager license should allow the detailed diagnosis capability
  • Both the normal and abnormal frequencies configured for the detailed diagnosis measures should not be 0.
Measurements made by the test
Measurement Description Measurement Unit Interpretation

Users

Indicates the total number of users created using RAM.

Number

Use the detailed diagnosis of this measure to know which users were created for the monitored Alibaba cloud account.

Groups

Indicates the total number of groups created.

Number

Use the detailed diagnosis of this measure to know which groups were created for the monitored Alibaba cloud account.

Custom policies

Indicates the count of custom policies defined using RAM.

Number

To grant different permissions to Resource Access Management (RAM) identities on Alibaba Cloud resources, you can attach different policies to the RAM identities. To grant different permissions to Resource Access Management (RAM) identities on Alibaba Cloud resources, you can attach different policies to the RAM identities.

Use the detailed diagnosis of this measure to know which policies were created for the monitored cloud account.

RAM roles

Indicates the number of roles created using RAM.

Number

A RAM role is a virtual RAM identity that you can create in your Alibaba Cloud account. A RAM role does not have a specific logon password or AccessKey pair. A RAM user can be used only after the RAM user is assumed by a trusted entity.

Use the detailed diagnosis of this measure to know which roles were created for the target cloud account.