2022/10/04 - Amazon WorkMail - 7 new 3 updated api methods
Changes This release adds support for impersonation roles in Amazon WorkMail.
Updates an impersonation role for the given WorkMail organization.
See also: AWS API Documentation
Request Syntax
client.update_impersonation_role( OrganizationId='string', ImpersonationRoleId='string', Name='string', Type='FULL_ACCESS'|'READ_ONLY', Description='string', Rules=[ { 'ImpersonationRuleId': 'string', 'Name': 'string', 'Description': 'string', 'Effect': 'ALLOW'|'DENY', 'TargetUsers': [ 'string', ], 'NotTargetUsers': [ 'string', ] }, ] )
string
[REQUIRED]
The WorkMail organization that contains the impersonation role to update.
string
[REQUIRED]
The ID of the impersonation role to update.
string
[REQUIRED]
The updated impersonation role name.
string
[REQUIRED]
The updated impersonation role type.
string
The updated impersonation role description.
list
[REQUIRED]
The updated list of rules.
(dict) --
The rules for the given impersonation role.
ImpersonationRuleId (string) -- [REQUIRED]
The identifier of the rule.
Name (string) --
The rule name.
Description (string) --
The rule description.
Effect (string) -- [REQUIRED]
The effect of the rule when it matches the input. Allowed effect values are ALLOW or DENY .
TargetUsers (list) --
A list of user IDs that match the rule.
(string) --
NotTargetUsers (list) --
A list of user IDs that don't match the rule.
(string) --
dict
Response Syntax
{}
Response Structure
(dict) --
Assumes an impersonation role for the given WorkMail organization. This method returns an authentication token you can use to make impersonated calls.
See also: AWS API Documentation
Request Syntax
client.assume_impersonation_role( OrganizationId='string', ImpersonationRoleId='string' )
string
[REQUIRED]
The WorkMail organization under which the impersonation role will be assumed.
string
[REQUIRED]
The impersonation role ID to assume.
dict
Response Syntax
{ 'Token': 'string', 'ExpiresIn': 123 }
Response Structure
(dict) --
Token (string) --
The authentication token for the impersonation role.
ExpiresIn (integer) --
The authentication token's validity, in seconds.
Gets the impersonation role details for the given WorkMail organization.
See also: AWS API Documentation
Request Syntax
client.get_impersonation_role( OrganizationId='string', ImpersonationRoleId='string' )
string
[REQUIRED]
The WorkMail organization from which to retrieve the impersonation role.
string
[REQUIRED]
The impersonation role ID to retrieve.
dict
Response Syntax
{ 'ImpersonationRoleId': 'string', 'Name': 'string', 'Type': 'FULL_ACCESS'|'READ_ONLY', 'Description': 'string', 'Rules': [ { 'ImpersonationRuleId': 'string', 'Name': 'string', 'Description': 'string', 'Effect': 'ALLOW'|'DENY', 'TargetUsers': [ 'string', ], 'NotTargetUsers': [ 'string', ] }, ], 'DateCreated': datetime(2015, 1, 1), 'DateModified': datetime(2015, 1, 1) }
Response Structure
(dict) --
ImpersonationRoleId (string) --
The impersonation role ID.
Name (string) --
The impersonation role name.
Type (string) --
The impersonation role type.
Description (string) --
The impersonation role description.
Rules (list) --
The list of rules for the given impersonation role.
(dict) --
The rules for the given impersonation role.
ImpersonationRuleId (string) --
The identifier of the rule.
Name (string) --
The rule name.
Description (string) --
The rule description.
Effect (string) --
The effect of the rule when it matches the input. Allowed effect values are ALLOW or DENY .
TargetUsers (list) --
A list of user IDs that match the rule.
(string) --
NotTargetUsers (list) --
A list of user IDs that don't match the rule.
(string) --
DateCreated (datetime) --
The date when the impersonation role was created.
DateModified (datetime) --
The date when the impersonation role was last modified.
Creates an impersonation role for the given WorkMail organization.
Idempotency ensures that an API request completes no more than one time. With an idempotent request, if the original request completes successfully, any subsequent retries also complete successfully without performing any further actions.
See also: AWS API Documentation
Request Syntax
client.create_impersonation_role( ClientToken='string', OrganizationId='string', Name='string', Type='FULL_ACCESS'|'READ_ONLY', Description='string', Rules=[ { 'ImpersonationRuleId': 'string', 'Name': 'string', 'Description': 'string', 'Effect': 'ALLOW'|'DENY', 'TargetUsers': [ 'string', ], 'NotTargetUsers': [ 'string', ] }, ] )
string
The idempotency token for the client request.
This field is autopopulated if not provided.
string
[REQUIRED]
The WorkMail organization to create the new impersonation role within.
string
[REQUIRED]
The name of the new impersonation role.
string
[REQUIRED]
The impersonation role's type. The available impersonation role types are READ_ONLY or FULL_ACCESS .
string
The description of the new impersonation role.
list
[REQUIRED]
The list of rules for the impersonation role.
(dict) --
The rules for the given impersonation role.
ImpersonationRuleId (string) -- [REQUIRED]
The identifier of the rule.
Name (string) --
The rule name.
Description (string) --
The rule description.
Effect (string) -- [REQUIRED]
The effect of the rule when it matches the input. Allowed effect values are ALLOW or DENY .
TargetUsers (list) --
A list of user IDs that match the rule.
(string) --
NotTargetUsers (list) --
A list of user IDs that don't match the rule.
(string) --
dict
Response Syntax
{ 'ImpersonationRoleId': 'string' }
Response Structure
(dict) --
ImpersonationRoleId (string) --
The new impersonation role ID.
Deletes an impersonation role for the given WorkMail organization.
See also: AWS API Documentation
Request Syntax
client.delete_impersonation_role( OrganizationId='string', ImpersonationRoleId='string' )
string
[REQUIRED]
The WorkMail organization from which to delete the impersonation role.
string
[REQUIRED]
The ID of the impersonation role to delete.
dict
Response Syntax
{}
Response Structure
(dict) --
Lists all the impersonation roles for the given WorkMail organization.
See also: AWS API Documentation
Request Syntax
client.list_impersonation_roles( OrganizationId='string', NextToken='string', MaxResults=123 )
string
[REQUIRED]
The WorkMail organization to which the listed impersonation roles belong.
string
The token used to retrieve the next page of results. The first call doesn't require a token.
integer
The maximum number of results returned in a single call.
dict
Response Syntax
{ 'Roles': [ { 'ImpersonationRoleId': 'string', 'Name': 'string', 'Type': 'FULL_ACCESS'|'READ_ONLY', 'DateCreated': datetime(2015, 1, 1), 'DateModified': datetime(2015, 1, 1) }, ], 'NextToken': 'string' }
Response Structure
(dict) --
Roles (list) --
The list of impersonation roles under the given WorkMail organization.
(dict) --
An impersonation role for the given WorkMail organization.
ImpersonationRoleId (string) --
The identifier of the impersonation role.
Name (string) --
The impersonation role name.
Type (string) --
The impersonation role type.
DateCreated (datetime) --
The date when the impersonation role was created.
DateModified (datetime) --
The date when the impersonation role was last modified.
NextToken (string) --
The token to retrieve the next page of results. The value is null when there are no results to return.
Tests whether the given impersonation role can impersonate a target user.
See also: AWS API Documentation
Request Syntax
client.get_impersonation_role_effect( OrganizationId='string', ImpersonationRoleId='string', TargetUser='string' )
string
[REQUIRED]
The WorkMail organization where the impersonation role is defined.
string
[REQUIRED]
The impersonation role ID to test.
string
[REQUIRED]
The WorkMail organization user chosen to test the impersonation role. The following identity formats are available:
User ID: 12345678-1234-1234-1234-123456789012 or S-1-1-12-1234567890-123456789-123456789-1234
Email address: user@domain.tld
User name: user
dict
Response Syntax
{ 'Type': 'FULL_ACCESS'|'READ_ONLY', 'Effect': 'ALLOW'|'DENY', 'MatchedRules': [ { 'ImpersonationRuleId': 'string', 'Name': 'string' }, ] }
Response Structure
(dict) --
Type (string) --
The impersonation role type.
Effect (string) --
Effect of the impersonation role on the target user based on its rules. Available effects are ALLOW or DENY .
MatchedRules (list) --
A list of the rules that match the input and produce the configured effect.
(dict) --
The impersonation rule that matched the input.
ImpersonationRuleId (string) --
The ID of the rule that matched the input
Name (string) --
The name of the rule that matched the input.
{'ImpersonationRoleId': 'string'}
Gets the effects of an organization's access control rules as they apply to a specified IPv4 address, access protocol action, and user ID or impersonation role ID. You must provide either the user ID or impersonation role ID. Impersonation role ID can only be used with Action EWS.
See also: AWS API Documentation
Request Syntax
client.get_access_control_effect( OrganizationId='string', IpAddress='string', Action='string', UserId='string', ImpersonationRoleId='string' )
string
[REQUIRED]
The identifier for the organization.
string
[REQUIRED]
The IPv4 address.
string
[REQUIRED]
The access protocol action. Valid values include ActiveSync , AutoDiscover , EWS , IMAP , SMTP , WindowsOutlook , and WebMail .
string
The user ID.
string
The impersonation role ID.
dict
Response Syntax
{ 'Effect': 'ALLOW'|'DENY', 'MatchedRules': [ 'string', ] }
Response Structure
(dict) --
Effect (string) --
The rule effect.
MatchedRules (list) --
The rules that match the given parameters, resulting in an effect.
(string) --
{'Rules': {'ImpersonationRoleIds': ['string'], 'NotImpersonationRoleIds': ['string']}}
Lists the access control rules for the specified organization.
See also: AWS API Documentation
Request Syntax
client.list_access_control_rules( OrganizationId='string' )
string
[REQUIRED]
The identifier for the organization.
dict
Response Syntax
{ 'Rules': [ { 'Name': 'string', 'Effect': 'ALLOW'|'DENY', 'Description': 'string', 'IpRanges': [ 'string', ], 'NotIpRanges': [ 'string', ], 'Actions': [ 'string', ], 'NotActions': [ 'string', ], 'UserIds': [ 'string', ], 'NotUserIds': [ 'string', ], 'DateCreated': datetime(2015, 1, 1), 'DateModified': datetime(2015, 1, 1), 'ImpersonationRoleIds': [ 'string', ], 'NotImpersonationRoleIds': [ 'string', ] }, ] }
Response Structure
(dict) --
Rules (list) --
The access control rules.
(dict) --
A rule that controls access to an WorkMail organization.
Name (string) --
The rule name.
Effect (string) --
The rule effect.
Description (string) --
The rule description.
IpRanges (list) --
IPv4 CIDR ranges to include in the rule.
(string) --
NotIpRanges (list) --
IPv4 CIDR ranges to exclude from the rule.
(string) --
Actions (list) --
Access protocol actions to include in the rule. Valid values include ActiveSync , AutoDiscover , EWS , IMAP , SMTP , WindowsOutlook , and WebMail .
(string) --
NotActions (list) --
Access protocol actions to exclude from the rule. Valid values include ActiveSync , AutoDiscover , EWS , IMAP , SMTP , WindowsOutlook , and WebMail .
(string) --
UserIds (list) --
User IDs to include in the rule.
(string) --
NotUserIds (list) --
User IDs to exclude from the rule.
(string) --
DateCreated (datetime) --
The date that the rule was created.
DateModified (datetime) --
The date that the rule was modified.
ImpersonationRoleIds (list) --
Impersonation role IDs to include in the rule.
(string) --
NotImpersonationRoleIds (list) --
Impersonation role IDs to exclude from the rule.
(string) --
{'ImpersonationRoleIds': ['string'], 'NotImpersonationRoleIds': ['string']}
Adds a new access control rule for the specified organization. The rule allows or denies access to the organization for the specified IPv4 addresses, access protocol actions, user IDs and impersonation IDs. Adding a new rule with the same name as an existing rule replaces the older rule.
See also: AWS API Documentation
Request Syntax
client.put_access_control_rule( Name='string', Effect='ALLOW'|'DENY', Description='string', IpRanges=[ 'string', ], NotIpRanges=[ 'string', ], Actions=[ 'string', ], NotActions=[ 'string', ], UserIds=[ 'string', ], NotUserIds=[ 'string', ], OrganizationId='string', ImpersonationRoleIds=[ 'string', ], NotImpersonationRoleIds=[ 'string', ] )
string
[REQUIRED]
The rule name.
string
[REQUIRED]
The rule effect.
string
[REQUIRED]
The rule description.
list
IPv4 CIDR ranges to include in the rule.
(string) --
list
IPv4 CIDR ranges to exclude from the rule.
(string) --
list
Access protocol actions to include in the rule. Valid values include ActiveSync , AutoDiscover , EWS , IMAP , SMTP , WindowsOutlook , and WebMail .
(string) --
list
Access protocol actions to exclude from the rule. Valid values include ActiveSync , AutoDiscover , EWS , IMAP , SMTP , WindowsOutlook , and WebMail .
(string) --
list
User IDs to include in the rule.
(string) --
list
User IDs to exclude from the rule.
(string) --
string
[REQUIRED]
The identifier of the organization.
list
Impersonation role IDs to include in the rule.
(string) --
list
Impersonation role IDs to exclude from the rule.
(string) --
dict
Response Syntax
{}
Response Structure
(dict) --