amazon workmail - api reference · 2020-02-13 · amazon workmail api reference amazon's...
TRANSCRIPT
Amazon WorkMailAPI Reference
Amazon WorkMail: API ReferenceCopyright © 2020 Amazon Web Services, Inc. and/or its affiliates. All rights reserved.
Amazon WorkMail API Reference
Amazon's trademarks and trade dress may not be used in connection with any product or service that is notAmazon's, in any manner that is likely to cause confusion among customers, or in any manner that disparages ordiscredits Amazon. All other trademarks not owned by Amazon are the property of their respective owners, who mayor may not be affiliated with, connected to, or sponsored by Amazon.
Amazon WorkMail API Reference
Table of ContentsWelcome .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1
Amazon WorkMail ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1Amazon WorkMail Message Flow .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1
Actions .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2Amazon WorkMail ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3
AssociateDelegateToResource .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5AssociateMemberToGroup .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7CreateAlias ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10CreateGroup .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13CreateResource .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16CreateUser .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19DeleteAccessControlRule .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22DeleteAlias ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24DeleteGroup .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26DeleteMailboxPermissions .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 28DeleteResource .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30DeleteUser .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 32DeregisterFromWorkMail ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 34DescribeGroup .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 36DescribeOrganization .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 39DescribeResource .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 42DescribeUser .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 45DisassociateDelegateFromResource .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 48DisassociateMemberFromGroup .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 50GetAccessControlEffect .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 53GetMailboxDetails ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 56ListAccessControlRules .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 58ListAliases .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 60ListGroupMembers .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 63ListGroups .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 66ListMailboxPermissions .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 69ListOrganizations .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 72ListResourceDelegates .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 74ListResources .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 77ListTagsForResource .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 80ListUsers ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 82PutAccessControlRule .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 85PutMailboxPermissions .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 89RegisterToWorkMail ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 92ResetPassword .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 95TagResource .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 98UntagResource .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 100UpdateMailboxQuota .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 102UpdatePrimaryEmailAddress .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 104UpdateResource .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 107
Amazon WorkMail Message Flow .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 109GetRawMessageContent .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 110
Data Types .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 113Amazon WorkMail ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 113
AccessControlRule .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 114BookingOptions .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 117Delegate .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 118Group .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 119Member .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 121
iii
Amazon WorkMail API Reference
OrganizationSummary .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 123Permission .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 125Resource .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 126Tag .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 128User .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 129
Common Parameters ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 131Common Errors ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 133
iv
Amazon WorkMail API ReferenceAmazon WorkMail
Welcome
Amazon WorkMailAmazon WorkMail is a secure, managed business email and calendaring service with support for existingdesktop and mobile email clients. You can access your email, contacts, and calendars using MicrosoftOutlook, your browser, or other native iOS and Android email applications. You can integrate WorkMailwith your existing corporate directory and control both the keys that encrypt your data and the locationin which your data is stored.
The WorkMail API is designed for the following scenarios:
• Listing and describing organizations
• Managing users
• Managing groups
• Managing resources
All WorkMail API operations are Amazon-authenticated and certificate-signed. They not only require theuse of the AWS SDK, but also allow for the exclusive use of AWS Identity and Access Management usersand roles to help facilitate access, trust, and permission policies. By creating a role and allowing an IAMuser to access the WorkMail site, the IAM user gains full administrative visibility into the entire WorkMailorganization (or as set in the IAM policy). This includes, but is not limited to, the ability to create, update,and delete users, groups, and resources. This allows developers to perform the scenarios listed above, aswell as give users the ability to grant access on a selective basis using the IAM model.
Amazon WorkMail Message FlowThe WorkMail Message Flow API provides access to email messages as they are being sent and receivedby a WorkMail organization.
1
Amazon WorkMail API Reference
ActionsThe following actions are supported by Amazon WorkMail:
• AssociateDelegateToResource (p. 5)• AssociateMemberToGroup (p. 7)• CreateAlias (p. 10)• CreateGroup (p. 13)• CreateResource (p. 16)• CreateUser (p. 19)• DeleteAccessControlRule (p. 22)• DeleteAlias (p. 24)• DeleteGroup (p. 26)• DeleteMailboxPermissions (p. 28)• DeleteResource (p. 30)• DeleteUser (p. 32)• DeregisterFromWorkMail (p. 34)• DescribeGroup (p. 36)• DescribeOrganization (p. 39)• DescribeResource (p. 42)• DescribeUser (p. 45)• DisassociateDelegateFromResource (p. 48)• DisassociateMemberFromGroup (p. 50)• GetAccessControlEffect (p. 53)• GetMailboxDetails (p. 56)• ListAccessControlRules (p. 58)• ListAliases (p. 60)• ListGroupMembers (p. 63)• ListGroups (p. 66)• ListMailboxPermissions (p. 69)• ListOrganizations (p. 72)• ListResourceDelegates (p. 74)• ListResources (p. 77)• ListTagsForResource (p. 80)• ListUsers (p. 82)• PutAccessControlRule (p. 85)• PutMailboxPermissions (p. 89)• RegisterToWorkMail (p. 92)• ResetPassword (p. 95)• TagResource (p. 98)• UntagResource (p. 100)• UpdateMailboxQuota (p. 102)• UpdatePrimaryEmailAddress (p. 104)• UpdateResource (p. 107)
2
Amazon WorkMail API ReferenceAmazon WorkMail
The following actions are supported by Amazon WorkMail Message Flow:
• GetRawMessageContent (p. 110)
Amazon WorkMailThe following actions are supported by Amazon WorkMail:
• AssociateDelegateToResource (p. 5)• AssociateMemberToGroup (p. 7)• CreateAlias (p. 10)• CreateGroup (p. 13)• CreateResource (p. 16)• CreateUser (p. 19)• DeleteAccessControlRule (p. 22)• DeleteAlias (p. 24)• DeleteGroup (p. 26)• DeleteMailboxPermissions (p. 28)• DeleteResource (p. 30)• DeleteUser (p. 32)• DeregisterFromWorkMail (p. 34)• DescribeGroup (p. 36)• DescribeOrganization (p. 39)• DescribeResource (p. 42)• DescribeUser (p. 45)• DisassociateDelegateFromResource (p. 48)• DisassociateMemberFromGroup (p. 50)• GetAccessControlEffect (p. 53)• GetMailboxDetails (p. 56)• ListAccessControlRules (p. 58)• ListAliases (p. 60)• ListGroupMembers (p. 63)• ListGroups (p. 66)• ListMailboxPermissions (p. 69)• ListOrganizations (p. 72)• ListResourceDelegates (p. 74)• ListResources (p. 77)• ListTagsForResource (p. 80)• ListUsers (p. 82)• PutAccessControlRule (p. 85)• PutMailboxPermissions (p. 89)• RegisterToWorkMail (p. 92)• ResetPassword (p. 95)• TagResource (p. 98)• UntagResource (p. 100)• UpdateMailboxQuota (p. 102)
3
Amazon WorkMail API ReferenceAmazon WorkMail
• UpdatePrimaryEmailAddress (p. 104)• UpdateResource (p. 107)
4
Amazon WorkMail API ReferenceAssociateDelegateToResource
AssociateDelegateToResourceService: Amazon WorkMail
Adds a member (user or group) to the resource's set of delegates.
Request Syntax
{ "EntityId": "string", "OrganizationId": "string", "ResourceId": "string"}
Request ParametersFor information about the parameters that are common to all actions, see CommonParameters (p. 131).
The request accepts the following data in JSON format.
EntityId (p. 5)
The member (user or group) to associate to the resource.
Type: String
Length Constraints: Minimum length of 12. Maximum length of 256.
Required: YesOrganizationId (p. 5)
The organization under which the resource exists.
Type: String
Pattern: ^m-[0-9a-f]{32}$
Required: YesResourceId (p. 5)
The resource for which members (users or groups) are associated.
Type: String
Pattern: ^r-[0-9a-f]{32}$
Required: Yes
Response ElementsIf the action is successful, the service sends back an HTTP 200 response with an empty HTTP body.
ErrorsFor information about the errors that are common to all actions, see Common Errors (p. 133).
5
Amazon WorkMail API ReferenceAssociateDelegateToResource
EntityNotFoundException
The identifier supplied for the user, group, or resource does not exist in your organization.
HTTP Status Code: 400EntityStateException
You are performing an operation on a user, group, or resource that isn't in the expected state, suchas trying to delete an active user.
HTTP Status Code: 400InvalidParameterException
One or more of the input parameters don't match the service's restrictions.
HTTP Status Code: 400OrganizationNotFoundException
An operation received a valid organization identifier that either doesn't belong or exist in the system.
HTTP Status Code: 400OrganizationStateException
The organization must have a valid state (Active or Synchronizing) to perform certain operations onthe organization or its members.
HTTP Status Code: 400
See AlsoFor more information about using this API in one of the language-specific AWS SDKs, see the following:
• AWS Command Line Interface• AWS SDK for .NET• AWS SDK for C++• AWS SDK for Go• AWS SDK for Java• AWS SDK for JavaScript• AWS SDK for PHP V3• AWS SDK for Python• AWS SDK for Ruby V3
6
Amazon WorkMail API ReferenceAssociateMemberToGroup
AssociateMemberToGroupService: Amazon WorkMail
Adds a member (user or group) to the group's set.
Request Syntax
{ "GroupId": "string", "MemberId": "string", "OrganizationId": "string"}
Request ParametersFor information about the parameters that are common to all actions, see CommonParameters (p. 131).
The request accepts the following data in JSON format.
GroupId (p. 7)
The group to which the member (user or group) is associated.
Type: String
Length Constraints: Minimum length of 12. Maximum length of 256.
Required: YesMemberId (p. 7)
The member (user or group) to associate to the group.
Type: String
Length Constraints: Minimum length of 12. Maximum length of 256.
Required: YesOrganizationId (p. 7)
The organization under which the group exists.
Type: String
Pattern: ^m-[0-9a-f]{32}$
Required: Yes
Response ElementsIf the action is successful, the service sends back an HTTP 200 response with an empty HTTP body.
ErrorsFor information about the errors that are common to all actions, see Common Errors (p. 133).
7
Amazon WorkMail API ReferenceAssociateMemberToGroup
DirectoryServiceAuthenticationFailedException
The directory service doesn't recognize the credentials supplied by WorkMail.
HTTP Status Code: 400DirectoryUnavailableException
The directory on which you are trying to perform operations isn't available.
HTTP Status Code: 400EntityNotFoundException
The identifier supplied for the user, group, or resource does not exist in your organization.
HTTP Status Code: 400EntityStateException
You are performing an operation on a user, group, or resource that isn't in the expected state, suchas trying to delete an active user.
HTTP Status Code: 400InvalidParameterException
One or more of the input parameters don't match the service's restrictions.
HTTP Status Code: 400OrganizationNotFoundException
An operation received a valid organization identifier that either doesn't belong or exist in the system.
HTTP Status Code: 400OrganizationStateException
The organization must have a valid state (Active or Synchronizing) to perform certain operations onthe organization or its members.
HTTP Status Code: 400UnsupportedOperationException
You can't perform a write operation against a read-only directory.
HTTP Status Code: 400
See AlsoFor more information about using this API in one of the language-specific AWS SDKs, see the following:
• AWS Command Line Interface• AWS SDK for .NET• AWS SDK for C++• AWS SDK for Go• AWS SDK for Java• AWS SDK for JavaScript• AWS SDK for PHP V3• AWS SDK for Python
8
Amazon WorkMail API ReferenceAssociateMemberToGroup
• AWS SDK for Ruby V3
9
Amazon WorkMail API ReferenceCreateAlias
CreateAliasService: Amazon WorkMail
Adds an alias to the set of a given member (user or group) of Amazon WorkMail.
Request Syntax
{ "Alias": "string", "EntityId": "string", "OrganizationId": "string"}
Request ParametersFor information about the parameters that are common to all actions, see CommonParameters (p. 131).
The request accepts the following data in JSON format.
Alias (p. 10)
The alias to add to the member set.
Type: String
Length Constraints: Minimum length of 1. Maximum length of 254.
Pattern: [a-zA-Z0-9._%+-]{1,64}@[a-zA-Z0-9.-]+\.[a-zA-Z]{2,}
Required: YesEntityId (p. 10)
The member (user or group) to which this alias is added.
Type: String
Length Constraints: Minimum length of 12. Maximum length of 256.
Required: YesOrganizationId (p. 10)
The organization under which the member (user or group) exists.
Type: String
Pattern: ^m-[0-9a-f]{32}$
Required: Yes
Response ElementsIf the action is successful, the service sends back an HTTP 200 response with an empty HTTP body.
ErrorsFor information about the errors that are common to all actions, see Common Errors (p. 133).
10
Amazon WorkMail API ReferenceCreateAlias
EmailAddressInUseException
The email address that you're trying to assign is already created for a different user, group, orresource.
HTTP Status Code: 400EntityNotFoundException
The identifier supplied for the user, group, or resource does not exist in your organization.
HTTP Status Code: 400EntityStateException
You are performing an operation on a user, group, or resource that isn't in the expected state, suchas trying to delete an active user.
HTTP Status Code: 400InvalidParameterException
One or more of the input parameters don't match the service's restrictions.
HTTP Status Code: 400LimitExceededException
The request exceeds the limit of the resource.
HTTP Status Code: 400MailDomainNotFoundException
For an email or alias to be created in Amazon WorkMail, the included domain must be defined in theorganization.
HTTP Status Code: 400MailDomainStateException
After a domain has been added to the organization, it must be verified. The domain is not yetverified.
HTTP Status Code: 400OrganizationNotFoundException
An operation received a valid organization identifier that either doesn't belong or exist in the system.
HTTP Status Code: 400OrganizationStateException
The organization must have a valid state (Active or Synchronizing) to perform certain operations onthe organization or its members.
HTTP Status Code: 400
See AlsoFor more information about using this API in one of the language-specific AWS SDKs, see the following:
• AWS Command Line Interface• AWS SDK for .NET
11
Amazon WorkMail API ReferenceCreateAlias
• AWS SDK for C++• AWS SDK for Go• AWS SDK for Java• AWS SDK for JavaScript• AWS SDK for PHP V3• AWS SDK for Python• AWS SDK for Ruby V3
12
Amazon WorkMail API ReferenceCreateGroup
CreateGroupService: Amazon WorkMail
Creates a group that can be used in Amazon WorkMail by calling the RegisterToWorkMail (p. 92)operation.
Request Syntax
{ "Name": "string", "OrganizationId": "string"}
Request ParametersFor information about the parameters that are common to all actions, see CommonParameters (p. 131).
The request accepts the following data in JSON format.
Name (p. 13)
The name of the group.
Type: String
Length Constraints: Minimum length of 1. Maximum length of 256.
Pattern: [\u0020-\u00FF]+
Required: YesOrganizationId (p. 13)
The organization under which the group is to be created.
Type: String
Pattern: ^m-[0-9a-f]{32}$
Required: Yes
Response Syntax
{ "GroupId": "string"}
Response ElementsIf the action is successful, the service sends back an HTTP 200 response.
The following data is returned in JSON format by the service.
GroupId (p. 13)
The identifier of the group.
13
Amazon WorkMail API ReferenceCreateGroup
Type: String
Length Constraints: Minimum length of 12. Maximum length of 256.
ErrorsFor information about the errors that are common to all actions, see Common Errors (p. 133).
DirectoryServiceAuthenticationFailedException
The directory service doesn't recognize the credentials supplied by WorkMail.
HTTP Status Code: 400DirectoryUnavailableException
The directory on which you are trying to perform operations isn't available.
HTTP Status Code: 400InvalidParameterException
One or more of the input parameters don't match the service's restrictions.
HTTP Status Code: 400NameAvailabilityException
The user, group, or resource name isn't unique in Amazon WorkMail.
HTTP Status Code: 400OrganizationNotFoundException
An operation received a valid organization identifier that either doesn't belong or exist in the system.
HTTP Status Code: 400OrganizationStateException
The organization must have a valid state (Active or Synchronizing) to perform certain operations onthe organization or its members.
HTTP Status Code: 400ReservedNameException
This user, group, or resource name is not allowed in Amazon WorkMail.
HTTP Status Code: 400UnsupportedOperationException
You can't perform a write operation against a read-only directory.
HTTP Status Code: 400
See AlsoFor more information about using this API in one of the language-specific AWS SDKs, see the following:
• AWS Command Line Interface• AWS SDK for .NET
14
Amazon WorkMail API ReferenceCreateGroup
• AWS SDK for C++• AWS SDK for Go• AWS SDK for Java• AWS SDK for JavaScript• AWS SDK for PHP V3• AWS SDK for Python• AWS SDK for Ruby V3
15
Amazon WorkMail API ReferenceCreateResource
CreateResourceService: Amazon WorkMail
Creates a new Amazon WorkMail resource.
Request Syntax
{ "Name": "string", "OrganizationId": "string", "Type": "string"}
Request ParametersFor information about the parameters that are common to all actions, see CommonParameters (p. 131).
The request accepts the following data in JSON format.
Name (p. 16)
The name of the new resource.
Type: String
Length Constraints: Minimum length of 1. Maximum length of 20.
Pattern: [\w\-.]+(@[a-zA-Z0-9.\-]+\.[a-zA-Z0-9]{2,})?
Required: YesOrganizationId (p. 16)
The identifier associated with the organization for which the resource is created.
Type: String
Pattern: ^m-[0-9a-f]{32}$
Required: YesType (p. 16)
The type of the new resource. The available types are equipment and room.
Type: String
Valid Values: ROOM | EQUIPMENT
Required: Yes
Response Syntax
{ "ResourceId": "string"}
16
Amazon WorkMail API ReferenceCreateResource
Response ElementsIf the action is successful, the service sends back an HTTP 200 response.
The following data is returned in JSON format by the service.
ResourceId (p. 16)
The identifier of the new resource.
Type: String
Pattern: ^r-[0-9a-f]{32}$
ErrorsFor information about the errors that are common to all actions, see Common Errors (p. 133).
DirectoryServiceAuthenticationFailedException
The directory service doesn't recognize the credentials supplied by WorkMail.
HTTP Status Code: 400DirectoryUnavailableException
The directory on which you are trying to perform operations isn't available.
HTTP Status Code: 400InvalidParameterException
One or more of the input parameters don't match the service's restrictions.
HTTP Status Code: 400NameAvailabilityException
The user, group, or resource name isn't unique in Amazon WorkMail.
HTTP Status Code: 400OrganizationNotFoundException
An operation received a valid organization identifier that either doesn't belong or exist in the system.
HTTP Status Code: 400OrganizationStateException
The organization must have a valid state (Active or Synchronizing) to perform certain operations onthe organization or its members.
HTTP Status Code: 400ReservedNameException
This user, group, or resource name is not allowed in Amazon WorkMail.
HTTP Status Code: 400
See AlsoFor more information about using this API in one of the language-specific AWS SDKs, see the following:
17
Amazon WorkMail API ReferenceCreateResource
• AWS Command Line Interface• AWS SDK for .NET• AWS SDK for C++• AWS SDK for Go• AWS SDK for Java• AWS SDK for JavaScript• AWS SDK for PHP V3• AWS SDK for Python• AWS SDK for Ruby V3
18
Amazon WorkMail API ReferenceCreateUser
CreateUserService: Amazon WorkMail
Creates a user who can be used in Amazon WorkMail by calling the RegisterToWorkMail (p. 92)operation.
Request Syntax
{ "DisplayName": "string", "Name": "string", "OrganizationId": "string", "Password": "string"}
Request ParametersFor information about the parameters that are common to all actions, see CommonParameters (p. 131).
The request accepts the following data in JSON format.
DisplayName (p. 19)
The display name for the new user.
Type: String
Length Constraints: Maximum length of 256.
Required: YesName (p. 19)
The name for the new user. Simple AD or AD Connector user names have a maximum length of 20.All others have a maximum length of 64.
Type: String
Length Constraints: Minimum length of 1. Maximum length of 64.
Pattern: [\w\-.]+(@[a-zA-Z0-9.\-]+\.[a-zA-Z0-9]{2,})?
Required: YesOrganizationId (p. 19)
The identifier of the organization for which the user is created.
Type: String
Pattern: ^m-[0-9a-f]{32}$
Required: YesPassword (p. 19)
The password for the new user.
Type: String
19
Amazon WorkMail API ReferenceCreateUser
Length Constraints: Maximum length of 256.
Pattern: [\u0020-\u00FF]+
Required: Yes
Response Syntax
{ "UserId": "string"}
Response ElementsIf the action is successful, the service sends back an HTTP 200 response.
The following data is returned in JSON format by the service.
UserId (p. 20)
The identifier for the new user.
Type: String
Length Constraints: Minimum length of 12. Maximum length of 256.
ErrorsFor information about the errors that are common to all actions, see Common Errors (p. 133).
DirectoryServiceAuthenticationFailedException
The directory service doesn't recognize the credentials supplied by WorkMail.
HTTP Status Code: 400DirectoryUnavailableException
The directory on which you are trying to perform operations isn't available.
HTTP Status Code: 400InvalidParameterException
One or more of the input parameters don't match the service's restrictions.
HTTP Status Code: 400InvalidPasswordException
The supplied password doesn't match the minimum security constraints, such as length or use ofspecial characters.
HTTP Status Code: 400NameAvailabilityException
The user, group, or resource name isn't unique in Amazon WorkMail.
HTTP Status Code: 400
20
Amazon WorkMail API ReferenceCreateUser
OrganizationNotFoundException
An operation received a valid organization identifier that either doesn't belong or exist in the system.
HTTP Status Code: 400OrganizationStateException
The organization must have a valid state (Active or Synchronizing) to perform certain operations onthe organization or its members.
HTTP Status Code: 400ReservedNameException
This user, group, or resource name is not allowed in Amazon WorkMail.
HTTP Status Code: 400UnsupportedOperationException
You can't perform a write operation against a read-only directory.
HTTP Status Code: 400
See AlsoFor more information about using this API in one of the language-specific AWS SDKs, see the following:
• AWS Command Line Interface• AWS SDK for .NET• AWS SDK for C++• AWS SDK for Go• AWS SDK for Java• AWS SDK for JavaScript• AWS SDK for PHP V3• AWS SDK for Python• AWS SDK for Ruby V3
21
Amazon WorkMail API ReferenceDeleteAccessControlRule
DeleteAccessControlRuleService: Amazon WorkMail
Deletes an access control rule for the specified WorkMail organization.
Request Syntax
{ "Name": "string", "OrganizationId": "string"}
Request ParametersFor information about the parameters that are common to all actions, see CommonParameters (p. 131).
The request accepts the following data in JSON format.
Name (p. 22)
The name of the access control rule.
Type: String
Length Constraints: Minimum length of 1. Maximum length of 64.
Pattern: [a-zA-Z0-9_-]+
Required: YesOrganizationId (p. 22)
The identifier for the organization.
Type: String
Pattern: ^m-[0-9a-f]{32}$
Required: No
Response ElementsIf the action is successful, the service sends back an HTTP 200 response with an empty HTTP body.
ErrorsFor information about the errors that are common to all actions, see Common Errors (p. 133).
OrganizationNotFoundException
An operation received a valid organization identifier that either doesn't belong or exist in the system.
HTTP Status Code: 400OrganizationStateException
The organization must have a valid state (Active or Synchronizing) to perform certain operations onthe organization or its members.
22
Amazon WorkMail API ReferenceDeleteAccessControlRule
HTTP Status Code: 400
See AlsoFor more information about using this API in one of the language-specific AWS SDKs, see the following:
• AWS Command Line Interface• AWS SDK for .NET• AWS SDK for C++• AWS SDK for Go• AWS SDK for Java• AWS SDK for JavaScript• AWS SDK for PHP V3• AWS SDK for Python• AWS SDK for Ruby V3
23
Amazon WorkMail API ReferenceDeleteAlias
DeleteAliasService: Amazon WorkMail
Remove one or more specified aliases from a set of aliases for a given user.
Request Syntax
{ "Alias": "string", "EntityId": "string", "OrganizationId": "string"}
Request ParametersFor information about the parameters that are common to all actions, see CommonParameters (p. 131).
The request accepts the following data in JSON format.
Alias (p. 24)
The aliases to be removed from the user's set of aliases. Duplicate entries in the list are collapsedinto single entries (the list is transformed into a set).
Type: String
Length Constraints: Minimum length of 1. Maximum length of 254.
Pattern: [a-zA-Z0-9._%+-]{1,64}@[a-zA-Z0-9.-]+\.[a-zA-Z]{2,}
Required: YesEntityId (p. 24)
The identifier for the member (user or group) from which to have the aliases removed.
Type: String
Length Constraints: Minimum length of 12. Maximum length of 256.
Required: YesOrganizationId (p. 24)
The identifier for the organization under which the user exists.
Type: String
Pattern: ^m-[0-9a-f]{32}$
Required: Yes
Response ElementsIf the action is successful, the service sends back an HTTP 200 response with an empty HTTP body.
ErrorsFor information about the errors that are common to all actions, see Common Errors (p. 133).
24
Amazon WorkMail API ReferenceDeleteAlias
EntityNotFoundException
The identifier supplied for the user, group, or resource does not exist in your organization.
HTTP Status Code: 400EntityStateException
You are performing an operation on a user, group, or resource that isn't in the expected state, suchas trying to delete an active user.
HTTP Status Code: 400InvalidParameterException
One or more of the input parameters don't match the service's restrictions.
HTTP Status Code: 400OrganizationNotFoundException
An operation received a valid organization identifier that either doesn't belong or exist in the system.
HTTP Status Code: 400OrganizationStateException
The organization must have a valid state (Active or Synchronizing) to perform certain operations onthe organization or its members.
HTTP Status Code: 400
See AlsoFor more information about using this API in one of the language-specific AWS SDKs, see the following:
• AWS Command Line Interface• AWS SDK for .NET• AWS SDK for C++• AWS SDK for Go• AWS SDK for Java• AWS SDK for JavaScript• AWS SDK for PHP V3• AWS SDK for Python• AWS SDK for Ruby V3
25
Amazon WorkMail API ReferenceDeleteGroup
DeleteGroupService: Amazon WorkMail
Deletes a group from Amazon WorkMail.
Request Syntax
{ "GroupId": "string", "OrganizationId": "string"}
Request ParametersFor information about the parameters that are common to all actions, see CommonParameters (p. 131).
The request accepts the following data in JSON format.
GroupId (p. 26)
The identifier of the group to be deleted.
Type: String
Length Constraints: Minimum length of 12. Maximum length of 256.
Required: YesOrganizationId (p. 26)
The organization that contains the group.
Type: String
Pattern: ^m-[0-9a-f]{32}$
Required: Yes
Response ElementsIf the action is successful, the service sends back an HTTP 200 response with an empty HTTP body.
ErrorsFor information about the errors that are common to all actions, see Common Errors (p. 133).
DirectoryServiceAuthenticationFailedException
The directory service doesn't recognize the credentials supplied by WorkMail.
HTTP Status Code: 400DirectoryUnavailableException
The directory on which you are trying to perform operations isn't available.
HTTP Status Code: 400
26
Amazon WorkMail API ReferenceDeleteGroup
EntityStateException
You are performing an operation on a user, group, or resource that isn't in the expected state, suchas trying to delete an active user.
HTTP Status Code: 400InvalidParameterException
One or more of the input parameters don't match the service's restrictions.
HTTP Status Code: 400OrganizationNotFoundException
An operation received a valid organization identifier that either doesn't belong or exist in the system.
HTTP Status Code: 400OrganizationStateException
The organization must have a valid state (Active or Synchronizing) to perform certain operations onthe organization or its members.
HTTP Status Code: 400UnsupportedOperationException
You can't perform a write operation against a read-only directory.
HTTP Status Code: 400
See AlsoFor more information about using this API in one of the language-specific AWS SDKs, see the following:
• AWS Command Line Interface• AWS SDK for .NET• AWS SDK for C++• AWS SDK for Go• AWS SDK for Java• AWS SDK for JavaScript• AWS SDK for PHP V3• AWS SDK for Python• AWS SDK for Ruby V3
27
Amazon WorkMail API ReferenceDeleteMailboxPermissions
DeleteMailboxPermissionsService: Amazon WorkMail
Deletes permissions granted to a member (user or group).
Request Syntax
{ "EntityId": "string", "GranteeId": "string", "OrganizationId": "string"}
Request ParametersFor information about the parameters that are common to all actions, see CommonParameters (p. 131).
The request accepts the following data in JSON format.
EntityId (p. 28)
The identifier of the member (user or group)that owns the mailbox.
Type: String
Length Constraints: Minimum length of 12. Maximum length of 256.
Required: YesGranteeId (p. 28)
The identifier of the member (user or group) for which to delete granted permissions.
Type: String
Length Constraints: Minimum length of 12. Maximum length of 256.
Required: YesOrganizationId (p. 28)
The identifier of the organization under which the member (user or group) exists.
Type: String
Pattern: ^m-[0-9a-f]{32}$
Required: Yes
Response ElementsIf the action is successful, the service sends back an HTTP 200 response with an empty HTTP body.
ErrorsFor information about the errors that are common to all actions, see Common Errors (p. 133).
28
Amazon WorkMail API ReferenceDeleteMailboxPermissions
EntityNotFoundException
The identifier supplied for the user, group, or resource does not exist in your organization.
HTTP Status Code: 400EntityStateException
You are performing an operation on a user, group, or resource that isn't in the expected state, suchas trying to delete an active user.
HTTP Status Code: 400InvalidParameterException
One or more of the input parameters don't match the service's restrictions.
HTTP Status Code: 400OrganizationNotFoundException
An operation received a valid organization identifier that either doesn't belong or exist in the system.
HTTP Status Code: 400OrganizationStateException
The organization must have a valid state (Active or Synchronizing) to perform certain operations onthe organization or its members.
HTTP Status Code: 400
See AlsoFor more information about using this API in one of the language-specific AWS SDKs, see the following:
• AWS Command Line Interface• AWS SDK for .NET• AWS SDK for C++• AWS SDK for Go• AWS SDK for Java• AWS SDK for JavaScript• AWS SDK for PHP V3• AWS SDK for Python• AWS SDK for Ruby V3
29
Amazon WorkMail API ReferenceDeleteResource
DeleteResourceService: Amazon WorkMail
Deletes the specified resource.
Request Syntax
{ "OrganizationId": "string", "ResourceId": "string"}
Request ParametersFor information about the parameters that are common to all actions, see CommonParameters (p. 131).
The request accepts the following data in JSON format.
OrganizationId (p. 30)
The identifier associated with the organization from which the resource is deleted.
Type: String
Pattern: ^m-[0-9a-f]{32}$
Required: YesResourceId (p. 30)
The identifier of the resource to be deleted.
Type: String
Pattern: ^r-[0-9a-f]{32}$
Required: Yes
Response ElementsIf the action is successful, the service sends back an HTTP 200 response with an empty HTTP body.
ErrorsFor information about the errors that are common to all actions, see Common Errors (p. 133).
EntityStateException
You are performing an operation on a user, group, or resource that isn't in the expected state, suchas trying to delete an active user.
HTTP Status Code: 400InvalidParameterException
One or more of the input parameters don't match the service's restrictions.
30
Amazon WorkMail API ReferenceDeleteResource
HTTP Status Code: 400OrganizationNotFoundException
An operation received a valid organization identifier that either doesn't belong or exist in the system.
HTTP Status Code: 400OrganizationStateException
The organization must have a valid state (Active or Synchronizing) to perform certain operations onthe organization or its members.
HTTP Status Code: 400
See AlsoFor more information about using this API in one of the language-specific AWS SDKs, see the following:
• AWS Command Line Interface• AWS SDK for .NET• AWS SDK for C++• AWS SDK for Go• AWS SDK for Java• AWS SDK for JavaScript• AWS SDK for PHP V3• AWS SDK for Python• AWS SDK for Ruby V3
31
Amazon WorkMail API ReferenceDeleteUser
DeleteUserService: Amazon WorkMail
Deletes a user from Amazon WorkMail and all subsequent systems. Before you can delete a user, the userstate must be DISABLED. Use the DescribeUser (p. 45) action to confirm the user state.
Deleting a user is permanent and cannot be undone. WorkMail archives user mailboxes for 30 daysbefore they are permanently removed.
Request Syntax
{ "OrganizationId": "string", "UserId": "string"}
Request ParametersFor information about the parameters that are common to all actions, see CommonParameters (p. 131).
The request accepts the following data in JSON format.
OrganizationId (p. 32)
The organization that contains the user to be deleted.
Type: String
Pattern: ^m-[0-9a-f]{32}$
Required: YesUserId (p. 32)
The identifier of the user to be deleted.
Type: String
Length Constraints: Minimum length of 12. Maximum length of 256.
Required: Yes
Response ElementsIf the action is successful, the service sends back an HTTP 200 response with an empty HTTP body.
ErrorsFor information about the errors that are common to all actions, see Common Errors (p. 133).
DirectoryServiceAuthenticationFailedException
The directory service doesn't recognize the credentials supplied by WorkMail.
HTTP Status Code: 400
32
Amazon WorkMail API ReferenceDeleteUser
DirectoryUnavailableException
The directory on which you are trying to perform operations isn't available.
HTTP Status Code: 400EntityStateException
You are performing an operation on a user, group, or resource that isn't in the expected state, suchas trying to delete an active user.
HTTP Status Code: 400InvalidParameterException
One or more of the input parameters don't match the service's restrictions.
HTTP Status Code: 400OrganizationNotFoundException
An operation received a valid organization identifier that either doesn't belong or exist in the system.
HTTP Status Code: 400OrganizationStateException
The organization must have a valid state (Active or Synchronizing) to perform certain operations onthe organization or its members.
HTTP Status Code: 400UnsupportedOperationException
You can't perform a write operation against a read-only directory.
HTTP Status Code: 400
See AlsoFor more information about using this API in one of the language-specific AWS SDKs, see the following:
• AWS Command Line Interface• AWS SDK for .NET• AWS SDK for C++• AWS SDK for Go• AWS SDK for Java• AWS SDK for JavaScript• AWS SDK for PHP V3• AWS SDK for Python• AWS SDK for Ruby V3
33
Amazon WorkMail API ReferenceDeregisterFromWorkMail
DeregisterFromWorkMailService: Amazon WorkMail
Mark a user, group, or resource as no longer used in Amazon WorkMail. This action disassociatesthe mailbox and schedules it for clean-up. WorkMail keeps mailboxes for 30 days before they arepermanently removed. The functionality in the console is Disable.
Request Syntax
{ "EntityId": "string", "OrganizationId": "string"}
Request ParametersFor information about the parameters that are common to all actions, see CommonParameters (p. 131).
The request accepts the following data in JSON format.
EntityId (p. 34)
The identifier for the member (user or group) to be updated.
Type: String
Length Constraints: Minimum length of 12. Maximum length of 256.
Required: YesOrganizationId (p. 34)
The identifier for the organization under which the Amazon WorkMail entity exists.
Type: String
Pattern: ^m-[0-9a-f]{32}$
Required: Yes
Response ElementsIf the action is successful, the service sends back an HTTP 200 response with an empty HTTP body.
ErrorsFor information about the errors that are common to all actions, see Common Errors (p. 133).
EntityNotFoundException
The identifier supplied for the user, group, or resource does not exist in your organization.
HTTP Status Code: 400EntityStateException
You are performing an operation on a user, group, or resource that isn't in the expected state, suchas trying to delete an active user.
34
Amazon WorkMail API ReferenceDeregisterFromWorkMail
HTTP Status Code: 400InvalidParameterException
One or more of the input parameters don't match the service's restrictions.
HTTP Status Code: 400OrganizationNotFoundException
An operation received a valid organization identifier that either doesn't belong or exist in the system.
HTTP Status Code: 400OrganizationStateException
The organization must have a valid state (Active or Synchronizing) to perform certain operations onthe organization or its members.
HTTP Status Code: 400
See AlsoFor more information about using this API in one of the language-specific AWS SDKs, see the following:
• AWS Command Line Interface• AWS SDK for .NET• AWS SDK for C++• AWS SDK for Go• AWS SDK for Java• AWS SDK for JavaScript• AWS SDK for PHP V3• AWS SDK for Python• AWS SDK for Ruby V3
35
Amazon WorkMail API ReferenceDescribeGroup
DescribeGroupService: Amazon WorkMail
Returns the data available for the group.
Request Syntax
{ "GroupId": "string", "OrganizationId": "string"}
Request ParametersFor information about the parameters that are common to all actions, see CommonParameters (p. 131).
The request accepts the following data in JSON format.
GroupId (p. 36)
The identifier for the group to be described.
Type: String
Length Constraints: Minimum length of 12. Maximum length of 256.
Required: Yes
OrganizationId (p. 36)
The identifier for the organization under which the group exists.
Type: String
Pattern: ^m-[0-9a-f]{32}$
Required: Yes
Response Syntax
{ "DisabledDate": number, "Email": "string", "EnabledDate": number, "GroupId": "string", "Name": "string", "State": "string"}
Response ElementsIf the action is successful, the service sends back an HTTP 200 response.
The following data is returned in JSON format by the service.
36
Amazon WorkMail API ReferenceDescribeGroup
DisabledDate (p. 36)
The date and time when a user was deregistered from WorkMail, in UNIX epoch time format.
Type: TimestampEmail (p. 36)
The email of the described group.
Type: String
Length Constraints: Minimum length of 1. Maximum length of 254.
Pattern: [a-zA-Z0-9._%+-]{1,64}@[a-zA-Z0-9.-]+\.[a-zA-Z]{2,}EnabledDate (p. 36)
The date and time when a user was registered to WorkMail, in UNIX epoch time format.
Type: TimestampGroupId (p. 36)
The identifier of the described group.
Type: String
Length Constraints: Minimum length of 12. Maximum length of 256.Name (p. 36)
The name of the described group.
Type: String
Length Constraints: Minimum length of 1. Maximum length of 256.
Pattern: [\u0020-\u00FF]+State (p. 36)
The state of the user: enabled (registered to Amazon WorkMail) or disabled (deregistered or neverregistered to WorkMail).
Type: String
Valid Values: ENABLED | DISABLED | DELETED
ErrorsFor information about the errors that are common to all actions, see Common Errors (p. 133).
EntityNotFoundException
The identifier supplied for the user, group, or resource does not exist in your organization.
HTTP Status Code: 400InvalidParameterException
One or more of the input parameters don't match the service's restrictions.
HTTP Status Code: 400
37
Amazon WorkMail API ReferenceDescribeGroup
OrganizationNotFoundException
An operation received a valid organization identifier that either doesn't belong or exist in the system.
HTTP Status Code: 400OrganizationStateException
The organization must have a valid state (Active or Synchronizing) to perform certain operations onthe organization or its members.
HTTP Status Code: 400
See AlsoFor more information about using this API in one of the language-specific AWS SDKs, see the following:
• AWS Command Line Interface• AWS SDK for .NET• AWS SDK for C++• AWS SDK for Go• AWS SDK for Java• AWS SDK for JavaScript• AWS SDK for PHP V3• AWS SDK for Python• AWS SDK for Ruby V3
38
Amazon WorkMail API ReferenceDescribeOrganization
DescribeOrganizationService: Amazon WorkMail
Provides more information regarding a given organization based on its identifier.
Request Syntax
{ "OrganizationId": "string"}
Request ParametersFor information about the parameters that are common to all actions, see CommonParameters (p. 131).
The request accepts the following data in JSON format.
OrganizationId (p. 39)
The identifier for the organization to be described.
Type: String
Pattern: ^m-[0-9a-f]{32}$
Required: Yes
Response Syntax
{ "Alias": "string", "ARN": "string", "CompletedDate": number, "DefaultMailDomain": "string", "DirectoryId": "string", "DirectoryType": "string", "ErrorMessage": "string", "OrganizationId": "string", "State": "string"}
Response ElementsIf the action is successful, the service sends back an HTTP 200 response.
The following data is returned in JSON format by the service.
Alias (p. 39)
The alias for an organization.
Type: String
Length Constraints: Minimum length of 1. Maximum length of 62.
Pattern: ^(?!d-)([\da-zA-Z]+)([-]*[\da-zA-Z])*
39
Amazon WorkMail API ReferenceDescribeOrganization
ARN (p. 39)
The Amazon Resource Name (ARN) of the organization.
Type: String
Length Constraints: Minimum length of 1. Maximum length of 1011.CompletedDate (p. 39)
The date at which the organization became usable in the WorkMail context, in UNIX epoch timeformat.
Type: TimestampDefaultMailDomain (p. 39)
The default mail domain associated with the organization.
Type: String
Length Constraints: Maximum length of 256.DirectoryId (p. 39)
The identifier for the directory associated with an Amazon WorkMail organization.
Type: String
Length Constraints: Maximum length of 256.DirectoryType (p. 39)
The type of directory associated with the WorkMail organization.
Type: String
Length Constraints: Maximum length of 256.ErrorMessage (p. 39)
(Optional) The error message indicating if unexpected behavior was encountered with regards to theorganization.
Type: String
Length Constraints: Maximum length of 256.OrganizationId (p. 39)
The identifier of an organization.
Type: String
Pattern: ^m-[0-9a-f]{32}$State (p. 39)
The state of an organization.
Type: String
Length Constraints: Maximum length of 256.
ErrorsFor information about the errors that are common to all actions, see Common Errors (p. 133).
40
Amazon WorkMail API ReferenceDescribeOrganization
InvalidParameterException
One or more of the input parameters don't match the service's restrictions.
HTTP Status Code: 400OrganizationNotFoundException
An operation received a valid organization identifier that either doesn't belong or exist in the system.
HTTP Status Code: 400
See AlsoFor more information about using this API in one of the language-specific AWS SDKs, see the following:
• AWS Command Line Interface• AWS SDK for .NET• AWS SDK for C++• AWS SDK for Go• AWS SDK for Java• AWS SDK for JavaScript• AWS SDK for PHP V3• AWS SDK for Python• AWS SDK for Ruby V3
41
Amazon WorkMail API ReferenceDescribeResource
DescribeResourceService: Amazon WorkMail
Returns the data available for the resource.
Request Syntax
{ "OrganizationId": "string", "ResourceId": "string"}
Request ParametersFor information about the parameters that are common to all actions, see CommonParameters (p. 131).
The request accepts the following data in JSON format.
OrganizationId (p. 42)
The identifier associated with the organization for which the resource is described.
Type: String
Pattern: ^m-[0-9a-f]{32}$
Required: YesResourceId (p. 42)
The identifier of the resource to be described.
Type: String
Pattern: ^r-[0-9a-f]{32}$
Required: Yes
Response Syntax
{ "BookingOptions": { "AutoAcceptRequests": boolean, "AutoDeclineConflictingRequests": boolean, "AutoDeclineRecurringRequests": boolean }, "DisabledDate": number, "Email": "string", "EnabledDate": number, "Name": "string", "ResourceId": "string", "State": "string", "Type": "string"}
Response ElementsIf the action is successful, the service sends back an HTTP 200 response.
42
Amazon WorkMail API ReferenceDescribeResource
The following data is returned in JSON format by the service.
BookingOptions (p. 42)
The booking options for the described resource.
Type: BookingOptions (p. 117) object
DisabledDate (p. 42)
The date and time when a resource was disabled from WorkMail, in UNIX epoch time format.
Type: Timestamp
Email (p. 42)
The email of the described resource.
Type: String
Length Constraints: Minimum length of 1. Maximum length of 254.
Pattern: [a-zA-Z0-9._%+-]{1,64}@[a-zA-Z0-9.-]+\.[a-zA-Z]{2,}
EnabledDate (p. 42)
The date and time when a resource was enabled for WorkMail, in UNIX epoch time format.
Type: Timestamp
Name (p. 42)
The name of the described resource.
Type: String
Length Constraints: Minimum length of 1. Maximum length of 20.
Pattern: [\w\-.]+(@[a-zA-Z0-9.\-]+\.[a-zA-Z0-9]{2,})?
ResourceId (p. 42)
The identifier of the described resource.
Type: String
Pattern: ^r-[0-9a-f]{32}$
State (p. 42)
The state of the resource: enabled (registered to Amazon WorkMail), disabled (deregistered or neverregistered to WorkMail), or deleted.
Type: String
Valid Values: ENABLED | DISABLED | DELETED
Type (p. 42)
The type of the described resource.
Type: String
Valid Values: ROOM | EQUIPMENT
43
Amazon WorkMail API ReferenceDescribeResource
ErrorsFor information about the errors that are common to all actions, see Common Errors (p. 133).
EntityNotFoundException
The identifier supplied for the user, group, or resource does not exist in your organization.
HTTP Status Code: 400InvalidParameterException
One or more of the input parameters don't match the service's restrictions.
HTTP Status Code: 400OrganizationNotFoundException
An operation received a valid organization identifier that either doesn't belong or exist in the system.
HTTP Status Code: 400OrganizationStateException
The organization must have a valid state (Active or Synchronizing) to perform certain operations onthe organization or its members.
HTTP Status Code: 400
See AlsoFor more information about using this API in one of the language-specific AWS SDKs, see the following:
• AWS Command Line Interface• AWS SDK for .NET• AWS SDK for C++• AWS SDK for Go• AWS SDK for Java• AWS SDK for JavaScript• AWS SDK for PHP V3• AWS SDK for Python• AWS SDK for Ruby V3
44
Amazon WorkMail API ReferenceDescribeUser
DescribeUserService: Amazon WorkMail
Provides information regarding the user.
Request Syntax
{ "OrganizationId": "string", "UserId": "string"}
Request ParametersFor information about the parameters that are common to all actions, see CommonParameters (p. 131).
The request accepts the following data in JSON format.
OrganizationId (p. 45)
The identifier for the organization under which the user exists.
Type: String
Pattern: ^m-[0-9a-f]{32}$
Required: YesUserId (p. 45)
The identifier for the user to be described.
Type: String
Length Constraints: Minimum length of 12. Maximum length of 256.
Required: Yes
Response Syntax
{ "DisabledDate": number, "DisplayName": "string", "Email": "string", "EnabledDate": number, "Name": "string", "State": "string", "UserId": "string", "UserRole": "string"}
Response ElementsIf the action is successful, the service sends back an HTTP 200 response.
The following data is returned in JSON format by the service.
45
Amazon WorkMail API ReferenceDescribeUser
DisabledDate (p. 45)
The date and time at which the user was disabled for Amazon WorkMail usage, in UNIX epoch timeformat.
Type: TimestampDisplayName (p. 45)
The display name of the user.
Type: String
Length Constraints: Maximum length of 256.Email (p. 45)
The email of the user.
Type: String
Length Constraints: Minimum length of 1. Maximum length of 254.
Pattern: [a-zA-Z0-9._%+-]{1,64}@[a-zA-Z0-9.-]+\.[a-zA-Z]{2,}EnabledDate (p. 45)
The date and time at which the user was enabled for Amazon WorkMail usage, in UNIX epoch timeformat.
Type: TimestampName (p. 45)
The name for the user.
Type: String
Length Constraints: Minimum length of 1. Maximum length of 64.
Pattern: [\w\-.]+(@[a-zA-Z0-9.\-]+\.[a-zA-Z0-9]{2,})?State (p. 45)
The state of a user: enabled (registered to Amazon WorkMail) or disabled (deregistered or neverregistered to WorkMail).
Type: String
Valid Values: ENABLED | DISABLED | DELETEDUserId (p. 45)
The identifier for the described user.
Type: String
Length Constraints: Minimum length of 12. Maximum length of 256.UserRole (p. 45)
In certain cases, other entities are modeled as users. If interoperability is enabled, resources areimported into Amazon WorkMail as users. Because different WorkMail organizations rely ondifferent directory types, administrators can distinguish between an unregistered user (account isdisabled and has a user role) and the directory administrators. The values are USER, RESOURCE, andSYSTEM_USER.
46
Amazon WorkMail API ReferenceDescribeUser
Type: String
Valid Values: USER | RESOURCE | SYSTEM_USER
ErrorsFor information about the errors that are common to all actions, see Common Errors (p. 133).
EntityNotFoundException
The identifier supplied for the user, group, or resource does not exist in your organization.
HTTP Status Code: 400InvalidParameterException
One or more of the input parameters don't match the service's restrictions.
HTTP Status Code: 400OrganizationNotFoundException
An operation received a valid organization identifier that either doesn't belong or exist in the system.
HTTP Status Code: 400OrganizationStateException
The organization must have a valid state (Active or Synchronizing) to perform certain operations onthe organization or its members.
HTTP Status Code: 400
See AlsoFor more information about using this API in one of the language-specific AWS SDKs, see the following:
• AWS Command Line Interface• AWS SDK for .NET• AWS SDK for C++• AWS SDK for Go• AWS SDK for Java• AWS SDK for JavaScript• AWS SDK for PHP V3• AWS SDK for Python• AWS SDK for Ruby V3
47
Amazon WorkMail API ReferenceDisassociateDelegateFromResource
DisassociateDelegateFromResourceService: Amazon WorkMail
Removes a member from the resource's set of delegates.
Request Syntax
{ "EntityId": "string", "OrganizationId": "string", "ResourceId": "string"}
Request ParametersFor information about the parameters that are common to all actions, see CommonParameters (p. 131).
The request accepts the following data in JSON format.
EntityId (p. 48)
The identifier for the member (user, group) to be removed from the resource's delegates.
Type: String
Length Constraints: Minimum length of 12. Maximum length of 256.
Required: YesOrganizationId (p. 48)
The identifier for the organization under which the resource exists.
Type: String
Pattern: ^m-[0-9a-f]{32}$
Required: YesResourceId (p. 48)
The identifier of the resource from which delegates' set members are removed.
Type: String
Pattern: ^r-[0-9a-f]{32}$
Required: Yes
Response ElementsIf the action is successful, the service sends back an HTTP 200 response with an empty HTTP body.
ErrorsFor information about the errors that are common to all actions, see Common Errors (p. 133).
48
Amazon WorkMail API ReferenceDisassociateDelegateFromResource
EntityNotFoundException
The identifier supplied for the user, group, or resource does not exist in your organization.
HTTP Status Code: 400EntityStateException
You are performing an operation on a user, group, or resource that isn't in the expected state, suchas trying to delete an active user.
HTTP Status Code: 400InvalidParameterException
One or more of the input parameters don't match the service's restrictions.
HTTP Status Code: 400OrganizationNotFoundException
An operation received a valid organization identifier that either doesn't belong or exist in the system.
HTTP Status Code: 400OrganizationStateException
The organization must have a valid state (Active or Synchronizing) to perform certain operations onthe organization or its members.
HTTP Status Code: 400
See AlsoFor more information about using this API in one of the language-specific AWS SDKs, see the following:
• AWS Command Line Interface• AWS SDK for .NET• AWS SDK for C++• AWS SDK for Go• AWS SDK for Java• AWS SDK for JavaScript• AWS SDK for PHP V3• AWS SDK for Python• AWS SDK for Ruby V3
49
Amazon WorkMail API ReferenceDisassociateMemberFromGroup
DisassociateMemberFromGroupService: Amazon WorkMail
Removes a member from a group.
Request Syntax
{ "GroupId": "string", "MemberId": "string", "OrganizationId": "string"}
Request ParametersFor information about the parameters that are common to all actions, see CommonParameters (p. 131).
The request accepts the following data in JSON format.
GroupId (p. 50)
The identifier for the group from which members are removed.
Type: String
Length Constraints: Minimum length of 12. Maximum length of 256.
Required: YesMemberId (p. 50)
The identifier for the member to be removed to the group.
Type: String
Length Constraints: Minimum length of 12. Maximum length of 256.
Required: YesOrganizationId (p. 50)
The identifier for the organization under which the group exists.
Type: String
Pattern: ^m-[0-9a-f]{32}$
Required: Yes
Response ElementsIf the action is successful, the service sends back an HTTP 200 response with an empty HTTP body.
ErrorsFor information about the errors that are common to all actions, see Common Errors (p. 133).
50
Amazon WorkMail API ReferenceDisassociateMemberFromGroup
DirectoryServiceAuthenticationFailedException
The directory service doesn't recognize the credentials supplied by WorkMail.
HTTP Status Code: 400DirectoryUnavailableException
The directory on which you are trying to perform operations isn't available.
HTTP Status Code: 400EntityNotFoundException
The identifier supplied for the user, group, or resource does not exist in your organization.
HTTP Status Code: 400EntityStateException
You are performing an operation on a user, group, or resource that isn't in the expected state, suchas trying to delete an active user.
HTTP Status Code: 400InvalidParameterException
One or more of the input parameters don't match the service's restrictions.
HTTP Status Code: 400OrganizationNotFoundException
An operation received a valid organization identifier that either doesn't belong or exist in the system.
HTTP Status Code: 400OrganizationStateException
The organization must have a valid state (Active or Synchronizing) to perform certain operations onthe organization or its members.
HTTP Status Code: 400UnsupportedOperationException
You can't perform a write operation against a read-only directory.
HTTP Status Code: 400
See AlsoFor more information about using this API in one of the language-specific AWS SDKs, see the following:
• AWS Command Line Interface• AWS SDK for .NET• AWS SDK for C++• AWS SDK for Go• AWS SDK for Java• AWS SDK for JavaScript• AWS SDK for PHP V3• AWS SDK for Python
51
Amazon WorkMail API ReferenceDisassociateMemberFromGroup
• AWS SDK for Ruby V3
52
Amazon WorkMail API ReferenceGetAccessControlEffect
GetAccessControlEffectService: Amazon WorkMail
Gets the effects of an organization's access control rules as they apply to a specified IPv4 address, accessprotocol action, or user ID.
Request Syntax
{ "Action": "string", "IpAddress": "string", "OrganizationId": "string", "UserId": "string"}
Request ParametersFor information about the parameters that are common to all actions, see CommonParameters (p. 131).
The request accepts the following data in JSON format.
Action (p. 53)
The access protocol action. Valid values include ActiveSync, AutoDiscover, EWS, IMAP, SMTP,WindowsOutlook, and WebMail.
Type: String
Length Constraints: Minimum length of 1. Maximum length of 64.
Pattern: [a-zA-Z]+
Required: YesIpAddress (p. 53)
The IPv4 address.
Type: String
Length Constraints: Minimum length of 1. Maximum length of 15.
Pattern: ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])$
Required: YesOrganizationId (p. 53)
The identifier for the organization.
Type: String
Pattern: ^m-[0-9a-f]{32}$
Required: YesUserId (p. 53)
The user ID.
53
Amazon WorkMail API ReferenceGetAccessControlEffect
Type: String
Length Constraints: Minimum length of 12. Maximum length of 256.
Required: Yes
Response Syntax
{ "Effect": "string", "MatchedRules": [ "string" ]}
Response ElementsIf the action is successful, the service sends back an HTTP 200 response.
The following data is returned in JSON format by the service.
Effect (p. 54)
The rule effect.
Type: String
Valid Values: ALLOW | DENYMatchedRules (p. 54)
The rules that match the given parameters, resulting in an effect.
Type: Array of strings
Array Members: Minimum number of 0 items. Maximum number of 10 items.
Length Constraints: Minimum length of 1. Maximum length of 64.
Pattern: [a-zA-Z0-9_-]+
ErrorsFor information about the errors that are common to all actions, see Common Errors (p. 133).
EntityNotFoundException
The identifier supplied for the user, group, or resource does not exist in your organization.
HTTP Status Code: 400InvalidParameterException
One or more of the input parameters don't match the service's restrictions.
HTTP Status Code: 400OrganizationNotFoundException
An operation received a valid organization identifier that either doesn't belong or exist in the system.
HTTP Status Code: 400
54
Amazon WorkMail API ReferenceGetAccessControlEffect
OrganizationStateException
The organization must have a valid state (Active or Synchronizing) to perform certain operations onthe organization or its members.
HTTP Status Code: 400
See AlsoFor more information about using this API in one of the language-specific AWS SDKs, see the following:
• AWS Command Line Interface• AWS SDK for .NET• AWS SDK for C++• AWS SDK for Go• AWS SDK for Java• AWS SDK for JavaScript• AWS SDK for PHP V3• AWS SDK for Python• AWS SDK for Ruby V3
55
Amazon WorkMail API ReferenceGetMailboxDetails
GetMailboxDetailsService: Amazon WorkMail
Requests a user's mailbox details for a specified organization and user.
Request Syntax
{ "OrganizationId": "string", "UserId": "string"}
Request ParametersFor information about the parameters that are common to all actions, see CommonParameters (p. 131).
The request accepts the following data in JSON format.
OrganizationId (p. 56)
The identifier for the organization that contains the user whose mailbox details are being requested.
Type: String
Pattern: ^m-[0-9a-f]{32}$
Required: YesUserId (p. 56)
The identifier for the user whose mailbox details are being requested.
Type: String
Length Constraints: Minimum length of 12. Maximum length of 256.
Required: Yes
Response Syntax
{ "MailboxQuota": number, "MailboxSize": number}
Response ElementsIf the action is successful, the service sends back an HTTP 200 response.
The following data is returned in JSON format by the service.
MailboxQuota (p. 56)
The maximum allowed mailbox size, in MB, for the specified user.
Type: Integer
56
Amazon WorkMail API ReferenceGetMailboxDetails
Valid Range: Minimum value of 1.MailboxSize (p. 56)
The current mailbox size, in MB, for the specified user.
Type: Double
Valid Range: Minimum value of 0.
ErrorsFor information about the errors that are common to all actions, see Common Errors (p. 133).
EntityNotFoundException
The identifier supplied for the user, group, or resource does not exist in your organization.
HTTP Status Code: 400OrganizationNotFoundException
An operation received a valid organization identifier that either doesn't belong or exist in the system.
HTTP Status Code: 400OrganizationStateException
The organization must have a valid state (Active or Synchronizing) to perform certain operations onthe organization or its members.
HTTP Status Code: 400
See AlsoFor more information about using this API in one of the language-specific AWS SDKs, see the following:
• AWS Command Line Interface• AWS SDK for .NET• AWS SDK for C++• AWS SDK for Go• AWS SDK for Java• AWS SDK for JavaScript• AWS SDK for PHP V3• AWS SDK for Python• AWS SDK for Ruby V3
57
Amazon WorkMail API ReferenceListAccessControlRules
ListAccessControlRulesService: Amazon WorkMail
Lists the access control rules for the specified organization.
Request Syntax
{ "OrganizationId": "string"}
Request ParametersFor information about the parameters that are common to all actions, see CommonParameters (p. 131).
The request accepts the following data in JSON format.
OrganizationId (p. 58)
The identifier for the organization.
Type: String
Pattern: ^m-[0-9a-f]{32}$
Required: Yes
Response Syntax
{ "Rules": [ { "Actions": [ "string" ], "DateCreated": number, "DateModified": number, "Description": "string", "Effect": "string", "IpRanges": [ "string" ], "Name": "string", "NotActions": [ "string" ], "NotIpRanges": [ "string" ], "NotUserIds": [ "string" ], "UserIds": [ "string" ] } ]}
Response ElementsIf the action is successful, the service sends back an HTTP 200 response.
The following data is returned in JSON format by the service.
Rules (p. 58)
The access control rules.
58
Amazon WorkMail API ReferenceListAccessControlRules
Type: Array of AccessControlRule (p. 114) objects
Array Members: Minimum number of 0 items. Maximum number of 10 items.
ErrorsFor information about the errors that are common to all actions, see Common Errors (p. 133).
OrganizationNotFoundException
An operation received a valid organization identifier that either doesn't belong or exist in the system.
HTTP Status Code: 400OrganizationStateException
The organization must have a valid state (Active or Synchronizing) to perform certain operations onthe organization or its members.
HTTP Status Code: 400
See AlsoFor more information about using this API in one of the language-specific AWS SDKs, see the following:
• AWS Command Line Interface• AWS SDK for .NET• AWS SDK for C++• AWS SDK for Go• AWS SDK for Java• AWS SDK for JavaScript• AWS SDK for PHP V3• AWS SDK for Python• AWS SDK for Ruby V3
59
Amazon WorkMail API ReferenceListAliases
ListAliasesService: Amazon WorkMail
Creates a paginated call to list the aliases associated with a given entity.
Request Syntax
{ "EntityId": "string", "MaxResults": number, "NextToken": "string", "OrganizationId": "string"}
Request ParametersFor information about the parameters that are common to all actions, see CommonParameters (p. 131).
The request accepts the following data in JSON format.
EntityId (p. 60)
The identifier for the entity for which to list the aliases.
Type: String
Length Constraints: Minimum length of 12. Maximum length of 256.
Required: YesMaxResults (p. 60)
The maximum number of results to return in a single call.
Type: Integer
Valid Range: Minimum value of 1. Maximum value of 100.
Required: NoNextToken (p. 60)
The token to use to retrieve the next page of results. The first call does not contain any tokens.
Type: String
Length Constraints: Minimum length of 1. Maximum length of 1024.
Required: NoOrganizationId (p. 60)
The identifier for the organization under which the entity exists.
Type: String
Pattern: ^m-[0-9a-f]{32}$
Required: Yes
60
Amazon WorkMail API ReferenceListAliases
Response Syntax
{ "Aliases": [ "string" ], "NextToken": "string"}
Response ElementsIf the action is successful, the service sends back an HTTP 200 response.
The following data is returned in JSON format by the service.
Aliases (p. 61)
The entity's paginated aliases.
Type: Array of strings
Length Constraints: Minimum length of 1. Maximum length of 254.
Pattern: [a-zA-Z0-9._%+-]{1,64}@[a-zA-Z0-9.-]+\.[a-zA-Z]{2,}NextToken (p. 61)
The token to use to retrieve the next page of results. The value is "null" when there are no moreresults to return.
Type: String
Length Constraints: Minimum length of 1. Maximum length of 1024.
ErrorsFor information about the errors that are common to all actions, see Common Errors (p. 133).
EntityNotFoundException
The identifier supplied for the user, group, or resource does not exist in your organization.
HTTP Status Code: 400EntityStateException
You are performing an operation on a user, group, or resource that isn't in the expected state, suchas trying to delete an active user.
HTTP Status Code: 400InvalidParameterException
One or more of the input parameters don't match the service's restrictions.
HTTP Status Code: 400OrganizationNotFoundException
An operation received a valid organization identifier that either doesn't belong or exist in the system.
HTTP Status Code: 400
61
Amazon WorkMail API ReferenceListAliases
OrganizationStateException
The organization must have a valid state (Active or Synchronizing) to perform certain operations onthe organization or its members.
HTTP Status Code: 400
See AlsoFor more information about using this API in one of the language-specific AWS SDKs, see the following:
• AWS Command Line Interface• AWS SDK for .NET• AWS SDK for C++• AWS SDK for Go• AWS SDK for Java• AWS SDK for JavaScript• AWS SDK for PHP V3• AWS SDK for Python• AWS SDK for Ruby V3
62
Amazon WorkMail API ReferenceListGroupMembers
ListGroupMembersService: Amazon WorkMail
Returns an overview of the members of a group. Users and groups can be members of a group.
Request Syntax
{ "GroupId": "string", "MaxResults": number, "NextToken": "string", "OrganizationId": "string"}
Request ParametersFor information about the parameters that are common to all actions, see CommonParameters (p. 131).
The request accepts the following data in JSON format.
GroupId (p. 63)
The identifier for the group to which the members (users or groups) are associated.
Type: String
Length Constraints: Minimum length of 12. Maximum length of 256.
Required: YesMaxResults (p. 63)
The maximum number of results to return in a single call.
Type: Integer
Valid Range: Minimum value of 1. Maximum value of 100.
Required: NoNextToken (p. 63)
The token to use to retrieve the next page of results. The first call does not contain any tokens.
Type: String
Length Constraints: Minimum length of 1. Maximum length of 1024.
Required: NoOrganizationId (p. 63)
The identifier for the organization under which the group exists.
Type: String
Pattern: ^m-[0-9a-f]{32}$
Required: Yes
63
Amazon WorkMail API ReferenceListGroupMembers
Response Syntax
{ "Members": [ { "DisabledDate": number, "EnabledDate": number, "Id": "string", "Name": "string", "State": "string", "Type": "string" } ], "NextToken": "string"}
Response ElementsIf the action is successful, the service sends back an HTTP 200 response.
The following data is returned in JSON format by the service.
Members (p. 64)
The members associated to the group.
Type: Array of Member (p. 121) objectsNextToken (p. 64)
The token to use to retrieve the next page of results. The first call does not contain any tokens.
Type: String
Length Constraints: Minimum length of 1. Maximum length of 1024.
ErrorsFor information about the errors that are common to all actions, see Common Errors (p. 133).
EntityNotFoundException
The identifier supplied for the user, group, or resource does not exist in your organization.
HTTP Status Code: 400EntityStateException
You are performing an operation on a user, group, or resource that isn't in the expected state, suchas trying to delete an active user.
HTTP Status Code: 400InvalidParameterException
One or more of the input parameters don't match the service's restrictions.
HTTP Status Code: 400OrganizationNotFoundException
An operation received a valid organization identifier that either doesn't belong or exist in the system.
64
Amazon WorkMail API ReferenceListGroupMembers
HTTP Status Code: 400OrganizationStateException
The organization must have a valid state (Active or Synchronizing) to perform certain operations onthe organization or its members.
HTTP Status Code: 400
See AlsoFor more information about using this API in one of the language-specific AWS SDKs, see the following:
• AWS Command Line Interface• AWS SDK for .NET• AWS SDK for C++• AWS SDK for Go• AWS SDK for Java• AWS SDK for JavaScript• AWS SDK for PHP V3• AWS SDK for Python• AWS SDK for Ruby V3
65
Amazon WorkMail API ReferenceListGroups
ListGroupsService: Amazon WorkMail
Returns summaries of the organization's groups.
Request Syntax
{ "MaxResults": number, "NextToken": "string", "OrganizationId": "string"}
Request ParametersFor information about the parameters that are common to all actions, see CommonParameters (p. 131).
The request accepts the following data in JSON format.
MaxResults (p. 66)
The maximum number of results to return in a single call.
Type: Integer
Valid Range: Minimum value of 1. Maximum value of 100.
Required: NoNextToken (p. 66)
The token to use to retrieve the next page of results. The first call does not contain any tokens.
Type: String
Length Constraints: Minimum length of 1. Maximum length of 1024.
Required: NoOrganizationId (p. 66)
The identifier for the organization under which the groups exist.
Type: String
Pattern: ^m-[0-9a-f]{32}$
Required: Yes
Response Syntax
{ "Groups": [ { "DisabledDate": number, "Email": "string", "EnabledDate": number,
66
Amazon WorkMail API ReferenceListGroups
"Id": "string", "Name": "string", "State": "string" } ], "NextToken": "string"}
Response ElementsIf the action is successful, the service sends back an HTTP 200 response.
The following data is returned in JSON format by the service.
Groups (p. 66)
The overview of groups for an organization.
Type: Array of Group (p. 119) objectsNextToken (p. 66)
The token to use to retrieve the next page of results. The value is "null" when there are no moreresults to return.
Type: String
Length Constraints: Minimum length of 1. Maximum length of 1024.
ErrorsFor information about the errors that are common to all actions, see Common Errors (p. 133).
EntityNotFoundException
The identifier supplied for the user, group, or resource does not exist in your organization.
HTTP Status Code: 400InvalidParameterException
One or more of the input parameters don't match the service's restrictions.
HTTP Status Code: 400OrganizationNotFoundException
An operation received a valid organization identifier that either doesn't belong or exist in the system.
HTTP Status Code: 400OrganizationStateException
The organization must have a valid state (Active or Synchronizing) to perform certain operations onthe organization or its members.
HTTP Status Code: 400
See AlsoFor more information about using this API in one of the language-specific AWS SDKs, see the following:
67
Amazon WorkMail API ReferenceListGroups
• AWS Command Line Interface• AWS SDK for .NET• AWS SDK for C++• AWS SDK for Go• AWS SDK for Java• AWS SDK for JavaScript• AWS SDK for PHP V3• AWS SDK for Python• AWS SDK for Ruby V3
68
Amazon WorkMail API ReferenceListMailboxPermissions
ListMailboxPermissionsService: Amazon WorkMail
Lists the mailbox permissions associated with a user, group, or resource mailbox.
Request Syntax
{ "EntityId": "string", "MaxResults": number, "NextToken": "string", "OrganizationId": "string"}
Request ParametersFor information about the parameters that are common to all actions, see CommonParameters (p. 131).
The request accepts the following data in JSON format.
EntityId (p. 69)
The identifier of the user, group, or resource for which to list mailbox permissions.
Type: String
Length Constraints: Minimum length of 12. Maximum length of 256.
Required: YesMaxResults (p. 69)
The maximum number of results to return in a single call.
Type: Integer
Valid Range: Minimum value of 1. Maximum value of 100.
Required: NoNextToken (p. 69)
The token to use to retrieve the next page of results. The first call does not contain any tokens.
Type: String
Length Constraints: Minimum length of 1. Maximum length of 1024.
Required: NoOrganizationId (p. 69)
The identifier of the organization under which the user, group, or resource exists.
Type: String
Pattern: ^m-[0-9a-f]{32}$
Required: Yes
69
Amazon WorkMail API ReferenceListMailboxPermissions
Response Syntax
{ "NextToken": "string", "Permissions": [ { "GranteeId": "string", "GranteeType": "string", "PermissionValues": [ "string" ] } ]}
Response ElementsIf the action is successful, the service sends back an HTTP 200 response.
The following data is returned in JSON format by the service.
NextToken (p. 70)
The token to use to retrieve the next page of results. The value is "null" when there are no moreresults to return.
Type: String
Length Constraints: Minimum length of 1. Maximum length of 1024.Permissions (p. 70)
One page of the user, group, or resource mailbox permissions.
Type: Array of Permission (p. 125) objects
ErrorsFor information about the errors that are common to all actions, see Common Errors (p. 133).
EntityNotFoundException
The identifier supplied for the user, group, or resource does not exist in your organization.
HTTP Status Code: 400InvalidParameterException
One or more of the input parameters don't match the service's restrictions.
HTTP Status Code: 400OrganizationNotFoundException
An operation received a valid organization identifier that either doesn't belong or exist in the system.
HTTP Status Code: 400OrganizationStateException
The organization must have a valid state (Active or Synchronizing) to perform certain operations onthe organization or its members.
HTTP Status Code: 400
70
Amazon WorkMail API ReferenceListMailboxPermissions
See AlsoFor more information about using this API in one of the language-specific AWS SDKs, see the following:
• AWS Command Line Interface• AWS SDK for .NET• AWS SDK for C++• AWS SDK for Go• AWS SDK for Java• AWS SDK for JavaScript• AWS SDK for PHP V3• AWS SDK for Python• AWS SDK for Ruby V3
71
Amazon WorkMail API ReferenceListOrganizations
ListOrganizationsService: Amazon WorkMail
Returns summaries of the customer's non-deleted organizations.
Request Syntax
{ "MaxResults": number, "NextToken": "string"}
Request ParametersFor information about the parameters that are common to all actions, see CommonParameters (p. 131).
The request accepts the following data in JSON format.
MaxResults (p. 72)
The maximum number of results to return in a single call.
Type: Integer
Valid Range: Minimum value of 1. Maximum value of 100.
Required: NoNextToken (p. 72)
The token to use to retrieve the next page of results. The first call does not contain any tokens.
Type: String
Length Constraints: Minimum length of 1. Maximum length of 1024.
Required: No
Response Syntax
{ "NextToken": "string", "OrganizationSummaries": [ { "Alias": "string", "ErrorMessage": "string", "OrganizationId": "string", "State": "string" } ]}
Response ElementsIf the action is successful, the service sends back an HTTP 200 response.
72
Amazon WorkMail API ReferenceListOrganizations
The following data is returned in JSON format by the service.
NextToken (p. 72)
The token to use to retrieve the next page of results. The value is "null" when there are no moreresults to return.
Type: String
Length Constraints: Minimum length of 1. Maximum length of 1024.OrganizationSummaries (p. 72)
The overview of owned organizations presented as a list of organization summaries.
Type: Array of OrganizationSummary (p. 123) objects
ErrorsFor information about the errors that are common to all actions, see Common Errors (p. 133).
InvalidParameterException
One or more of the input parameters don't match the service's restrictions.
HTTP Status Code: 400
See AlsoFor more information about using this API in one of the language-specific AWS SDKs, see the following:
• AWS Command Line Interface• AWS SDK for .NET• AWS SDK for C++• AWS SDK for Go• AWS SDK for Java• AWS SDK for JavaScript• AWS SDK for PHP V3• AWS SDK for Python• AWS SDK for Ruby V3
73
Amazon WorkMail API ReferenceListResourceDelegates
ListResourceDelegatesService: Amazon WorkMail
Lists the delegates associated with a resource. Users and groups can be resource delegates and answerrequests on behalf of the resource.
Request Syntax
{ "MaxResults": number, "NextToken": "string", "OrganizationId": "string", "ResourceId": "string"}
Request ParametersFor information about the parameters that are common to all actions, see CommonParameters (p. 131).
The request accepts the following data in JSON format.
MaxResults (p. 74)
The number of maximum results in a page.
Type: Integer
Valid Range: Minimum value of 1. Maximum value of 100.
Required: NoNextToken (p. 74)
The token used to paginate through the delegates associated with a resource.
Type: String
Length Constraints: Minimum length of 1. Maximum length of 1024.
Required: NoOrganizationId (p. 74)
The identifier for the organization that contains the resource for which delegates are listed.
Type: String
Pattern: ^m-[0-9a-f]{32}$
Required: YesResourceId (p. 74)
The identifier for the resource whose delegates are listed.
Type: String
Length Constraints: Minimum length of 12. Maximum length of 256.
Required: Yes
74
Amazon WorkMail API ReferenceListResourceDelegates
Response Syntax
{ "Delegates": [ { "Id": "string", "Type": "string" } ], "NextToken": "string"}
Response ElementsIf the action is successful, the service sends back an HTTP 200 response.
The following data is returned in JSON format by the service.
Delegates (p. 75)
One page of the resource's delegates.
Type: Array of Delegate (p. 118) objectsNextToken (p. 75)
The token used to paginate through the delegates associated with a resource. While results are stillavailable, it has an associated value. When the last page is reached, the token is empty.
Type: String
Length Constraints: Minimum length of 1. Maximum length of 1024.
ErrorsFor information about the errors that are common to all actions, see Common Errors (p. 133).
EntityNotFoundException
The identifier supplied for the user, group, or resource does not exist in your organization.
HTTP Status Code: 400EntityStateException
You are performing an operation on a user, group, or resource that isn't in the expected state, suchas trying to delete an active user.
HTTP Status Code: 400InvalidParameterException
One or more of the input parameters don't match the service's restrictions.
HTTP Status Code: 400OrganizationNotFoundException
An operation received a valid organization identifier that either doesn't belong or exist in the system.
HTTP Status Code: 400
75
Amazon WorkMail API ReferenceListResourceDelegates
OrganizationStateException
The organization must have a valid state (Active or Synchronizing) to perform certain operations onthe organization or its members.
HTTP Status Code: 400
See AlsoFor more information about using this API in one of the language-specific AWS SDKs, see the following:
• AWS Command Line Interface• AWS SDK for .NET• AWS SDK for C++• AWS SDK for Go• AWS SDK for Java• AWS SDK for JavaScript• AWS SDK for PHP V3• AWS SDK for Python• AWS SDK for Ruby V3
76
Amazon WorkMail API ReferenceListResources
ListResourcesService: Amazon WorkMail
Returns summaries of the organization's resources.
Request Syntax
{ "MaxResults": number, "NextToken": "string", "OrganizationId": "string"}
Request ParametersFor information about the parameters that are common to all actions, see CommonParameters (p. 131).
The request accepts the following data in JSON format.
MaxResults (p. 77)
The maximum number of results to return in a single call.
Type: Integer
Valid Range: Minimum value of 1. Maximum value of 100.
Required: NoNextToken (p. 77)
The token to use to retrieve the next page of results. The first call does not contain any tokens.
Type: String
Length Constraints: Minimum length of 1. Maximum length of 1024.
Required: NoOrganizationId (p. 77)
The identifier for the organization under which the resources exist.
Type: String
Pattern: ^m-[0-9a-f]{32}$
Required: Yes
Response Syntax
{ "NextToken": "string", "Resources": [ { "DisabledDate": number, "Email": "string", "EnabledDate": number,
77
Amazon WorkMail API ReferenceListResources
"Id": "string", "Name": "string", "State": "string", "Type": "string" } ]}
Response ElementsIf the action is successful, the service sends back an HTTP 200 response.
The following data is returned in JSON format by the service.
NextToken (p. 77)
The token used to paginate through all the organization's resources. While results are still available,it has an associated value. When the last page is reached, the token is empty.
Type: String
Length Constraints: Minimum length of 1. Maximum length of 1024.Resources (p. 77)
One page of the organization's resource representation.
Type: Array of Resource (p. 126) objects
ErrorsFor information about the errors that are common to all actions, see Common Errors (p. 133).
InvalidParameterException
One or more of the input parameters don't match the service's restrictions.
HTTP Status Code: 400OrganizationNotFoundException
An operation received a valid organization identifier that either doesn't belong or exist in the system.
HTTP Status Code: 400OrganizationStateException
The organization must have a valid state (Active or Synchronizing) to perform certain operations onthe organization or its members.
HTTP Status Code: 400
See AlsoFor more information about using this API in one of the language-specific AWS SDKs, see the following:
• AWS Command Line Interface• AWS SDK for .NET• AWS SDK for C++
78
Amazon WorkMail API ReferenceListResources
• AWS SDK for Go• AWS SDK for Java• AWS SDK for JavaScript• AWS SDK for PHP V3• AWS SDK for Python• AWS SDK for Ruby V3
79
Amazon WorkMail API ReferenceListTagsForResource
ListTagsForResourceService: Amazon WorkMail
Lists the tags applied to an Amazon WorkMail organization resource.
Request Syntax
{ "ResourceARN": "string"}
Request ParametersFor information about the parameters that are common to all actions, see CommonParameters (p. 131).
The request accepts the following data in JSON format.
ResourceARN (p. 80)
The resource ARN.
Type: String
Length Constraints: Minimum length of 1. Maximum length of 1011.
Required: Yes
Response Syntax
{ "Tags": [ { "Key": "string", "Value": "string" } ]}
Response ElementsIf the action is successful, the service sends back an HTTP 200 response.
The following data is returned in JSON format by the service.
Tags (p. 80)
A list of tag key-value pairs.
Type: Array of Tag (p. 128) objects
Array Members: Minimum number of 0 items. Maximum number of 50 items.
ErrorsFor information about the errors that are common to all actions, see Common Errors (p. 133).
80
Amazon WorkMail API ReferenceListTagsForResource
ResourceNotFoundException
The resource cannot be found.
HTTP Status Code: 400
See AlsoFor more information about using this API in one of the language-specific AWS SDKs, see the following:
• AWS Command Line Interface• AWS SDK for .NET• AWS SDK for C++• AWS SDK for Go• AWS SDK for Java• AWS SDK for JavaScript• AWS SDK for PHP V3• AWS SDK for Python• AWS SDK for Ruby V3
81
Amazon WorkMail API ReferenceListUsers
ListUsersService: Amazon WorkMail
Returns summaries of the organization's users.
Request Syntax
{ "MaxResults": number, "NextToken": "string", "OrganizationId": "string"}
Request ParametersFor information about the parameters that are common to all actions, see CommonParameters (p. 131).
The request accepts the following data in JSON format.
MaxResults (p. 82)
The maximum number of results to return in a single call.
Type: Integer
Valid Range: Minimum value of 1. Maximum value of 100.
Required: NoNextToken (p. 82)
The token to use to retrieve the next page of results. The first call does not contain any tokens.
Type: String
Length Constraints: Minimum length of 1. Maximum length of 1024.
Required: NoOrganizationId (p. 82)
The identifier for the organization under which the users exist.
Type: String
Pattern: ^m-[0-9a-f]{32}$
Required: Yes
Response Syntax
{ "NextToken": "string", "Users": [ { "DisabledDate": number, "DisplayName": "string",
82
Amazon WorkMail API ReferenceListUsers
"Email": "string", "EnabledDate": number, "Id": "string", "Name": "string", "State": "string", "UserRole": "string" } ]}
Response ElementsIf the action is successful, the service sends back an HTTP 200 response.
The following data is returned in JSON format by the service.
NextToken (p. 82)
The token to use to retrieve the next page of results. This value is `null` when there are no moreresults to return.
Type: String
Length Constraints: Minimum length of 1. Maximum length of 1024.Users (p. 82)
The overview of users for an organization.
Type: Array of User (p. 129) objects
ErrorsFor information about the errors that are common to all actions, see Common Errors (p. 133).
InvalidParameterException
One or more of the input parameters don't match the service's restrictions.
HTTP Status Code: 400OrganizationNotFoundException
An operation received a valid organization identifier that either doesn't belong or exist in the system.
HTTP Status Code: 400OrganizationStateException
The organization must have a valid state (Active or Synchronizing) to perform certain operations onthe organization or its members.
HTTP Status Code: 400
See AlsoFor more information about using this API in one of the language-specific AWS SDKs, see the following:
• AWS Command Line Interface• AWS SDK for .NET
83
Amazon WorkMail API ReferenceListUsers
• AWS SDK for C++• AWS SDK for Go• AWS SDK for Java• AWS SDK for JavaScript• AWS SDK for PHP V3• AWS SDK for Python• AWS SDK for Ruby V3
84
Amazon WorkMail API ReferencePutAccessControlRule
PutAccessControlRuleService: Amazon WorkMail
Adds a new access control rule for the specified organization. The rule allows or denies access to theorganization for the specified IPv4 addresses, access protocol actions, and user IDs. Adding a new rulewith the same name as an existing rule replaces the older rule.
Request Syntax
{ "Actions": [ "string" ], "Description": "string", "Effect": "string", "IpRanges": [ "string" ], "Name": "string", "NotActions": [ "string" ], "NotIpRanges": [ "string" ], "NotUserIds": [ "string" ], "OrganizationId": "string", "UserIds": [ "string" ]}
Request ParametersFor information about the parameters that are common to all actions, see CommonParameters (p. 131).
The request accepts the following data in JSON format.
Actions (p. 85)
Access protocol actions to include in the rule. Valid values include ActiveSync, AutoDiscover,EWS, IMAP, SMTP, WindowsOutlook, and WebMail.
Type: Array of strings
Array Members: Minimum number of 0 items. Maximum number of 10 items.
Length Constraints: Minimum length of 1. Maximum length of 64.
Pattern: [a-zA-Z]+
Required: NoDescription (p. 85)
The rule description.
Type: String
Length Constraints: Minimum length of 0. Maximum length of 255.
Pattern: [\u0020-\u00FF]+
Required: YesEffect (p. 85)
The rule effect.
Type: String
85
Amazon WorkMail API ReferencePutAccessControlRule
Valid Values: ALLOW | DENY
Required: YesIpRanges (p. 85)
IPv4 CIDR ranges to include in the rule.
Type: Array of strings
Array Members: Minimum number of 0 items. Maximum number of 10 items.
Length Constraints: Minimum length of 1. Maximum length of 18.
Pattern: ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])/([0-9]|[12][0-9]|3[0-2])$
Required: NoName (p. 85)
The rule name.
Type: String
Length Constraints: Minimum length of 1. Maximum length of 64.
Pattern: [a-zA-Z0-9_-]+
Required: YesNotActions (p. 85)
Access protocol actions to exclude from the rule. Valid values include ActiveSync, AutoDiscover,EWS, IMAP, SMTP, WindowsOutlook, and WebMail.
Type: Array of strings
Array Members: Minimum number of 0 items. Maximum number of 10 items.
Length Constraints: Minimum length of 1. Maximum length of 64.
Pattern: [a-zA-Z]+
Required: NoNotIpRanges (p. 85)
IPv4 CIDR ranges to exclude from the rule.
Type: Array of strings
Array Members: Minimum number of 0 items. Maximum number of 10 items.
Length Constraints: Minimum length of 1. Maximum length of 18.
Pattern: ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])/([0-9]|[12][0-9]|3[0-2])$
Required: NoNotUserIds (p. 85)
User IDs to exclude from the rule.
Type: Array of strings
86
Amazon WorkMail API ReferencePutAccessControlRule
Array Members: Minimum number of 0 items. Maximum number of 10 items.
Length Constraints: Minimum length of 12. Maximum length of 256.
Required: NoOrganizationId (p. 85)
The identifier of the organization.
Type: String
Pattern: ^m-[0-9a-f]{32}$
Required: YesUserIds (p. 85)
User IDs to include in the rule.
Type: Array of strings
Array Members: Minimum number of 0 items. Maximum number of 10 items.
Length Constraints: Minimum length of 12. Maximum length of 256.
Required: No
Response ElementsIf the action is successful, the service sends back an HTTP 200 response with an empty HTTP body.
ErrorsFor information about the errors that are common to all actions, see Common Errors (p. 133).
EntityNotFoundException
The identifier supplied for the user, group, or resource does not exist in your organization.
HTTP Status Code: 400InvalidParameterException
One or more of the input parameters don't match the service's restrictions.
HTTP Status Code: 400LimitExceededException
The request exceeds the limit of the resource.
HTTP Status Code: 400OrganizationNotFoundException
An operation received a valid organization identifier that either doesn't belong or exist in the system.
HTTP Status Code: 400OrganizationStateException
The organization must have a valid state (Active or Synchronizing) to perform certain operations onthe organization or its members.
87
Amazon WorkMail API ReferencePutAccessControlRule
HTTP Status Code: 400
See AlsoFor more information about using this API in one of the language-specific AWS SDKs, see the following:
• AWS Command Line Interface• AWS SDK for .NET• AWS SDK for C++• AWS SDK for Go• AWS SDK for Java• AWS SDK for JavaScript• AWS SDK for PHP V3• AWS SDK for Python• AWS SDK for Ruby V3
88
Amazon WorkMail API ReferencePutMailboxPermissions
PutMailboxPermissionsService: Amazon WorkMail
Sets permissions for a user, group, or resource. This replaces any pre-existing permissions.
Request Syntax
{ "EntityId": "string", "GranteeId": "string", "OrganizationId": "string", "PermissionValues": [ "string" ]}
Request ParametersFor information about the parameters that are common to all actions, see CommonParameters (p. 131).
The request accepts the following data in JSON format.
EntityId (p. 89)
The identifier of the user, group, or resource for which to update mailbox permissions.
Type: String
Length Constraints: Minimum length of 12. Maximum length of 256.
Required: YesGranteeId (p. 89)
The identifier of the user, group, or resource to which to grant the permissions.
Type: String
Length Constraints: Minimum length of 12. Maximum length of 256.
Required: YesOrganizationId (p. 89)
The identifier of the organization under which the user, group, or resource exists.
Type: String
Pattern: ^m-[0-9a-f]{32}$
Required: YesPermissionValues (p. 89)
The permissions granted to the grantee. SEND_AS allows the grantee to send email as the owner ofthe mailbox (the grantee is not mentioned on these emails). SEND_ON_BEHALF allows the granteeto send email on behalf of the owner of the mailbox (the grantee is not mentioned as the physicalsender of these emails). FULL_ACCESS allows the grantee full access to the mailbox, irrespective ofother folder-level permissions set on the mailbox.
Type: Array of strings
89
Amazon WorkMail API ReferencePutMailboxPermissions
Valid Values: FULL_ACCESS | SEND_AS | SEND_ON_BEHALF
Required: Yes
Response ElementsIf the action is successful, the service sends back an HTTP 200 response with an empty HTTP body.
ErrorsFor information about the errors that are common to all actions, see Common Errors (p. 133).
EntityNotFoundException
The identifier supplied for the user, group, or resource does not exist in your organization.
HTTP Status Code: 400EntityStateException
You are performing an operation on a user, group, or resource that isn't in the expected state, suchas trying to delete an active user.
HTTP Status Code: 400InvalidParameterException
One or more of the input parameters don't match the service's restrictions.
HTTP Status Code: 400OrganizationNotFoundException
An operation received a valid organization identifier that either doesn't belong or exist in the system.
HTTP Status Code: 400OrganizationStateException
The organization must have a valid state (Active or Synchronizing) to perform certain operations onthe organization or its members.
HTTP Status Code: 400
See AlsoFor more information about using this API in one of the language-specific AWS SDKs, see the following:
• AWS Command Line Interface• AWS SDK for .NET• AWS SDK for C++• AWS SDK for Go• AWS SDK for Java• AWS SDK for JavaScript• AWS SDK for PHP V3• AWS SDK for Python• AWS SDK for Ruby V3
90
Amazon WorkMail API ReferencePutMailboxPermissions
91
Amazon WorkMail API ReferenceRegisterToWorkMail
RegisterToWorkMailService: Amazon WorkMail
Registers an existing and disabled user, group, or resource for Amazon WorkMail use by associating amailbox and calendaring capabilities. It performs no change if the user, group, or resource is enabledand fails if the user, group, or resource is deleted. This operation results in the accumulation of costs. Formore information, see Pricing. The equivalent console functionality for this operation is Enable.
Users can either be created by calling the CreateUser (p. 19) API operation or they can be synchronizedfrom your directory. For more information, see DeregisterFromWorkMail (p. 34).
Request Syntax
{ "Email": "string", "EntityId": "string", "OrganizationId": "string"}
Request ParametersFor information about the parameters that are common to all actions, see CommonParameters (p. 131).
The request accepts the following data in JSON format.
Email (p. 92)
The email for the user, group, or resource to be updated.
Type: String
Length Constraints: Minimum length of 1. Maximum length of 254.
Pattern: [a-zA-Z0-9._%+-]{1,64}@[a-zA-Z0-9.-]+\.[a-zA-Z]{2,}
Required: YesEntityId (p. 92)
The identifier for the user, group, or resource to be updated.
Type: String
Length Constraints: Minimum length of 12. Maximum length of 256.
Required: YesOrganizationId (p. 92)
The identifier for the organization under which the user, group, or resource exists.
Type: String
Pattern: ^m-[0-9a-f]{32}$
Required: Yes
Response ElementsIf the action is successful, the service sends back an HTTP 200 response with an empty HTTP body.
92
Amazon WorkMail API ReferenceRegisterToWorkMail
ErrorsFor information about the errors that are common to all actions, see Common Errors (p. 133).
DirectoryServiceAuthenticationFailedException
The directory service doesn't recognize the credentials supplied by WorkMail.
HTTP Status Code: 400DirectoryUnavailableException
The directory on which you are trying to perform operations isn't available.
HTTP Status Code: 400EmailAddressInUseException
The email address that you're trying to assign is already created for a different user, group, orresource.
HTTP Status Code: 400EntityAlreadyRegisteredException
The user, group, or resource that you're trying to register is already registered.
HTTP Status Code: 400EntityNotFoundException
The identifier supplied for the user, group, or resource does not exist in your organization.
HTTP Status Code: 400EntityStateException
You are performing an operation on a user, group, or resource that isn't in the expected state, suchas trying to delete an active user.
HTTP Status Code: 400InvalidParameterException
One or more of the input parameters don't match the service's restrictions.
HTTP Status Code: 400MailDomainNotFoundException
For an email or alias to be created in Amazon WorkMail, the included domain must be defined in theorganization.
HTTP Status Code: 400MailDomainStateException
After a domain has been added to the organization, it must be verified. The domain is not yetverified.
HTTP Status Code: 400OrganizationNotFoundException
An operation received a valid organization identifier that either doesn't belong or exist in the system.
HTTP Status Code: 400
93
Amazon WorkMail API ReferenceRegisterToWorkMail
OrganizationStateException
The organization must have a valid state (Active or Synchronizing) to perform certain operations onthe organization or its members.
HTTP Status Code: 400
See AlsoFor more information about using this API in one of the language-specific AWS SDKs, see the following:
• AWS Command Line Interface• AWS SDK for .NET• AWS SDK for C++• AWS SDK for Go• AWS SDK for Java• AWS SDK for JavaScript• AWS SDK for PHP V3• AWS SDK for Python• AWS SDK for Ruby V3
94
Amazon WorkMail API ReferenceResetPassword
ResetPasswordService: Amazon WorkMail
Allows the administrator to reset the password for a user.
Request Syntax
{ "OrganizationId": "string", "Password": "string", "UserId": "string"}
Request ParametersFor information about the parameters that are common to all actions, see CommonParameters (p. 131).
The request accepts the following data in JSON format.
OrganizationId (p. 95)
The identifier of the organization that contains the user for which the password is reset.
Type: String
Pattern: ^m-[0-9a-f]{32}$
Required: YesPassword (p. 95)
The new password for the user.
Type: String
Length Constraints: Maximum length of 256.
Pattern: [\u0020-\u00FF]+
Required: YesUserId (p. 95)
The identifier of the user for whom the password is reset.
Type: String
Length Constraints: Minimum length of 12. Maximum length of 256.
Required: Yes
Response ElementsIf the action is successful, the service sends back an HTTP 200 response with an empty HTTP body.
ErrorsFor information about the errors that are common to all actions, see Common Errors (p. 133).
95
Amazon WorkMail API ReferenceResetPassword
DirectoryServiceAuthenticationFailedException
The directory service doesn't recognize the credentials supplied by WorkMail.
HTTP Status Code: 400DirectoryUnavailableException
The directory on which you are trying to perform operations isn't available.
HTTP Status Code: 400EntityNotFoundException
The identifier supplied for the user, group, or resource does not exist in your organization.
HTTP Status Code: 400EntityStateException
You are performing an operation on a user, group, or resource that isn't in the expected state, suchas trying to delete an active user.
HTTP Status Code: 400InvalidParameterException
One or more of the input parameters don't match the service's restrictions.
HTTP Status Code: 400InvalidPasswordException
The supplied password doesn't match the minimum security constraints, such as length or use ofspecial characters.
HTTP Status Code: 400OrganizationNotFoundException
An operation received a valid organization identifier that either doesn't belong or exist in the system.
HTTP Status Code: 400OrganizationStateException
The organization must have a valid state (Active or Synchronizing) to perform certain operations onthe organization or its members.
HTTP Status Code: 400UnsupportedOperationException
You can't perform a write operation against a read-only directory.
HTTP Status Code: 400
See AlsoFor more information about using this API in one of the language-specific AWS SDKs, see the following:
• AWS Command Line Interface• AWS SDK for .NET• AWS SDK for C++• AWS SDK for Go
96
Amazon WorkMail API ReferenceResetPassword
• AWS SDK for Java• AWS SDK for JavaScript• AWS SDK for PHP V3• AWS SDK for Python• AWS SDK for Ruby V3
97
Amazon WorkMail API ReferenceTagResource
TagResourceService: Amazon WorkMail
Applies the specified tags to the specified Amazon WorkMail organization resource.
Request Syntax
{ "ResourceARN": "string", "Tags": [ { "Key": "string", "Value": "string" } ]}
Request ParametersFor information about the parameters that are common to all actions, see CommonParameters (p. 131).
The request accepts the following data in JSON format.
ResourceARN (p. 98)
The resource ARN.
Type: String
Length Constraints: Minimum length of 1. Maximum length of 1011.
Required: YesTags (p. 98)
The tag key-value pairs.
Type: Array of Tag (p. 128) objects
Array Members: Minimum number of 0 items. Maximum number of 50 items.
Required: Yes
Response ElementsIf the action is successful, the service sends back an HTTP 200 response with an empty HTTP body.
ErrorsFor information about the errors that are common to all actions, see Common Errors (p. 133).
OrganizationStateException
The organization must have a valid state (Active or Synchronizing) to perform certain operations onthe organization or its members.
HTTP Status Code: 400
98
Amazon WorkMail API ReferenceTagResource
ResourceNotFoundException
The resource cannot be found.
HTTP Status Code: 400TooManyTagsException
The resource can have up to 50 user-applied tags.
HTTP Status Code: 400
See AlsoFor more information about using this API in one of the language-specific AWS SDKs, see the following:
• AWS Command Line Interface• AWS SDK for .NET• AWS SDK for C++• AWS SDK for Go• AWS SDK for Java• AWS SDK for JavaScript• AWS SDK for PHP V3• AWS SDK for Python• AWS SDK for Ruby V3
99
Amazon WorkMail API ReferenceUntagResource
UntagResourceService: Amazon WorkMail
Untags the specified tags from the specified Amazon WorkMail organization resource.
Request Syntax
{ "ResourceARN": "string", "TagKeys": [ "string" ]}
Request ParametersFor information about the parameters that are common to all actions, see CommonParameters (p. 131).
The request accepts the following data in JSON format.
ResourceARN (p. 100)
The resource ARN.
Type: String
Length Constraints: Minimum length of 1. Maximum length of 1011.
Required: YesTagKeys (p. 100)
The tag keys.
Type: Array of strings
Array Members: Minimum number of 0 items. Maximum number of 50 items.
Length Constraints: Minimum length of 1. Maximum length of 128.
Required: Yes
Response ElementsIf the action is successful, the service sends back an HTTP 200 response with an empty HTTP body.
ErrorsFor information about the errors that are common to all actions, see Common Errors (p. 133).
ResourceNotFoundException
The resource cannot be found.
HTTP Status Code: 400
See AlsoFor more information about using this API in one of the language-specific AWS SDKs, see the following:
100
Amazon WorkMail API ReferenceUntagResource
• AWS Command Line Interface• AWS SDK for .NET• AWS SDK for C++• AWS SDK for Go• AWS SDK for Java• AWS SDK for JavaScript• AWS SDK for PHP V3• AWS SDK for Python• AWS SDK for Ruby V3
101
Amazon WorkMail API ReferenceUpdateMailboxQuota
UpdateMailboxQuotaService: Amazon WorkMail
Updates a user's current mailbox quota for a specified organization and user.
Request Syntax
{ "MailboxQuota": number, "OrganizationId": "string", "UserId": "string"}
Request ParametersFor information about the parameters that are common to all actions, see CommonParameters (p. 131).
The request accepts the following data in JSON format.
MailboxQuota (p. 102)
The updated mailbox quota, in MB, for the specified user.
Type: Integer
Valid Range: Minimum value of 1.
Required: YesOrganizationId (p. 102)
The identifier for the organization that contains the user for whom to update the mailbox quota.
Type: String
Pattern: ^m-[0-9a-f]{32}$
Required: YesUserId (p. 102)
The identifer for the user for whom to update the mailbox quota.
Type: String
Length Constraints: Minimum length of 12. Maximum length of 256.
Required: Yes
Response ElementsIf the action is successful, the service sends back an HTTP 200 response with an empty HTTP body.
ErrorsFor information about the errors that are common to all actions, see Common Errors (p. 133).
102
Amazon WorkMail API ReferenceUpdateMailboxQuota
EntityNotFoundException
The identifier supplied for the user, group, or resource does not exist in your organization.
HTTP Status Code: 400EntityStateException
You are performing an operation on a user, group, or resource that isn't in the expected state, suchas trying to delete an active user.
HTTP Status Code: 400InvalidParameterException
One or more of the input parameters don't match the service's restrictions.
HTTP Status Code: 400OrganizationNotFoundException
An operation received a valid organization identifier that either doesn't belong or exist in the system.
HTTP Status Code: 400OrganizationStateException
The organization must have a valid state (Active or Synchronizing) to perform certain operations onthe organization or its members.
HTTP Status Code: 400
See AlsoFor more information about using this API in one of the language-specific AWS SDKs, see the following:
• AWS Command Line Interface• AWS SDK for .NET• AWS SDK for C++• AWS SDK for Go• AWS SDK for Java• AWS SDK for JavaScript• AWS SDK for PHP V3• AWS SDK for Python• AWS SDK for Ruby V3
103
Amazon WorkMail API ReferenceUpdatePrimaryEmailAddress
UpdatePrimaryEmailAddressService: Amazon WorkMail
Updates the primary email for a user, group, or resource. The current email is moved into the list ofaliases (or swapped between an existing alias and the current primary email), and the email provided inthe input is promoted as the primary.
Request Syntax
{ "Email": "string", "EntityId": "string", "OrganizationId": "string"}
Request ParametersFor information about the parameters that are common to all actions, see CommonParameters (p. 131).
The request accepts the following data in JSON format.
Email (p. 104)
The value of the email to be updated as primary.
Type: String
Length Constraints: Minimum length of 1. Maximum length of 254.
Pattern: [a-zA-Z0-9._%+-]{1,64}@[a-zA-Z0-9.-]+\.[a-zA-Z]{2,}
Required: Yes
EntityId (p. 104)
The user, group, or resource to update.
Type: String
Length Constraints: Minimum length of 12. Maximum length of 256.
Required: Yes
OrganizationId (p. 104)
The organization that contains the user, group, or resource to update.
Type: String
Pattern: ^m-[0-9a-f]{32}$
Required: Yes
Response ElementsIf the action is successful, the service sends back an HTTP 200 response with an empty HTTP body.
104
Amazon WorkMail API ReferenceUpdatePrimaryEmailAddress
ErrorsFor information about the errors that are common to all actions, see Common Errors (p. 133).
DirectoryServiceAuthenticationFailedException
The directory service doesn't recognize the credentials supplied by WorkMail.
HTTP Status Code: 400DirectoryUnavailableException
The directory on which you are trying to perform operations isn't available.
HTTP Status Code: 400EmailAddressInUseException
The email address that you're trying to assign is already created for a different user, group, orresource.
HTTP Status Code: 400EntityNotFoundException
The identifier supplied for the user, group, or resource does not exist in your organization.
HTTP Status Code: 400EntityStateException
You are performing an operation on a user, group, or resource that isn't in the expected state, suchas trying to delete an active user.
HTTP Status Code: 400InvalidParameterException
One or more of the input parameters don't match the service's restrictions.
HTTP Status Code: 400InvalidParameterException
One or more of the input parameters don't match the service's restrictions.
HTTP Status Code: 400MailDomainNotFoundException
For an email or alias to be created in Amazon WorkMail, the included domain must be defined in theorganization.
HTTP Status Code: 400MailDomainStateException
After a domain has been added to the organization, it must be verified. The domain is not yetverified.
HTTP Status Code: 400OrganizationNotFoundException
An operation received a valid organization identifier that either doesn't belong or exist in the system.
HTTP Status Code: 400
105
Amazon WorkMail API ReferenceUpdatePrimaryEmailAddress
OrganizationStateException
The organization must have a valid state (Active or Synchronizing) to perform certain operations onthe organization or its members.
HTTP Status Code: 400UnsupportedOperationException
You can't perform a write operation against a read-only directory.
HTTP Status Code: 400
See AlsoFor more information about using this API in one of the language-specific AWS SDKs, see the following:
• AWS Command Line Interface• AWS SDK for .NET• AWS SDK for C++• AWS SDK for Go• AWS SDK for Java• AWS SDK for JavaScript• AWS SDK for PHP V3• AWS SDK for Python• AWS SDK for Ruby V3
106
Amazon WorkMail API ReferenceUpdateResource
UpdateResourceService: Amazon WorkMail
Updates data for the resource. To have the latest information, it must be preceded by aDescribeResource (p. 42) call. The dataset in the request should be the one expected when performinganother DescribeResource call.
Request Syntax
{ "BookingOptions": { "AutoAcceptRequests": boolean, "AutoDeclineConflictingRequests": boolean, "AutoDeclineRecurringRequests": boolean }, "Name": "string", "OrganizationId": "string", "ResourceId": "string"}
Request ParametersFor information about the parameters that are common to all actions, see CommonParameters (p. 131).
The request accepts the following data in JSON format.
BookingOptions (p. 107)
The resource's booking options to be updated.
Type: BookingOptions (p. 117) object
Required: NoName (p. 107)
The name of the resource to be updated.
Type: String
Length Constraints: Minimum length of 1. Maximum length of 20.
Pattern: [\w\-.]+(@[a-zA-Z0-9.\-]+\.[a-zA-Z0-9]{2,})?
Required: NoOrganizationId (p. 107)
The identifier associated with the organization for which the resource is updated.
Type: String
Pattern: ^m-[0-9a-f]{32}$
Required: YesResourceId (p. 107)
The identifier of the resource to be updated.
Type: String
107
Amazon WorkMail API ReferenceUpdateResource
Pattern: ^r-[0-9a-f]{32}$
Required: Yes
Response ElementsIf the action is successful, the service sends back an HTTP 200 response with an empty HTTP body.
ErrorsFor information about the errors that are common to all actions, see Common Errors (p. 133).
DirectoryUnavailableException
The directory on which you are trying to perform operations isn't available.
HTTP Status Code: 400EmailAddressInUseException
The email address that you're trying to assign is already created for a different user, group, orresource.
HTTP Status Code: 400EntityNotFoundException
The identifier supplied for the user, group, or resource does not exist in your organization.
HTTP Status Code: 400EntityStateException
You are performing an operation on a user, group, or resource that isn't in the expected state, suchas trying to delete an active user.
HTTP Status Code: 400InvalidConfigurationException
The configuration for a resource isn't valid. A resource must either be able to auto-respond torequests or have at least one delegate associated that can do so on its behalf.
HTTP Status Code: 400MailDomainNotFoundException
For an email or alias to be created in Amazon WorkMail, the included domain must be defined in theorganization.
HTTP Status Code: 400MailDomainStateException
After a domain has been added to the organization, it must be verified. The domain is not yetverified.
HTTP Status Code: 400NameAvailabilityException
The user, group, or resource name isn't unique in Amazon WorkMail.
HTTP Status Code: 400
108
Amazon WorkMail API ReferenceAmazon WorkMail Message Flow
OrganizationNotFoundException
An operation received a valid organization identifier that either doesn't belong or exist in the system.
HTTP Status Code: 400OrganizationStateException
The organization must have a valid state (Active or Synchronizing) to perform certain operations onthe organization or its members.
HTTP Status Code: 400
See AlsoFor more information about using this API in one of the language-specific AWS SDKs, see the following:
• AWS Command Line Interface• AWS SDK for .NET• AWS SDK for C++• AWS SDK for Go• AWS SDK for Java• AWS SDK for JavaScript• AWS SDK for PHP V3• AWS SDK for Python• AWS SDK for Ruby V3
Amazon WorkMail Message FlowThe following actions are supported by Amazon WorkMail Message Flow:
• GetRawMessageContent (p. 110)
109
Amazon WorkMail API ReferenceGetRawMessageContent
GetRawMessageContentService: Amazon WorkMail Message Flow
Retrieves the raw content of an in-transit email message, in MIME format.
Request Syntax
GET /messages/messageId HTTP/1.1
URI Request Parameters
The request requires the following URI parameters.
messageId (p. 110)
The identifier of the email message to retrieve.
Length Constraints: Minimum length of 1. Maximum length of 120.
Pattern: [a-z0-9\-]*
Request Body
The request does not have a request body.
Response Syntax
HTTP/1.1 200
messageContent
Response Elements
If the action is successful, the service sends back an HTTP 200 response.
The response returns the following as the HTTP body.
messageContent (p. 110)
The raw content of the email message, in MIME format.
Errors
For information about the errors that are common to all actions, see Common Errors (p. 133).
ResourceNotFoundException
The requested email message is not found.
HTTP Status Code: 404
110
Amazon WorkMail API ReferenceGetRawMessageContent
ExampleIn the following example or examples, the Authorization header contents (AUTHPARAMS) must bereplaced with an AWS Signature Version 4 signature. For more information about creating thesesignatures, see Signature Version 4 Signing Process in the AWS General Reference.
You only need to learn how to sign HTTP requests if you intend to manually create them. When you usethe AWS Command Line Interface (AWS CLI) or one of the AWS SDKs to make requests to AWS, thesetools automatically sign the requests for you with the access key that you specify when you configure thetools. When you use these tools, you don't need to learn how to sign requests yourself.
Example
This example gets the raw content of an in-transit email message and sends it to a text file named "test".
Sample Request
GET /messages/a1b2cd34-ef5g-6h7j-kl8m-npq9012345rs HTTP/1.1Host: workmailmessageflow.us-east-1.amazonaws.comAccept-Encoding: identityUser-Agent: aws-cli/1.16.273 Python/3.6.0 Windows/10 botocore/1.13.9X-Amz-Date: 20191107T195012ZAuthorization: AUTHPARAMS
Sample Response
HTTP/1.1 200 OKCache-Control: no-cacheContent-Type: application/jsonDate: Thu, 07 Nov 2019 19:50:12 GMTx-amzn-RequestId: ea71f214-79c5-4f89-9d4e-1ab4c43ae0dfContent-Length: 1344Connection: keep-alive
Subject: Hello WorldFrom: =?UTF-8?Q?marymajor_marymajor?= <[email protected]>To: =?UTF-8?Q?mateojackson=40example=2Enet?= <[email protected]>Date: Thu, 7 Nov 2019 19:22:46 +0000Mime-Version: 1.0Content-Type: multipart/alternative; boundary="=_EXAMPLE+"References: <[email protected]>X-Priority: 3 (Normal)X-Mailer: Amazon WorkMailThread-Index: EXAMPLEThread-Topic: Hello WorldMessage-Id: <[email protected]>
This is a multi-part message in MIME format. Your mail reader does notunderstand MIME message format.--=_EXAMPLE+Content-Type: text/plain; charset=UTF-8Content-Transfer-Encoding: 7bit
hello world
--=_EXAMPLE+Content-Type: text/html; charset=utf-8Content-Transfer-Encoding: quoted-printable
111
Amazon WorkMail API ReferenceGetRawMessageContent
<!DOCTYPE HTML><html><head><meta name=3D"Generator" content=3D"Amazon WorkMail v3.0-4510"><meta http-equiv=3D"Content-Type" content=3D"text/html; charset=3Dutf-8">=
<title>testing</title></head><body><p style=3D"margin: 0px; font-family: Arial, Tahoma, Helvetica, sans-seri=f; font-size: small;">hello world</p></body></html>--=_EXAMPLE+--
See AlsoFor more information about using this API in one of the language-specific AWS SDKs, see the following:
• AWS Command Line Interface• AWS SDK for .NET• AWS SDK for C++• AWS SDK for Go• AWS SDK for Java• AWS SDK for JavaScript• AWS SDK for PHP V3• AWS SDK for Python• AWS SDK for Ruby V3
112
Amazon WorkMail API ReferenceAmazon WorkMail
Data TypesThe following data types are supported by Amazon WorkMail:
• AccessControlRule (p. 114)• BookingOptions (p. 117)• Delegate (p. 118)• Group (p. 119)• Member (p. 121)• OrganizationSummary (p. 123)• Permission (p. 125)• Resource (p. 126)• Tag (p. 128)• User (p. 129)
Amazon WorkMailThe following data types are supported by Amazon WorkMail:
• AccessControlRule (p. 114)• BookingOptions (p. 117)• Delegate (p. 118)• Group (p. 119)• Member (p. 121)• OrganizationSummary (p. 123)• Permission (p. 125)• Resource (p. 126)• Tag (p. 128)• User (p. 129)
113
Amazon WorkMail API ReferenceAccessControlRule
AccessControlRuleService: Amazon WorkMail
A rule that controls access to an Amazon WorkMail organization.
ContentsActions
Access protocol actions to include in the rule. Valid values include ActiveSync, AutoDiscover,EWS, IMAP, SMTP, WindowsOutlook, and WebMail.
Type: Array of strings
Array Members: Minimum number of 0 items. Maximum number of 10 items.
Length Constraints: Minimum length of 1. Maximum length of 64.
Pattern: [a-zA-Z]+
Required: NoDateCreated
The date that the rule was created.
Type: Timestamp
Required: NoDateModified
The date that the rule was modified.
Type: Timestamp
Required: NoDescription
The rule description.
Type: String
Length Constraints: Minimum length of 0. Maximum length of 255.
Pattern: [\u0020-\u00FF]+
Required: NoEffect
The rule effect.
Type: String
Valid Values: ALLOW | DENY
Required: NoIpRanges
IPv4 CIDR ranges to include in the rule.
114
Amazon WorkMail API ReferenceAccessControlRule
Type: Array of strings
Array Members: Minimum number of 0 items. Maximum number of 10 items.
Length Constraints: Minimum length of 1. Maximum length of 18.
Pattern: ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])/([0-9]|[12][0-9]|3[0-2])$
Required: NoName
The rule name.
Type: String
Length Constraints: Minimum length of 1. Maximum length of 64.
Pattern: [a-zA-Z0-9_-]+
Required: NoNotActions
Access protocol actions to exclude from the rule. Valid values include ActiveSync, AutoDiscover,EWS, IMAP, SMTP, WindowsOutlook, and WebMail.
Type: Array of strings
Array Members: Minimum number of 0 items. Maximum number of 10 items.
Length Constraints: Minimum length of 1. Maximum length of 64.
Pattern: [a-zA-Z]+
Required: NoNotIpRanges
IPv4 CIDR ranges to exclude from the rule.
Type: Array of strings
Array Members: Minimum number of 0 items. Maximum number of 10 items.
Length Constraints: Minimum length of 1. Maximum length of 18.
Pattern: ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])/([0-9]|[12][0-9]|3[0-2])$
Required: NoNotUserIds
User IDs to exclude from the rule.
Type: Array of strings
Array Members: Minimum number of 0 items. Maximum number of 10 items.
Length Constraints: Minimum length of 12. Maximum length of 256.
Required: No
115
Amazon WorkMail API ReferenceAccessControlRule
UserIds
User IDs to include in the rule.
Type: Array of strings
Array Members: Minimum number of 0 items. Maximum number of 10 items.
Length Constraints: Minimum length of 12. Maximum length of 256.
Required: No
See AlsoFor more information about using this API in one of the language-specific AWS SDKs, see the following:
• AWS SDK for C++• AWS SDK for Go• AWS SDK for Java• AWS SDK for Ruby V3
116
Amazon WorkMail API ReferenceBookingOptions
BookingOptionsService: Amazon WorkMail
At least one delegate must be associated to the resource to disable automatic replies from the resource.
ContentsAutoAcceptRequests
The resource's ability to automatically reply to requests. If disabled, delegates must be associated tothe resource.
Type: Boolean
Required: NoAutoDeclineConflictingRequests
The resource's ability to automatically decline any conflicting requests.
Type: Boolean
Required: NoAutoDeclineRecurringRequests
The resource's ability to automatically decline any recurring requests.
Type: Boolean
Required: No
See AlsoFor more information about using this API in one of the language-specific AWS SDKs, see the following:
• AWS SDK for C++• AWS SDK for Go• AWS SDK for Java• AWS SDK for Ruby V3
117
Amazon WorkMail API ReferenceDelegate
DelegateService: Amazon WorkMail
The name of the attribute, which is one of the values defined in the UserAttribute enumeration.
ContentsId
The identifier for the user or group associated as the resource's delegate.
Type: String
Length Constraints: Maximum length of 256.
Required: YesType
The type of the delegate: user or group.
Type: String
Valid Values: GROUP | USER
Required: Yes
See AlsoFor more information about using this API in one of the language-specific AWS SDKs, see the following:
• AWS SDK for C++• AWS SDK for Go• AWS SDK for Java• AWS SDK for Ruby V3
118
Amazon WorkMail API ReferenceGroup
GroupService: Amazon WorkMail
The representation of an Amazon WorkMail group.
ContentsDisabledDate
The date indicating when the group was disabled from Amazon WorkMail use.
Type: Timestamp
Required: NoEmail
The email of the group.
Type: String
Length Constraints: Minimum length of 1. Maximum length of 254.
Pattern: [a-zA-Z0-9._%+-]{1,64}@[a-zA-Z0-9.-]+\.[a-zA-Z]{2,}
Required: NoEnabledDate
The date indicating when the group was enabled for Amazon WorkMail use.
Type: Timestamp
Required: NoId
The identifier of the group.
Type: String
Length Constraints: Minimum length of 12. Maximum length of 256.
Required: NoName
The name of the group.
Type: String
Length Constraints: Minimum length of 1. Maximum length of 256.
Pattern: [\u0020-\u00FF]+
Required: NoState
The state of the group, which can be ENABLED, DISABLED, or DELETED.
Type: String
Valid Values: ENABLED | DISABLED | DELETED
119
Amazon WorkMail API ReferenceGroup
Required: No
See AlsoFor more information about using this API in one of the language-specific AWS SDKs, see the following:
• AWS SDK for C++• AWS SDK for Go• AWS SDK for Java• AWS SDK for Ruby V3
120
Amazon WorkMail API ReferenceMember
MemberService: Amazon WorkMail
The representation of a user or group.
ContentsDisabledDate
The date indicating when the member was disabled from Amazon WorkMail use.
Type: Timestamp
Required: No
EnabledDate
The date indicating when the member was enabled for Amazon WorkMail use.
Type: Timestamp
Required: No
Id
The identifier of the member.
Type: String
Length Constraints: Maximum length of 256.
Required: No
Name
The name of the member.
Type: String
Length Constraints: Maximum length of 256.
Required: No
State
The state of the member, which can be ENABLED, DISABLED, or DELETED.
Type: String
Valid Values: ENABLED | DISABLED | DELETED
Required: No
Type
A member can be a user or group.
Type: String
Valid Values: GROUP | USER
Required: No
121
Amazon WorkMail API ReferenceMember
See AlsoFor more information about using this API in one of the language-specific AWS SDKs, see the following:
• AWS SDK for C++• AWS SDK for Go• AWS SDK for Java• AWS SDK for Ruby V3
122
Amazon WorkMail API ReferenceOrganizationSummary
OrganizationSummaryService: Amazon WorkMail
The representation of an organization.
ContentsAlias
The alias associated with the organization.
Type: String
Length Constraints: Minimum length of 1. Maximum length of 62.
Pattern: ^(?!d-)([\da-zA-Z]+)([-]*[\da-zA-Z])*
Required: NoErrorMessage
The error message associated with the organization. It is only present if unexpected behavior hasoccurred with regards to the organization. It provides insight or solutions regarding unexpectedbehavior.
Type: String
Length Constraints: Maximum length of 256.
Required: NoOrganizationId
The identifier associated with the organization.
Type: String
Pattern: ^m-[0-9a-f]{32}$
Required: NoState
The state associated with the organization.
Type: String
Length Constraints: Maximum length of 256.
Required: No
See AlsoFor more information about using this API in one of the language-specific AWS SDKs, see the following:
• AWS SDK for C++• AWS SDK for Go• AWS SDK for Java• AWS SDK for Ruby V3
123
Amazon WorkMail API ReferenceOrganizationSummary
124
Amazon WorkMail API ReferencePermission
PermissionService: Amazon WorkMail
Permission granted to a user, group, or resource to access a certain aspect of another user, group, orresource mailbox.
ContentsGranteeId
The identifier of the user, group, or resource to which the permissions are granted.
Type: String
Length Constraints: Minimum length of 12. Maximum length of 256.
Required: YesGranteeType
The type of user, group, or resource referred to in GranteeId.
Type: String
Valid Values: GROUP | USER
Required: YesPermissionValues
The permissions granted to the grantee. SEND_AS allows the grantee to send email as the owner ofthe mailbox (the grantee is not mentioned on these emails). SEND_ON_BEHALF allows the granteeto send email on behalf of the owner of the mailbox (the grantee is not mentioned as the physicalsender of these emails). FULL_ACCESS allows the grantee full access to the mailbox, irrespective ofother folder-level permissions set on the mailbox.
Type: Array of strings
Valid Values: FULL_ACCESS | SEND_AS | SEND_ON_BEHALF
Required: Yes
See AlsoFor more information about using this API in one of the language-specific AWS SDKs, see the following:
• AWS SDK for C++• AWS SDK for Go• AWS SDK for Java• AWS SDK for Ruby V3
125
Amazon WorkMail API ReferenceResource
ResourceService: Amazon WorkMail
The representation of a resource.
ContentsDisabledDate
The date indicating when the resource was disabled from Amazon WorkMail use.
Type: Timestamp
Required: NoEmail
The email of the resource.
Type: String
Length Constraints: Minimum length of 1. Maximum length of 254.
Pattern: [a-zA-Z0-9._%+-]{1,64}@[a-zA-Z0-9.-]+\.[a-zA-Z]{2,}
Required: NoEnabledDate
The date indicating when the resource was enabled for Amazon WorkMail use.
Type: Timestamp
Required: NoId
The identifier of the resource.
Type: String
Length Constraints: Minimum length of 12. Maximum length of 256.
Required: NoName
The name of the resource.
Type: String
Length Constraints: Minimum length of 1. Maximum length of 20.
Pattern: [\w\-.]+(@[a-zA-Z0-9.\-]+\.[a-zA-Z0-9]{2,})?
Required: NoState
The state of the resource, which can be ENABLED, DISABLED, or DELETED.
Type: String
Valid Values: ENABLED | DISABLED | DELETED
126
Amazon WorkMail API ReferenceResource
Required: NoType
The type of the resource: equipment or room.
Type: String
Valid Values: ROOM | EQUIPMENT
Required: No
See AlsoFor more information about using this API in one of the language-specific AWS SDKs, see the following:
• AWS SDK for C++• AWS SDK for Go• AWS SDK for Java• AWS SDK for Ruby V3
127
Amazon WorkMail API ReferenceTag
TagService: Amazon WorkMail
Describes a tag applied to a resource.
ContentsKey
The key of the tag.
Type: String
Length Constraints: Minimum length of 1. Maximum length of 128.
Required: YesValue
The value of the tag.
Type: String
Length Constraints: Minimum length of 0. Maximum length of 256.
Required: Yes
See AlsoFor more information about using this API in one of the language-specific AWS SDKs, see the following:
• AWS SDK for C++• AWS SDK for Go• AWS SDK for Java• AWS SDK for Ruby V3
128
Amazon WorkMail API ReferenceUser
UserService: Amazon WorkMail
The representation of an Amazon WorkMail user.
ContentsDisabledDate
The date indicating when the user was disabled from Amazon WorkMail use.
Type: Timestamp
Required: NoDisplayName
The display name of the user.
Type: String
Length Constraints: Maximum length of 256.
Required: NoEmail
The email of the user.
Type: String
Length Constraints: Minimum length of 1. Maximum length of 254.
Pattern: [a-zA-Z0-9._%+-]{1,64}@[a-zA-Z0-9.-]+\.[a-zA-Z]{2,}
Required: NoEnabledDate
The date indicating when the user was enabled for Amazon WorkMail use.
Type: Timestamp
Required: NoId
The identifier of the user.
Type: String
Length Constraints: Minimum length of 12. Maximum length of 256.
Required: NoName
The name of the user.
Type: String
Length Constraints: Minimum length of 1. Maximum length of 64.
Pattern: [\w\-.]+(@[a-zA-Z0-9.\-]+\.[a-zA-Z0-9]{2,})?
129
Amazon WorkMail API ReferenceUser
Required: NoState
The state of the user, which can be ENABLED, DISABLED, or DELETED.
Type: String
Valid Values: ENABLED | DISABLED | DELETED
Required: NoUserRole
The role of the user.
Type: String
Valid Values: USER | RESOURCE | SYSTEM_USER
Required: No
See AlsoFor more information about using this API in one of the language-specific AWS SDKs, see the following:
• AWS SDK for C++• AWS SDK for Go• AWS SDK for Java• AWS SDK for Ruby V3
130
Amazon WorkMail API Reference
Common ParametersThe following list contains the parameters that all actions use for signing Signature Version 4 requestswith a query string. Any action-specific parameters are listed in the topic for that action. For moreinformation about Signature Version 4, see Signature Version 4 Signing Process in the Amazon WebServices General Reference.
Action
The action to be performed.
Type: string
Required: YesVersion
The API version that the request is written for, expressed in the format YYYY-MM-DD.
Type: string
Required: YesX-Amz-Algorithm
The hash algorithm that you used to create the request signature.
Condition: Specify this parameter when you include authentication information in a query stringinstead of in the HTTP authorization header.
Type: string
Valid Values: AWS4-HMAC-SHA256
Required: ConditionalX-Amz-Credential
The credential scope value, which is a string that includes your access key, the date, the region youare targeting, the service you are requesting, and a termination string ("aws4_request"). The value isexpressed in the following format: access_key/YYYYMMDD/region/service/aws4_request.
For more information, see Task 2: Create a String to Sign for Signature Version 4 in the Amazon WebServices General Reference.
Condition: Specify this parameter when you include authentication information in a query stringinstead of in the HTTP authorization header.
Type: string
Required: ConditionalX-Amz-Date
The date that is used to create the signature. The format must be ISO 8601 basic format(YYYYMMDD'T'HHMMSS'Z'). For example, the following date time is a valid X-Amz-Date value:20120325T120000Z.
Condition: X-Amz-Date is optional for all requests; it can be used to override the date used forsigning requests. If the Date header is specified in the ISO 8601 basic format, X-Amz-Date is
131
Amazon WorkMail API Reference
not required. When X-Amz-Date is used, it always overrides the value of the Date header. Formore information, see Handling Dates in Signature Version 4 in the Amazon Web Services GeneralReference.
Type: string
Required: ConditionalX-Amz-Security-Token
The temporary security token that was obtained through a call to AWS Security Token Service (AWSSTS). For a list of services that support temporary security credentials from AWS Security TokenService, go to AWS Services That Work with IAM in the IAM User Guide.
Condition: If you're using temporary security credentials from the AWS Security Token Service, youmust include the security token.
Type: string
Required: ConditionalX-Amz-Signature
Specifies the hex-encoded signature that was calculated from the string to sign and the derivedsigning key.
Condition: Specify this parameter when you include authentication information in a query stringinstead of in the HTTP authorization header.
Type: string
Required: ConditionalX-Amz-SignedHeaders
Specifies all the HTTP headers that were included as part of the canonical request. For moreinformation about specifying signed headers, see Task 1: Create a Canonical Request For SignatureVersion 4 in the Amazon Web Services General Reference.
Condition: Specify this parameter when you include authentication information in a query stringinstead of in the HTTP authorization header.
Type: string
Required: Conditional
132
Amazon WorkMail API Reference
Common ErrorsThis section lists the errors common to the API actions of all AWS services. For errors specific to an APIaction for this service, see the topic for that API action.
AccessDeniedException
You do not have sufficient access to perform this action.
HTTP Status Code: 400IncompleteSignature
The request signature does not conform to AWS standards.
HTTP Status Code: 400InternalFailure
The request processing has failed because of an unknown error, exception or failure.
HTTP Status Code: 500InvalidAction
The action or operation requested is invalid. Verify that the action is typed correctly.
HTTP Status Code: 400InvalidClientTokenId
The X.509 certificate or AWS access key ID provided does not exist in our records.
HTTP Status Code: 403InvalidParameterCombination
Parameters that must not be used together were used together.
HTTP Status Code: 400InvalidParameterValue
An invalid or out-of-range value was supplied for the input parameter.
HTTP Status Code: 400InvalidQueryParameter
The AWS query string is malformed or does not adhere to AWS standards.
HTTP Status Code: 400MalformedQueryString
The query string contains a syntax error.
HTTP Status Code: 404MissingAction
The request is missing an action or a required parameter.
HTTP Status Code: 400
133
Amazon WorkMail API Reference
MissingAuthenticationToken
The request must contain either a valid (registered) AWS access key ID or X.509 certificate.
HTTP Status Code: 403MissingParameter
A required parameter for the specified action is not supplied.
HTTP Status Code: 400OptInRequired
The AWS access key ID needs a subscription for the service.
HTTP Status Code: 403RequestExpired
The request reached the service more than 15 minutes after the date stamp on the request or morethan 15 minutes after the request expiration date (such as for pre-signed URLs), or the date stampon the request is more than 15 minutes in the future.
HTTP Status Code: 400ServiceUnavailable
The request has failed due to a temporary failure of the server.
HTTP Status Code: 503ThrottlingException
The request was denied due to request throttling.
HTTP Status Code: 400ValidationError
The input fails to satisfy the constraints specified by an AWS service.
HTTP Status Code: 400
134