Struct IamService 

pub struct IamService { /* private fields */ }

The AWSim IAM service handler.

Implementations

impl IamService

pub fn new() -> Self

pub fn store(&self) -> AccountRegionStore<IamState>

Expose the underlying store so the gateway can wire IAM-backed principal lookup into the authz engine.

pub fn set_authz(&self, authz: Arc<AuthzEngine>)

Wire in a handle to the gateway authz engine. Done after the engine is fully built (lookups registered) so the simulator can use the same trait-object lookups for resource policies, SCPs, and grants. Idempotent — first call wins; subsequent calls are no-ops.

pub fn lookup_role_trust_policy( &self, account_id: &str, role_arn: &str, ) -> Option<String>

Look up the AssumeRolePolicyDocument (trust policy) for role_arn in account_id. Returns None if the role doesn’t exist.

Plumbed through to STS so AssumeRole can refuse callers that the trust policy doesn’t list. Real AWS evaluates the trust policy as a resource-based policy with action sts:AssumeRole against the role ARN, and so does our wiring in awsim-sts.

Trait Implementations

impl Default for IamService

fn default() -> Self

Returns the “default value” for a type.

impl ServiceHandler for IamService

fn service_name(&self) -> &str

The AWS service name (e.g., “s3”, “sqs”, “dynamodb”).

fn signing_name(&self) -> &str

The signing name used in SigV4 Authorization headers. Usually the same as service_name, but not always.

fn protocol(&self) -> Protocol

The primary protocol this service uses.

fn handle<'life0, 'life1, 'life2, 'async_trait>( &'life0 self, operation: &'life1 str, input: Value, ctx: &'life2 RequestContext, ) -> Pin<Box<dyn Future<Output = Result<Value, AwsError>> + Send + 'async_trait>>

where Self: 'async_trait, 'life0: 'async_trait, 'life1: 'async_trait, 'life2: 'async_trait,

Handle an AWS API operation.

fn iam_action(&self, operation: &str) -> Option<String>

fn iam_resource( &self, operation: &str, input: &Value, ctx: &RequestContext, ) -> Option<String>

fn snapshot(&self) -> Option<Vec<u8>>

Serialize the service’s state to bytes for persistence.

fn restore(&self, data: &[u8]) -> Result<(), String>

Restore the service’s state from a previous snapshot.

fn routes(&self) -> Vec<RouteDefinition>

Route definitions for REST-protocol services. Not needed for RPC-style protocols (awsJson, awsQuery).

fn handle_streaming<'life0, 'life1, 'life2, 'async_trait>( &'life0 self, operation: &'life1 str, input: Value, ctx: &'life2 RequestContext, ) -> Pin<Box<dyn Future<Output = Result<HandlerResult, AwsError>> + Send + 'async_trait>>

where 'life0: 'async_trait, 'life1: 'async_trait, 'life2: 'async_trait, Self: 'async_trait,

Streaming-aware variant. The default delegates to handle and wraps the JSON result so existing services don’t need to do anything; services that genuinely stream (Bedrock data plane) override this and return HandlerResult::Streaming.

fn rehydrate(&self) -> Result<(), String>

Called after every service has been restored from its snapshot, before the gateway begins serving traffic.

fn tick<'life0, 'async_trait>( &'life0 self, ) -> Pin<Box<dyn Future<Output = ()> + Send + 'async_trait>>

where 'life0: 'async_trait, Self: 'async_trait,

Periodic tick. The gateway spawns a single 1-second loop that calls tick on every registered service after the server is up. Use this hook for time-driven behavior that doesn’t fit into the request path: SQS visibility-timeout reclamation, DynamoDB TTL expiry, Lambda event-source-mapping polling, S3 lifecycle transitions, EventBridge schedule firing, SecretsManager rotation, etc.