Architecture — real backends, not mocks

Vyomi doesn't simulate cloud services as in-memory dictionaries. Where real software exists that already implements the contract — PostgreSQL, MinIO, Vault, NATS, DynamoDB Local — we use it. SDK conformance becomes a byproduct of architecture choice, not a CI target we chase.

Fidelity

Same wire, same bytes

When boto3 talks S3 to Vyomi, it's talking SigV4 to MinIO. Real bytes land on real disk. The SQL aws-sdk client sends to Cloud SQL? Hits real Postgres 16. No drift between simulation and production behavior on what matters: protocol fidelity.

Maintenance

Upstream does the work

MinIO, Postgres, Vault, NATS each have dedicated teams shipping protocol fixes every week. Vyomi doesn't reimplement S3 semantics or Pub/Sub guarantees — we point the SDK at the engineers who already do.

Trust

Open audit trail

Every backend is an OSS Docker image with public source. You can verify what's running, pin versions, swap implementations, or audit security advisories yourself. No black-box closed-source simulator binary.

How requests flow

Interactive C4 diagram below — pan with click-and-drag, zoom with your trackpad / wheel, jump between views with the dropdown in the top-left, hover any node for details, or click Edit in the top-right to view + edit the underlying LikeC4 DSL. Two C4 perspectives in the same dropdown:

Vyomi internals — System Context → Containers → Dispatcher middleware (3 views)
Cloud-service lifecycle — Providers → Services → Per-service simulation components (16 views: AWS·GCP·Azure)

The second perspective is the answer to "how does Vyomi simulate S3?" / "how does an EC2 instance actually get provisioned?" Click into AWS → S3 from the dropdown for a worked example.

How to drill in: Hover any box with a navigateTo arrow in its header (look for a small ↗ icon top-right of the box) and click it to zoom into the child view. Or double-click the box itself. Plain single-click only opens the element details panel ("No incoming" / "No outgoing" relationships in the current view) — not the child diagram. Skip the LikeC4 UI entirely with the direct view links below.

📐 Direct links — open any view in a new tab

L1 · Landing

Cloud Providers →

L2 · Service catalogs

AWS Services → GCP Services → Azure Services →

L3 · AWS lifecycle

EC2 → S3 → RDS → DynamoDB → Lambda → EventBridge → KMS → IAM →

L3 · GCP lifecycle

Compute Engine → Cloud Storage →

L3 · Azure lifecycle

VMs → Cosmos DB → Key Vault →

Internals

Vyomi System Context → Vyomi Containers → Dispatcher Middleware →

Source of truth: c4/cloudlearn.c4 + c4/cloud-services.c4 · build with npm run c4:build

L1 · Context

Level 1 — System Context. Who talks to Vyomi and what's around it. Click Vyomi to look inside.

👤

Developer

person

📦

SDK · CLI · IaC

software systems

⭐

Vyomi

our system

★ click

☁

Real cloud

(deploy target)

🔑

Vyomi Portal

license issuer

Real backends — full mapping

Every backend listed below ships in the standard appliance Docker Compose stack. Versions are pinned at build time. Health and provisioning state surface at /api/runtime/backends.

Real engine	Version	Backs these cloud surfaces
PostgreSQL	postgres:16-alpine	AWS RDS (Postgres) · GCP Cloud SQL (Postgres) · Azure SQL (Postgres)
MySQL	mysql:8.0	AWS RDS (MySQL) · GCP Cloud SQL (MySQL) · Azure SQL (MySQL)
MinIO	minio/minio:latest	AWS S3 (SigV4 + multipart) · Azure Blob Storage
fake-gcs-server	fsouza/fake-gcs-server:latest	GCP Cloud Storage (JSON + XML API)
Amazon DynamoDB Local	amazon/dynamodb-local:latest	AWS DynamoDB (PartiQL, streams, transactions)
ElasticMQ	softwaremill/elasticmq-native	AWS SQS (standard + FIFO, visibility timeout)
NATS + JetStream	nats:2-alpine	AWS EventBridge · GCP Eventarc · Azure Event Grid
HashiCorp Vault	hashicorp/vault:1.15	AWS KMS · AWS Secrets Manager · GCP Cloud KMS · GCP Secret Manager · Azure Key Vault (keys + secrets)
gcloud emulator — Pub/Sub	google-cloud-cli:emulators	GCP Pub/Sub (gRPC + REST)
gcloud emulator — Firestore	google-cloud-cli:emulators	GCP Firestore (gRPC + REST)
Cedar	embedded Python module	AWS IAM policy eval · GCP IAM policy eval · Azure Entra/RBAC

Services we simulate in-process

Not every cloud service has a viable open-source equivalent. For these, Vyomi implements the API contract and lifecycle directly. State persists to the appliance's SQLite store and survives restarts. Where the real cloud has rich semantics we can't replicate (e.g. live VM hardware), we model what makes the SDK + CLI calls succeed correctly.

EC2 / Compute Engine / Azure VMs — lifecycle & metadata only; backed by LXD containers when host supports it
Lambda / Cloud Functions / Function Apps — invocation simulated, real exec on Developer+ tiers via the runtime bridge
API Gateway / GCP API Gateway / APIM — route + deployment graph; request proxying is in scope for v1.x
VPC / VPC Network / VNet — topology, subnets, route tables, security groups; no real packet routing
Cosmos DB — REST contract; AMQP and gremlin are not on the v1 roadmap

Coverage matrix · Conformance Report · Back to API Reference