DocsAWS 101BlogServices

IAM

Users, roles, policies, access keys, instance profiles — metadata only (no policy evaluation).

JSON-RPC (X-Amz-Target) multi-tenant 67 operations

Quick start

import boto3
iam = boto3.client("iam", endpoint_url="http://localhost:4566",
                   region_name="us-east-1",
                   aws_access_key_id="test", aws_secret_access_key="test")
iam.create_role(RoleName="r", AssumeRolePolicyDocument="{}")
print(iam.get_role(RoleName="r")["Role"]["Arn"])

Supported operations

67 operations exposed by this service as of MiniStack 1.3.14. Extracted directly from the handler dispatch in the source module.

AddRoleToInstanceProfile AddUserToGroup AttachRolePolicy AttachUserPolicy CreateAccessKey CreateGroup CreateInstanceProfile CreateOpenIDConnectProvider CreatePolicy CreatePolicyVersion CreateRole CreateServiceLinkedRole CreateUser DeleteAccessKey DeleteGroup DeleteInstanceProfile DeleteOpenIDConnectProvider DeletePolicy DeletePolicyVersion DeleteRole DeleteRolePolicy DeleteServiceLinkedRole DeleteUser DeleteUserPolicy DetachRolePolicy DetachUserPolicy GetGroup GetInstanceProfile GetOpenIDConnectProvider GetPolicy GetPolicyVersion GetRole GetRolePolicy GetServiceLinkedRoleDeletionStatus GetUser GetUserPolicy ListAccessKeys ListAttachedRolePolicies ListAttachedUserPolicies ListEntitiesForPolicy ListGroups ListGroupsForUser ListInstanceProfiles ListInstanceProfilesForRole ListPolicies ListPolicyTags ListPolicyVersions ListRolePolicies ListRoles ListRoleTags ListUserPolicies ListUsers ListUserTags PutRolePolicy PutUserPolicy RemoveRoleFromInstanceProfile RemoveUserFromGroup SimulateCustomPolicy SimulatePrincipalPolicy TagPolicy TagRole TagUser UntagPolicy UntagRole UntagUser UpdateAssumeRolePolicy UpdateRole

CloudFormation

The CloudFormation engine provisions these resource types via this service:

AWS::IAM::Role AWS::IAM::Policy AWS::IAM::ManagedPolicy AWS::IAM::InstanceProfile

See CloudFormation engine for intrinsic support and lifecycle details.

Known limitations

  • IAM policies are stored but never evaluated — every request succeeds.
  • SimulatePrincipalPolicy / SimulateCustomPolicy return a basic allow/deny shape without genuine condition-key evaluation.

Source

  • ministack/services/iam.py:1547-1607

Read the source to verify the ops list above — dispatch tables and handler functions are the ground truth.

See also: all services · configuration · limitations.