winterbaume-ssoadmin

SSO Admin (IAM Identity Center) service implementation for winterbaume.

Coverage

Metric	Value
Service	SSO Admin
AWS model	sso-admin
Protocol	awsJson1.1
winterbaume coverage	27/79 operations (34.2%)
stubs (routed, returns empty/default)	1/79 operations (1.3%)
moto coverage	25/79 operations (31.6%)
floci coverage	0/79 operations (0.0%)
kumo coverage	0/79 operations (0.0%)
Coverage report date	2026-05-13

Server-mode usage

Start winterbaume-server and point the AWS CLI at it:

cargo run -p winterbaume-server -- --host 127.0.0.1 --port 5555

export AWS_ENDPOINT_URL=http://localhost:5555
aws ssoadmin help

Example

use aws_sdk_ssoadmin::config::BehaviorVersion;
use winterbaume_core::MockAws;
use winterbaume_ssoadmin::SsoAdminService;

const INSTANCE_ARN: &str = "arn:aws:sso:::instance/ssoins-0123456789abcdef";

#[tokio::main]
async fn main() {
    let mock = MockAws::builder()
        .with_service(SsoAdminService::new())
        .build();

    let config = aws_config::defaults(BehaviorVersion::latest())
        .http_client(mock.http_client())
        .credentials_provider(mock.credentials_provider())
        .region(aws_sdk_ssoadmin::config::Region::new("us-east-1"))
        .load()
        .await;

    let client = aws_sdk_ssoadmin::Client::new(&config);

    let resp = client
        .list_instances()
        .send()
        .await
        .expect("list_instances should succeed");
    println!("SSO Admin instances: {:?}", resp.instances());

    // Create a permission set
    let ps_resp = client
        .create_permission_set()
        .instance_arn(INSTANCE_ARN)
        .name("ExamplePermissionSet")
        .description("Created by winterbaume example")
        .session_duration("PT4H")
        .send()
        .await
        .expect("create_permission_set should succeed");
    let ps = ps_resp.permission_set().expect("permission set present");
    println!("Created permission set: {:?}", ps.permission_set_arn());

    // List all permission sets
    let list_resp = client
        .list_permission_sets()
        .instance_arn(INSTANCE_ARN)
        .send()
        .await
        .expect("list_permission_sets should succeed");
    println!("All permission set ARNs: {:?}", list_resp.permission_sets());
}

Implemented APIs (27)

• AttachCustomerManagedPolicyReferenceToPermissionSet
• AttachManagedPolicyToPermissionSet
• CreateAccountAssignment
• CreatePermissionSet
• DeleteAccountAssignment
• DeleteInlinePolicyFromPermissionSet
• DeletePermissionSet
• DescribeAccountAssignmentCreationStatus
• DescribeAccountAssignmentDeletionStatus
• DescribePermissionSet
• DetachCustomerManagedPolicyReferenceFromPermissionSet
• DetachManagedPolicyFromPermissionSet
• GetInlinePolicyForPermissionSet
• ListAccountAssignments
• ListAccountAssignmentsForPrincipal
• ListAccountsForProvisionedPermissionSet
• ListCustomerManagedPolicyReferencesInPermissionSet
• ListManagedPoliciesInPermissionSet
• ListPermissionSets
• ListPermissionSetsProvisionedToAccount
• ListTagsForResource
• ProvisionPermissionSet
• PutInlinePolicyToPermissionSet
• TagResource
• UntagResource
• UpdateInstance
• UpdatePermissionSet

Stubbed APIs (1) — routed but return an empty/default response

• ListInstances

Not yet implemented APIs (51)

• AddRegion
• CreateApplication
• CreateApplicationAssignment
• CreateInstance
• CreateInstanceAccessControlAttributeConfiguration
• CreateTrustedTokenIssuer
• DeleteApplication
• DeleteApplicationAccessScope
• DeleteApplicationAssignment
• DeleteApplicationAuthenticationMethod
• DeleteApplicationGrant
• DeleteInstance
• DeleteInstanceAccessControlAttributeConfiguration
• DeletePermissionsBoundaryFromPermissionSet
• DeleteTrustedTokenIssuer
• DescribeApplication
• DescribeApplicationAssignment
• DescribeApplicationProvider
• DescribeInstance
• DescribeInstanceAccessControlAttributeConfiguration
• DescribePermissionSetProvisioningStatus
• DescribeRegion
• DescribeTrustedTokenIssuer
• GetApplicationAccessScope
• GetApplicationAssignmentConfiguration
• GetApplicationAuthenticationMethod
• GetApplicationGrant
• GetApplicationSessionConfiguration
• GetPermissionsBoundaryForPermissionSet
• ListAccountAssignmentCreationStatus
• ListAccountAssignmentDeletionStatus
• ListApplicationAccessScopes
• ListApplicationAssignments
• ListApplicationAssignmentsForPrincipal
• ListApplicationAuthenticationMethods
• ListApplicationGrants
• ListApplicationProviders
• ListApplications
• ListPermissionSetProvisioningStatus
• ListRegions
• ListTrustedTokenIssuers
• PutApplicationAccessScope
• PutApplicationAssignmentConfiguration
• PutApplicationAuthenticationMethod
• PutApplicationGrant
• PutApplicationSessionConfiguration
• PutPermissionsBoundaryToPermissionSet
• RemoveRegion
• UpdateApplication
• UpdateInstanceAccessControlAttributeConfiguration
• UpdateTrustedTokenIssuer