pub trait RoleTrustValidator: Send + Sync {
// Required method
fn validate(
&self,
account_id: &str,
role_arn: &str,
service_principal: &str,
) -> Result<(), PassRoleError>;
}Expand description
Validator that checks whether a role can be passed to a given
service. Used by Lambda / ECS / EC2 etc. to reject CreateFunction,
RegisterTaskDefinition, etc. when the supplied role’s trust policy
doesn’t allow the service principal — matching the iam:PassRole
trust-side behavior real AWS enforces unconditionally (separate from
identity-policy iam:PassRole, which sits behind the IAM evaluator).
Required Methods§
fn validate( &self, account_id: &str, role_arn: &str, service_principal: &str, ) -> Result<(), PassRoleError>
Dyn Compatibility§
This trait is dyn compatible.
In older versions of Rust, dyn compatibility was called "object safety".