Amazon WorkMail

2022/10/04 - Amazon WorkMail - 7 new 3 updated api methods

Changes  This release adds support for impersonation roles in Amazon WorkMail.

UpdateImpersonationRole (new) Link ¶

Updates an impersonation role for the given WorkMail organization.

See also: AWS API Documentation

Request Syntax

client.update_impersonation_role(
    OrganizationId='string',
    ImpersonationRoleId='string',
    Name='string',
    Type='FULL_ACCESS'|'READ_ONLY',
    Description='string',
    Rules=[
        {
            'ImpersonationRuleId': 'string',
            'Name': 'string',
            'Description': 'string',
            'Effect': 'ALLOW'|'DENY',
            'TargetUsers': [
                'string',
            ],
            'NotTargetUsers': [
                'string',
            ]
        },
    ]
)
type OrganizationId

string

param OrganizationId

[REQUIRED]

The WorkMail organization that contains the impersonation role to update.

type ImpersonationRoleId

string

param ImpersonationRoleId

[REQUIRED]

The ID of the impersonation role to update.

type Name

string

param Name

[REQUIRED]

The updated impersonation role name.

type Type

string

param Type

[REQUIRED]

The updated impersonation role type.

type Description

string

param Description

The updated impersonation role description.

type Rules

list

param Rules

[REQUIRED]

The updated list of rules.

  • (dict) --

    The rules for the given impersonation role.

    • ImpersonationRuleId (string) -- [REQUIRED]

      The identifier of the rule.

    • Name (string) --

      The rule name.

    • Description (string) --

      The rule description.

    • Effect (string) -- [REQUIRED]

      The effect of the rule when it matches the input. Allowed effect values are ALLOW or DENY .

    • TargetUsers (list) --

      A list of user IDs that match the rule.

      • (string) --

    • NotTargetUsers (list) --

      A list of user IDs that don't match the rule.

      • (string) --

rtype

dict

returns

Response Syntax

{}

Response Structure

  • (dict) --

AssumeImpersonationRole (new) Link ¶

Assumes an impersonation role for the given WorkMail organization. This method returns an authentication token you can use to make impersonated calls.

See also: AWS API Documentation

Request Syntax

client.assume_impersonation_role(
    OrganizationId='string',
    ImpersonationRoleId='string'
)
type OrganizationId

string

param OrganizationId

[REQUIRED]

The WorkMail organization under which the impersonation role will be assumed.

type ImpersonationRoleId

string

param ImpersonationRoleId

[REQUIRED]

The impersonation role ID to assume.

rtype

dict

returns

Response Syntax

{
    'Token': 'string',
    'ExpiresIn': 123
}

Response Structure

  • (dict) --

    • Token (string) --

      The authentication token for the impersonation role.

    • ExpiresIn (integer) --

      The authentication token's validity, in seconds.

GetImpersonationRole (new) Link ¶

Gets the impersonation role details for the given WorkMail organization.

See also: AWS API Documentation

Request Syntax

client.get_impersonation_role(
    OrganizationId='string',
    ImpersonationRoleId='string'
)
type OrganizationId

string

param OrganizationId

[REQUIRED]

The WorkMail organization from which to retrieve the impersonation role.

type ImpersonationRoleId

string

param ImpersonationRoleId

[REQUIRED]

The impersonation role ID to retrieve.

rtype

dict

returns

Response Syntax

{
    'ImpersonationRoleId': 'string',
    'Name': 'string',
    'Type': 'FULL_ACCESS'|'READ_ONLY',
    'Description': 'string',
    'Rules': [
        {
            'ImpersonationRuleId': 'string',
            'Name': 'string',
            'Description': 'string',
            'Effect': 'ALLOW'|'DENY',
            'TargetUsers': [
                'string',
            ],
            'NotTargetUsers': [
                'string',
            ]
        },
    ],
    'DateCreated': datetime(2015, 1, 1),
    'DateModified': datetime(2015, 1, 1)
}

Response Structure

  • (dict) --

    • ImpersonationRoleId (string) --

      The impersonation role ID.

    • Name (string) --

      The impersonation role name.

    • Type (string) --

      The impersonation role type.

    • Description (string) --

      The impersonation role description.

    • Rules (list) --

      The list of rules for the given impersonation role.

      • (dict) --

        The rules for the given impersonation role.

        • ImpersonationRuleId (string) --

          The identifier of the rule.

        • Name (string) --

          The rule name.

        • Description (string) --

          The rule description.

        • Effect (string) --

          The effect of the rule when it matches the input. Allowed effect values are ALLOW or DENY .

        • TargetUsers (list) --

          A list of user IDs that match the rule.

          • (string) --

        • NotTargetUsers (list) --

          A list of user IDs that don't match the rule.

          • (string) --

    • DateCreated (datetime) --

      The date when the impersonation role was created.

    • DateModified (datetime) --

      The date when the impersonation role was last modified.

CreateImpersonationRole (new) Link ¶

Creates an impersonation role for the given WorkMail organization.

Idempotency ensures that an API request completes no more than one time. With an idempotent request, if the original request completes successfully, any subsequent retries also complete successfully without performing any further actions.

See also: AWS API Documentation

Request Syntax

client.create_impersonation_role(
    ClientToken='string',
    OrganizationId='string',
    Name='string',
    Type='FULL_ACCESS'|'READ_ONLY',
    Description='string',
    Rules=[
        {
            'ImpersonationRuleId': 'string',
            'Name': 'string',
            'Description': 'string',
            'Effect': 'ALLOW'|'DENY',
            'TargetUsers': [
                'string',
            ],
            'NotTargetUsers': [
                'string',
            ]
        },
    ]
)
type ClientToken

string

param ClientToken

The idempotency token for the client request.

This field is autopopulated if not provided.

type OrganizationId

string

param OrganizationId

[REQUIRED]

The WorkMail organization to create the new impersonation role within.

type Name

string

param Name

[REQUIRED]

The name of the new impersonation role.

type Type

string

param Type

[REQUIRED]

The impersonation role's type. The available impersonation role types are READ_ONLY or FULL_ACCESS .

type Description

string

param Description

The description of the new impersonation role.

type Rules

list

param Rules

[REQUIRED]

The list of rules for the impersonation role.

  • (dict) --

    The rules for the given impersonation role.

    • ImpersonationRuleId (string) -- [REQUIRED]

      The identifier of the rule.

    • Name (string) --

      The rule name.

    • Description (string) --

      The rule description.

    • Effect (string) -- [REQUIRED]

      The effect of the rule when it matches the input. Allowed effect values are ALLOW or DENY .

    • TargetUsers (list) --

      A list of user IDs that match the rule.

      • (string) --

    • NotTargetUsers (list) --

      A list of user IDs that don't match the rule.

      • (string) --

rtype

dict

returns

Response Syntax

{
    'ImpersonationRoleId': 'string'
}

Response Structure

  • (dict) --

    • ImpersonationRoleId (string) --

      The new impersonation role ID.

DeleteImpersonationRole (new) Link ¶

Deletes an impersonation role for the given WorkMail organization.

See also: AWS API Documentation

Request Syntax

client.delete_impersonation_role(
    OrganizationId='string',
    ImpersonationRoleId='string'
)
type OrganizationId

string

param OrganizationId

[REQUIRED]

The WorkMail organization from which to delete the impersonation role.

type ImpersonationRoleId

string

param ImpersonationRoleId

[REQUIRED]

The ID of the impersonation role to delete.

rtype

dict

returns

Response Syntax

{}

Response Structure

  • (dict) --

ListImpersonationRoles (new) Link ¶

Lists all the impersonation roles for the given WorkMail organization.

See also: AWS API Documentation

Request Syntax

client.list_impersonation_roles(
    OrganizationId='string',
    NextToken='string',
    MaxResults=123
)
type OrganizationId

string

param OrganizationId

[REQUIRED]

The WorkMail organization to which the listed impersonation roles belong.

type NextToken

string

param NextToken

The token used to retrieve the next page of results. The first call doesn't require a token.

type MaxResults

integer

param MaxResults

The maximum number of results returned in a single call.

rtype

dict

returns

Response Syntax

{
    'Roles': [
        {
            'ImpersonationRoleId': 'string',
            'Name': 'string',
            'Type': 'FULL_ACCESS'|'READ_ONLY',
            'DateCreated': datetime(2015, 1, 1),
            'DateModified': datetime(2015, 1, 1)
        },
    ],
    'NextToken': 'string'
}

Response Structure

  • (dict) --

    • Roles (list) --

      The list of impersonation roles under the given WorkMail organization.

      • (dict) --

        An impersonation role for the given WorkMail organization.

        • ImpersonationRoleId (string) --

          The identifier of the impersonation role.

        • Name (string) --

          The impersonation role name.

        • Type (string) --

          The impersonation role type.

        • DateCreated (datetime) --

          The date when the impersonation role was created.

        • DateModified (datetime) --

          The date when the impersonation role was last modified.

    • NextToken (string) --

      The token to retrieve the next page of results. The value is null when there are no results to return.

GetImpersonationRoleEffect (new) Link ¶

Tests whether the given impersonation role can impersonate a target user.

See also: AWS API Documentation

Request Syntax

client.get_impersonation_role_effect(
    OrganizationId='string',
    ImpersonationRoleId='string',
    TargetUser='string'
)
type OrganizationId

string

param OrganizationId

[REQUIRED]

The WorkMail organization where the impersonation role is defined.

type ImpersonationRoleId

string

param ImpersonationRoleId

[REQUIRED]

The impersonation role ID to test.

type TargetUser

string

param TargetUser

[REQUIRED]

The WorkMail organization user chosen to test the impersonation role. The following identity formats are available:

  • User ID: 12345678-1234-1234-1234-123456789012 or S-1-1-12-1234567890-123456789-123456789-1234

  • Email address: user@domain.tld

  • User name: user

rtype

dict

returns

Response Syntax

{
    'Type': 'FULL_ACCESS'|'READ_ONLY',
    'Effect': 'ALLOW'|'DENY',
    'MatchedRules': [
        {
            'ImpersonationRuleId': 'string',
            'Name': 'string'
        },
    ]
}

Response Structure

  • (dict) --

    • Type (string) --

      The impersonation role type.

    • Effect (string) --

      Effect of the impersonation role on the target user based on its rules. Available effects are ALLOW or DENY .

    • MatchedRules (list) --

      A list of the rules that match the input and produce the configured effect.

      • (dict) --

        The impersonation rule that matched the input.

        • ImpersonationRuleId (string) --

          The ID of the rule that matched the input

        • Name (string) --

          The name of the rule that matched the input.

GetAccessControlEffect (updated) Link ¶
Changes (request)
{'ImpersonationRoleId': 'string'}

Gets the effects of an organization's access control rules as they apply to a specified IPv4 address, access protocol action, and user ID or impersonation role ID. You must provide either the user ID or impersonation role ID. Impersonation role ID can only be used with Action EWS.

See also: AWS API Documentation

Request Syntax

client.get_access_control_effect(
    OrganizationId='string',
    IpAddress='string',
    Action='string',
    UserId='string',
    ImpersonationRoleId='string'
)
type OrganizationId

string

param OrganizationId

[REQUIRED]

The identifier for the organization.

type IpAddress

string

param IpAddress

[REQUIRED]

The IPv4 address.

type Action

string

param Action

[REQUIRED]

The access protocol action. Valid values include ActiveSync , AutoDiscover , EWS , IMAP , SMTP , WindowsOutlook , and WebMail .

type UserId

string

param UserId

The user ID.

type ImpersonationRoleId

string

param ImpersonationRoleId

The impersonation role ID.

rtype

dict

returns

Response Syntax

{
    'Effect': 'ALLOW'|'DENY',
    'MatchedRules': [
        'string',
    ]
}

Response Structure

  • (dict) --

    • Effect (string) --

      The rule effect.

    • MatchedRules (list) --

      The rules that match the given parameters, resulting in an effect.

      • (string) --

ListAccessControlRules (updated) Link ¶
Changes (response)
{'Rules': {'ImpersonationRoleIds': ['string'],
           'NotImpersonationRoleIds': ['string']}}

Lists the access control rules for the specified organization.

See also: AWS API Documentation

Request Syntax

client.list_access_control_rules(
    OrganizationId='string'
)
type OrganizationId

string

param OrganizationId

[REQUIRED]

The identifier for the organization.

rtype

dict

returns

Response Syntax

{
    'Rules': [
        {
            'Name': 'string',
            'Effect': 'ALLOW'|'DENY',
            'Description': 'string',
            'IpRanges': [
                'string',
            ],
            'NotIpRanges': [
                'string',
            ],
            'Actions': [
                'string',
            ],
            'NotActions': [
                'string',
            ],
            'UserIds': [
                'string',
            ],
            'NotUserIds': [
                'string',
            ],
            'DateCreated': datetime(2015, 1, 1),
            'DateModified': datetime(2015, 1, 1),
            'ImpersonationRoleIds': [
                'string',
            ],
            'NotImpersonationRoleIds': [
                'string',
            ]
        },
    ]
}

Response Structure

  • (dict) --

    • Rules (list) --

      The access control rules.

      • (dict) --

        A rule that controls access to an WorkMail organization.

        • Name (string) --

          The rule name.

        • Effect (string) --

          The rule effect.

        • Description (string) --

          The rule description.

        • IpRanges (list) --

          IPv4 CIDR ranges to include in the rule.

          • (string) --

        • NotIpRanges (list) --

          IPv4 CIDR ranges to exclude from the rule.

          • (string) --

        • Actions (list) --

          Access protocol actions to include in the rule. Valid values include ActiveSync , AutoDiscover , EWS , IMAP , SMTP , WindowsOutlook , and WebMail .

          • (string) --

        • NotActions (list) --

          Access protocol actions to exclude from the rule. Valid values include ActiveSync , AutoDiscover , EWS , IMAP , SMTP , WindowsOutlook , and WebMail .

          • (string) --

        • UserIds (list) --

          User IDs to include in the rule.

          • (string) --

        • NotUserIds (list) --

          User IDs to exclude from the rule.

          • (string) --

        • DateCreated (datetime) --

          The date that the rule was created.

        • DateModified (datetime) --

          The date that the rule was modified.

        • ImpersonationRoleIds (list) --

          Impersonation role IDs to include in the rule.

          • (string) --

        • NotImpersonationRoleIds (list) --

          Impersonation role IDs to exclude from the rule.

          • (string) --

PutAccessControlRule (updated) Link ¶
Changes (request)
{'ImpersonationRoleIds': ['string'], 'NotImpersonationRoleIds': ['string']}

Adds a new access control rule for the specified organization. The rule allows or denies access to the organization for the specified IPv4 addresses, access protocol actions, user IDs and impersonation IDs. Adding a new rule with the same name as an existing rule replaces the older rule.

See also: AWS API Documentation

Request Syntax

client.put_access_control_rule(
    Name='string',
    Effect='ALLOW'|'DENY',
    Description='string',
    IpRanges=[
        'string',
    ],
    NotIpRanges=[
        'string',
    ],
    Actions=[
        'string',
    ],
    NotActions=[
        'string',
    ],
    UserIds=[
        'string',
    ],
    NotUserIds=[
        'string',
    ],
    OrganizationId='string',
    ImpersonationRoleIds=[
        'string',
    ],
    NotImpersonationRoleIds=[
        'string',
    ]
)
type Name

string

param Name

[REQUIRED]

The rule name.

type Effect

string

param Effect

[REQUIRED]

The rule effect.

type Description

string

param Description

[REQUIRED]

The rule description.

type IpRanges

list

param IpRanges

IPv4 CIDR ranges to include in the rule.

  • (string) --

type NotIpRanges

list

param NotIpRanges

IPv4 CIDR ranges to exclude from the rule.

  • (string) --

type Actions

list

param Actions

Access protocol actions to include in the rule. Valid values include ActiveSync , AutoDiscover , EWS , IMAP , SMTP , WindowsOutlook , and WebMail .

  • (string) --

type NotActions

list

param NotActions

Access protocol actions to exclude from the rule. Valid values include ActiveSync , AutoDiscover , EWS , IMAP , SMTP , WindowsOutlook , and WebMail .

  • (string) --

type UserIds

list

param UserIds

User IDs to include in the rule.

  • (string) --

type NotUserIds

list

param NotUserIds

User IDs to exclude from the rule.

  • (string) --

type OrganizationId

string

param OrganizationId

[REQUIRED]

The identifier of the organization.

type ImpersonationRoleIds

list

param ImpersonationRoleIds

Impersonation role IDs to include in the rule.

  • (string) --

type NotImpersonationRoleIds

list

param NotImpersonationRoleIds

Impersonation role IDs to exclude from the rule.

  • (string) --

rtype

dict

returns

Response Syntax

{}

Response Structure

  • (dict) --