Resource Access Management - RAM Test
Resource Access Management (RAM) is a service provided by Alibaba Cloud. It allows you to manage user identities and resource access permissions. RAM allows you to create and manage multiple identities under an Alibaba Cloud account, and grant diverse permissions to a single identity or a group of identities. In this way, you can authorize different identities to access different Alibaba Cloud resources.
The Resource Access Management - RAM test enables you to determine the number and names of users, groups, custom policies, and roles created using RAM for the monitored Alibaba cloud account.
Target of the test : An Alibaba Cloud Account
Agent deploying the test : A remote agent
Outputs of the test : One set of results for the target Alibaba cloud account
Parameters | Description |
---|---|
Test period |
How often should the test be executed |
Host |
The host for which the test is to be configured. |
Alibaba Access Key and Alibaba Secret Key |
This test makes REST API requests to the Alibaba cloud to pull the metrics. For this purpose, the test needs to be configured with an AccessKey pair. An AccessKey pair is typically used to call an operation of an Alibaba Cloud service. It is also used to initiate an API request or use a cloud service SDK to manager cloud resources. An AccessKey pair is characterized by an AccessKey ID and an AccessKey Secret. The AccessKey ID is used to identify a user/cloud account. The AccessKey Secret is used to verify a user/cloud account. The first step to configuring the eG agent with an AccessKey pair is to create an AccessKey pair for the target cloud acount. To achieve this, follow the steps below:
If you failed to make note of the AccessKey ID and AccessKey Secret at the time of creating the AccessKey pair, then you can obtain the same at a later point in time. Similarly, if an AccessKey pair pre-exists for the target cloud account, then you do not have to create another one. Instead, you can obtain the AccessKey ID and AccessKey Secret of the existing AccessKey pair and configure the eG agent with the same. For this, follow the steps below:
|
Detailed Diagnosis |
To make diagnosis more efficient and accurate, the eG Enterprise embeds an optional detailed diagnostic capability. With this capability, the eG agents can be configured to run detailed, more elaborate tests as and when specific problems are detected. To enable the detailed diagnosis capability of this test for a particular server, choose the On option. To disable the capability, click on the Off option. The option to selectively enable/disable the detailed diagnosis capability will be available only if the following conditions are fulfilled:
|
Measurement | Description | Measurement Unit | Interpretation |
---|---|---|---|
Users |
Indicates the total number of users created using RAM. |
Number |
Use the detailed diagnosis of this measure to know which users were created for the monitored Alibaba cloud account. |
Groups |
Indicates the total number of groups created. |
Number |
Use the detailed diagnosis of this measure to know which groups were created for the monitored Alibaba cloud account. |
Custom policies |
Indicates the count of custom policies defined using RAM. |
Number |
To grant different permissions to Resource Access Management (RAM) identities on Alibaba Cloud resources, you can attach different policies to the RAM identities. To grant different permissions to Resource Access Management (RAM) identities on Alibaba Cloud resources, you can attach different policies to the RAM identities. Use the detailed diagnosis of this measure to know which policies were created for the monitored cloud account. |
RAM roles |
Indicates the number of roles created using RAM. |
Number |
A RAM role is a virtual RAM identity that you can create in your Alibaba Cloud account. A RAM role does not have a specific logon password or AccessKey pair. A RAM user can be used only after the RAM user is assumed by a trusted entity. Use the detailed diagnosis of this measure to know which roles were created for the target cloud account. |