2026/03/31 - MailManager - 7 updated api methods
Changes Amazon SES Mail Manager now supports optional TLS policy for accepting unencrypted connections and mTLS authentication for ingress endpoints with configurable trust stores. Two new rule actions are available, Bounce for sending non-delivery reports and Lambda invocation for custom email processing.
{'IngressPointConfiguration': {'TlsAuthConfiguration': {'TrustStore': {'CAContent': 'string',
'CrlContent': 'string',
'KmsKeyArn': 'string'}}},
'TlsPolicy': 'REQUIRED | OPTIONAL | FIPS',
'Type': {'MTLS'}}
Provision a new ingress endpoint resource.
See also: AWS API Documentation
Request Syntax
client.create_ingress_point(
ClientToken='string',
IngressPointName='string',
Type='OPEN'|'AUTH'|'MTLS',
RuleSetId='string',
TrafficPolicyId='string',
IngressPointConfiguration={
'SmtpPassword': 'string',
'SecretArn': 'string',
'TlsAuthConfiguration': {
'TrustStore': {
'CAContent': 'string',
'CrlContent': 'string',
'KmsKeyArn': 'string'
}
}
},
NetworkConfiguration={
'PublicNetworkConfiguration': {
'IpType': 'IPV4'|'DUAL_STACK'
},
'PrivateNetworkConfiguration': {
'VpcEndpointId': 'string'
}
},
TlsPolicy='REQUIRED'|'OPTIONAL'|'FIPS',
Tags=[
{
'Key': 'string',
'Value': 'string'
},
]
)
string
A unique token that Amazon SES uses to recognize subsequent retries of the same request.
This field is autopopulated if not provided.
string
[REQUIRED]
A user friendly name for an ingress endpoint resource.
string
[REQUIRED]
The type of the ingress endpoint to create.
string
[REQUIRED]
The identifier of an existing rule set that you attach to an ingress endpoint resource.
string
[REQUIRED]
The identifier of an existing traffic policy that you attach to an ingress endpoint resource.
dict
If you choose an Authenticated ingress endpoint, you must configure either an SMTP password or a secret ARN.
SmtpPassword (string) --
The password of the ingress endpoint resource.
SecretArn (string) --
The SecretsManager::Secret ARN of the ingress endpoint resource.
TlsAuthConfiguration (dict) --
The mutual TLS authentication configuration of the ingress endpoint resource.
TrustStore (dict) --
The trust store configuration for mutual TLS authentication.
CAContent (string) -- [REQUIRED]
The PEM-encoded certificate authority (CA) certificates bundle for the trust store.
CrlContent (string) --
The PEM-encoded certificate revocation lists (CRLs) for the trust store. There can be one CRL per certificate authority (CA) in the trust store.
KmsKeyArn (string) --
The Amazon Resource Name (ARN) of the KMS key used to encrypt the trust store contents.
dict
Specifies the network configuration for the ingress point. This allows you to create an IPv4-only, Dual-Stack, or PrivateLink type of ingress point. If not specified, the default network type is IPv4-only.
PublicNetworkConfiguration (dict) --
Specifies the network configuration for the public ingress point.
IpType (string) -- [REQUIRED]
The IP address type for the public ingress point. Valid values are IPV4 and DUAL_STACK.
PrivateNetworkConfiguration (dict) --
Specifies the network configuration for the private ingress point.
VpcEndpointId (string) -- [REQUIRED]
The identifier of the VPC endpoint to associate with this private ingress point.
string
The Transport Layer Security (TLS) policy for the ingress point. The FIPS value is only valid in US and Canada regions.
list
The tags used to organize, track, or control access for the resource. For example, { "tags": {"key1":"value1", "key2":"value2"} }.
(dict) --
A key-value pair (the value is optional), that you can define and assign to Amazon Web Services resources.
Key (string) -- [REQUIRED]
The key of the key-value tag.
Value (string) -- [REQUIRED]
The value of the key-value tag.
dict
Response Syntax
{
'IngressPointId': 'string'
}
Response Structure
(dict) --
IngressPointId (string) --
The unique identifier for a previously created ingress endpoint.
{'Rules': {'Actions': {'Bounce': {'ActionFailurePolicy': 'CONTINUE | DROP',
'DiagnosticMessage': 'string',
'Message': 'string',
'RoleArn': 'string',
'Sender': 'string',
'SmtpReplyCode': 'string',
'StatusCode': 'string'},
'InvokeLambda': {'ActionFailurePolicy': 'CONTINUE | '
'DROP',
'FunctionArn': 'string',
'InvocationType': 'EVENT | '
'REQUEST_RESPONSE',
'RetryTimeMinutes': 'integer',
'RoleArn': 'string'}},
'Conditions': {'StringExpression': {'Evaluate': {'ClientCertificateAttribute': 'CN '
'| '
'SAN_RFC822_NAME '
'| '
'SAN_DNS_NAME '
'| '
'SAN_DIRECTORY_NAME '
'| '
'SAN_UNIFORM_RESOURCE_IDENTIFIER '
'| '
'SAN_IP_ADDRESS '
'| '
'SAN_REGISTERED_ID '
'| '
'SERIAL_NUMBER'}}},
'Unless': {'StringExpression': {'Evaluate': {'ClientCertificateAttribute': 'CN '
'| '
'SAN_RFC822_NAME '
'| '
'SAN_DNS_NAME '
'| '
'SAN_DIRECTORY_NAME '
'| '
'SAN_UNIFORM_RESOURCE_IDENTIFIER '
'| '
'SAN_IP_ADDRESS '
'| '
'SAN_REGISTERED_ID '
'| '
'SERIAL_NUMBER'}}}}}
Provision a new rule set.
See also: AWS API Documentation
Request Syntax
client.create_rule_set(
ClientToken='string',
RuleSetName='string',
Rules=[
{
'Name': 'string',
'Conditions': [
{
'BooleanExpression': {
'Evaluate': {
'Attribute': 'READ_RECEIPT_REQUESTED'|'TLS'|'TLS_WRAPPED',
'Analysis': {
'Analyzer': 'string',
'ResultField': 'string'
},
'IsInAddressList': {
'Attribute': 'RECIPIENT'|'MAIL_FROM'|'SENDER'|'FROM'|'TO'|'CC',
'AddressLists': [
'string',
]
}
},
'Operator': 'IS_TRUE'|'IS_FALSE'
},
'StringExpression': {
'Evaluate': {
'Attribute': 'MAIL_FROM'|'HELO'|'RECIPIENT'|'SENDER'|'FROM'|'SUBJECT'|'TO'|'CC',
'MimeHeaderAttribute': 'string',
'Analysis': {
'Analyzer': 'string',
'ResultField': 'string'
},
'ClientCertificateAttribute': 'CN'|'SAN_RFC822_NAME'|'SAN_DNS_NAME'|'SAN_DIRECTORY_NAME'|'SAN_UNIFORM_RESOURCE_IDENTIFIER'|'SAN_IP_ADDRESS'|'SAN_REGISTERED_ID'|'SERIAL_NUMBER'
},
'Operator': 'EQUALS'|'NOT_EQUALS'|'STARTS_WITH'|'ENDS_WITH'|'CONTAINS',
'Values': [
'string',
]
},
'NumberExpression': {
'Evaluate': {
'Attribute': 'MESSAGE_SIZE'
},
'Operator': 'EQUALS'|'NOT_EQUALS'|'LESS_THAN'|'GREATER_THAN'|'LESS_THAN_OR_EQUAL'|'GREATER_THAN_OR_EQUAL',
'Value': 123.0
},
'IpExpression': {
'Evaluate': {
'Attribute': 'SOURCE_IP'
},
'Operator': 'CIDR_MATCHES'|'NOT_CIDR_MATCHES',
'Values': [
'string',
]
},
'VerdictExpression': {
'Evaluate': {
'Attribute': 'SPF'|'DKIM',
'Analysis': {
'Analyzer': 'string',
'ResultField': 'string'
}
},
'Operator': 'EQUALS'|'NOT_EQUALS',
'Values': [
'PASS'|'FAIL'|'GRAY'|'PROCESSING_FAILED',
]
},
'DmarcExpression': {
'Operator': 'EQUALS'|'NOT_EQUALS',
'Values': [
'NONE'|'QUARANTINE'|'REJECT',
]
}
},
],
'Unless': [
{
'BooleanExpression': {
'Evaluate': {
'Attribute': 'READ_RECEIPT_REQUESTED'|'TLS'|'TLS_WRAPPED',
'Analysis': {
'Analyzer': 'string',
'ResultField': 'string'
},
'IsInAddressList': {
'Attribute': 'RECIPIENT'|'MAIL_FROM'|'SENDER'|'FROM'|'TO'|'CC',
'AddressLists': [
'string',
]
}
},
'Operator': 'IS_TRUE'|'IS_FALSE'
},
'StringExpression': {
'Evaluate': {
'Attribute': 'MAIL_FROM'|'HELO'|'RECIPIENT'|'SENDER'|'FROM'|'SUBJECT'|'TO'|'CC',
'MimeHeaderAttribute': 'string',
'Analysis': {
'Analyzer': 'string',
'ResultField': 'string'
},
'ClientCertificateAttribute': 'CN'|'SAN_RFC822_NAME'|'SAN_DNS_NAME'|'SAN_DIRECTORY_NAME'|'SAN_UNIFORM_RESOURCE_IDENTIFIER'|'SAN_IP_ADDRESS'|'SAN_REGISTERED_ID'|'SERIAL_NUMBER'
},
'Operator': 'EQUALS'|'NOT_EQUALS'|'STARTS_WITH'|'ENDS_WITH'|'CONTAINS',
'Values': [
'string',
]
},
'NumberExpression': {
'Evaluate': {
'Attribute': 'MESSAGE_SIZE'
},
'Operator': 'EQUALS'|'NOT_EQUALS'|'LESS_THAN'|'GREATER_THAN'|'LESS_THAN_OR_EQUAL'|'GREATER_THAN_OR_EQUAL',
'Value': 123.0
},
'IpExpression': {
'Evaluate': {
'Attribute': 'SOURCE_IP'
},
'Operator': 'CIDR_MATCHES'|'NOT_CIDR_MATCHES',
'Values': [
'string',
]
},
'VerdictExpression': {
'Evaluate': {
'Attribute': 'SPF'|'DKIM',
'Analysis': {
'Analyzer': 'string',
'ResultField': 'string'
}
},
'Operator': 'EQUALS'|'NOT_EQUALS',
'Values': [
'PASS'|'FAIL'|'GRAY'|'PROCESSING_FAILED',
]
},
'DmarcExpression': {
'Operator': 'EQUALS'|'NOT_EQUALS',
'Values': [
'NONE'|'QUARANTINE'|'REJECT',
]
}
},
],
'Actions': [
{
'Drop': {}
,
'Relay': {
'ActionFailurePolicy': 'CONTINUE'|'DROP',
'Relay': 'string',
'MailFrom': 'REPLACE'|'PRESERVE'
},
'Archive': {
'ActionFailurePolicy': 'CONTINUE'|'DROP',
'TargetArchive': 'string'
},
'WriteToS3': {
'ActionFailurePolicy': 'CONTINUE'|'DROP',
'RoleArn': 'string',
'S3Bucket': 'string',
'S3Prefix': 'string',
'S3SseKmsKeyId': 'string'
},
'Send': {
'ActionFailurePolicy': 'CONTINUE'|'DROP',
'RoleArn': 'string'
},
'AddHeader': {
'HeaderName': 'string',
'HeaderValue': 'string'
},
'ReplaceRecipient': {
'ReplaceWith': [
'string',
]
},
'DeliverToMailbox': {
'ActionFailurePolicy': 'CONTINUE'|'DROP',
'MailboxArn': 'string',
'RoleArn': 'string'
},
'DeliverToQBusiness': {
'ActionFailurePolicy': 'CONTINUE'|'DROP',
'ApplicationId': 'string',
'IndexId': 'string',
'RoleArn': 'string'
},
'PublishToSns': {
'ActionFailurePolicy': 'CONTINUE'|'DROP',
'TopicArn': 'string',
'RoleArn': 'string',
'Encoding': 'UTF-8'|'BASE64',
'PayloadType': 'HEADERS'|'CONTENT'
},
'Bounce': {
'ActionFailurePolicy': 'CONTINUE'|'DROP',
'RoleArn': 'string',
'Sender': 'string',
'StatusCode': 'string',
'SmtpReplyCode': 'string',
'DiagnosticMessage': 'string',
'Message': 'string'
},
'InvokeLambda': {
'ActionFailurePolicy': 'CONTINUE'|'DROP',
'FunctionArn': 'string',
'InvocationType': 'EVENT'|'REQUEST_RESPONSE',
'RoleArn': 'string',
'RetryTimeMinutes': 123
}
},
]
},
],
Tags=[
{
'Key': 'string',
'Value': 'string'
},
]
)
string
A unique token that Amazon SES uses to recognize subsequent retries of the same request.
This field is autopopulated if not provided.
string
[REQUIRED]
A user-friendly name for the rule set.
list
[REQUIRED]
Conditional rules that are evaluated for determining actions on email.
(dict) --
A rule contains conditions, "unless conditions" and actions. For each envelope recipient of an email, if all conditions match and none of the "unless conditions" match, then all of the actions are executed sequentially. If no conditions are provided, the rule always applies and the actions are implicitly executed. If only "unless conditions" are provided, the rule applies if the email does not match the evaluation of the "unless conditions".
Name (string) --
The user-friendly name of the rule.
Conditions (list) --
The conditions of this rule. All conditions must match the email for the actions to be executed. An empty list of conditions means that all emails match, but are still subject to any "unless conditions"
(dict) --
The conditional expression used to evaluate an email for determining if a rule action should be taken.
BooleanExpression (dict) --
The condition applies to a boolean expression passed in this field.
Evaluate (dict) -- [REQUIRED]
The operand on which to perform a boolean condition operation.
Attribute (string) --
The boolean type representing the allowed attribute types for an email.
Analysis (dict) --
The Add On ARN and its returned value to evaluate in a boolean condition expression.
Analyzer (string) -- [REQUIRED]
The Amazon Resource Name (ARN) of an Add On.
ResultField (string) -- [REQUIRED]
The returned value from an Add On.
IsInAddressList (dict) --
The structure representing the address lists and address list attribute that will be used in evaluation of boolean expression.
Attribute (string) -- [REQUIRED]
The email attribute that needs to be evaluated against the address list.
AddressLists (list) -- [REQUIRED]
The address lists that will be used for evaluation.
(string) --
Operator (string) -- [REQUIRED]
The matching operator for a boolean condition expression.
StringExpression (dict) --
The condition applies to a string expression passed in this field.
Evaluate (dict) -- [REQUIRED]
The string to evaluate in a string condition expression.
Attribute (string) --
The email attribute to evaluate in a string condition expression.
MimeHeaderAttribute (string) --
The email MIME X-Header attribute to evaluate in a string condition expression.
Analysis (dict) --
The Add On ARN and its returned value to evaluate in a string condition expression.
Analyzer (string) -- [REQUIRED]
The Amazon Resource Name (ARN) of an Add On.
ResultField (string) -- [REQUIRED]
The returned value from an Add On.
ClientCertificateAttribute (string) --
The client certificate attribute to evaluate in a string condition expression.
Operator (string) -- [REQUIRED]
The matching operator for a string condition expression.
Values (list) -- [REQUIRED]
The string(s) to be evaluated in a string condition expression. For all operators, except for NOT_EQUALS, if multiple values are given, the values are processed as an OR. That is, if any of the values match the email's string using the given operator, the condition is deemed to match. However, for NOT_EQUALS, the condition is only deemed to match if none of the given strings match the email's string.
(string) --
NumberExpression (dict) --
The condition applies to a number expression passed in this field.
Evaluate (dict) -- [REQUIRED]
The number to evaluate in a numeric condition expression.
Attribute (string) --
An email attribute that is used as the number to evaluate.
Operator (string) -- [REQUIRED]
The operator for a numeric condition expression.
Value (float) -- [REQUIRED]
The value to evaluate in a numeric condition expression.
IpExpression (dict) --
The condition applies to an IP address expression passed in this field.
Evaluate (dict) -- [REQUIRED]
The IP address to evaluate in this condition.
Attribute (string) --
The attribute of the email to evaluate.
Operator (string) -- [REQUIRED]
The operator to evaluate the IP address.
Values (list) -- [REQUIRED]
The IP CIDR blocks in format "x.y.z.w/n" (eg 10.0.0.0/8) to match with the email's IP address. For the operator CIDR_MATCHES, if multiple values are given, they are evaluated as an OR. That is, if the IP address is contained within any of the given CIDR ranges, the condition is deemed to match. For NOT_CIDR_MATCHES, if multiple CIDR ranges are given, the condition is deemed to match if the IP address is not contained in any of the given CIDR ranges.
(string) --
VerdictExpression (dict) --
The condition applies to a verdict expression passed in this field.
Evaluate (dict) -- [REQUIRED]
The verdict to evaluate in a verdict condition expression.
Attribute (string) --
The email verdict attribute to evaluate in a string verdict expression.
Analysis (dict) --
The Add On ARN and its returned value to evaluate in a verdict condition expression.
Analyzer (string) -- [REQUIRED]
The Amazon Resource Name (ARN) of an Add On.
ResultField (string) -- [REQUIRED]
The returned value from an Add On.
Operator (string) -- [REQUIRED]
The matching operator for a verdict condition expression.
Values (list) -- [REQUIRED]
The values to match with the email's verdict using the given operator. For the EQUALS operator, if multiple values are given, the condition is deemed to match if any of the given verdicts match that of the email. For the NOT_EQUALS operator, if multiple values are given, the condition is deemed to match of none of the given verdicts match the verdict of the email.
(string) --
DmarcExpression (dict) --
The condition applies to a DMARC policy expression passed in this field.
Operator (string) -- [REQUIRED]
The operator to apply to the DMARC policy of the incoming email.
Values (list) -- [REQUIRED]
The values to use for the given DMARC policy operator. For the operator EQUALS, if multiple values are given, they are evaluated as an OR. That is, if any of the given values match, the condition is deemed to match. For the operator NOT_EQUALS, if multiple values are given, they are evaluated as an AND. That is, only if the email's DMARC policy is not equal to any of the given values, then the condition is deemed to match.
(string) --
Unless (list) --
The "unless conditions" of this rule. None of the conditions can match the email for the actions to be executed. If any of these conditions do match the email, then the actions are not executed.
(dict) --
The conditional expression used to evaluate an email for determining if a rule action should be taken.
BooleanExpression (dict) --
The condition applies to a boolean expression passed in this field.
Evaluate (dict) -- [REQUIRED]
The operand on which to perform a boolean condition operation.
Attribute (string) --
The boolean type representing the allowed attribute types for an email.
Analysis (dict) --
The Add On ARN and its returned value to evaluate in a boolean condition expression.
Analyzer (string) -- [REQUIRED]
The Amazon Resource Name (ARN) of an Add On.
ResultField (string) -- [REQUIRED]
The returned value from an Add On.
IsInAddressList (dict) --
The structure representing the address lists and address list attribute that will be used in evaluation of boolean expression.
Attribute (string) -- [REQUIRED]
The email attribute that needs to be evaluated against the address list.
AddressLists (list) -- [REQUIRED]
The address lists that will be used for evaluation.
(string) --
Operator (string) -- [REQUIRED]
The matching operator for a boolean condition expression.
StringExpression (dict) --
The condition applies to a string expression passed in this field.
Evaluate (dict) -- [REQUIRED]
The string to evaluate in a string condition expression.
Attribute (string) --
The email attribute to evaluate in a string condition expression.
MimeHeaderAttribute (string) --
The email MIME X-Header attribute to evaluate in a string condition expression.
Analysis (dict) --
The Add On ARN and its returned value to evaluate in a string condition expression.
Analyzer (string) -- [REQUIRED]
The Amazon Resource Name (ARN) of an Add On.
ResultField (string) -- [REQUIRED]
The returned value from an Add On.
ClientCertificateAttribute (string) --
The client certificate attribute to evaluate in a string condition expression.
Operator (string) -- [REQUIRED]
The matching operator for a string condition expression.
Values (list) -- [REQUIRED]
The string(s) to be evaluated in a string condition expression. For all operators, except for NOT_EQUALS, if multiple values are given, the values are processed as an OR. That is, if any of the values match the email's string using the given operator, the condition is deemed to match. However, for NOT_EQUALS, the condition is only deemed to match if none of the given strings match the email's string.
(string) --
NumberExpression (dict) --
The condition applies to a number expression passed in this field.
Evaluate (dict) -- [REQUIRED]
The number to evaluate in a numeric condition expression.
Attribute (string) --
An email attribute that is used as the number to evaluate.
Operator (string) -- [REQUIRED]
The operator for a numeric condition expression.
Value (float) -- [REQUIRED]
The value to evaluate in a numeric condition expression.
IpExpression (dict) --
The condition applies to an IP address expression passed in this field.
Evaluate (dict) -- [REQUIRED]
The IP address to evaluate in this condition.
Attribute (string) --
The attribute of the email to evaluate.
Operator (string) -- [REQUIRED]
The operator to evaluate the IP address.
Values (list) -- [REQUIRED]
The IP CIDR blocks in format "x.y.z.w/n" (eg 10.0.0.0/8) to match with the email's IP address. For the operator CIDR_MATCHES, if multiple values are given, they are evaluated as an OR. That is, if the IP address is contained within any of the given CIDR ranges, the condition is deemed to match. For NOT_CIDR_MATCHES, if multiple CIDR ranges are given, the condition is deemed to match if the IP address is not contained in any of the given CIDR ranges.
(string) --
VerdictExpression (dict) --
The condition applies to a verdict expression passed in this field.
Evaluate (dict) -- [REQUIRED]
The verdict to evaluate in a verdict condition expression.
Attribute (string) --
The email verdict attribute to evaluate in a string verdict expression.
Analysis (dict) --
The Add On ARN and its returned value to evaluate in a verdict condition expression.
Analyzer (string) -- [REQUIRED]
The Amazon Resource Name (ARN) of an Add On.
ResultField (string) -- [REQUIRED]
The returned value from an Add On.
Operator (string) -- [REQUIRED]
The matching operator for a verdict condition expression.
Values (list) -- [REQUIRED]
The values to match with the email's verdict using the given operator. For the EQUALS operator, if multiple values are given, the condition is deemed to match if any of the given verdicts match that of the email. For the NOT_EQUALS operator, if multiple values are given, the condition is deemed to match of none of the given verdicts match the verdict of the email.
(string) --
DmarcExpression (dict) --
The condition applies to a DMARC policy expression passed in this field.
Operator (string) -- [REQUIRED]
The operator to apply to the DMARC policy of the incoming email.
Values (list) -- [REQUIRED]
The values to use for the given DMARC policy operator. For the operator EQUALS, if multiple values are given, they are evaluated as an OR. That is, if any of the given values match, the condition is deemed to match. For the operator NOT_EQUALS, if multiple values are given, they are evaluated as an AND. That is, only if the email's DMARC policy is not equal to any of the given values, then the condition is deemed to match.
(string) --
Actions (list) -- [REQUIRED]
The list of actions to execute when the conditions match the incoming email, and none of the "unless conditions" match.
(dict) --
The action for a rule to take. Only one of the contained actions can be set.
Drop (dict) --
This action terminates the evaluation of rules in the rule set.
Relay (dict) --
This action relays the email to another SMTP server.
ActionFailurePolicy (string) --
A policy that states what to do in the case of failure. The action will fail if there are configuration errors. For example, the specified relay has been deleted.
Relay (string) -- [REQUIRED]
The identifier of the relay resource to be used when relaying an email.
MailFrom (string) --
This action specifies whether to preserve or replace original mail from address while relaying received emails to a destination server.
Archive (dict) --
This action archives the email. This can be used to deliver an email to an archive.
ActionFailurePolicy (string) --
A policy that states what to do in the case of failure. The action will fail if there are configuration errors. For example, the specified archive has been deleted.
TargetArchive (string) -- [REQUIRED]
The identifier of the archive to send the email to.
WriteToS3 (dict) --
This action writes the MIME content of the email to an S3 bucket.
ActionFailurePolicy (string) --
A policy that states what to do in the case of failure. The action will fail if there are configuration errors. For example, the specified the bucket has been deleted.
RoleArn (string) -- [REQUIRED]
The Amazon Resource Name (ARN) of the IAM Role to use while writing to S3. This role must have access to the s3:PutObject, kms:Encrypt, and kms:GenerateDataKey APIs for the given bucket.
S3Bucket (string) -- [REQUIRED]
The bucket name of the S3 bucket to write to.
S3Prefix (string) --
The S3 prefix to use for the write to the s3 bucket.
S3SseKmsKeyId (string) --
The KMS Key ID to use to encrypt the message in S3.
Send (dict) --
This action sends the email to the internet.
ActionFailurePolicy (string) --
A policy that states what to do in the case of failure. The action will fail if there are configuration errors. For example, the caller does not have the permissions to call the sendRawEmail API.
RoleArn (string) -- [REQUIRED]
The Amazon Resource Name (ARN) of the role to use for this action. This role must have access to the ses:SendRawEmail API.
AddHeader (dict) --
This action adds a header. This can be used to add arbitrary email headers.
HeaderName (string) -- [REQUIRED]
The name of the header to add to an email. The header must be prefixed with "X-". Headers are added regardless of whether the header name pre-existed in the email.
HeaderValue (string) -- [REQUIRED]
The value of the header to add to the email.
ReplaceRecipient (dict) --
The action replaces certain or all recipients with a different set of recipients.
ReplaceWith (list) --
This action specifies the replacement recipient email addresses to insert.
(string) --
DeliverToMailbox (dict) --
This action delivers an email to a WorkMail mailbox.
ActionFailurePolicy (string) --
A policy that states what to do in the case of failure. The action will fail if there are configuration errors. For example, the mailbox ARN is no longer valid.
MailboxArn (string) -- [REQUIRED]
The Amazon Resource Name (ARN) of a WorkMail organization to deliver the email to.
RoleArn (string) -- [REQUIRED]
The Amazon Resource Name (ARN) of an IAM role to use to execute this action. The role must have access to the workmail:DeliverToMailbox API.
DeliverToQBusiness (dict) --
This action delivers an email to an Amazon Q Business application for ingestion into its knowledge base.
ActionFailurePolicy (string) --
A policy that states what to do in the case of failure. The action will fail if there are configuration errors. For example, the specified application has been deleted or the role lacks necessary permissions to call the qbusiness:BatchPutDocument API.
ApplicationId (string) -- [REQUIRED]
The unique identifier of the Amazon Q Business application instance where the email content will be delivered.
IndexId (string) -- [REQUIRED]
The identifier of the knowledge base index within the Amazon Q Business application where the email content will be stored and indexed.
RoleArn (string) -- [REQUIRED]
The Amazon Resource Name (ARN) of the IAM Role to use while delivering to Amazon Q Business. This role must have access to the qbusiness:BatchPutDocument API for the given application and index.
PublishToSns (dict) --
This action publishes the email content to an Amazon SNS topic.
ActionFailurePolicy (string) --
A policy that states what to do in the case of failure. The action will fail if there are configuration errors. For example, specified SNS topic has been deleted or the role lacks necessary permissions to call the sns:Publish API.
TopicArn (string) -- [REQUIRED]
The Amazon Resource Name (ARN) of the Amazon SNS Topic to which notification for the email received will be published.
RoleArn (string) -- [REQUIRED]
The Amazon Resource Name (ARN) of the IAM Role to use while writing to Amazon SNS. This role must have access to the sns:Publish API for the given topic.
Encoding (string) --
The encoding to use for the email within the Amazon SNS notification. The default value is UTF-8. Use BASE64 if you need to preserve all special characters, especially when the original message uses a different encoding format.
PayloadType (string) --
The expected payload type within the Amazon SNS notification. CONTENT attempts to publish the full email content with 20KB of headers content. HEADERS extracts up to 100KB of header content to include in the notification, email content will not be included to the notification. The default value is CONTENT.
Bounce (dict) --
This action sends a bounce response for the email.
ActionFailurePolicy (string) --
A policy that states what to do in the case of failure. The action will fail if there are configuration errors. For example, the caller does not have the permissions to call the SendBounce API.
RoleArn (string) -- [REQUIRED]
The Amazon Resource Name (ARN) of the IAM role to use to send the bounce message.
Sender (string) -- [REQUIRED]
The sender email address of the bounce message.
StatusCode (string) -- [REQUIRED]
The enhanced status code for the bounce, in the format of x.y.z (e.g. 5.1.1).
SmtpReplyCode (string) -- [REQUIRED]
The SMTP reply code for the bounce, as defined by RFC 5321.
DiagnosticMessage (string) -- [REQUIRED]
The diagnostic message included in the Diagnostic-Code header of the bounce.
Message (string) --
The human-readable text to include in the bounce message.
InvokeLambda (dict) --
This action invokes an Amazon Web Services Lambda function to process the email.
ActionFailurePolicy (string) --
A policy that states what to do in the case of failure. The action will fail if there are configuration errors. For example, the Amazon Web Services Lambda function no longer exists.
FunctionArn (string) -- [REQUIRED]
The Amazon Resource Name (ARN) of the Lambda function to invoke.
InvocationType (string) -- [REQUIRED]
The invocation type of the Lambda function. Use EVENT for asynchronous invocation or REQUEST_RESPONSE for synchronous invocation.
RoleArn (string) -- [REQUIRED]
The Amazon Resource Name (ARN) of the IAM role to use to invoke the Lambda function.
RetryTimeMinutes (integer) --
The maximum time in minutes that the email processing can be retried if the Lambda invocation fails. The maximum value is 2160 minutes (36 hours).
list
The tags used to organize, track, or control access for the resource. For example, { "tags": {"key1":"value1", "key2":"value2"} }.
(dict) --
A key-value pair (the value is optional), that you can define and assign to Amazon Web Services resources.
Key (string) -- [REQUIRED]
The key of the key-value tag.
Value (string) -- [REQUIRED]
The value of the key-value tag.
dict
Response Syntax
{
'RuleSetId': 'string'
}
Response Structure
(dict) --
RuleSetId (string) --
The identifier of the created rule set.
{'IncludeTrustStoreContents': 'EXCLUDE | INCLUDE'}
Response {'IngressPointAuthConfiguration': {'TlsAuthConfiguration': {'TrustStore': {'CAContent': 'string',
'CrlContent': 'string',
'KmsKeyArn': 'string'}}},
'Status': {'ASSOCIATED_VPC_ENDPOINT_DOES_NOT_EXIST'},
'TlsPolicy': 'REQUIRED | OPTIONAL | FIPS',
'Type': {'MTLS'}}
Fetch ingress endpoint resource attributes.
See also: AWS API Documentation
Request Syntax
client.get_ingress_point(
IngressPointId='string',
IncludeTrustStoreContents='EXCLUDE'|'INCLUDE'
)
string
[REQUIRED]
The identifier of an ingress endpoint.
string
Whether to include the trust store contents in the response. Use INCLUDE to retrieve trust store certificate and CRL contents.
dict
Response Syntax
{
'IngressPointId': 'string',
'IngressPointName': 'string',
'IngressPointArn': 'string',
'Status': 'PROVISIONING'|'DEPROVISIONING'|'UPDATING'|'ACTIVE'|'CLOSED'|'FAILED'|'ASSOCIATED_VPC_ENDPOINT_DOES_NOT_EXIST',
'Type': 'OPEN'|'AUTH'|'MTLS',
'ARecord': 'string',
'RuleSetId': 'string',
'TrafficPolicyId': 'string',
'IngressPointAuthConfiguration': {
'IngressPointPasswordConfiguration': {
'SmtpPasswordVersion': 'string',
'PreviousSmtpPasswordVersion': 'string',
'PreviousSmtpPasswordExpiryTimestamp': datetime(2015, 1, 1)
},
'SecretArn': 'string',
'TlsAuthConfiguration': {
'TrustStore': {
'CAContent': 'string',
'CrlContent': 'string',
'KmsKeyArn': 'string'
}
}
},
'NetworkConfiguration': {
'PublicNetworkConfiguration': {
'IpType': 'IPV4'|'DUAL_STACK'
},
'PrivateNetworkConfiguration': {
'VpcEndpointId': 'string'
}
},
'TlsPolicy': 'REQUIRED'|'OPTIONAL'|'FIPS',
'CreatedTimestamp': datetime(2015, 1, 1),
'LastUpdatedTimestamp': datetime(2015, 1, 1)
}
Response Structure
(dict) --
IngressPointId (string) --
The identifier of an ingress endpoint resource.
IngressPointName (string) --
A user friendly name for the ingress endpoint.
IngressPointArn (string) --
The Amazon Resource Name (ARN) of the ingress endpoint resource.
Status (string) --
The status of the ingress endpoint resource.
Type (string) --
The type of ingress endpoint.
ARecord (string) --
The DNS A Record that identifies your ingress endpoint. Configure your DNS Mail Exchange (MX) record with this value to route emails to Mail Manager.
RuleSetId (string) --
The identifier of a rule set resource associated with the ingress endpoint.
TrafficPolicyId (string) --
The identifier of the traffic policy resource associated with the ingress endpoint.
IngressPointAuthConfiguration (dict) --
The authentication configuration of the ingress endpoint resource.
IngressPointPasswordConfiguration (dict) --
The ingress endpoint password configuration for the ingress endpoint resource.
SmtpPasswordVersion (string) --
The current password expiry timestamp of the ingress endpoint resource.
PreviousSmtpPasswordVersion (string) --
The previous password version of the ingress endpoint resource.
PreviousSmtpPasswordExpiryTimestamp (datetime) --
The previous password expiry timestamp of the ingress endpoint resource.
SecretArn (string) --
The ingress endpoint SecretsManager::Secret ARN configuration for the ingress endpoint resource.
TlsAuthConfiguration (dict) --
The mutual TLS authentication configuration for the ingress endpoint resource.
TrustStore (dict) --
The trust store configuration for mutual TLS authentication.
CAContent (string) --
The PEM-encoded certificate authority (CA) certificates bundle for the trust store.
CrlContent (string) --
The PEM-encoded certificate revocation lists (CRLs) for the trust store. There can be one CRL per certificate authority (CA) in the trust store.
KmsKeyArn (string) --
The Amazon Resource Name (ARN) of the KMS key used to encrypt the trust store contents.
NetworkConfiguration (dict) --
The network configuration for the ingress point.
PublicNetworkConfiguration (dict) --
Specifies the network configuration for the public ingress point.
IpType (string) --
The IP address type for the public ingress point. Valid values are IPV4 and DUAL_STACK.
PrivateNetworkConfiguration (dict) --
Specifies the network configuration for the private ingress point.
VpcEndpointId (string) --
The identifier of the VPC endpoint to associate with this private ingress point.
TlsPolicy (string) --
The selected Transport Layer Security (TLS) policy of the ingress point.
CreatedTimestamp (datetime) --
The timestamp of when the ingress endpoint was created.
LastUpdatedTimestamp (datetime) --
The timestamp of when the ingress endpoint was last updated.
{'Rules': {'Actions': {'Bounce': {'ActionFailurePolicy': 'CONTINUE | DROP',
'DiagnosticMessage': 'string',
'Message': 'string',
'RoleArn': 'string',
'Sender': 'string',
'SmtpReplyCode': 'string',
'StatusCode': 'string'},
'InvokeLambda': {'ActionFailurePolicy': 'CONTINUE | '
'DROP',
'FunctionArn': 'string',
'InvocationType': 'EVENT | '
'REQUEST_RESPONSE',
'RetryTimeMinutes': 'integer',
'RoleArn': 'string'}},
'Conditions': {'StringExpression': {'Evaluate': {'ClientCertificateAttribute': 'CN '
'| '
'SAN_RFC822_NAME '
'| '
'SAN_DNS_NAME '
'| '
'SAN_DIRECTORY_NAME '
'| '
'SAN_UNIFORM_RESOURCE_IDENTIFIER '
'| '
'SAN_IP_ADDRESS '
'| '
'SAN_REGISTERED_ID '
'| '
'SERIAL_NUMBER'}}},
'Unless': {'StringExpression': {'Evaluate': {'ClientCertificateAttribute': 'CN '
'| '
'SAN_RFC822_NAME '
'| '
'SAN_DNS_NAME '
'| '
'SAN_DIRECTORY_NAME '
'| '
'SAN_UNIFORM_RESOURCE_IDENTIFIER '
'| '
'SAN_IP_ADDRESS '
'| '
'SAN_REGISTERED_ID '
'| '
'SERIAL_NUMBER'}}}}}
Fetch attributes of a rule set.
See also: AWS API Documentation
Request Syntax
client.get_rule_set(
RuleSetId='string'
)
string
[REQUIRED]
The identifier of an existing rule set to be retrieved.
dict
Response Syntax
{
'RuleSetId': 'string',
'RuleSetArn': 'string',
'RuleSetName': 'string',
'CreatedDate': datetime(2015, 1, 1),
'LastModificationDate': datetime(2015, 1, 1),
'Rules': [
{
'Name': 'string',
'Conditions': [
{
'BooleanExpression': {
'Evaluate': {
'Attribute': 'READ_RECEIPT_REQUESTED'|'TLS'|'TLS_WRAPPED',
'Analysis': {
'Analyzer': 'string',
'ResultField': 'string'
},
'IsInAddressList': {
'Attribute': 'RECIPIENT'|'MAIL_FROM'|'SENDER'|'FROM'|'TO'|'CC',
'AddressLists': [
'string',
]
}
},
'Operator': 'IS_TRUE'|'IS_FALSE'
},
'StringExpression': {
'Evaluate': {
'Attribute': 'MAIL_FROM'|'HELO'|'RECIPIENT'|'SENDER'|'FROM'|'SUBJECT'|'TO'|'CC',
'MimeHeaderAttribute': 'string',
'Analysis': {
'Analyzer': 'string',
'ResultField': 'string'
},
'ClientCertificateAttribute': 'CN'|'SAN_RFC822_NAME'|'SAN_DNS_NAME'|'SAN_DIRECTORY_NAME'|'SAN_UNIFORM_RESOURCE_IDENTIFIER'|'SAN_IP_ADDRESS'|'SAN_REGISTERED_ID'|'SERIAL_NUMBER'
},
'Operator': 'EQUALS'|'NOT_EQUALS'|'STARTS_WITH'|'ENDS_WITH'|'CONTAINS',
'Values': [
'string',
]
},
'NumberExpression': {
'Evaluate': {
'Attribute': 'MESSAGE_SIZE'
},
'Operator': 'EQUALS'|'NOT_EQUALS'|'LESS_THAN'|'GREATER_THAN'|'LESS_THAN_OR_EQUAL'|'GREATER_THAN_OR_EQUAL',
'Value': 123.0
},
'IpExpression': {
'Evaluate': {
'Attribute': 'SOURCE_IP'
},
'Operator': 'CIDR_MATCHES'|'NOT_CIDR_MATCHES',
'Values': [
'string',
]
},
'VerdictExpression': {
'Evaluate': {
'Attribute': 'SPF'|'DKIM',
'Analysis': {
'Analyzer': 'string',
'ResultField': 'string'
}
},
'Operator': 'EQUALS'|'NOT_EQUALS',
'Values': [
'PASS'|'FAIL'|'GRAY'|'PROCESSING_FAILED',
]
},
'DmarcExpression': {
'Operator': 'EQUALS'|'NOT_EQUALS',
'Values': [
'NONE'|'QUARANTINE'|'REJECT',
]
}
},
],
'Unless': [
{
'BooleanExpression': {
'Evaluate': {
'Attribute': 'READ_RECEIPT_REQUESTED'|'TLS'|'TLS_WRAPPED',
'Analysis': {
'Analyzer': 'string',
'ResultField': 'string'
},
'IsInAddressList': {
'Attribute': 'RECIPIENT'|'MAIL_FROM'|'SENDER'|'FROM'|'TO'|'CC',
'AddressLists': [
'string',
]
}
},
'Operator': 'IS_TRUE'|'IS_FALSE'
},
'StringExpression': {
'Evaluate': {
'Attribute': 'MAIL_FROM'|'HELO'|'RECIPIENT'|'SENDER'|'FROM'|'SUBJECT'|'TO'|'CC',
'MimeHeaderAttribute': 'string',
'Analysis': {
'Analyzer': 'string',
'ResultField': 'string'
},
'ClientCertificateAttribute': 'CN'|'SAN_RFC822_NAME'|'SAN_DNS_NAME'|'SAN_DIRECTORY_NAME'|'SAN_UNIFORM_RESOURCE_IDENTIFIER'|'SAN_IP_ADDRESS'|'SAN_REGISTERED_ID'|'SERIAL_NUMBER'
},
'Operator': 'EQUALS'|'NOT_EQUALS'|'STARTS_WITH'|'ENDS_WITH'|'CONTAINS',
'Values': [
'string',
]
},
'NumberExpression': {
'Evaluate': {
'Attribute': 'MESSAGE_SIZE'
},
'Operator': 'EQUALS'|'NOT_EQUALS'|'LESS_THAN'|'GREATER_THAN'|'LESS_THAN_OR_EQUAL'|'GREATER_THAN_OR_EQUAL',
'Value': 123.0
},
'IpExpression': {
'Evaluate': {
'Attribute': 'SOURCE_IP'
},
'Operator': 'CIDR_MATCHES'|'NOT_CIDR_MATCHES',
'Values': [
'string',
]
},
'VerdictExpression': {
'Evaluate': {
'Attribute': 'SPF'|'DKIM',
'Analysis': {
'Analyzer': 'string',
'ResultField': 'string'
}
},
'Operator': 'EQUALS'|'NOT_EQUALS',
'Values': [
'PASS'|'FAIL'|'GRAY'|'PROCESSING_FAILED',
]
},
'DmarcExpression': {
'Operator': 'EQUALS'|'NOT_EQUALS',
'Values': [
'NONE'|'QUARANTINE'|'REJECT',
]
}
},
],
'Actions': [
{
'Drop': {},
'Relay': {
'ActionFailurePolicy': 'CONTINUE'|'DROP',
'Relay': 'string',
'MailFrom': 'REPLACE'|'PRESERVE'
},
'Archive': {
'ActionFailurePolicy': 'CONTINUE'|'DROP',
'TargetArchive': 'string'
},
'WriteToS3': {
'ActionFailurePolicy': 'CONTINUE'|'DROP',
'RoleArn': 'string',
'S3Bucket': 'string',
'S3Prefix': 'string',
'S3SseKmsKeyId': 'string'
},
'Send': {
'ActionFailurePolicy': 'CONTINUE'|'DROP',
'RoleArn': 'string'
},
'AddHeader': {
'HeaderName': 'string',
'HeaderValue': 'string'
},
'ReplaceRecipient': {
'ReplaceWith': [
'string',
]
},
'DeliverToMailbox': {
'ActionFailurePolicy': 'CONTINUE'|'DROP',
'MailboxArn': 'string',
'RoleArn': 'string'
},
'DeliverToQBusiness': {
'ActionFailurePolicy': 'CONTINUE'|'DROP',
'ApplicationId': 'string',
'IndexId': 'string',
'RoleArn': 'string'
},
'PublishToSns': {
'ActionFailurePolicy': 'CONTINUE'|'DROP',
'TopicArn': 'string',
'RoleArn': 'string',
'Encoding': 'UTF-8'|'BASE64',
'PayloadType': 'HEADERS'|'CONTENT'
},
'Bounce': {
'ActionFailurePolicy': 'CONTINUE'|'DROP',
'RoleArn': 'string',
'Sender': 'string',
'StatusCode': 'string',
'SmtpReplyCode': 'string',
'DiagnosticMessage': 'string',
'Message': 'string'
},
'InvokeLambda': {
'ActionFailurePolicy': 'CONTINUE'|'DROP',
'FunctionArn': 'string',
'InvocationType': 'EVENT'|'REQUEST_RESPONSE',
'RoleArn': 'string',
'RetryTimeMinutes': 123
}
},
]
},
]
}
Response Structure
(dict) --
RuleSetId (string) --
The identifier of the rule set resource.
RuleSetArn (string) --
The Amazon Resource Name (ARN) of the rule set resource.
RuleSetName (string) --
A user-friendly name for the rule set resource.
CreatedDate (datetime) --
The date of when then rule set was created.
LastModificationDate (datetime) --
The date of when the rule set was last modified.
Rules (list) --
The rules contained in the rule set.
(dict) --
A rule contains conditions, "unless conditions" and actions. For each envelope recipient of an email, if all conditions match and none of the "unless conditions" match, then all of the actions are executed sequentially. If no conditions are provided, the rule always applies and the actions are implicitly executed. If only "unless conditions" are provided, the rule applies if the email does not match the evaluation of the "unless conditions".
Name (string) --
The user-friendly name of the rule.
Conditions (list) --
The conditions of this rule. All conditions must match the email for the actions to be executed. An empty list of conditions means that all emails match, but are still subject to any "unless conditions"
(dict) --
The conditional expression used to evaluate an email for determining if a rule action should be taken.
BooleanExpression (dict) --
The condition applies to a boolean expression passed in this field.
Evaluate (dict) --
The operand on which to perform a boolean condition operation.
Attribute (string) --
The boolean type representing the allowed attribute types for an email.
Analysis (dict) --
The Add On ARN and its returned value to evaluate in a boolean condition expression.
Analyzer (string) --
The Amazon Resource Name (ARN) of an Add On.
ResultField (string) --
The returned value from an Add On.
IsInAddressList (dict) --
The structure representing the address lists and address list attribute that will be used in evaluation of boolean expression.
Attribute (string) --
The email attribute that needs to be evaluated against the address list.
AddressLists (list) --
The address lists that will be used for evaluation.
(string) --
Operator (string) --
The matching operator for a boolean condition expression.
StringExpression (dict) --
The condition applies to a string expression passed in this field.
Evaluate (dict) --
The string to evaluate in a string condition expression.
Attribute (string) --
The email attribute to evaluate in a string condition expression.
MimeHeaderAttribute (string) --
The email MIME X-Header attribute to evaluate in a string condition expression.
Analysis (dict) --
The Add On ARN and its returned value to evaluate in a string condition expression.
Analyzer (string) --
The Amazon Resource Name (ARN) of an Add On.
ResultField (string) --
The returned value from an Add On.
ClientCertificateAttribute (string) --
The client certificate attribute to evaluate in a string condition expression.
Operator (string) --
The matching operator for a string condition expression.
Values (list) --
The string(s) to be evaluated in a string condition expression. For all operators, except for NOT_EQUALS, if multiple values are given, the values are processed as an OR. That is, if any of the values match the email's string using the given operator, the condition is deemed to match. However, for NOT_EQUALS, the condition is only deemed to match if none of the given strings match the email's string.
(string) --
NumberExpression (dict) --
The condition applies to a number expression passed in this field.
Evaluate (dict) --
The number to evaluate in a numeric condition expression.
Attribute (string) --
An email attribute that is used as the number to evaluate.
Operator (string) --
The operator for a numeric condition expression.
Value (float) --
The value to evaluate in a numeric condition expression.
IpExpression (dict) --
The condition applies to an IP address expression passed in this field.
Evaluate (dict) --
The IP address to evaluate in this condition.
Attribute (string) --
The attribute of the email to evaluate.
Operator (string) --
The operator to evaluate the IP address.
Values (list) --
The IP CIDR blocks in format "x.y.z.w/n" (eg 10.0.0.0/8) to match with the email's IP address. For the operator CIDR_MATCHES, if multiple values are given, they are evaluated as an OR. That is, if the IP address is contained within any of the given CIDR ranges, the condition is deemed to match. For NOT_CIDR_MATCHES, if multiple CIDR ranges are given, the condition is deemed to match if the IP address is not contained in any of the given CIDR ranges.
(string) --
VerdictExpression (dict) --
The condition applies to a verdict expression passed in this field.
Evaluate (dict) --
The verdict to evaluate in a verdict condition expression.
Attribute (string) --
The email verdict attribute to evaluate in a string verdict expression.
Analysis (dict) --
The Add On ARN and its returned value to evaluate in a verdict condition expression.
Analyzer (string) --
The Amazon Resource Name (ARN) of an Add On.
ResultField (string) --
The returned value from an Add On.
Operator (string) --
The matching operator for a verdict condition expression.
Values (list) --
The values to match with the email's verdict using the given operator. For the EQUALS operator, if multiple values are given, the condition is deemed to match if any of the given verdicts match that of the email. For the NOT_EQUALS operator, if multiple values are given, the condition is deemed to match of none of the given verdicts match the verdict of the email.
(string) --
DmarcExpression (dict) --
The condition applies to a DMARC policy expression passed in this field.
Operator (string) --
The operator to apply to the DMARC policy of the incoming email.
Values (list) --
The values to use for the given DMARC policy operator. For the operator EQUALS, if multiple values are given, they are evaluated as an OR. That is, if any of the given values match, the condition is deemed to match. For the operator NOT_EQUALS, if multiple values are given, they are evaluated as an AND. That is, only if the email's DMARC policy is not equal to any of the given values, then the condition is deemed to match.
(string) --
Unless (list) --
The "unless conditions" of this rule. None of the conditions can match the email for the actions to be executed. If any of these conditions do match the email, then the actions are not executed.
(dict) --
The conditional expression used to evaluate an email for determining if a rule action should be taken.
BooleanExpression (dict) --
The condition applies to a boolean expression passed in this field.
Evaluate (dict) --
The operand on which to perform a boolean condition operation.
Attribute (string) --
The boolean type representing the allowed attribute types for an email.
Analysis (dict) --
The Add On ARN and its returned value to evaluate in a boolean condition expression.
Analyzer (string) --
The Amazon Resource Name (ARN) of an Add On.
ResultField (string) --
The returned value from an Add On.
IsInAddressList (dict) --
The structure representing the address lists and address list attribute that will be used in evaluation of boolean expression.
Attribute (string) --
The email attribute that needs to be evaluated against the address list.
AddressLists (list) --
The address lists that will be used for evaluation.
(string) --
Operator (string) --
The matching operator for a boolean condition expression.
StringExpression (dict) --
The condition applies to a string expression passed in this field.
Evaluate (dict) --
The string to evaluate in a string condition expression.
Attribute (string) --
The email attribute to evaluate in a string condition expression.
MimeHeaderAttribute (string) --
The email MIME X-Header attribute to evaluate in a string condition expression.
Analysis (dict) --
The Add On ARN and its returned value to evaluate in a string condition expression.
Analyzer (string) --
The Amazon Resource Name (ARN) of an Add On.
ResultField (string) --
The returned value from an Add On.
ClientCertificateAttribute (string) --
The client certificate attribute to evaluate in a string condition expression.
Operator (string) --
The matching operator for a string condition expression.
Values (list) --
The string(s) to be evaluated in a string condition expression. For all operators, except for NOT_EQUALS, if multiple values are given, the values are processed as an OR. That is, if any of the values match the email's string using the given operator, the condition is deemed to match. However, for NOT_EQUALS, the condition is only deemed to match if none of the given strings match the email's string.
(string) --
NumberExpression (dict) --
The condition applies to a number expression passed in this field.
Evaluate (dict) --
The number to evaluate in a numeric condition expression.
Attribute (string) --
An email attribute that is used as the number to evaluate.
Operator (string) --
The operator for a numeric condition expression.
Value (float) --
The value to evaluate in a numeric condition expression.
IpExpression (dict) --
The condition applies to an IP address expression passed in this field.
Evaluate (dict) --
The IP address to evaluate in this condition.
Attribute (string) --
The attribute of the email to evaluate.
Operator (string) --
The operator to evaluate the IP address.
Values (list) --
The IP CIDR blocks in format "x.y.z.w/n" (eg 10.0.0.0/8) to match with the email's IP address. For the operator CIDR_MATCHES, if multiple values are given, they are evaluated as an OR. That is, if the IP address is contained within any of the given CIDR ranges, the condition is deemed to match. For NOT_CIDR_MATCHES, if multiple CIDR ranges are given, the condition is deemed to match if the IP address is not contained in any of the given CIDR ranges.
(string) --
VerdictExpression (dict) --
The condition applies to a verdict expression passed in this field.
Evaluate (dict) --
The verdict to evaluate in a verdict condition expression.
Attribute (string) --
The email verdict attribute to evaluate in a string verdict expression.
Analysis (dict) --
The Add On ARN and its returned value to evaluate in a verdict condition expression.
Analyzer (string) --
The Amazon Resource Name (ARN) of an Add On.
ResultField (string) --
The returned value from an Add On.
Operator (string) --
The matching operator for a verdict condition expression.
Values (list) --
The values to match with the email's verdict using the given operator. For the EQUALS operator, if multiple values are given, the condition is deemed to match if any of the given verdicts match that of the email. For the NOT_EQUALS operator, if multiple values are given, the condition is deemed to match of none of the given verdicts match the verdict of the email.
(string) --
DmarcExpression (dict) --
The condition applies to a DMARC policy expression passed in this field.
Operator (string) --
The operator to apply to the DMARC policy of the incoming email.
Values (list) --
The values to use for the given DMARC policy operator. For the operator EQUALS, if multiple values are given, they are evaluated as an OR. That is, if any of the given values match, the condition is deemed to match. For the operator NOT_EQUALS, if multiple values are given, they are evaluated as an AND. That is, only if the email's DMARC policy is not equal to any of the given values, then the condition is deemed to match.
(string) --
Actions (list) --
The list of actions to execute when the conditions match the incoming email, and none of the "unless conditions" match.
(dict) --
The action for a rule to take. Only one of the contained actions can be set.
Drop (dict) --
This action terminates the evaluation of rules in the rule set.
Relay (dict) --
This action relays the email to another SMTP server.
ActionFailurePolicy (string) --
A policy that states what to do in the case of failure. The action will fail if there are configuration errors. For example, the specified relay has been deleted.
Relay (string) --
The identifier of the relay resource to be used when relaying an email.
MailFrom (string) --
This action specifies whether to preserve or replace original mail from address while relaying received emails to a destination server.
Archive (dict) --
This action archives the email. This can be used to deliver an email to an archive.
ActionFailurePolicy (string) --
A policy that states what to do in the case of failure. The action will fail if there are configuration errors. For example, the specified archive has been deleted.
TargetArchive (string) --
The identifier of the archive to send the email to.
WriteToS3 (dict) --
This action writes the MIME content of the email to an S3 bucket.
ActionFailurePolicy (string) --
A policy that states what to do in the case of failure. The action will fail if there are configuration errors. For example, the specified the bucket has been deleted.
RoleArn (string) --
The Amazon Resource Name (ARN) of the IAM Role to use while writing to S3. This role must have access to the s3:PutObject, kms:Encrypt, and kms:GenerateDataKey APIs for the given bucket.
S3Bucket (string) --
The bucket name of the S3 bucket to write to.
S3Prefix (string) --
The S3 prefix to use for the write to the s3 bucket.
S3SseKmsKeyId (string) --
The KMS Key ID to use to encrypt the message in S3.
Send (dict) --
This action sends the email to the internet.
ActionFailurePolicy (string) --
A policy that states what to do in the case of failure. The action will fail if there are configuration errors. For example, the caller does not have the permissions to call the sendRawEmail API.
RoleArn (string) --
The Amazon Resource Name (ARN) of the role to use for this action. This role must have access to the ses:SendRawEmail API.
AddHeader (dict) --
This action adds a header. This can be used to add arbitrary email headers.
HeaderName (string) --
The name of the header to add to an email. The header must be prefixed with "X-". Headers are added regardless of whether the header name pre-existed in the email.
HeaderValue (string) --
The value of the header to add to the email.
ReplaceRecipient (dict) --
The action replaces certain or all recipients with a different set of recipients.
ReplaceWith (list) --
This action specifies the replacement recipient email addresses to insert.
(string) --
DeliverToMailbox (dict) --
This action delivers an email to a WorkMail mailbox.
ActionFailurePolicy (string) --
A policy that states what to do in the case of failure. The action will fail if there are configuration errors. For example, the mailbox ARN is no longer valid.
MailboxArn (string) --
The Amazon Resource Name (ARN) of a WorkMail organization to deliver the email to.
RoleArn (string) --
The Amazon Resource Name (ARN) of an IAM role to use to execute this action. The role must have access to the workmail:DeliverToMailbox API.
DeliverToQBusiness (dict) --
This action delivers an email to an Amazon Q Business application for ingestion into its knowledge base.
ActionFailurePolicy (string) --
A policy that states what to do in the case of failure. The action will fail if there are configuration errors. For example, the specified application has been deleted or the role lacks necessary permissions to call the qbusiness:BatchPutDocument API.
ApplicationId (string) --
The unique identifier of the Amazon Q Business application instance where the email content will be delivered.
IndexId (string) --
The identifier of the knowledge base index within the Amazon Q Business application where the email content will be stored and indexed.
RoleArn (string) --
The Amazon Resource Name (ARN) of the IAM Role to use while delivering to Amazon Q Business. This role must have access to the qbusiness:BatchPutDocument API for the given application and index.
PublishToSns (dict) --
This action publishes the email content to an Amazon SNS topic.
ActionFailurePolicy (string) --
A policy that states what to do in the case of failure. The action will fail if there are configuration errors. For example, specified SNS topic has been deleted or the role lacks necessary permissions to call the sns:Publish API.
TopicArn (string) --
The Amazon Resource Name (ARN) of the Amazon SNS Topic to which notification for the email received will be published.
RoleArn (string) --
The Amazon Resource Name (ARN) of the IAM Role to use while writing to Amazon SNS. This role must have access to the sns:Publish API for the given topic.
Encoding (string) --
The encoding to use for the email within the Amazon SNS notification. The default value is UTF-8. Use BASE64 if you need to preserve all special characters, especially when the original message uses a different encoding format.
PayloadType (string) --
The expected payload type within the Amazon SNS notification. CONTENT attempts to publish the full email content with 20KB of headers content. HEADERS extracts up to 100KB of header content to include in the notification, email content will not be included to the notification. The default value is CONTENT.
Bounce (dict) --
This action sends a bounce response for the email.
ActionFailurePolicy (string) --
A policy that states what to do in the case of failure. The action will fail if there are configuration errors. For example, the caller does not have the permissions to call the SendBounce API.
RoleArn (string) --
The Amazon Resource Name (ARN) of the IAM role to use to send the bounce message.
Sender (string) --
The sender email address of the bounce message.
StatusCode (string) --
The enhanced status code for the bounce, in the format of x.y.z (e.g. 5.1.1).
SmtpReplyCode (string) --
The SMTP reply code for the bounce, as defined by RFC 5321.
DiagnosticMessage (string) --
The diagnostic message included in the Diagnostic-Code header of the bounce.
Message (string) --
The human-readable text to include in the bounce message.
InvokeLambda (dict) --
This action invokes an Amazon Web Services Lambda function to process the email.
ActionFailurePolicy (string) --
A policy that states what to do in the case of failure. The action will fail if there are configuration errors. For example, the Amazon Web Services Lambda function no longer exists.
FunctionArn (string) --
The Amazon Resource Name (ARN) of the Lambda function to invoke.
InvocationType (string) --
The invocation type of the Lambda function. Use EVENT for asynchronous invocation or REQUEST_RESPONSE for synchronous invocation.
RoleArn (string) --
The Amazon Resource Name (ARN) of the IAM role to use to invoke the Lambda function.
RetryTimeMinutes (integer) --
The maximum time in minutes that the email processing can be retried if the Lambda invocation fails. The maximum value is 2160 minutes (36 hours).
{'IngressPoints': {'Status': {'ASSOCIATED_VPC_ENDPOINT_DOES_NOT_EXIST'},
'Type': {'MTLS'}}}
List all ingress endpoint resources.
See also: AWS API Documentation
Request Syntax
client.list_ingress_points(
PageSize=123,
NextToken='string'
)
integer
The maximum number of ingress endpoint resources that are returned per call. You can use NextToken to obtain further ingress endpoints.
string
If you received a pagination token from a previous call to this API, you can provide it here to continue paginating through the next page of results.
dict
Response Syntax
{
'IngressPoints': [
{
'IngressPointName': 'string',
'IngressPointId': 'string',
'Status': 'PROVISIONING'|'DEPROVISIONING'|'UPDATING'|'ACTIVE'|'CLOSED'|'FAILED'|'ASSOCIATED_VPC_ENDPOINT_DOES_NOT_EXIST',
'Type': 'OPEN'|'AUTH'|'MTLS',
'ARecord': 'string'
},
],
'NextToken': 'string'
}
Response Structure
(dict) --
IngressPoints (list) --
The list of ingress endpoints.
(dict) --
The structure of an ingress endpoint resource.
IngressPointName (string) --
A user friendly name for the ingress endpoint resource.
IngressPointId (string) --
The identifier of the ingress endpoint resource.
Status (string) --
The status of the ingress endpoint resource.
Type (string) --
The type of ingress endpoint resource.
ARecord (string) --
The DNS A Record that identifies your ingress endpoint. Configure your DNS Mail Exchange (MX) record with this value to route emails to Mail Manager.
NextToken (string) --
If NextToken is returned, there are more results available. The value of NextToken is a unique pagination token for each page. Make the call again using the returned token to retrieve the next page.
{'IngressPointConfiguration': {'TlsAuthConfiguration': {'TrustStore': {'CAContent': 'string',
'CrlContent': 'string',
'KmsKeyArn': 'string'}}},
'TlsPolicy': 'REQUIRED | OPTIONAL | FIPS'}
Update attributes of a provisioned ingress endpoint resource.
See also: AWS API Documentation
Request Syntax
client.update_ingress_point(
IngressPointId='string',
IngressPointName='string',
StatusToUpdate='ACTIVE'|'CLOSED',
RuleSetId='string',
TrafficPolicyId='string',
IngressPointConfiguration={
'SmtpPassword': 'string',
'SecretArn': 'string',
'TlsAuthConfiguration': {
'TrustStore': {
'CAContent': 'string',
'CrlContent': 'string',
'KmsKeyArn': 'string'
}
}
},
TlsPolicy='REQUIRED'|'OPTIONAL'|'FIPS'
)
string
[REQUIRED]
The identifier for the ingress endpoint you want to update.
string
A user friendly name for the ingress endpoint resource.
string
The update status of an ingress endpoint.
string
The identifier of an existing rule set that you attach to an ingress endpoint resource.
string
The identifier of an existing traffic policy that you attach to an ingress endpoint resource.
dict
If you choose an Authenticated ingress endpoint, you must configure either an SMTP password or a secret ARN.
SmtpPassword (string) --
The password of the ingress endpoint resource.
SecretArn (string) --
The SecretsManager::Secret ARN of the ingress endpoint resource.
TlsAuthConfiguration (dict) --
The mutual TLS authentication configuration of the ingress endpoint resource.
TrustStore (dict) --
The trust store configuration for mutual TLS authentication.
CAContent (string) -- [REQUIRED]
The PEM-encoded certificate authority (CA) certificates bundle for the trust store.
CrlContent (string) --
The PEM-encoded certificate revocation lists (CRLs) for the trust store. There can be one CRL per certificate authority (CA) in the trust store.
KmsKeyArn (string) --
The Amazon Resource Name (ARN) of the KMS key used to encrypt the trust store contents.
string
The Transport Layer Security (TLS) policy for the ingress point. Valid values are REQUIRED, OPTIONAL. Only ingress endpoints using REQUIRED or OPTIONAL as TlsPolicy can be updated.
dict
Response Syntax
{}
Response Structure
(dict) --
{'Rules': {'Actions': {'Bounce': {'ActionFailurePolicy': 'CONTINUE | DROP',
'DiagnosticMessage': 'string',
'Message': 'string',
'RoleArn': 'string',
'Sender': 'string',
'SmtpReplyCode': 'string',
'StatusCode': 'string'},
'InvokeLambda': {'ActionFailurePolicy': 'CONTINUE | '
'DROP',
'FunctionArn': 'string',
'InvocationType': 'EVENT | '
'REQUEST_RESPONSE',
'RetryTimeMinutes': 'integer',
'RoleArn': 'string'}},
'Conditions': {'StringExpression': {'Evaluate': {'ClientCertificateAttribute': 'CN '
'| '
'SAN_RFC822_NAME '
'| '
'SAN_DNS_NAME '
'| '
'SAN_DIRECTORY_NAME '
'| '
'SAN_UNIFORM_RESOURCE_IDENTIFIER '
'| '
'SAN_IP_ADDRESS '
'| '
'SAN_REGISTERED_ID '
'| '
'SERIAL_NUMBER'}}},
'Unless': {'StringExpression': {'Evaluate': {'ClientCertificateAttribute': 'CN '
'| '
'SAN_RFC822_NAME '
'| '
'SAN_DNS_NAME '
'| '
'SAN_DIRECTORY_NAME '
'| '
'SAN_UNIFORM_RESOURCE_IDENTIFIER '
'| '
'SAN_IP_ADDRESS '
'| '
'SAN_REGISTERED_ID '
'| '
'SERIAL_NUMBER'}}}}}
Update attributes of an already provisioned rule set.
See also: AWS API Documentation
Request Syntax
client.update_rule_set(
RuleSetId='string',
RuleSetName='string',
Rules=[
{
'Name': 'string',
'Conditions': [
{
'BooleanExpression': {
'Evaluate': {
'Attribute': 'READ_RECEIPT_REQUESTED'|'TLS'|'TLS_WRAPPED',
'Analysis': {
'Analyzer': 'string',
'ResultField': 'string'
},
'IsInAddressList': {
'Attribute': 'RECIPIENT'|'MAIL_FROM'|'SENDER'|'FROM'|'TO'|'CC',
'AddressLists': [
'string',
]
}
},
'Operator': 'IS_TRUE'|'IS_FALSE'
},
'StringExpression': {
'Evaluate': {
'Attribute': 'MAIL_FROM'|'HELO'|'RECIPIENT'|'SENDER'|'FROM'|'SUBJECT'|'TO'|'CC',
'MimeHeaderAttribute': 'string',
'Analysis': {
'Analyzer': 'string',
'ResultField': 'string'
},
'ClientCertificateAttribute': 'CN'|'SAN_RFC822_NAME'|'SAN_DNS_NAME'|'SAN_DIRECTORY_NAME'|'SAN_UNIFORM_RESOURCE_IDENTIFIER'|'SAN_IP_ADDRESS'|'SAN_REGISTERED_ID'|'SERIAL_NUMBER'
},
'Operator': 'EQUALS'|'NOT_EQUALS'|'STARTS_WITH'|'ENDS_WITH'|'CONTAINS',
'Values': [
'string',
]
},
'NumberExpression': {
'Evaluate': {
'Attribute': 'MESSAGE_SIZE'
},
'Operator': 'EQUALS'|'NOT_EQUALS'|'LESS_THAN'|'GREATER_THAN'|'LESS_THAN_OR_EQUAL'|'GREATER_THAN_OR_EQUAL',
'Value': 123.0
},
'IpExpression': {
'Evaluate': {
'Attribute': 'SOURCE_IP'
},
'Operator': 'CIDR_MATCHES'|'NOT_CIDR_MATCHES',
'Values': [
'string',
]
},
'VerdictExpression': {
'Evaluate': {
'Attribute': 'SPF'|'DKIM',
'Analysis': {
'Analyzer': 'string',
'ResultField': 'string'
}
},
'Operator': 'EQUALS'|'NOT_EQUALS',
'Values': [
'PASS'|'FAIL'|'GRAY'|'PROCESSING_FAILED',
]
},
'DmarcExpression': {
'Operator': 'EQUALS'|'NOT_EQUALS',
'Values': [
'NONE'|'QUARANTINE'|'REJECT',
]
}
},
],
'Unless': [
{
'BooleanExpression': {
'Evaluate': {
'Attribute': 'READ_RECEIPT_REQUESTED'|'TLS'|'TLS_WRAPPED',
'Analysis': {
'Analyzer': 'string',
'ResultField': 'string'
},
'IsInAddressList': {
'Attribute': 'RECIPIENT'|'MAIL_FROM'|'SENDER'|'FROM'|'TO'|'CC',
'AddressLists': [
'string',
]
}
},
'Operator': 'IS_TRUE'|'IS_FALSE'
},
'StringExpression': {
'Evaluate': {
'Attribute': 'MAIL_FROM'|'HELO'|'RECIPIENT'|'SENDER'|'FROM'|'SUBJECT'|'TO'|'CC',
'MimeHeaderAttribute': 'string',
'Analysis': {
'Analyzer': 'string',
'ResultField': 'string'
},
'ClientCertificateAttribute': 'CN'|'SAN_RFC822_NAME'|'SAN_DNS_NAME'|'SAN_DIRECTORY_NAME'|'SAN_UNIFORM_RESOURCE_IDENTIFIER'|'SAN_IP_ADDRESS'|'SAN_REGISTERED_ID'|'SERIAL_NUMBER'
},
'Operator': 'EQUALS'|'NOT_EQUALS'|'STARTS_WITH'|'ENDS_WITH'|'CONTAINS',
'Values': [
'string',
]
},
'NumberExpression': {
'Evaluate': {
'Attribute': 'MESSAGE_SIZE'
},
'Operator': 'EQUALS'|'NOT_EQUALS'|'LESS_THAN'|'GREATER_THAN'|'LESS_THAN_OR_EQUAL'|'GREATER_THAN_OR_EQUAL',
'Value': 123.0
},
'IpExpression': {
'Evaluate': {
'Attribute': 'SOURCE_IP'
},
'Operator': 'CIDR_MATCHES'|'NOT_CIDR_MATCHES',
'Values': [
'string',
]
},
'VerdictExpression': {
'Evaluate': {
'Attribute': 'SPF'|'DKIM',
'Analysis': {
'Analyzer': 'string',
'ResultField': 'string'
}
},
'Operator': 'EQUALS'|'NOT_EQUALS',
'Values': [
'PASS'|'FAIL'|'GRAY'|'PROCESSING_FAILED',
]
},
'DmarcExpression': {
'Operator': 'EQUALS'|'NOT_EQUALS',
'Values': [
'NONE'|'QUARANTINE'|'REJECT',
]
}
},
],
'Actions': [
{
'Drop': {}
,
'Relay': {
'ActionFailurePolicy': 'CONTINUE'|'DROP',
'Relay': 'string',
'MailFrom': 'REPLACE'|'PRESERVE'
},
'Archive': {
'ActionFailurePolicy': 'CONTINUE'|'DROP',
'TargetArchive': 'string'
},
'WriteToS3': {
'ActionFailurePolicy': 'CONTINUE'|'DROP',
'RoleArn': 'string',
'S3Bucket': 'string',
'S3Prefix': 'string',
'S3SseKmsKeyId': 'string'
},
'Send': {
'ActionFailurePolicy': 'CONTINUE'|'DROP',
'RoleArn': 'string'
},
'AddHeader': {
'HeaderName': 'string',
'HeaderValue': 'string'
},
'ReplaceRecipient': {
'ReplaceWith': [
'string',
]
},
'DeliverToMailbox': {
'ActionFailurePolicy': 'CONTINUE'|'DROP',
'MailboxArn': 'string',
'RoleArn': 'string'
},
'DeliverToQBusiness': {
'ActionFailurePolicy': 'CONTINUE'|'DROP',
'ApplicationId': 'string',
'IndexId': 'string',
'RoleArn': 'string'
},
'PublishToSns': {
'ActionFailurePolicy': 'CONTINUE'|'DROP',
'TopicArn': 'string',
'RoleArn': 'string',
'Encoding': 'UTF-8'|'BASE64',
'PayloadType': 'HEADERS'|'CONTENT'
},
'Bounce': {
'ActionFailurePolicy': 'CONTINUE'|'DROP',
'RoleArn': 'string',
'Sender': 'string',
'StatusCode': 'string',
'SmtpReplyCode': 'string',
'DiagnosticMessage': 'string',
'Message': 'string'
},
'InvokeLambda': {
'ActionFailurePolicy': 'CONTINUE'|'DROP',
'FunctionArn': 'string',
'InvocationType': 'EVENT'|'REQUEST_RESPONSE',
'RoleArn': 'string',
'RetryTimeMinutes': 123
}
},
]
},
]
)
string
[REQUIRED]
The identifier of a rule set you want to update.
string
A user-friendly name for the rule set resource.
list
A new set of rules to replace the current rules of the rule set—these rules will override all the rules of the rule set.
(dict) --
A rule contains conditions, "unless conditions" and actions. For each envelope recipient of an email, if all conditions match and none of the "unless conditions" match, then all of the actions are executed sequentially. If no conditions are provided, the rule always applies and the actions are implicitly executed. If only "unless conditions" are provided, the rule applies if the email does not match the evaluation of the "unless conditions".
Name (string) --
The user-friendly name of the rule.
Conditions (list) --
The conditions of this rule. All conditions must match the email for the actions to be executed. An empty list of conditions means that all emails match, but are still subject to any "unless conditions"
(dict) --
The conditional expression used to evaluate an email for determining if a rule action should be taken.
BooleanExpression (dict) --
The condition applies to a boolean expression passed in this field.
Evaluate (dict) -- [REQUIRED]
The operand on which to perform a boolean condition operation.
Attribute (string) --
The boolean type representing the allowed attribute types for an email.
Analysis (dict) --
The Add On ARN and its returned value to evaluate in a boolean condition expression.
Analyzer (string) -- [REQUIRED]
The Amazon Resource Name (ARN) of an Add On.
ResultField (string) -- [REQUIRED]
The returned value from an Add On.
IsInAddressList (dict) --
The structure representing the address lists and address list attribute that will be used in evaluation of boolean expression.
Attribute (string) -- [REQUIRED]
The email attribute that needs to be evaluated against the address list.
AddressLists (list) -- [REQUIRED]
The address lists that will be used for evaluation.
(string) --
Operator (string) -- [REQUIRED]
The matching operator for a boolean condition expression.
StringExpression (dict) --
The condition applies to a string expression passed in this field.
Evaluate (dict) -- [REQUIRED]
The string to evaluate in a string condition expression.
Attribute (string) --
The email attribute to evaluate in a string condition expression.
MimeHeaderAttribute (string) --
The email MIME X-Header attribute to evaluate in a string condition expression.
Analysis (dict) --
The Add On ARN and its returned value to evaluate in a string condition expression.
Analyzer (string) -- [REQUIRED]
The Amazon Resource Name (ARN) of an Add On.
ResultField (string) -- [REQUIRED]
The returned value from an Add On.
ClientCertificateAttribute (string) --
The client certificate attribute to evaluate in a string condition expression.
Operator (string) -- [REQUIRED]
The matching operator for a string condition expression.
Values (list) -- [REQUIRED]
The string(s) to be evaluated in a string condition expression. For all operators, except for NOT_EQUALS, if multiple values are given, the values are processed as an OR. That is, if any of the values match the email's string using the given operator, the condition is deemed to match. However, for NOT_EQUALS, the condition is only deemed to match if none of the given strings match the email's string.
(string) --
NumberExpression (dict) --
The condition applies to a number expression passed in this field.
Evaluate (dict) -- [REQUIRED]
The number to evaluate in a numeric condition expression.
Attribute (string) --
An email attribute that is used as the number to evaluate.
Operator (string) -- [REQUIRED]
The operator for a numeric condition expression.
Value (float) -- [REQUIRED]
The value to evaluate in a numeric condition expression.
IpExpression (dict) --
The condition applies to an IP address expression passed in this field.
Evaluate (dict) -- [REQUIRED]
The IP address to evaluate in this condition.
Attribute (string) --
The attribute of the email to evaluate.
Operator (string) -- [REQUIRED]
The operator to evaluate the IP address.
Values (list) -- [REQUIRED]
The IP CIDR blocks in format "x.y.z.w/n" (eg 10.0.0.0/8) to match with the email's IP address. For the operator CIDR_MATCHES, if multiple values are given, they are evaluated as an OR. That is, if the IP address is contained within any of the given CIDR ranges, the condition is deemed to match. For NOT_CIDR_MATCHES, if multiple CIDR ranges are given, the condition is deemed to match if the IP address is not contained in any of the given CIDR ranges.
(string) --
VerdictExpression (dict) --
The condition applies to a verdict expression passed in this field.
Evaluate (dict) -- [REQUIRED]
The verdict to evaluate in a verdict condition expression.
Attribute (string) --
The email verdict attribute to evaluate in a string verdict expression.
Analysis (dict) --
The Add On ARN and its returned value to evaluate in a verdict condition expression.
Analyzer (string) -- [REQUIRED]
The Amazon Resource Name (ARN) of an Add On.
ResultField (string) -- [REQUIRED]
The returned value from an Add On.
Operator (string) -- [REQUIRED]
The matching operator for a verdict condition expression.
Values (list) -- [REQUIRED]
The values to match with the email's verdict using the given operator. For the EQUALS operator, if multiple values are given, the condition is deemed to match if any of the given verdicts match that of the email. For the NOT_EQUALS operator, if multiple values are given, the condition is deemed to match of none of the given verdicts match the verdict of the email.
(string) --
DmarcExpression (dict) --
The condition applies to a DMARC policy expression passed in this field.
Operator (string) -- [REQUIRED]
The operator to apply to the DMARC policy of the incoming email.
Values (list) -- [REQUIRED]
The values to use for the given DMARC policy operator. For the operator EQUALS, if multiple values are given, they are evaluated as an OR. That is, if any of the given values match, the condition is deemed to match. For the operator NOT_EQUALS, if multiple values are given, they are evaluated as an AND. That is, only if the email's DMARC policy is not equal to any of the given values, then the condition is deemed to match.
(string) --
Unless (list) --
The "unless conditions" of this rule. None of the conditions can match the email for the actions to be executed. If any of these conditions do match the email, then the actions are not executed.
(dict) --
The conditional expression used to evaluate an email for determining if a rule action should be taken.
BooleanExpression (dict) --
The condition applies to a boolean expression passed in this field.
Evaluate (dict) -- [REQUIRED]
The operand on which to perform a boolean condition operation.
Attribute (string) --
The boolean type representing the allowed attribute types for an email.
Analysis (dict) --
The Add On ARN and its returned value to evaluate in a boolean condition expression.
Analyzer (string) -- [REQUIRED]
The Amazon Resource Name (ARN) of an Add On.
ResultField (string) -- [REQUIRED]
The returned value from an Add On.
IsInAddressList (dict) --
The structure representing the address lists and address list attribute that will be used in evaluation of boolean expression.
Attribute (string) -- [REQUIRED]
The email attribute that needs to be evaluated against the address list.
AddressLists (list) -- [REQUIRED]
The address lists that will be used for evaluation.
(string) --
Operator (string) -- [REQUIRED]
The matching operator for a boolean condition expression.
StringExpression (dict) --
The condition applies to a string expression passed in this field.
Evaluate (dict) -- [REQUIRED]
The string to evaluate in a string condition expression.
Attribute (string) --
The email attribute to evaluate in a string condition expression.
MimeHeaderAttribute (string) --
The email MIME X-Header attribute to evaluate in a string condition expression.
Analysis (dict) --
The Add On ARN and its returned value to evaluate in a string condition expression.
Analyzer (string) -- [REQUIRED]
The Amazon Resource Name (ARN) of an Add On.
ResultField (string) -- [REQUIRED]
The returned value from an Add On.
ClientCertificateAttribute (string) --
The client certificate attribute to evaluate in a string condition expression.
Operator (string) -- [REQUIRED]
The matching operator for a string condition expression.
Values (list) -- [REQUIRED]
The string(s) to be evaluated in a string condition expression. For all operators, except for NOT_EQUALS, if multiple values are given, the values are processed as an OR. That is, if any of the values match the email's string using the given operator, the condition is deemed to match. However, for NOT_EQUALS, the condition is only deemed to match if none of the given strings match the email's string.
(string) --
NumberExpression (dict) --
The condition applies to a number expression passed in this field.
Evaluate (dict) -- [REQUIRED]
The number to evaluate in a numeric condition expression.
Attribute (string) --
An email attribute that is used as the number to evaluate.
Operator (string) -- [REQUIRED]
The operator for a numeric condition expression.
Value (float) -- [REQUIRED]
The value to evaluate in a numeric condition expression.
IpExpression (dict) --
The condition applies to an IP address expression passed in this field.
Evaluate (dict) -- [REQUIRED]
The IP address to evaluate in this condition.
Attribute (string) --
The attribute of the email to evaluate.
Operator (string) -- [REQUIRED]
The operator to evaluate the IP address.
Values (list) -- [REQUIRED]
The IP CIDR blocks in format "x.y.z.w/n" (eg 10.0.0.0/8) to match with the email's IP address. For the operator CIDR_MATCHES, if multiple values are given, they are evaluated as an OR. That is, if the IP address is contained within any of the given CIDR ranges, the condition is deemed to match. For NOT_CIDR_MATCHES, if multiple CIDR ranges are given, the condition is deemed to match if the IP address is not contained in any of the given CIDR ranges.
(string) --
VerdictExpression (dict) --
The condition applies to a verdict expression passed in this field.
Evaluate (dict) -- [REQUIRED]
The verdict to evaluate in a verdict condition expression.
Attribute (string) --
The email verdict attribute to evaluate in a string verdict expression.
Analysis (dict) --
The Add On ARN and its returned value to evaluate in a verdict condition expression.
Analyzer (string) -- [REQUIRED]
The Amazon Resource Name (ARN) of an Add On.
ResultField (string) -- [REQUIRED]
The returned value from an Add On.
Operator (string) -- [REQUIRED]
The matching operator for a verdict condition expression.
Values (list) -- [REQUIRED]
The values to match with the email's verdict using the given operator. For the EQUALS operator, if multiple values are given, the condition is deemed to match if any of the given verdicts match that of the email. For the NOT_EQUALS operator, if multiple values are given, the condition is deemed to match of none of the given verdicts match the verdict of the email.
(string) --
DmarcExpression (dict) --
The condition applies to a DMARC policy expression passed in this field.
Operator (string) -- [REQUIRED]
The operator to apply to the DMARC policy of the incoming email.
Values (list) -- [REQUIRED]
The values to use for the given DMARC policy operator. For the operator EQUALS, if multiple values are given, they are evaluated as an OR. That is, if any of the given values match, the condition is deemed to match. For the operator NOT_EQUALS, if multiple values are given, they are evaluated as an AND. That is, only if the email's DMARC policy is not equal to any of the given values, then the condition is deemed to match.
(string) --
Actions (list) -- [REQUIRED]
The list of actions to execute when the conditions match the incoming email, and none of the "unless conditions" match.
(dict) --
The action for a rule to take. Only one of the contained actions can be set.
Drop (dict) --
This action terminates the evaluation of rules in the rule set.
Relay (dict) --
This action relays the email to another SMTP server.
ActionFailurePolicy (string) --
A policy that states what to do in the case of failure. The action will fail if there are configuration errors. For example, the specified relay has been deleted.
Relay (string) -- [REQUIRED]
The identifier of the relay resource to be used when relaying an email.
MailFrom (string) --
This action specifies whether to preserve or replace original mail from address while relaying received emails to a destination server.
Archive (dict) --
This action archives the email. This can be used to deliver an email to an archive.
ActionFailurePolicy (string) --
A policy that states what to do in the case of failure. The action will fail if there are configuration errors. For example, the specified archive has been deleted.
TargetArchive (string) -- [REQUIRED]
The identifier of the archive to send the email to.
WriteToS3 (dict) --
This action writes the MIME content of the email to an S3 bucket.
ActionFailurePolicy (string) --
A policy that states what to do in the case of failure. The action will fail if there are configuration errors. For example, the specified the bucket has been deleted.
RoleArn (string) -- [REQUIRED]
The Amazon Resource Name (ARN) of the IAM Role to use while writing to S3. This role must have access to the s3:PutObject, kms:Encrypt, and kms:GenerateDataKey APIs for the given bucket.
S3Bucket (string) -- [REQUIRED]
The bucket name of the S3 bucket to write to.
S3Prefix (string) --
The S3 prefix to use for the write to the s3 bucket.
S3SseKmsKeyId (string) --
The KMS Key ID to use to encrypt the message in S3.
Send (dict) --
This action sends the email to the internet.
ActionFailurePolicy (string) --
A policy that states what to do in the case of failure. The action will fail if there are configuration errors. For example, the caller does not have the permissions to call the sendRawEmail API.
RoleArn (string) -- [REQUIRED]
The Amazon Resource Name (ARN) of the role to use for this action. This role must have access to the ses:SendRawEmail API.
AddHeader (dict) --
This action adds a header. This can be used to add arbitrary email headers.
HeaderName (string) -- [REQUIRED]
The name of the header to add to an email. The header must be prefixed with "X-". Headers are added regardless of whether the header name pre-existed in the email.
HeaderValue (string) -- [REQUIRED]
The value of the header to add to the email.
ReplaceRecipient (dict) --
The action replaces certain or all recipients with a different set of recipients.
ReplaceWith (list) --
This action specifies the replacement recipient email addresses to insert.
(string) --
DeliverToMailbox (dict) --
This action delivers an email to a WorkMail mailbox.
ActionFailurePolicy (string) --
A policy that states what to do in the case of failure. The action will fail if there are configuration errors. For example, the mailbox ARN is no longer valid.
MailboxArn (string) -- [REQUIRED]
The Amazon Resource Name (ARN) of a WorkMail organization to deliver the email to.
RoleArn (string) -- [REQUIRED]
The Amazon Resource Name (ARN) of an IAM role to use to execute this action. The role must have access to the workmail:DeliverToMailbox API.
DeliverToQBusiness (dict) --
This action delivers an email to an Amazon Q Business application for ingestion into its knowledge base.
ActionFailurePolicy (string) --
A policy that states what to do in the case of failure. The action will fail if there are configuration errors. For example, the specified application has been deleted or the role lacks necessary permissions to call the qbusiness:BatchPutDocument API.
ApplicationId (string) -- [REQUIRED]
The unique identifier of the Amazon Q Business application instance where the email content will be delivered.
IndexId (string) -- [REQUIRED]
The identifier of the knowledge base index within the Amazon Q Business application where the email content will be stored and indexed.
RoleArn (string) -- [REQUIRED]
The Amazon Resource Name (ARN) of the IAM Role to use while delivering to Amazon Q Business. This role must have access to the qbusiness:BatchPutDocument API for the given application and index.
PublishToSns (dict) --
This action publishes the email content to an Amazon SNS topic.
ActionFailurePolicy (string) --
A policy that states what to do in the case of failure. The action will fail if there are configuration errors. For example, specified SNS topic has been deleted or the role lacks necessary permissions to call the sns:Publish API.
TopicArn (string) -- [REQUIRED]
The Amazon Resource Name (ARN) of the Amazon SNS Topic to which notification for the email received will be published.
RoleArn (string) -- [REQUIRED]
The Amazon Resource Name (ARN) of the IAM Role to use while writing to Amazon SNS. This role must have access to the sns:Publish API for the given topic.
Encoding (string) --
The encoding to use for the email within the Amazon SNS notification. The default value is UTF-8. Use BASE64 if you need to preserve all special characters, especially when the original message uses a different encoding format.
PayloadType (string) --
The expected payload type within the Amazon SNS notification. CONTENT attempts to publish the full email content with 20KB of headers content. HEADERS extracts up to 100KB of header content to include in the notification, email content will not be included to the notification. The default value is CONTENT.
Bounce (dict) --
This action sends a bounce response for the email.
ActionFailurePolicy (string) --
A policy that states what to do in the case of failure. The action will fail if there are configuration errors. For example, the caller does not have the permissions to call the SendBounce API.
RoleArn (string) -- [REQUIRED]
The Amazon Resource Name (ARN) of the IAM role to use to send the bounce message.
Sender (string) -- [REQUIRED]
The sender email address of the bounce message.
StatusCode (string) -- [REQUIRED]
The enhanced status code for the bounce, in the format of x.y.z (e.g. 5.1.1).
SmtpReplyCode (string) -- [REQUIRED]
The SMTP reply code for the bounce, as defined by RFC 5321.
DiagnosticMessage (string) -- [REQUIRED]
The diagnostic message included in the Diagnostic-Code header of the bounce.
Message (string) --
The human-readable text to include in the bounce message.
InvokeLambda (dict) --
This action invokes an Amazon Web Services Lambda function to process the email.
ActionFailurePolicy (string) --
A policy that states what to do in the case of failure. The action will fail if there are configuration errors. For example, the Amazon Web Services Lambda function no longer exists.
FunctionArn (string) -- [REQUIRED]
The Amazon Resource Name (ARN) of the Lambda function to invoke.
InvocationType (string) -- [REQUIRED]
The invocation type of the Lambda function. Use EVENT for asynchronous invocation or REQUEST_RESPONSE for synchronous invocation.
RoleArn (string) -- [REQUIRED]
The Amazon Resource Name (ARN) of the IAM role to use to invoke the Lambda function.
RetryTimeMinutes (integer) --
The maximum time in minutes that the email processing can be retried if the Lambda invocation fails. The maximum value is 2160 minutes (36 hours).
dict
Response Syntax
{}
Response Structure
(dict) --