feat(integrations): AWS SES, IAM Identity Center, and enhanced IAM/STS/CloudWatch/DynamoDB

[waleedlatif1]

Summary

• Add AWS SES v2 integration with 9 operations: send email, send templated email, send bulk email, manage templates, get account info
• Add AWS IAM Identity Center integration with 12 operations: account assignments, permission sets, user/group lookup, assignment status polling
• Add 3 new IAM tools: list attached role policies, list attached user policies, simulate principal policy
• Fix DynamoDB duplicate subBlock IDs (renamed to operation-scoped IDs), add subblock migrations for backwards compatibility with existing workflows
• Fix CloudWatch, STS, DynamoDB, and IAM routes: adopt withRouteHandler, toError, client.destroy(), nullable Zod schemas
• Fix Identity Center: list_instances missing pagination, list_groups incorrect instanceArn condition
• Apply withRouteHandler to all new route files (SES, Identity Center, new IAM routes)
• Add docs for Identity Center and SES integrations

Type of Change

• New feature

Testing

Tested manually

Checklist

• Code follows project style guidelines
• Self-reviewed my changes
• Tests added/updated and passing
• No new warnings introduced
• I confirm that I have read and agree to the terms outlined in the Contributor License Agreement (CLA)

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

1 Skipped Deployment

Project	Deployment	Actions	Updated (UTC)
docs	Skipped		Apr 21, 2026 10:58pm

[cursor]

PR Summary

Medium Risk
Adds new public-facing contact endpoint plus new AWS integrations and expands AWS tool APIs (IAM/DynamoDB/CloudWatch), which could affect request validation, pagination, and email delivery behavior. Most changes are additive but touch infra-adjacent routes and AWS SDK client lifecycle/error handling.

Overview
Adds new integrations for AWS IAM Identity Center and AWS SES in the docs and landing integrations catalog, including new icons and tool metadata entries.

Expands AWS tool surface area and docs: IAM gains endpoints/docs for listing attached role/user policies and simulating principal policy; DynamoDB endpoints/docs add conditional writes/deletes plus pagination/sort controls for query/scan; STS and CloudWatch docs are clarified and CloudWatch routes are updated to improve logging, error formatting (toError), and ensure AWS clients are destroy()’d.

Adds a new /contact landing page with a client-side contact form and a new POST /api/contact route that validates input, rate-limits by IP, emails help@…, and attempts a confirmation email to the submitter.

^{Reviewed by Cursor Bugbot for commit 8e64140. Configure here.}

[waleedlatif1]

@greptile

[waleedlatif1]

@cursor review

[greptile-apps]

Greptile Summary

This PR adds AWS SES v2 (9 operations), AWS IAM Identity Center (12 operations), and 3 new IAM tools, while refactoring existing CloudWatch, DynamoDB, IAM, and STS routes to use withRouteHandler, toError, and client.destroy(). It also fixes duplicate subblock IDs in the DynamoDB block with a migration and backward-compatible fallbacks in the params function.

Confidence Score: 5/5

PR is safe to merge; all previously reported issues have been addressed and no new blocking defects were found.

All previously flagged issues (delete conditionExpression fallback, pageSize min(0), send-email bodyText/bodyHtml refine check) have replies indicating they were fixed. The DynamoDB migration has correct fallback chains (updateKey || getKey, deleteKey || getKey, scanFilterExpression || queryFilterExpression) covering legacy workflows. New SES, Identity Center, and IAM tools follow consistent patterns with withRouteHandler, client.destroy(), and toError. Remaining findings are P2 style suggestions only.

No files require special attention.

Important Files Changed

Filename	Overview
apps/sim/lib/workflows/migrations/subblock-migrations.ts	Adds DynamoDB subblock ID migrations mapping shared IDs (key, filterExpression, expressionAttributeNames, expressionAttributeValues, limit, conditionExpression) to operation-scoped IDs; the params function has correct getKey/queryFilterExpression fallbacks for update/delete operations.
apps/sim/blocks/blocks/dynamodb.ts	Renames duplicate subblock IDs to operation-scoped IDs and adds backward-compatible fallbacks (e.g. updateKey
apps/sim/blocks/blocks/ses.ts	New SES block with 9 operations; correct credential visibility (password: true), send_email refine check for bodyText/bodyHtml, and proper pageSize parsing.
apps/sim/blocks/blocks/identity_center.ts	New Identity Center block with 12 operations; instanceArn correctly excluded for operations using the IdentityStore/Organizations client; all required fields properly conditioned.
apps/sim/app/api/tools/ses/utils.ts	New SES utility file wrapping SESv2Client; sendEmail, sendTemplatedEmail, sendBulkEmail, listIdentities, listTemplates, CRUD for templates all look correct.
apps/sim/app/api/tools/identity-center/utils.ts	New Identity Center utility; createOrganizationsClient correctly hard-codes us-east-1 for the Organizations API; all SSO Admin and IdentityStore operations look correct.
apps/sim/app/api/tools/iam/utils.ts	Adds listAttachedRolePolicies, listAttachedUserPolicies, and simulatePrincipalPolicy; getUser correctly made optional to default to the caller when userName is omitted.
apps/sim/app/api/tools/ses/send-email/route.ts	New SES send-email route; bodyText/bodyHtml refine check is present; withRouteHandler and client.destroy() correctly applied.
apps/sim/app/api/tools/ses/send-bulk-email/route.ts	Bulk email route parses and re-validates destinations JSON against DestinationSchema before sending; correct error handling.
apps/sim/app/api/tools/identity-center/list-instances/route.ts	Fixed list-instances route now accepts maxResults and nextToken for proper pagination; withRouteHandler applied.
apps/sim/app/api/tools/iam/simulate-principal-policy/route.ts	New simulate-principal-policy route; actionNames comma parsing handled in util; resourceArns defaults to * when not provided.

Flowchart

%%{init: {'theme': 'neutral'}}%%
flowchart TD
    A[Block params function] --> B{operation}
    B --> C[SES Block - 9 ops]
    B --> D[Identity Center Block - 12 ops]
    B --> E[IAM Block - 3 new ops]
    B --> F[DynamoDB Block - refactored]

    C --> C1[send_email / send_templated_email / send_bulk_email]
    C --> C2[list_identities / get_account]
    C --> C3[create / get / list / delete template]

    D --> D1[list_instances / list_accounts / describe_account]
    D --> D2[list_permission_sets / get_user / get_group / list_groups]
    D --> D3[create / delete account_assignment / check status / list_account_assignments]

    E --> E1[list_attached_role_policies]
    E --> E2[list_attached_user_policies]
    E --> E3[simulate_principal_policy]

    F --> MIG[Migration: shared IDs to scoped IDs]
    MIG --> M1[key to getKey]
    MIG --> M2[filterExpression to queryFilterExpression]
    MIG --> M3[conditionExpression to updateConditionExpression]
    F --> FB[Params fallbacks in code]
    FB --> FB1[updateKey OR getKey]
    FB --> FB2[deleteKey OR getKey]
    FB --> FB3[scanFilterExpression OR queryFilterExpression]

    D1 --> AWS1[OrganizationsClient - us-east-1]
    D2 --> AWS2[IdentitystoreClient]
    D3 --> AWS3[SSOAdminClient]
    C1 --> AWS4[SESv2Client]

Loading

_{Reviews (4): Last reviewed commit: "fix(aws): add gradient background to Ide..." | Re-trigger Greptile}

[waleedlatif1]

@greptile

[waleedlatif1]

@cursor review

[waleedlatif1]

@greptile

[waleedlatif1]

@cursor review

[waleedlatif1]

@greptile

[waleedlatif1]

@cursor review

[waleedlatif1]

@greptile

[waleedlatif1]

@cursor review

[cursor]

✅ Bugbot reviewed your changes and found no new issues!

Comment @cursor review or bugbot run to trigger another review on this PR

^{Reviewed by Cursor Bugbot for commit 8e64140. Configure here.}