The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Actions	Updated (UTC)
docs	Ready	Preview, Comment	Apr 13, 2026 11:33pm

️✅ There are no secrets present in this pull request anymore.

If these secrets were true positive and are still valid, we highly recommend you to revoke them.
While these secrets were previously flagged, we no longer have a reference to the
specific commits where they were detected. Once a secret has been leaked into a git
repository, you should consider it compromised, even if it was deleted immediately.
Find here more information about risks.

^{_{🦉 GitGuardian detects secrets in your source code to help developers and security teams secure the modern development process. You are seeing this because you or someone else with access to this repository has authorized GitGuardian to scan your pull request.}}

PR Summary

High Risk
Adds new IAM/STS API routes and tools that accept AWS credentials and can create/modify identities, policies, roles, and access keys, making failures or misuse security-impacting. No automated tests are included, so regressions in request validation or tool wiring may be missed.

Overview
Adds new AWS IAM and STS integrations across docs and the Sim app, including new icons, docs pages, and entries in tool metadata and landing-page integration lists.

Implements authenticated Next.js API endpoints plus shared AWS SDK clients/utilities for IAM (users/roles/policies/groups/access keys) and STS (assume role, caller identity, session token, access key info), and wires them into the tool/block registries so they can be invoked as iam_* and sts_* tools.

^{Reviewed by Cursor Bugbot for commit 64acaa6. Configure here.}

Greptile Summary

Adds AWS IAM (18 operations) and STS (4 operations) integrations following the standard tools/block/icon/route pattern. Prior review feedback on durationSeconds range validation and version format has been addressed; a distinct STSIcon was also added.

Confidence Score: 5/5

Safe to merge — all findings are P2 quality suggestions with no blocking defects.

Prior review concerns (durationSeconds range validation, STS version format, distinct STSIcon) are fully addressed. The two remaining findings are minor: a missing JSON refine on assumeRolePolicyDocument and a missing .int() on maxItems. Neither causes incorrect behavior in the normal flow.

apps/sim/app/api/tools/iam/create-role/route.ts (JSON validation), apps/sim/app/api/tools/iam/list-{users,roles,groups,policies}/route.ts (integer validation for maxItems)

Important Files Changed

Sequence Diagram

sequenceDiagram
    participant UI as Workflow UI
    participant Exec as Executor
    participant Route as API Route
    participant Utils as IAM/STS Utils
    participant AWS as AWS SDK

    UI->>Exec: Run IAM/STS block
    Exec->>Route: POST /api/tools/iam/{operation}
    Note over Route: checkInternalAuth
    Note over Route: Zod schema validation
    Route->>Utils: createIAMClient(credentials)
    Utils-->>Route: IAMClient
    Route->>Utils: operation(client, params)
    Utils->>AWS: SDK Command (e.g. CreateUserCommand)
    AWS-->>Utils: AWS response
    Utils-->>Route: Mapped result object
    Note over Route: client.destroy()
    Route-->>Exec: JSON response
    Exec-->>UI: Tool output (block outputs)

_{Reviews (2): Last reviewed commit: "lint" | Re-trigger Greptile}

@greptile

@cursor review