WorkMail ******** Client ====== class WorkMail.Client A low-level client representing Amazon WorkMail WorkMail is a secure, managed business email and calendaring service with support for existing desktop and mobile email clients. You can access your email, contacts, and calendars using Microsoft Outlook, your browser, or other native iOS and Android email applications. You can integrate WorkMail with your existing corporate directory and control both the keys that encrypt your data and the location in which your data is stored. The WorkMail API is designed for the following scenarios: * Listing and describing organizations * Managing users * Managing groups * Managing resources All WorkMail API operations are Amazon-authenticated and certificate-signed. They not only require the use of the AWS SDK, but also allow for the exclusive use of AWS Identity and Access Management users and roles to help facilitate access, trust, and permission policies. By creating a role and allowing an IAM user to access the WorkMail site, the IAM user gains full administrative visibility into the entire WorkMail organization (or as set in the IAM policy). This includes, but is not limited to, the ability to create, update, and delete users, groups, and resources. This allows developers to perform the scenarios listed above, as well as give users the ability to grant access on a selective basis using the IAM model. import boto3 client = boto3.client('workmail') These are the available methods: * associate_delegate_to_resource * associate_member_to_group * assume_impersonation_role * can_paginate * cancel_mailbox_export_job * close * create_alias * create_availability_configuration * create_group * create_identity_center_application * create_impersonation_role * create_mobile_device_access_rule * create_organization * create_resource * create_user * delete_access_control_rule * delete_alias * delete_availability_configuration * delete_email_monitoring_configuration * delete_group * delete_identity_center_application * delete_identity_provider_configuration * delete_impersonation_role * delete_mailbox_permissions * delete_mobile_device_access_override * delete_mobile_device_access_rule * delete_organization * delete_personal_access_token * delete_resource * delete_retention_policy * delete_user * deregister_from_work_mail * deregister_mail_domain * describe_email_monitoring_configuration * describe_entity * describe_group * describe_identity_provider_configuration * describe_inbound_dmarc_settings * describe_mailbox_export_job * describe_organization * describe_resource * describe_user * disassociate_delegate_from_resource * disassociate_member_from_group * get_access_control_effect * get_default_retention_policy * get_impersonation_role * get_impersonation_role_effect * get_mail_domain * get_mailbox_details * get_mobile_device_access_effect * get_mobile_device_access_override * get_paginator * get_personal_access_token_metadata * get_waiter * list_access_control_rules * list_aliases * list_availability_configurations * list_group_members * list_groups * list_groups_for_entity * list_impersonation_roles * list_mail_domains * list_mailbox_export_jobs * list_mailbox_permissions * list_mobile_device_access_overrides * list_mobile_device_access_rules * list_organizations * list_personal_access_tokens * list_resource_delegates * list_resources * list_tags_for_resource * list_users * put_access_control_rule * put_email_monitoring_configuration * put_identity_provider_configuration * put_inbound_dmarc_settings * put_mailbox_permissions * put_mobile_device_access_override * put_retention_policy * register_mail_domain * register_to_work_mail * reset_password * start_mailbox_export_job * tag_resource * test_availability_configuration * untag_resource * update_availability_configuration * update_default_mail_domain * update_group * update_impersonation_role * update_mailbox_quota * update_mobile_device_access_rule * update_primary_email_address * update_resource * update_user Paginators ========== Paginators are available on a client instance via the "get_paginator" method. For more detailed instructions and examples on the usage of paginators, see the paginators user guide. The available paginators are: * ListAliases * ListAvailabilityConfigurations * ListGroupMembers * ListGroups * ListMailboxPermissions * ListOrganizations * ListPersonalAccessTokens * ListResourceDelegates * ListResources * ListUsers WorkMail / Paginator / ListGroupMembers ListGroupMembers **************** class WorkMail.Paginator.ListGroupMembers paginator = client.get_paginator('list_group_members') paginate(**kwargs) Creates an iterator that will paginate through responses from "WorkMail.Client.list_group_members()". See also: AWS API Documentation **Request Syntax** response_iterator = paginator.paginate( OrganizationId='string', GroupId='string', PaginationConfig={ 'MaxItems': 123, 'PageSize': 123, 'StartingToken': 'string' } ) Parameters: * **OrganizationId** (*string*) -- **[REQUIRED]** The identifier for the organization under which the group exists. * **GroupId** (*string*) -- **[REQUIRED]** The identifier for the group to which the members (users or groups) are associated. The identifier can accept *GroupId*, *Groupname*, or *email*. The following identity formats are available: * Group ID: 12345678-1234-1234-1234-123456789012 or S-1-1-12-1234567890-123456789-123456789-1234 * Email address: group@domain.tld * Group name: group * **PaginationConfig** (*dict*) -- A dictionary that provides parameters to control pagination. * **MaxItems** *(integer) --* The total number of items to return. If the total number of items available is more than the value specified in max-items then a "NextToken" will be provided in the output that you can use to resume pagination. * **PageSize** *(integer) --* The size of each page. * **StartingToken** *(string) --* A token to specify where to start paginating. This is the "NextToken" from a previous response. Return type: dict Returns: **Response Syntax** { 'Members': [ { 'Id': 'string', 'Name': 'string', 'Type': 'GROUP'|'USER', 'State': 'ENABLED'|'DISABLED'|'DELETED', 'EnabledDate': datetime(2015, 1, 1), 'DisabledDate': datetime(2015, 1, 1) }, ], } **Response Structure** * *(dict) --* * **Members** *(list) --* The members associated to the group. * *(dict) --* The representation of a user or group. * **Id** *(string) --* The identifier of the member. * **Name** *(string) --* The name of the member. * **Type** *(string) --* A member can be a user or group. * **State** *(string) --* The state of the member, which can be ENABLED, DISABLED, or DELETED. * **EnabledDate** *(datetime) --* The date indicating when the member was enabled for WorkMail use. * **DisabledDate** *(datetime) --* The date indicating when the member was disabled from WorkMail use. WorkMail / Paginator / ListPersonalAccessTokens ListPersonalAccessTokens ************************ class WorkMail.Paginator.ListPersonalAccessTokens paginator = client.get_paginator('list_personal_access_tokens') paginate(**kwargs) Creates an iterator that will paginate through responses from "WorkMail.Client.list_personal_access_tokens()". See also: AWS API Documentation **Request Syntax** response_iterator = paginator.paginate( OrganizationId='string', UserId='string', PaginationConfig={ 'MaxItems': 123, 'PageSize': 123, 'StartingToken': 'string' } ) Parameters: * **OrganizationId** (*string*) -- **[REQUIRED]** The Organization ID. * **UserId** (*string*) -- The WorkMail User ID. * **PaginationConfig** (*dict*) -- A dictionary that provides parameters to control pagination. * **MaxItems** *(integer) --* The total number of items to return. If the total number of items available is more than the value specified in max-items then a "NextToken" will be provided in the output that you can use to resume pagination. * **PageSize** *(integer) --* The size of each page. * **StartingToken** *(string) --* A token to specify where to start paginating. This is the "NextToken" from a previous response. Return type: dict Returns: **Response Syntax** { 'PersonalAccessTokenSummaries': [ { 'PersonalAccessTokenId': 'string', 'UserId': 'string', 'Name': 'string', 'DateCreated': datetime(2015, 1, 1), 'DateLastUsed': datetime(2015, 1, 1), 'ExpiresTime': datetime(2015, 1, 1), 'Scopes': [ 'string', ] }, ] } **Response Structure** * *(dict) --* * **PersonalAccessTokenSummaries** *(list) --* Lists all the personal tokens in an organization or user, if user ID is provided. * *(dict) --* The summary of the Personal Access Token. * **PersonalAccessTokenId** *(string) --* The ID of the Personal Access Token. * **UserId** *(string) --* The user ID of the WorkMail user associated with the Personal Access Token. * **Name** *(string) --* The name of the Personal Access Token. * **DateCreated** *(datetime) --* The date when the Personal Access Token was created. * **DateLastUsed** *(datetime) --* The date when the Personal Access Token was last used. * **ExpiresTime** *(datetime) --* The date when the Personal Access Token will expire. * **Scopes** *(list) --* Lists all the Personal Access Token permissions for a mailbox. * *(string) --* WorkMail / Paginator / ListUsers ListUsers ********* class WorkMail.Paginator.ListUsers paginator = client.get_paginator('list_users') paginate(**kwargs) Creates an iterator that will paginate through responses from "WorkMail.Client.list_users()". See also: AWS API Documentation **Request Syntax** response_iterator = paginator.paginate( OrganizationId='string', Filters={ 'UsernamePrefix': 'string', 'DisplayNamePrefix': 'string', 'PrimaryEmailPrefix': 'string', 'State': 'ENABLED'|'DISABLED'|'DELETED', 'IdentityProviderUserIdPrefix': 'string' }, PaginationConfig={ 'MaxItems': 123, 'PageSize': 123, 'StartingToken': 'string' } ) Parameters: * **OrganizationId** (*string*) -- **[REQUIRED]** The identifier for the organization under which the users exist. * **Filters** (*dict*) -- Limit the user search results based on the filter criteria. You can only use one filter per request. * **UsernamePrefix** *(string) --* Filters only users with the provided username prefix. * **DisplayNamePrefix** *(string) --* Filters only users with the provided display name prefix. * **PrimaryEmailPrefix** *(string) --* Filters only users with the provided email prefix. * **State** *(string) --* Filters only users with the provided state. * **IdentityProviderUserIdPrefix** *(string) --* Filters only users with the ID from the IAM Identity Center. * **PaginationConfig** (*dict*) -- A dictionary that provides parameters to control pagination. * **MaxItems** *(integer) --* The total number of items to return. If the total number of items available is more than the value specified in max-items then a "NextToken" will be provided in the output that you can use to resume pagination. * **PageSize** *(integer) --* The size of each page. * **StartingToken** *(string) --* A token to specify where to start paginating. This is the "NextToken" from a previous response. Return type: dict Returns: **Response Syntax** { 'Users': [ { 'Id': 'string', 'Email': 'string', 'Name': 'string', 'DisplayName': 'string', 'State': 'ENABLED'|'DISABLED'|'DELETED', 'UserRole': 'USER'|'RESOURCE'|'SYSTEM_USER'|'REMOTE_USER', 'EnabledDate': datetime(2015, 1, 1), 'DisabledDate': datetime(2015, 1, 1), 'IdentityProviderUserId': 'string', 'IdentityProviderIdentityStoreId': 'string' }, ], } **Response Structure** * *(dict) --* * **Users** *(list) --* The overview of users for an organization. * *(dict) --* The representation of an WorkMail user. * **Id** *(string) --* The identifier of the user. * **Email** *(string) --* The email of the user. * **Name** *(string) --* The name of the user. * **DisplayName** *(string) --* The display name of the user. * **State** *(string) --* The state of the user, which can be ENABLED, DISABLED, or DELETED. * **UserRole** *(string) --* The role of the user. * **EnabledDate** *(datetime) --* The date indicating when the user was enabled for WorkMail use. * **DisabledDate** *(datetime) --* The date indicating when the user was disabled from WorkMail use. * **IdentityProviderUserId** *(string) --* User ID from the IAM Identity Center. If this parameter is empty it will be updated automatically when the user logs in for the first time to the mailbox associated with WorkMail. * **IdentityProviderIdentityStoreId** *(string) --* Identity store ID from the IAM Identity Center. If this parameter is empty it will be updated automatically when the user logs in for the first time to the mailbox associated with WorkMail. WorkMail / Paginator / ListResources ListResources ************* class WorkMail.Paginator.ListResources paginator = client.get_paginator('list_resources') paginate(**kwargs) Creates an iterator that will paginate through responses from "WorkMail.Client.list_resources()". See also: AWS API Documentation **Request Syntax** response_iterator = paginator.paginate( OrganizationId='string', Filters={ 'NamePrefix': 'string', 'PrimaryEmailPrefix': 'string', 'State': 'ENABLED'|'DISABLED'|'DELETED' }, PaginationConfig={ 'MaxItems': 123, 'PageSize': 123, 'StartingToken': 'string' } ) Parameters: * **OrganizationId** (*string*) -- **[REQUIRED]** The identifier for the organization under which the resources exist. * **Filters** (*dict*) -- Limit the resource search results based on the filter criteria. You can only use one filter per request. * **NamePrefix** *(string) --* Filters only resource that start with the entered name prefix . * **PrimaryEmailPrefix** *(string) --* Filters only resource with the provided primary email prefix. * **State** *(string) --* Filters only resource with the provided state. * **PaginationConfig** (*dict*) -- A dictionary that provides parameters to control pagination. * **MaxItems** *(integer) --* The total number of items to return. If the total number of items available is more than the value specified in max-items then a "NextToken" will be provided in the output that you can use to resume pagination. * **PageSize** *(integer) --* The size of each page. * **StartingToken** *(string) --* A token to specify where to start paginating. This is the "NextToken" from a previous response. Return type: dict Returns: **Response Syntax** { 'Resources': [ { 'Id': 'string', 'Email': 'string', 'Name': 'string', 'Type': 'ROOM'|'EQUIPMENT', 'State': 'ENABLED'|'DISABLED'|'DELETED', 'EnabledDate': datetime(2015, 1, 1), 'DisabledDate': datetime(2015, 1, 1), 'Description': 'string' }, ], } **Response Structure** * *(dict) --* * **Resources** *(list) --* One page of the organization's resource representation. * *(dict) --* The representation of a resource. * **Id** *(string) --* The identifier of the resource. * **Email** *(string) --* The email of the resource. * **Name** *(string) --* The name of the resource. * **Type** *(string) --* The type of the resource: equipment or room. * **State** *(string) --* The state of the resource, which can be ENABLED, DISABLED, or DELETED. * **EnabledDate** *(datetime) --* The date indicating when the resource was enabled for WorkMail use. * **DisabledDate** *(datetime) --* The date indicating when the resource was disabled from WorkMail use. * **Description** *(string) --* Resource description. WorkMail / Paginator / ListResourceDelegates ListResourceDelegates ********************* class WorkMail.Paginator.ListResourceDelegates paginator = client.get_paginator('list_resource_delegates') paginate(**kwargs) Creates an iterator that will paginate through responses from "WorkMail.Client.list_resource_delegates()". See also: AWS API Documentation **Request Syntax** response_iterator = paginator.paginate( OrganizationId='string', ResourceId='string', PaginationConfig={ 'MaxItems': 123, 'PageSize': 123, 'StartingToken': 'string' } ) Parameters: * **OrganizationId** (*string*) -- **[REQUIRED]** The identifier for the organization that contains the resource for which delegates are listed. * **ResourceId** (*string*) -- **[REQUIRED]** The identifier for the resource whose delegates are listed. The identifier can accept *ResourceId*, *Resourcename*, or *email*. The following identity formats are available: * Resource ID: r-0123456789a0123456789b0123456789 * Email address: resource@domain.tld * Resource name: resource * **PaginationConfig** (*dict*) -- A dictionary that provides parameters to control pagination. * **MaxItems** *(integer) --* The total number of items to return. If the total number of items available is more than the value specified in max-items then a "NextToken" will be provided in the output that you can use to resume pagination. * **PageSize** *(integer) --* The size of each page. * **StartingToken** *(string) --* A token to specify where to start paginating. This is the "NextToken" from a previous response. Return type: dict Returns: **Response Syntax** { 'Delegates': [ { 'Id': 'string', 'Type': 'GROUP'|'USER' }, ], } **Response Structure** * *(dict) --* * **Delegates** *(list) --* One page of the resource's delegates. * *(dict) --* The name of the attribute, which is one of the values defined in the UserAttribute enumeration. * **Id** *(string) --* The identifier for the user or group associated as the resource's delegate. * **Type** *(string) --* The type of the delegate: user or group. WorkMail / Paginator / ListMailboxPermissions ListMailboxPermissions ********************** class WorkMail.Paginator.ListMailboxPermissions paginator = client.get_paginator('list_mailbox_permissions') paginate(**kwargs) Creates an iterator that will paginate through responses from "WorkMail.Client.list_mailbox_permissions()". See also: AWS API Documentation **Request Syntax** response_iterator = paginator.paginate( OrganizationId='string', EntityId='string', PaginationConfig={ 'MaxItems': 123, 'PageSize': 123, 'StartingToken': 'string' } ) Parameters: * **OrganizationId** (*string*) -- **[REQUIRED]** The identifier of the organization under which the user, group, or resource exists. * **EntityId** (*string*) -- **[REQUIRED]** The identifier of the user, or resource for which to list mailbox permissions. The entity ID can accept *UserId or ResourceId*, *Username or Resourcename*, or *email*. * Entity ID: 12345678-1234-1234-1234-123456789012, or r-0123456789a0123456789b0123456789 * Email address: entity@domain.tld * Entity name: entity * **PaginationConfig** (*dict*) -- A dictionary that provides parameters to control pagination. * **MaxItems** *(integer) --* The total number of items to return. If the total number of items available is more than the value specified in max-items then a "NextToken" will be provided in the output that you can use to resume pagination. * **PageSize** *(integer) --* The size of each page. * **StartingToken** *(string) --* A token to specify where to start paginating. This is the "NextToken" from a previous response. Return type: dict Returns: **Response Syntax** { 'Permissions': [ { 'GranteeId': 'string', 'GranteeType': 'GROUP'|'USER', 'PermissionValues': [ 'FULL_ACCESS'|'SEND_AS'|'SEND_ON_BEHALF', ] }, ], } **Response Structure** * *(dict) --* * **Permissions** *(list) --* One page of the user, group, or resource mailbox permissions. * *(dict) --* Permission granted to a user, group, or resource to access a certain aspect of another user, group, or resource mailbox. * **GranteeId** *(string) --* The identifier of the user, group, or resource to which the permissions are granted. * **GranteeType** *(string) --* The type of user, group, or resource referred to in GranteeId. * **PermissionValues** *(list) --* The permissions granted to the grantee. SEND_AS allows the grantee to send email as the owner of the mailbox (the grantee is not mentioned on these emails). SEND_ON_BEHALF allows the grantee to send email on behalf of the owner of the mailbox (the grantee is not mentioned as the physical sender of these emails). FULL_ACCESS allows the grantee full access to the mailbox, irrespective of other folder- level permissions set on the mailbox. * *(string) --* WorkMail / Paginator / ListOrganizations ListOrganizations ***************** class WorkMail.Paginator.ListOrganizations paginator = client.get_paginator('list_organizations') paginate(**kwargs) Creates an iterator that will paginate through responses from "WorkMail.Client.list_organizations()". See also: AWS API Documentation **Request Syntax** response_iterator = paginator.paginate( PaginationConfig={ 'MaxItems': 123, 'PageSize': 123, 'StartingToken': 'string' } ) Parameters: **PaginationConfig** (*dict*) -- A dictionary that provides parameters to control pagination. * **MaxItems** *(integer) --* The total number of items to return. If the total number of items available is more than the value specified in max- items then a "NextToken" will be provided in the output that you can use to resume pagination. * **PageSize** *(integer) --* The size of each page. * **StartingToken** *(string) --* A token to specify where to start paginating. This is the "NextToken" from a previous response. Return type: dict Returns: **Response Syntax** { 'OrganizationSummaries': [ { 'OrganizationId': 'string', 'Alias': 'string', 'DefaultMailDomain': 'string', 'ErrorMessage': 'string', 'State': 'string' }, ], } **Response Structure** * *(dict) --* * **OrganizationSummaries** *(list) --* The overview of owned organizations presented as a list of organization summaries. * *(dict) --* The representation of an organization. * **OrganizationId** *(string) --* The identifier associated with the organization. * **Alias** *(string) --* The alias associated with the organization. * **DefaultMailDomain** *(string) --* The default email domain associated with the organization. * **ErrorMessage** *(string) --* The error message associated with the organization. It is only present if unexpected behavior has occurred with regards to the organization. It provides insight or solutions regarding unexpected behavior. * **State** *(string) --* The state associated with the organization. WorkMail / Paginator / ListAvailabilityConfigurations ListAvailabilityConfigurations ****************************** class WorkMail.Paginator.ListAvailabilityConfigurations paginator = client.get_paginator('list_availability_configurations') paginate(**kwargs) Creates an iterator that will paginate through responses from "WorkMail.Client.list_availability_configurations()". See also: AWS API Documentation **Request Syntax** response_iterator = paginator.paginate( OrganizationId='string', PaginationConfig={ 'MaxItems': 123, 'PageSize': 123, 'StartingToken': 'string' } ) Parameters: * **OrganizationId** (*string*) -- **[REQUIRED]** The WorkMail organization for which the "AvailabilityConfiguration"'s will be listed. * **PaginationConfig** (*dict*) -- A dictionary that provides parameters to control pagination. * **MaxItems** *(integer) --* The total number of items to return. If the total number of items available is more than the value specified in max-items then a "NextToken" will be provided in the output that you can use to resume pagination. * **PageSize** *(integer) --* The size of each page. * **StartingToken** *(string) --* A token to specify where to start paginating. This is the "NextToken" from a previous response. Return type: dict Returns: **Response Syntax** { 'AvailabilityConfigurations': [ { 'DomainName': 'string', 'ProviderType': 'EWS'|'LAMBDA', 'EwsProvider': { 'EwsEndpoint': 'string', 'EwsUsername': 'string' }, 'LambdaProvider': { 'LambdaArn': 'string' }, 'DateCreated': datetime(2015, 1, 1), 'DateModified': datetime(2015, 1, 1) }, ], } **Response Structure** * *(dict) --* * **AvailabilityConfigurations** *(list) --* The list of "AvailabilityConfiguration"'s that exist for the specified WorkMail organization. * *(dict) --* List all the "AvailabilityConfiguration"'s for the given WorkMail organization. * **DomainName** *(string) --* Displays the domain to which the provider applies. * **ProviderType** *(string) --* Displays the provider type that applies to this domain. * **EwsProvider** *(dict) --* If "ProviderType" is "EWS", then this field contains "RedactedEwsAvailabilityProvider". Otherwise, it is not required. * **EwsEndpoint** *(string) --* The endpoint of the remote EWS server. * **EwsUsername** *(string) --* The username used to authenticate the remote EWS server. * **LambdaProvider** *(dict) --* If ProviderType is "LAMBDA" then this field contains "LambdaAvailabilityProvider". Otherwise, it is not required. * **LambdaArn** *(string) --* The Amazon Resource Name (ARN) of the Lambda that acts as the availability provider. * **DateCreated** *(datetime) --* The date and time at which the availability configuration was created. * **DateModified** *(datetime) --* The date and time at which the availability configuration was last modified. WorkMail / Paginator / ListAliases ListAliases *********** class WorkMail.Paginator.ListAliases paginator = client.get_paginator('list_aliases') paginate(**kwargs) Creates an iterator that will paginate through responses from "WorkMail.Client.list_aliases()". See also: AWS API Documentation **Request Syntax** response_iterator = paginator.paginate( OrganizationId='string', EntityId='string', PaginationConfig={ 'MaxItems': 123, 'PageSize': 123, 'StartingToken': 'string' } ) Parameters: * **OrganizationId** (*string*) -- **[REQUIRED]** The identifier for the organization under which the entity exists. * **EntityId** (*string*) -- **[REQUIRED]** The identifier for the entity for which to list the aliases. * **PaginationConfig** (*dict*) -- A dictionary that provides parameters to control pagination. * **MaxItems** *(integer) --* The total number of items to return. If the total number of items available is more than the value specified in max-items then a "NextToken" will be provided in the output that you can use to resume pagination. * **PageSize** *(integer) --* The size of each page. * **StartingToken** *(string) --* A token to specify where to start paginating. This is the "NextToken" from a previous response. Return type: dict Returns: **Response Syntax** { 'Aliases': [ 'string', ], } **Response Structure** * *(dict) --* * **Aliases** *(list) --* The entity's paginated aliases. * *(string) --* WorkMail / Paginator / ListGroups ListGroups ********** class WorkMail.Paginator.ListGroups paginator = client.get_paginator('list_groups') paginate(**kwargs) Creates an iterator that will paginate through responses from "WorkMail.Client.list_groups()". See also: AWS API Documentation **Request Syntax** response_iterator = paginator.paginate( OrganizationId='string', Filters={ 'NamePrefix': 'string', 'PrimaryEmailPrefix': 'string', 'State': 'ENABLED'|'DISABLED'|'DELETED' }, PaginationConfig={ 'MaxItems': 123, 'PageSize': 123, 'StartingToken': 'string' } ) Parameters: * **OrganizationId** (*string*) -- **[REQUIRED]** The identifier for the organization under which the groups exist. * **Filters** (*dict*) -- Limit the search results based on the filter criteria. Only one filter per request is supported. * **NamePrefix** *(string) --* Filters only groups with the provided name prefix. * **PrimaryEmailPrefix** *(string) --* Filters only groups with the provided primary email prefix. * **State** *(string) --* Filters only groups with the provided state. * **PaginationConfig** (*dict*) -- A dictionary that provides parameters to control pagination. * **MaxItems** *(integer) --* The total number of items to return. If the total number of items available is more than the value specified in max-items then a "NextToken" will be provided in the output that you can use to resume pagination. * **PageSize** *(integer) --* The size of each page. * **StartingToken** *(string) --* A token to specify where to start paginating. This is the "NextToken" from a previous response. Return type: dict Returns: **Response Syntax** { 'Groups': [ { 'Id': 'string', 'Email': 'string', 'Name': 'string', 'State': 'ENABLED'|'DISABLED'|'DELETED', 'EnabledDate': datetime(2015, 1, 1), 'DisabledDate': datetime(2015, 1, 1) }, ], } **Response Structure** * *(dict) --* * **Groups** *(list) --* The overview of groups for an organization. * *(dict) --* The representation of an WorkMail group. * **Id** *(string) --* The identifier of the group. * **Email** *(string) --* The email of the group. * **Name** *(string) --* The name of the group. * **State** *(string) --* The state of the group, which can be ENABLED, DISABLED, or DELETED. * **EnabledDate** *(datetime) --* The date indicating when the group was enabled for WorkMail use. * **DisabledDate** *(datetime) --* The date indicating when the group was disabled from WorkMail use. WorkMail / Client / list_mail_domains list_mail_domains ***************** WorkMail.Client.list_mail_domains(**kwargs) Lists the mail domains in a given WorkMail organization. See also: AWS API Documentation **Request Syntax** response = client.list_mail_domains( OrganizationId='string', MaxResults=123, NextToken='string' ) Parameters: * **OrganizationId** (*string*) -- **[REQUIRED]** The WorkMail organization for which to list domains. * **MaxResults** (*integer*) -- The maximum number of results to return in a single call. * **NextToken** (*string*) -- The token to use to retrieve the next page of results. The first call does not require a token. Return type: dict Returns: **Response Syntax** { 'MailDomains': [ { 'DomainName': 'string', 'DefaultDomain': True|False }, ], 'NextToken': 'string' } **Response Structure** * *(dict) --* * **MailDomains** *(list) --* The list of mail domain summaries, specifying domains that exist in the specified WorkMail organization, along with the information about whether the domain is or isn't the default. * *(dict) --* The data for a given domain. * **DomainName** *(string) --* The domain name. * **DefaultDomain** *(boolean) --* Whether the domain is default or not. * **NextToken** *(string) --* The token to use to retrieve the next page of results. The value becomes "null" when there are no more results to return. **Exceptions** * "WorkMail.Client.exceptions.InvalidParameterException" * "WorkMail.Client.exceptions.OrganizationNotFoundException" * "WorkMail.Client.exceptions.OrganizationStateException" WorkMail / Client / get_paginator get_paginator ************* WorkMail.Client.get_paginator(operation_name) Create a paginator for an operation. Parameters: **operation_name** (*string*) -- The operation name. This is the same name as the method name on the client. For example, if the method name is "create_foo", and you'd normally invoke the operation as "client.create_foo(**kwargs)", if the "create_foo" operation can be paginated, you can use the call "client.get_paginator("create_foo")". Raises: **OperationNotPageableError** -- Raised if the operation is not pageable. You can use the "client.can_paginate" method to check if an operation is pageable. Return type: "botocore.paginate.Paginator" Returns: A paginator object. WorkMail / Client / delete_email_monitoring_configuration delete_email_monitoring_configuration ************************************* WorkMail.Client.delete_email_monitoring_configuration(**kwargs) Deletes the email monitoring configuration for a specified organization. See also: AWS API Documentation **Request Syntax** response = client.delete_email_monitoring_configuration( OrganizationId='string' ) Parameters: **OrganizationId** (*string*) -- **[REQUIRED]** The ID of the organization from which the email monitoring configuration is deleted. Return type: dict Returns: **Response Syntax** {} **Response Structure** * *(dict) --* **Exceptions** * "WorkMail.Client.exceptions.InvalidParameterException" * "WorkMail.Client.exceptions.OrganizationNotFoundException" * "WorkMail.Client.exceptions.OrganizationStateException" WorkMail / Client / update_availability_configuration update_availability_configuration ********************************* WorkMail.Client.update_availability_configuration(**kwargs) Updates an existing "AvailabilityConfiguration" for the given WorkMail organization and domain. See also: AWS API Documentation **Request Syntax** response = client.update_availability_configuration( OrganizationId='string', DomainName='string', EwsProvider={ 'EwsEndpoint': 'string', 'EwsUsername': 'string', 'EwsPassword': 'string' }, LambdaProvider={ 'LambdaArn': 'string' } ) Parameters: * **OrganizationId** (*string*) -- **[REQUIRED]** The WorkMail organization for which the "AvailabilityConfiguration" will be updated. * **DomainName** (*string*) -- **[REQUIRED]** The domain to which the provider applies the availability configuration. * **EwsProvider** (*dict*) -- The EWS availability provider definition. The request must contain exactly one provider definition, either "EwsProvider" or "LambdaProvider". The previously stored provider will be overridden by the one provided. * **EwsEndpoint** *(string) --* **[REQUIRED]** The endpoint of the remote EWS server. * **EwsUsername** *(string) --* **[REQUIRED]** The username used to authenticate the remote EWS server. * **EwsPassword** *(string) --* **[REQUIRED]** The password used to authenticate the remote EWS server. * **LambdaProvider** (*dict*) -- The Lambda availability provider definition. The request must contain exactly one provider definition, either "EwsProvider" or "LambdaProvider". The previously stored provider will be overridden by the one provided. * **LambdaArn** *(string) --* **[REQUIRED]** The Amazon Resource Name (ARN) of the Lambda that acts as the availability provider. Return type: dict Returns: **Response Syntax** {} **Response Structure** * *(dict) --* **Exceptions** * "WorkMail.Client.exceptions.OrganizationNotFoundException" * "WorkMail.Client.exceptions.OrganizationStateException" * "WorkMail.Client.exceptions.ResourceNotFoundException" * "WorkMail.Client.exceptions.InvalidParameterException" WorkMail / Client / update_default_mail_domain update_default_mail_domain ************************** WorkMail.Client.update_default_mail_domain(**kwargs) Updates the default mail domain for an organization. The default mail domain is used by the WorkMail AWS Console to suggest an email address when enabling a mail user. You can only have one default domain. See also: AWS API Documentation **Request Syntax** response = client.update_default_mail_domain( OrganizationId='string', DomainName='string' ) Parameters: * **OrganizationId** (*string*) -- **[REQUIRED]** The WorkMail organization for which to list domains. * **DomainName** (*string*) -- **[REQUIRED]** The domain name that will become the default domain. Return type: dict Returns: **Response Syntax** {} **Response Structure** * *(dict) --* **Exceptions** * "WorkMail.Client.exceptions.MailDomainNotFoundException" * "WorkMail.Client.exceptions.MailDomainStateException" * "WorkMail.Client.exceptions.OrganizationNotFoundException" * "WorkMail.Client.exceptions.OrganizationStateException" * "WorkMail.Client.exceptions.InvalidParameterException" WorkMail / Client / delete_impersonation_role delete_impersonation_role ************************* WorkMail.Client.delete_impersonation_role(**kwargs) Deletes an impersonation role for the given WorkMail organization. See also: AWS API Documentation **Request Syntax** response = client.delete_impersonation_role( OrganizationId='string', ImpersonationRoleId='string' ) Parameters: * **OrganizationId** (*string*) -- **[REQUIRED]** The WorkMail organization from which to delete the impersonation role. * **ImpersonationRoleId** (*string*) -- **[REQUIRED]** The ID of the impersonation role to delete. Return type: dict Returns: **Response Syntax** {} **Response Structure** * *(dict) --* **Exceptions** * "WorkMail.Client.exceptions.InvalidParameterException" * "WorkMail.Client.exceptions.OrganizationNotFoundException" * "WorkMail.Client.exceptions.OrganizationStateException" WorkMail / Client / delete_personal_access_token delete_personal_access_token **************************** WorkMail.Client.delete_personal_access_token(**kwargs) Deletes the Personal Access Token from the provided WorkMail Organization. See also: AWS API Documentation **Request Syntax** response = client.delete_personal_access_token( OrganizationId='string', PersonalAccessTokenId='string' ) Parameters: * **OrganizationId** (*string*) -- **[REQUIRED]** The Organization ID. * **PersonalAccessTokenId** (*string*) -- **[REQUIRED]** The Personal Access Token ID. Return type: dict Returns: **Response Syntax** {} **Response Structure** * *(dict) --* **Exceptions** * "WorkMail.Client.exceptions.InvalidParameterException" * "WorkMail.Client.exceptions.OrganizationNotFoundException" * "WorkMail.Client.exceptions.OrganizationStateException" WorkMail / Client / reset_password reset_password ************** WorkMail.Client.reset_password(**kwargs) Allows the administrator to reset the password for a user. See also: AWS API Documentation **Request Syntax** response = client.reset_password( OrganizationId='string', UserId='string', Password='string' ) Parameters: * **OrganizationId** (*string*) -- **[REQUIRED]** The identifier of the organization that contains the user for which the password is reset. * **UserId** (*string*) -- **[REQUIRED]** The identifier of the user for whom the password is reset. * **Password** (*string*) -- **[REQUIRED]** The new password for the user. Return type: dict Returns: **Response Syntax** {} **Response Structure** * *(dict) --* **Exceptions** * "WorkMail.Client.exceptions.DirectoryServiceAuthenticationFailed Exception" * "WorkMail.Client.exceptions.DirectoryUnavailableException" * "WorkMail.Client.exceptions.EntityNotFoundException" * "WorkMail.Client.exceptions.EntityStateException" * "WorkMail.Client.exceptions.InvalidParameterException" * "WorkMail.Client.exceptions.InvalidPasswordException" * "WorkMail.Client.exceptions.OrganizationNotFoundException" * "WorkMail.Client.exceptions.OrganizationStateException" * "WorkMail.Client.exceptions.UnsupportedOperationException" WorkMail / Client / put_mobile_device_access_override put_mobile_device_access_override ********************************* WorkMail.Client.put_mobile_device_access_override(**kwargs) Creates or updates a mobile device access override for the given WorkMail organization, user, and device. See also: AWS API Documentation **Request Syntax** response = client.put_mobile_device_access_override( OrganizationId='string', UserId='string', DeviceId='string', Effect='ALLOW'|'DENY', Description='string' ) Parameters: * **OrganizationId** (*string*) -- **[REQUIRED]** Identifies the WorkMail organization for which you create the override. * **UserId** (*string*) -- **[REQUIRED]** The WorkMail user for which you create the override. Accepts the following types of user identities: * User ID: "12345678-1234-1234-1234-123456789012" or "S-1-1-12-1234567890-123456789-123456789-1234" * Email address: "user@domain.tld" * User name: "user" * **DeviceId** (*string*) -- **[REQUIRED]** The mobile device for which you create the override. "DeviceId" is case insensitive. * **Effect** (*string*) -- **[REQUIRED]** The effect of the override, "ALLOW" or "DENY". * **Description** (*string*) -- A description of the override. Return type: dict Returns: **Response Syntax** {} **Response Structure** * *(dict) --* **Exceptions** * "WorkMail.Client.exceptions.InvalidParameterException" * "WorkMail.Client.exceptions.OrganizationNotFoundException" * "WorkMail.Client.exceptions.OrganizationStateException" * "WorkMail.Client.exceptions.EntityNotFoundException" * "WorkMail.Client.exceptions.EntityStateException" WorkMail / Client / register_to_work_mail register_to_work_mail ********************* WorkMail.Client.register_to_work_mail(**kwargs) Registers an existing and disabled user, group, or resource for WorkMail use by associating a mailbox and calendaring capabilities. It performs no change if the user, group, or resource is enabled and fails if the user, group, or resource is deleted. This operation results in the accumulation of costs. For more information, see Pricing. The equivalent console functionality for this operation is *Enable*. Users can either be created by calling the CreateUser API operation or they can be synchronized from your directory. For more information, see DeregisterFromWorkMail. See also: AWS API Documentation **Request Syntax** response = client.register_to_work_mail( OrganizationId='string', EntityId='string', Email='string' ) Parameters: * **OrganizationId** (*string*) -- **[REQUIRED]** The identifier for the organization under which the user, group, or resource exists. * **EntityId** (*string*) -- **[REQUIRED]** The identifier for the user, group, or resource to be updated. The identifier can accept *UserId, ResourceId, or GroupId*, or *Username, Resourcename, or Groupname*. The following identity formats are available: * Entity ID: 12345678-1234-1234-1234-123456789012, r-0123456789a0123456789b0123456789, or S-1-1-12-1234567890-123456789-123456789-1234 * Entity name: entity * **Email** (*string*) -- **[REQUIRED]** The email for the user, group, or resource to be updated. Return type: dict Returns: **Response Syntax** {} **Response Structure** * *(dict) --* **Exceptions** * "WorkMail.Client.exceptions.DirectoryServiceAuthenticationFailed Exception" * "WorkMail.Client.exceptions.DirectoryUnavailableException" * "WorkMail.Client.exceptions.EmailAddressInUseException" * "WorkMail.Client.exceptions.EntityNotFoundException" * "WorkMail.Client.exceptions.EntityStateException" * "WorkMail.Client.exceptions.EntityAlreadyRegisteredException" * "WorkMail.Client.exceptions.InvalidParameterException" * "WorkMail.Client.exceptions.MailDomainNotFoundException" * "WorkMail.Client.exceptions.MailDomainStateException" * "WorkMail.Client.exceptions.OrganizationNotFoundException" * "WorkMail.Client.exceptions.OrganizationStateException" WorkMail / Client / can_paginate can_paginate ************ WorkMail.Client.can_paginate(operation_name) Check if an operation can be paginated. Parameters: **operation_name** (*string*) -- The operation name. This is the same name as the method name on the client. For example, if the method name is "create_foo", and you'd normally invoke the operation as "client.create_foo(**kwargs)", if the "create_foo" operation can be paginated, you can use the call "client.get_paginator("create_foo")". Returns: "True" if the operation can be paginated, "False" otherwise. WorkMail / Client / list_resource_delegates list_resource_delegates *********************** WorkMail.Client.list_resource_delegates(**kwargs) Lists the delegates associated with a resource. Users and groups can be resource delegates and answer requests on behalf of the resource. See also: AWS API Documentation **Request Syntax** response = client.list_resource_delegates( OrganizationId='string', ResourceId='string', NextToken='string', MaxResults=123 ) Parameters: * **OrganizationId** (*string*) -- **[REQUIRED]** The identifier for the organization that contains the resource for which delegates are listed. * **ResourceId** (*string*) -- **[REQUIRED]** The identifier for the resource whose delegates are listed. The identifier can accept *ResourceId*, *Resourcename*, or *email*. The following identity formats are available: * Resource ID: r-0123456789a0123456789b0123456789 * Email address: resource@domain.tld * Resource name: resource * **NextToken** (*string*) -- The token used to paginate through the delegates associated with a resource. * **MaxResults** (*integer*) -- The number of maximum results in a page. Return type: dict Returns: **Response Syntax** { 'Delegates': [ { 'Id': 'string', 'Type': 'GROUP'|'USER' }, ], 'NextToken': 'string' } **Response Structure** * *(dict) --* * **Delegates** *(list) --* One page of the resource's delegates. * *(dict) --* The name of the attribute, which is one of the values defined in the UserAttribute enumeration. * **Id** *(string) --* The identifier for the user or group associated as the resource's delegate. * **Type** *(string) --* The type of the delegate: user or group. * **NextToken** *(string) --* The token used to paginate through the delegates associated with a resource. While results are still available, it has an associated value. When the last page is reached, the token is empty. **Exceptions** * "WorkMail.Client.exceptions.EntityNotFoundException" * "WorkMail.Client.exceptions.EntityStateException" * "WorkMail.Client.exceptions.InvalidParameterException" * "WorkMail.Client.exceptions.OrganizationNotFoundException" * "WorkMail.Client.exceptions.OrganizationStateException" * "WorkMail.Client.exceptions.UnsupportedOperationException" WorkMail / Client / create_availability_configuration create_availability_configuration ********************************* WorkMail.Client.create_availability_configuration(**kwargs) Creates an "AvailabilityConfiguration" for the given WorkMail organization and domain. See also: AWS API Documentation **Request Syntax** response = client.create_availability_configuration( ClientToken='string', OrganizationId='string', DomainName='string', EwsProvider={ 'EwsEndpoint': 'string', 'EwsUsername': 'string', 'EwsPassword': 'string' }, LambdaProvider={ 'LambdaArn': 'string' } ) Parameters: * **ClientToken** (*string*) -- An idempotent token that ensures that an API request is executed only once. This field is autopopulated if not provided. * **OrganizationId** (*string*) -- **[REQUIRED]** The WorkMail organization for which the "AvailabilityConfiguration" will be created. * **DomainName** (*string*) -- **[REQUIRED]** The domain to which the provider applies. * **EwsProvider** (*dict*) -- Exchange Web Services (EWS) availability provider definition. The request must contain exactly one provider definition, either "EwsProvider" or "LambdaProvider". * **EwsEndpoint** *(string) --* **[REQUIRED]** The endpoint of the remote EWS server. * **EwsUsername** *(string) --* **[REQUIRED]** The username used to authenticate the remote EWS server. * **EwsPassword** *(string) --* **[REQUIRED]** The password used to authenticate the remote EWS server. * **LambdaProvider** (*dict*) -- Lambda availability provider definition. The request must contain exactly one provider definition, either "EwsProvider" or "LambdaProvider". * **LambdaArn** *(string) --* **[REQUIRED]** The Amazon Resource Name (ARN) of the Lambda that acts as the availability provider. Return type: dict Returns: **Response Syntax** {} **Response Structure** * *(dict) --* **Exceptions** * "WorkMail.Client.exceptions.OrganizationNotFoundException" * "WorkMail.Client.exceptions.OrganizationStateException" * "WorkMail.Client.exceptions.NameAvailabilityException" * "WorkMail.Client.exceptions.InvalidParameterException" * "WorkMail.Client.exceptions.LimitExceededException" WorkMail / Client / start_mailbox_export_job start_mailbox_export_job ************************ WorkMail.Client.start_mailbox_export_job(**kwargs) Starts a mailbox export job to export MIME-format email messages and calendar items from the specified mailbox to the specified Amazon Simple Storage Service (Amazon S3) bucket. For more information, see Exporting mailbox content in the *WorkMail Administrator Guide*. See also: AWS API Documentation **Request Syntax** response = client.start_mailbox_export_job( ClientToken='string', OrganizationId='string', EntityId='string', Description='string', RoleArn='string', KmsKeyArn='string', S3BucketName='string', S3Prefix='string' ) Parameters: * **ClientToken** (*string*) -- **[REQUIRED]** The idempotency token for the client request. This field is autopopulated if not provided. * **OrganizationId** (*string*) -- **[REQUIRED]** The identifier associated with the organization. * **EntityId** (*string*) -- **[REQUIRED]** The identifier of the user or resource associated with the mailbox. The identifier can accept *UserId or ResourceId*, *Username or Resourcename*, or *email*. The following identity formats are available: * Entity ID: 12345678-1234-1234-1234-123456789012, r-0123456789a0123456789b0123456789 , or S-1-1-12-1234567890-123456789-123456789-1234 * Email address: entity@domain.tld * Entity name: entity * **Description** (*string*) -- The mailbox export job description. * **RoleArn** (*string*) -- **[REQUIRED]** The ARN of the AWS Identity and Access Management (IAM) role that grants write permission to the S3 bucket. * **KmsKeyArn** (*string*) -- **[REQUIRED]** The Amazon Resource Name (ARN) of the symmetric AWS Key Management Service (AWS KMS) key that encrypts the exported mailbox content. * **S3BucketName** (*string*) -- **[REQUIRED]** The name of the S3 bucket. * **S3Prefix** (*string*) -- **[REQUIRED]** The S3 bucket prefix. Return type: dict Returns: **Response Syntax** { 'JobId': 'string' } **Response Structure** * *(dict) --* * **JobId** *(string) --* The job ID. **Exceptions** * "WorkMail.Client.exceptions.InvalidParameterException" * "WorkMail.Client.exceptions.OrganizationNotFoundException" * "WorkMail.Client.exceptions.OrganizationStateException" * "WorkMail.Client.exceptions.EntityNotFoundException" * "WorkMail.Client.exceptions.LimitExceededException" WorkMail / Client / deregister_from_work_mail deregister_from_work_mail ************************* WorkMail.Client.deregister_from_work_mail(**kwargs) Mark a user, group, or resource as no longer used in WorkMail. This action disassociates the mailbox and schedules it for clean-up. WorkMail keeps mailboxes for 30 days before they are permanently removed. The functionality in the console is *Disable*. See also: AWS API Documentation **Request Syntax** response = client.deregister_from_work_mail( OrganizationId='string', EntityId='string' ) Parameters: * **OrganizationId** (*string*) -- **[REQUIRED]** The identifier for the organization under which the WorkMail entity exists. * **EntityId** (*string*) -- **[REQUIRED]** The identifier for the member to be updated. The identifier can be *UserId, ResourceId, or Group Id*, *Username, Resourcename, or Groupname*, or *email*. * Entity ID: 12345678-1234-1234-1234-123456789012, r-0123456789a0123456789b0123456789, or S-1-1-12-1234567890-123456789-123456789-1234 * Email address: entity@domain.tld * Entity name: entity Return type: dict Returns: **Response Syntax** {} **Response Structure** * *(dict) --* **Exceptions** * "WorkMail.Client.exceptions.EntityNotFoundException" * "WorkMail.Client.exceptions.EntityStateException" * "WorkMail.Client.exceptions.InvalidParameterException" * "WorkMail.Client.exceptions.OrganizationNotFoundException" * "WorkMail.Client.exceptions.OrganizationStateException" WorkMail / Client / disassociate_delegate_from_resource disassociate_delegate_from_resource *********************************** WorkMail.Client.disassociate_delegate_from_resource(**kwargs) Removes a member from the resource's set of delegates. See also: AWS API Documentation **Request Syntax** response = client.disassociate_delegate_from_resource( OrganizationId='string', ResourceId='string', EntityId='string' ) Parameters: * **OrganizationId** (*string*) -- **[REQUIRED]** The identifier for the organization under which the resource exists. * **ResourceId** (*string*) -- **[REQUIRED]** The identifier of the resource from which delegates' set members are removed. The identifier can accept *ResourceId*, *Resourcename*, or *email*. The following identity formats are available: * Resource ID: r-0123456789a0123456789b0123456789 * Email address: resource@domain.tld * Resource name: resource * **EntityId** (*string*) -- **[REQUIRED]** The identifier for the member (user, group) to be removed from the resource's delegates. The entity ID can accept *UserId or GroupID*, *Username or Groupname*, or *email*. * Entity: 12345678-1234-1234-1234-123456789012 or S-1-1-12-1234567890-123456789-123456789-1234 * Email address: entity@domain.tld * Entity: entity Return type: dict Returns: **Response Syntax** {} **Response Structure** * *(dict) --* **Exceptions** * "WorkMail.Client.exceptions.EntityNotFoundException" * "WorkMail.Client.exceptions.EntityStateException" * "WorkMail.Client.exceptions.InvalidParameterException" * "WorkMail.Client.exceptions.OrganizationNotFoundException" * "WorkMail.Client.exceptions.OrganizationStateException" * "WorkMail.Client.exceptions.UnsupportedOperationException" WorkMail / Client / delete_mobile_device_access_override delete_mobile_device_access_override ************************************ WorkMail.Client.delete_mobile_device_access_override(**kwargs) Deletes the mobile device access override for the given WorkMail organization, user, and device. Note: Deleting already deleted and non-existing overrides does not produce an error. In those cases, the service sends back an HTTP 200 response with an empty HTTP body. See also: AWS API Documentation **Request Syntax** response = client.delete_mobile_device_access_override( OrganizationId='string', UserId='string', DeviceId='string' ) Parameters: * **OrganizationId** (*string*) -- **[REQUIRED]** The WorkMail organization for which the access override will be deleted. * **UserId** (*string*) -- **[REQUIRED]** The WorkMail user for which you want to delete the override. Accepts the following types of user identities: * User ID: "12345678-1234-1234-1234-123456789012" or "S-1-1-12-1234567890-123456789-123456789-1234" * Email address: "user@domain.tld" * User name: "user" * **DeviceId** (*string*) -- **[REQUIRED]** The mobile device for which you delete the override. "DeviceId" is case insensitive. Return type: dict Returns: **Response Syntax** {} **Response Structure** * *(dict) --* **Exceptions** * "WorkMail.Client.exceptions.InvalidParameterException" * "WorkMail.Client.exceptions.OrganizationNotFoundException" * "WorkMail.Client.exceptions.OrganizationStateException" * "WorkMail.Client.exceptions.EntityNotFoundException" WorkMail / Client / delete_access_control_rule delete_access_control_rule ************************** WorkMail.Client.delete_access_control_rule(**kwargs) Deletes an access control rule for the specified WorkMail organization. Note: Deleting already deleted and non-existing rules does not produce an error. In those cases, the service sends back an HTTP 200 response with an empty HTTP body. See also: AWS API Documentation **Request Syntax** response = client.delete_access_control_rule( OrganizationId='string', Name='string' ) Parameters: * **OrganizationId** (*string*) -- **[REQUIRED]** The identifier for the organization. * **Name** (*string*) -- **[REQUIRED]** The name of the access control rule. Return type: dict Returns: **Response Syntax** {} **Response Structure** * *(dict) --* **Exceptions** * "WorkMail.Client.exceptions.OrganizationNotFoundException" * "WorkMail.Client.exceptions.OrganizationStateException" WorkMail / Client / describe_identity_provider_configuration describe_identity_provider_configuration **************************************** WorkMail.Client.describe_identity_provider_configuration(**kwargs) Returns detailed information on the current IdC setup for the WorkMail organization. See also: AWS API Documentation **Request Syntax** response = client.describe_identity_provider_configuration( OrganizationId='string' ) Parameters: **OrganizationId** (*string*) -- **[REQUIRED]** The Organization ID. Return type: dict Returns: **Response Syntax** { 'AuthenticationMode': 'IDENTITY_PROVIDER_ONLY'|'IDENTITY_PROVIDER_AND_DIRECTORY', 'IdentityCenterConfiguration': { 'InstanceArn': 'string', 'ApplicationArn': 'string' }, 'PersonalAccessTokenConfiguration': { 'Status': 'ACTIVE'|'INACTIVE', 'LifetimeInDays': 123 } } **Response Structure** * *(dict) --* * **AuthenticationMode** *(string) --* The authentication mode used in WorkMail. * **IdentityCenterConfiguration** *(dict) --* The details of the IAM Identity Center configuration. * **InstanceArn** *(string) --* The Amazon Resource Name (ARN) of the of IAM Identity Center instance. Must be in the same AWS account and region as WorkMail organization. * **ApplicationArn** *(string) --* The Amazon Resource Name (ARN) of IAMIdentity Center Application for WorkMail. Must be created by the WorkMail API, see CreateIdentityCenterApplication. * **PersonalAccessTokenConfiguration** *(dict) --* The details of the Personal Access Token configuration. * **Status** *(string) --* The status of the Personal Access Token allowed for the organization. * *Active* - Mailbox users can login to the web application and choose *Settings* to see the new *Personal Access Tokens* page to create and delete the Personal Access Tokens. Mailbox users can use the Personal Access Tokens to set up mailbox connection from desktop or mobile email clients. * *Inactive* - Personal Access Tokens are disabled for your organization. Mailbox users can’t create, list, or delete Personal Access Tokens and can’t use them to connect to their mailboxes from desktop or mobile email clients. * **LifetimeInDays** *(integer) --* The validity of the Personal Access Token status in days. **Exceptions** * "WorkMail.Client.exceptions.InvalidParameterException" * "WorkMail.Client.exceptions.OrganizationNotFoundException" * "WorkMail.Client.exceptions.OrganizationStateException" * "WorkMail.Client.exceptions.ResourceNotFoundException" WorkMail / Client / update_user update_user *********** WorkMail.Client.update_user(**kwargs) Updates data for the user. To have the latest information, it must be preceded by a DescribeUser call. The dataset in the request should be the one expected when performing another "DescribeUser" call. See also: AWS API Documentation **Request Syntax** response = client.update_user( OrganizationId='string', UserId='string', Role='USER'|'RESOURCE'|'SYSTEM_USER'|'REMOTE_USER', DisplayName='string', FirstName='string', LastName='string', HiddenFromGlobalAddressList=True|False, Initials='string', Telephone='string', Street='string', JobTitle='string', City='string', Company='string', ZipCode='string', Department='string', Country='string', Office='string', IdentityProviderUserId='string' ) Parameters: * **OrganizationId** (*string*) -- **[REQUIRED]** The identifier for the organization under which the user exists. * **UserId** (*string*) -- **[REQUIRED]** The identifier for the user to be updated. The identifier can be the *UserId*, *Username*, or *email*. The following identity formats are available: * User ID: 12345678-1234-1234-1234-123456789012 or S-1-1-12-1234567890-123456789-123456789-1234 * Email address: user@domain.tld * User name: user * **Role** (*string*) -- Updates the user role. You cannot pass *SYSTEM_USER* or *RESOURCE*. * **DisplayName** (*string*) -- Updates the display name of the user. * **FirstName** (*string*) -- Updates the user's first name. * **LastName** (*string*) -- Updates the user's last name. * **HiddenFromGlobalAddressList** (*boolean*) -- If enabled, the user is hidden from the global address list. * **Initials** (*string*) -- Updates the user's initials. * **Telephone** (*string*) -- Updates the user's contact details. * **Street** (*string*) -- Updates the user's street address. * **JobTitle** (*string*) -- Updates the user's job title. * **City** (*string*) -- Updates the user's city. * **Company** (*string*) -- Updates the user's company. * **ZipCode** (*string*) -- Updates the user's zip code. * **Department** (*string*) -- Updates the user's department. * **Country** (*string*) -- Updates the user's country. * **Office** (*string*) -- Updates the user's office. * **IdentityProviderUserId** (*string*) -- User ID from the IAM Identity Center. If this parameter is empty it will be updated automatically when the user logs in for the first time to the mailbox associated with WorkMail. Return type: dict Returns: **Response Syntax** {} **Response Structure** * *(dict) --* **Exceptions** * "WorkMail.Client.exceptions.DirectoryServiceAuthenticationFailed Exception" * "WorkMail.Client.exceptions.DirectoryUnavailableException" * "WorkMail.Client.exceptions.EntityNotFoundException" * "WorkMail.Client.exceptions.InvalidParameterException" * "WorkMail.Client.exceptions.OrganizationNotFoundException" * "WorkMail.Client.exceptions.OrganizationStateException" * "WorkMail.Client.exceptions.UnsupportedOperationException" * "WorkMail.Client.exceptions.EntityStateException" WorkMail / Client / delete_resource delete_resource *************** WorkMail.Client.delete_resource(**kwargs) Deletes the specified resource. See also: AWS API Documentation **Request Syntax** response = client.delete_resource( OrganizationId='string', ResourceId='string' ) Parameters: * **OrganizationId** (*string*) -- **[REQUIRED]** The identifier associated with the organization from which the resource is deleted. * **ResourceId** (*string*) -- **[REQUIRED]** The identifier of the resource to be deleted. The identifier can accept *ResourceId*, or *Resourcename*. The following identity formats are available: * Resource ID: r-0123456789a0123456789b0123456789 * Resource name: resource Return type: dict Returns: **Response Syntax** {} **Response Structure** * *(dict) --* **Exceptions** * "WorkMail.Client.exceptions.EntityStateException" * "WorkMail.Client.exceptions.InvalidParameterException" * "WorkMail.Client.exceptions.OrganizationNotFoundException" * "WorkMail.Client.exceptions.OrganizationStateException" * "WorkMail.Client.exceptions.UnsupportedOperationException" WorkMail / Client / update_impersonation_role update_impersonation_role ************************* WorkMail.Client.update_impersonation_role(**kwargs) Updates an impersonation role for the given WorkMail organization. See also: AWS API Documentation **Request Syntax** response = client.update_impersonation_role( OrganizationId='string', ImpersonationRoleId='string', Name='string', Type='FULL_ACCESS'|'READ_ONLY', Description='string', Rules=[ { 'ImpersonationRuleId': 'string', 'Name': 'string', 'Description': 'string', 'Effect': 'ALLOW'|'DENY', 'TargetUsers': [ 'string', ], 'NotTargetUsers': [ 'string', ] }, ] ) Parameters: * **OrganizationId** (*string*) -- **[REQUIRED]** The WorkMail organization that contains the impersonation role to update. * **ImpersonationRoleId** (*string*) -- **[REQUIRED]** The ID of the impersonation role to update. * **Name** (*string*) -- **[REQUIRED]** The updated impersonation role name. * **Type** (*string*) -- **[REQUIRED]** The updated impersonation role type. * **Description** (*string*) -- The updated impersonation role description. * **Rules** (*list*) -- **[REQUIRED]** The updated list of rules. * *(dict) --* The rules for the given impersonation role. * **ImpersonationRuleId** *(string) --* **[REQUIRED]** The identifier of the rule. * **Name** *(string) --* The rule name. * **Description** *(string) --* The rule description. * **Effect** *(string) --* **[REQUIRED]** The effect of the rule when it matches the input. Allowed effect values are "ALLOW" or "DENY". * **TargetUsers** *(list) --* A list of user IDs that match the rule. * *(string) --* * **NotTargetUsers** *(list) --* A list of user IDs that don't match the rule. * *(string) --* Return type: dict Returns: **Response Syntax** {} **Response Structure** * *(dict) --* **Exceptions** * "WorkMail.Client.exceptions.InvalidParameterException" * "WorkMail.Client.exceptions.OrganizationNotFoundException" * "WorkMail.Client.exceptions.OrganizationStateException" * "WorkMail.Client.exceptions.ResourceNotFoundException" * "WorkMail.Client.exceptions.EntityNotFoundException" * "WorkMail.Client.exceptions.EntityStateException" * "WorkMail.Client.exceptions.LimitExceededException" WorkMail / Client / get_mail_domain get_mail_domain *************** WorkMail.Client.get_mail_domain(**kwargs) Gets details for a mail domain, including domain records required to configure your domain with recommended security. See also: AWS API Documentation **Request Syntax** response = client.get_mail_domain( OrganizationId='string', DomainName='string' ) Parameters: * **OrganizationId** (*string*) -- **[REQUIRED]** The WorkMail organization for which the domain is retrieved. * **DomainName** (*string*) -- **[REQUIRED]** The domain from which you want to retrieve details. Return type: dict Returns: **Response Syntax** { 'Records': [ { 'Type': 'string', 'Hostname': 'string', 'Value': 'string' }, ], 'IsTestDomain': True|False, 'IsDefault': True|False, 'OwnershipVerificationStatus': 'PENDING'|'VERIFIED'|'FAILED', 'DkimVerificationStatus': 'PENDING'|'VERIFIED'|'FAILED' } **Response Structure** * *(dict) --* * **Records** *(list) --* A list of the DNS records that WorkMail recommends adding in your DNS provider for the best user experience. The records configure your domain with DMARC, SPF, DKIM, and direct incoming email traffic to SES. See admin guide for more details. * *(dict) --* A DNS record uploaded to your DNS provider. * **Type** *(string) --* The RFC 1035 record type. Possible values: "CNAME", "A", "MX". * **Hostname** *(string) --* The DNS hostname.- For example, "domain.example.com". * **Value** *(string) --* The value returned by the DNS for a query to that hostname and record type. * **IsTestDomain** *(boolean) --* Specifies whether the domain is a test domain provided by WorkMail, or a custom domain. * **IsDefault** *(boolean) --* Specifies whether the domain is the default domain for your organization. * **OwnershipVerificationStatus** *(string) --* Indicates the status of the domain ownership verification. * **DkimVerificationStatus** *(string) --* Indicates the status of a DKIM verification. **Exceptions** * "WorkMail.Client.exceptions.MailDomainNotFoundException" * "WorkMail.Client.exceptions.OrganizationNotFoundException" * "WorkMail.Client.exceptions.OrganizationStateException" * "WorkMail.Client.exceptions.InvalidParameterException" WorkMail / Client / create_impersonation_role create_impersonation_role ************************* WorkMail.Client.create_impersonation_role(**kwargs) Creates an impersonation role for the given WorkMail organization. *Idempotency* ensures that an API request completes no more than one time. With an idempotent request, if the original request completes successfully, any subsequent retries also complete successfully without performing any further actions. See also: AWS API Documentation **Request Syntax** response = client.create_impersonation_role( ClientToken='string', OrganizationId='string', Name='string', Type='FULL_ACCESS'|'READ_ONLY', Description='string', Rules=[ { 'ImpersonationRuleId': 'string', 'Name': 'string', 'Description': 'string', 'Effect': 'ALLOW'|'DENY', 'TargetUsers': [ 'string', ], 'NotTargetUsers': [ 'string', ] }, ] ) Parameters: * **ClientToken** (*string*) -- The idempotency token for the client request. This field is autopopulated if not provided. * **OrganizationId** (*string*) -- **[REQUIRED]** The WorkMail organization to create the new impersonation role within. * **Name** (*string*) -- **[REQUIRED]** The name of the new impersonation role. * **Type** (*string*) -- **[REQUIRED]** The impersonation role's type. The available impersonation role types are "READ_ONLY" or "FULL_ACCESS". * **Description** (*string*) -- The description of the new impersonation role. * **Rules** (*list*) -- **[REQUIRED]** The list of rules for the impersonation role. * *(dict) --* The rules for the given impersonation role. * **ImpersonationRuleId** *(string) --* **[REQUIRED]** The identifier of the rule. * **Name** *(string) --* The rule name. * **Description** *(string) --* The rule description. * **Effect** *(string) --* **[REQUIRED]** The effect of the rule when it matches the input. Allowed effect values are "ALLOW" or "DENY". * **TargetUsers** *(list) --* A list of user IDs that match the rule. * *(string) --* * **NotTargetUsers** *(list) --* A list of user IDs that don't match the rule. * *(string) --* Return type: dict Returns: **Response Syntax** { 'ImpersonationRoleId': 'string' } **Response Structure** * *(dict) --* * **ImpersonationRoleId** *(string) --* The new impersonation role ID. **Exceptions** * "WorkMail.Client.exceptions.InvalidParameterException" * "WorkMail.Client.exceptions.OrganizationNotFoundException" * "WorkMail.Client.exceptions.OrganizationStateException" * "WorkMail.Client.exceptions.EntityNotFoundException" * "WorkMail.Client.exceptions.EntityStateException" * "WorkMail.Client.exceptions.LimitExceededException" WorkMail / Client / delete_mobile_device_access_rule delete_mobile_device_access_rule ******************************** WorkMail.Client.delete_mobile_device_access_rule(**kwargs) Deletes a mobile device access rule for the specified WorkMail organization. Note: Deleting already deleted and non-existing rules does not produce an error. In those cases, the service sends back an HTTP 200 response with an empty HTTP body. See also: AWS API Documentation **Request Syntax** response = client.delete_mobile_device_access_rule( OrganizationId='string', MobileDeviceAccessRuleId='string' ) Parameters: * **OrganizationId** (*string*) -- **[REQUIRED]** The WorkMail organization under which the rule will be deleted. * **MobileDeviceAccessRuleId** (*string*) -- **[REQUIRED]** The identifier of the rule to be deleted. Return type: dict Returns: **Response Syntax** {} **Response Structure** * *(dict) --* **Exceptions** * "WorkMail.Client.exceptions.InvalidParameterException" * "WorkMail.Client.exceptions.OrganizationNotFoundException" * "WorkMail.Client.exceptions.OrganizationStateException" WorkMail / Client / get_mobile_device_access_override get_mobile_device_access_override ********************************* WorkMail.Client.get_mobile_device_access_override(**kwargs) Gets the mobile device access override for the given WorkMail organization, user, and device. See also: AWS API Documentation **Request Syntax** response = client.get_mobile_device_access_override( OrganizationId='string', UserId='string', DeviceId='string' ) Parameters: * **OrganizationId** (*string*) -- **[REQUIRED]** The WorkMail organization to which you want to apply the override. * **UserId** (*string*) -- **[REQUIRED]** Identifies the WorkMail user for the override. Accepts the following types of user identities: * User ID: "12345678-1234-1234-1234-123456789012" or "S-1-1-12-1234567890-123456789-123456789-1234" * Email address: "user@domain.tld" * User name: "user" * **DeviceId** (*string*) -- **[REQUIRED]** The mobile device to which the override applies. "DeviceId" is case insensitive. Return type: dict Returns: **Response Syntax** { 'UserId': 'string', 'DeviceId': 'string', 'Effect': 'ALLOW'|'DENY', 'Description': 'string', 'DateCreated': datetime(2015, 1, 1), 'DateModified': datetime(2015, 1, 1) } **Response Structure** * *(dict) --* * **UserId** *(string) --* The WorkMail user to which the access override applies. * **DeviceId** *(string) --* The device to which the access override applies. * **Effect** *(string) --* The effect of the override, "ALLOW" or "DENY". * **Description** *(string) --* A description of the override. * **DateCreated** *(datetime) --* The date the override was first created. * **DateModified** *(datetime) --* The date the description was last modified. **Exceptions** * "WorkMail.Client.exceptions.InvalidParameterException" * "WorkMail.Client.exceptions.OrganizationNotFoundException" * "WorkMail.Client.exceptions.OrganizationStateException" * "WorkMail.Client.exceptions.EntityNotFoundException" * "WorkMail.Client.exceptions.ResourceNotFoundException" WorkMail / Client / delete_group delete_group ************ WorkMail.Client.delete_group(**kwargs) Deletes a group from WorkMail. See also: AWS API Documentation **Request Syntax** response = client.delete_group( OrganizationId='string', GroupId='string' ) Parameters: * **OrganizationId** (*string*) -- **[REQUIRED]** The organization that contains the group. * **GroupId** (*string*) -- **[REQUIRED]** The identifier of the group to be deleted. The identifier can be the *GroupId*, or *Groupname*. The following identity formats are available: * Group ID: 12345678-1234-1234-1234-123456789012 or S-1-1-12-1234567890-123456789-123456789-1234 * Group name: group Return type: dict Returns: **Response Syntax** {} **Response Structure** * *(dict) --* **Exceptions** * "WorkMail.Client.exceptions.DirectoryServiceAuthenticationFailed Exception" * "WorkMail.Client.exceptions.DirectoryUnavailableException" * "WorkMail.Client.exceptions.EntityStateException" * "WorkMail.Client.exceptions.InvalidParameterException" * "WorkMail.Client.exceptions.OrganizationNotFoundException" * "WorkMail.Client.exceptions.OrganizationStateException" * "WorkMail.Client.exceptions.UnsupportedOperationException" WorkMail / Client / create_user create_user *********** WorkMail.Client.create_user(**kwargs) Creates a user who can be used in WorkMail by calling the RegisterToWorkMail operation. See also: AWS API Documentation **Request Syntax** response = client.create_user( OrganizationId='string', Name='string', DisplayName='string', Password='string', Role='USER'|'RESOURCE'|'SYSTEM_USER'|'REMOTE_USER', FirstName='string', LastName='string', HiddenFromGlobalAddressList=True|False, IdentityProviderUserId='string' ) Parameters: * **OrganizationId** (*string*) -- **[REQUIRED]** The identifier of the organization for which the user is created. * **Name** (*string*) -- **[REQUIRED]** The name for the new user. WorkMail directory user names have a maximum length of 64. All others have a maximum length of 20. * **DisplayName** (*string*) -- **[REQUIRED]** The display name for the new user. * **Password** (*string*) -- The password for the new user. * **Role** (*string*) -- The role of the new user. You cannot pass *SYSTEM_USER* or *RESOURCE* role in a single request. When a user role is not selected, the default role of *USER* is selected. * **FirstName** (*string*) -- The first name of the new user. * **LastName** (*string*) -- The last name of the new user. * **HiddenFromGlobalAddressList** (*boolean*) -- If this parameter is enabled, the user will be hidden from the address book. * **IdentityProviderUserId** (*string*) -- User ID from the IAM Identity Center. If this parameter is empty it will be updated automatically when the user logs in for the first time to the mailbox associated with WorkMail. Return type: dict Returns: **Response Syntax** { 'UserId': 'string' } **Response Structure** * *(dict) --* * **UserId** *(string) --* The identifier for the new user. **Exceptions** * "WorkMail.Client.exceptions.DirectoryServiceAuthenticationFailed Exception" * "WorkMail.Client.exceptions.DirectoryUnavailableException" * "WorkMail.Client.exceptions.InvalidParameterException" * "WorkMail.Client.exceptions.InvalidPasswordException" * "WorkMail.Client.exceptions.NameAvailabilityException" * "WorkMail.Client.exceptions.OrganizationNotFoundException" * "WorkMail.Client.exceptions.OrganizationStateException" * "WorkMail.Client.exceptions.ReservedNameException" * "WorkMail.Client.exceptions.UnsupportedOperationException" WorkMail / Client / register_mail_domain register_mail_domain ******************** WorkMail.Client.register_mail_domain(**kwargs) Registers a new domain in WorkMail and SES, and configures it for use by WorkMail. Emails received by SES for this domain are routed to the specified WorkMail organization, and WorkMail has permanent permission to use the specified domain for sending your users' emails. See also: AWS API Documentation **Request Syntax** response = client.register_mail_domain( ClientToken='string', OrganizationId='string', DomainName='string' ) Parameters: * **ClientToken** (*string*) -- Idempotency token used when retrying requests. This field is autopopulated if not provided. * **OrganizationId** (*string*) -- **[REQUIRED]** The WorkMail organization under which you're creating the domain. * **DomainName** (*string*) -- **[REQUIRED]** The name of the mail domain to create in WorkMail and SES. Return type: dict Returns: **Response Syntax** {} **Response Structure** * *(dict) --* **Exceptions** * "WorkMail.Client.exceptions.MailDomainInUseException" * "WorkMail.Client.exceptions.OrganizationNotFoundException" * "WorkMail.Client.exceptions.OrganizationStateException" * "WorkMail.Client.exceptions.LimitExceededException" * "WorkMail.Client.exceptions.InvalidParameterException" WorkMail / Client / delete_mailbox_permissions delete_mailbox_permissions ************************** WorkMail.Client.delete_mailbox_permissions(**kwargs) Deletes permissions granted to a member (user or group). See also: AWS API Documentation **Request Syntax** response = client.delete_mailbox_permissions( OrganizationId='string', EntityId='string', GranteeId='string' ) Parameters: * **OrganizationId** (*string*) -- **[REQUIRED]** The identifier of the organization under which the member (user or group) exists. * **EntityId** (*string*) -- **[REQUIRED]** The identifier of the entity that owns the mailbox. The identifier can be *UserId or Group Id*, *Username or Groupname*, or *email*. * Entity ID: 12345678-1234-1234-1234-123456789012, r-0123456789a0123456789b0123456789, or S-1-1-12-1234567890-123456789-123456789-1234 * Email address: entity@domain.tld * Entity name: entity * **GranteeId** (*string*) -- **[REQUIRED]** The identifier of the entity for which to delete granted permissions. The identifier can be *UserId, ResourceID, or Group Id*, *Username or Groupname*, or *email*. * Grantee ID: 12345678-1234-1234-1234-123456789012,r-01234567 89a0123456789b0123456789, or S-1-1-12-1234567890-123456789-123456789-1234 * Email address: grantee@domain.tld * Grantee name: grantee Return type: dict Returns: **Response Syntax** {} **Response Structure** * *(dict) --* **Exceptions** * "WorkMail.Client.exceptions.EntityNotFoundException" * "WorkMail.Client.exceptions.EntityStateException" * "WorkMail.Client.exceptions.InvalidParameterException" * "WorkMail.Client.exceptions.OrganizationNotFoundException" * "WorkMail.Client.exceptions.OrganizationStateException" WorkMail / Client / get_impersonation_role_effect get_impersonation_role_effect ***************************** WorkMail.Client.get_impersonation_role_effect(**kwargs) Tests whether the given impersonation role can impersonate a target user. See also: AWS API Documentation **Request Syntax** response = client.get_impersonation_role_effect( OrganizationId='string', ImpersonationRoleId='string', TargetUser='string' ) Parameters: * **OrganizationId** (*string*) -- **[REQUIRED]** The WorkMail organization where the impersonation role is defined. * **ImpersonationRoleId** (*string*) -- **[REQUIRED]** The impersonation role ID to test. * **TargetUser** (*string*) -- **[REQUIRED]** The WorkMail organization user chosen to test the impersonation role. The following identity formats are available: * User ID: "12345678-1234-1234-1234-123456789012" or "S-1-1-12-1234567890-123456789-123456789-1234" * Email address: "user@domain.tld" * User name: "user" Return type: dict Returns: **Response Syntax** { 'Type': 'FULL_ACCESS'|'READ_ONLY', 'Effect': 'ALLOW'|'DENY', 'MatchedRules': [ { 'ImpersonationRuleId': 'string', 'Name': 'string' }, ] } **Response Structure** * *(dict) --* * **Type** *(string) --* The impersonation role type. * **Effect** *(string) --* Effect of the impersonation role on the target user based on its rules. Available effects are "ALLOW" or "DENY". * **MatchedRules** *(list) --* A list of the rules that match the input and produce the configured effect. * *(dict) --* The impersonation rule that matched the input. * **ImpersonationRuleId** *(string) --* The ID of the rule that matched the input * **Name** *(string) --* The name of the rule that matched the input. **Exceptions** * "WorkMail.Client.exceptions.InvalidParameterException" * "WorkMail.Client.exceptions.OrganizationNotFoundException" * "WorkMail.Client.exceptions.OrganizationStateException" * "WorkMail.Client.exceptions.ResourceNotFoundException" * "WorkMail.Client.exceptions.EntityNotFoundException" * "WorkMail.Client.exceptions.EntityStateException" WorkMail / Client / delete_identity_center_application delete_identity_center_application ********************************** WorkMail.Client.delete_identity_center_application(**kwargs) Deletes the IAM Identity Center application from WorkMail. This action does not affect the authentication settings for any WorkMail organizations. See also: AWS API Documentation **Request Syntax** response = client.delete_identity_center_application( ApplicationArn='string' ) Parameters: **ApplicationArn** (*string*) -- **[REQUIRED]** The Amazon Resource Name (ARN) of the application. Return type: dict Returns: **Response Syntax** {} **Response Structure** * *(dict) --* **Exceptions** * "WorkMail.Client.exceptions.InvalidParameterException" * "WorkMail.Client.exceptions.OrganizationStateException" WorkMail / Client / list_tags_for_resource list_tags_for_resource ********************** WorkMail.Client.list_tags_for_resource(**kwargs) Lists the tags applied to an WorkMail organization resource. See also: AWS API Documentation **Request Syntax** response = client.list_tags_for_resource( ResourceARN='string' ) Parameters: **ResourceARN** (*string*) -- **[REQUIRED]** The resource ARN. Return type: dict Returns: **Response Syntax** { 'Tags': [ { 'Key': 'string', 'Value': 'string' }, ] } **Response Structure** * *(dict) --* * **Tags** *(list) --* A list of tag key-value pairs. * *(dict) --* Describes a tag applied to a resource. * **Key** *(string) --* The key of the tag. * **Value** *(string) --* The value of the tag. **Exceptions** * "WorkMail.Client.exceptions.ResourceNotFoundException" WorkMail / Client / describe_group describe_group ************** WorkMail.Client.describe_group(**kwargs) Returns the data available for the group. See also: AWS API Documentation **Request Syntax** response = client.describe_group( OrganizationId='string', GroupId='string' ) Parameters: * **OrganizationId** (*string*) -- **[REQUIRED]** The identifier for the organization under which the group exists. * **GroupId** (*string*) -- **[REQUIRED]** The identifier for the group to be described. The identifier can accept *GroupId*, *Groupname*, or *email*. The following identity formats are available: * Group ID: 12345678-1234-1234-1234-123456789012 or S-1-1-12-1234567890-123456789-123456789-1234 * Email address: group@domain.tld * Group name: group Return type: dict Returns: **Response Syntax** { 'GroupId': 'string', 'Name': 'string', 'Email': 'string', 'State': 'ENABLED'|'DISABLED'|'DELETED', 'EnabledDate': datetime(2015, 1, 1), 'DisabledDate': datetime(2015, 1, 1), 'HiddenFromGlobalAddressList': True|False } **Response Structure** * *(dict) --* * **GroupId** *(string) --* The identifier of the described group. * **Name** *(string) --* The name of the described group. * **Email** *(string) --* The email of the described group. * **State** *(string) --* The state of the user: enabled (registered to WorkMail) or disabled (deregistered or never registered to WorkMail). * **EnabledDate** *(datetime) --* The date and time when a user was registered to WorkMail, in UNIX epoch time format. * **DisabledDate** *(datetime) --* The date and time when a user was deregistered from WorkMail, in UNIX epoch time format. * **HiddenFromGlobalAddressList** *(boolean) --* If the value is set to *true*, the group is hidden from the address book. **Exceptions** * "WorkMail.Client.exceptions.EntityNotFoundException" * "WorkMail.Client.exceptions.InvalidParameterException" * "WorkMail.Client.exceptions.OrganizationNotFoundException" * "WorkMail.Client.exceptions.OrganizationStateException" WorkMail / Client / create_alias create_alias ************ WorkMail.Client.create_alias(**kwargs) Adds an alias to the set of a given member (user or group) of WorkMail. See also: AWS API Documentation **Request Syntax** response = client.create_alias( OrganizationId='string', EntityId='string', Alias='string' ) Parameters: * **OrganizationId** (*string*) -- **[REQUIRED]** The organization under which the member (user or group) exists. * **EntityId** (*string*) -- **[REQUIRED]** The member (user or group) to which this alias is added. * **Alias** (*string*) -- **[REQUIRED]** The alias to add to the member set. Return type: dict Returns: **Response Syntax** {} **Response Structure** * *(dict) --* **Exceptions** * "WorkMail.Client.exceptions.EmailAddressInUseException" * "WorkMail.Client.exceptions.EntityNotFoundException" * "WorkMail.Client.exceptions.EntityStateException" * "WorkMail.Client.exceptions.InvalidParameterException" * "WorkMail.Client.exceptions.MailDomainNotFoundException" * "WorkMail.Client.exceptions.MailDomainStateException" * "WorkMail.Client.exceptions.OrganizationNotFoundException" * "WorkMail.Client.exceptions.OrganizationStateException" * "WorkMail.Client.exceptions.LimitExceededException" WorkMail / Client / get_default_retention_policy get_default_retention_policy **************************** WorkMail.Client.get_default_retention_policy(**kwargs) Gets the default retention policy details for the specified organization. See also: AWS API Documentation **Request Syntax** response = client.get_default_retention_policy( OrganizationId='string' ) Parameters: **OrganizationId** (*string*) -- **[REQUIRED]** The organization ID. Return type: dict Returns: **Response Syntax** { 'Id': 'string', 'Name': 'string', 'Description': 'string', 'FolderConfigurations': [ { 'Name': 'INBOX'|'DELETED_ITEMS'|'SENT_ITEMS'|'DRAFTS'|'JUNK_EMAIL', 'Action': 'NONE'|'DELETE'|'PERMANENTLY_DELETE', 'Period': 123 }, ] } **Response Structure** * *(dict) --* * **Id** *(string) --* The retention policy ID. * **Name** *(string) --* The retention policy name. * **Description** *(string) --* The retention policy description. * **FolderConfigurations** *(list) --* The retention policy folder configurations. * *(dict) --* The configuration applied to an organization's folders by its retention policy. * **Name** *(string) --* The folder name. * **Action** *(string) --* The action to take on the folder contents at the end of the folder configuration period. * **Period** *(integer) --* The number of days for which the folder-configuration action applies. **Exceptions** * "WorkMail.Client.exceptions.InvalidParameterException" * "WorkMail.Client.exceptions.OrganizationNotFoundException" * "WorkMail.Client.exceptions.OrganizationStateException" * "WorkMail.Client.exceptions.EntityNotFoundException" WorkMail / Client / create_organization create_organization ******************* WorkMail.Client.create_organization(**kwargs) Creates a new WorkMail organization. Optionally, you can choose to associate an existing AWS Directory Service directory with your organization. If an AWS Directory Service directory ID is specified, the organization alias must match the directory alias. If you choose not to associate an existing directory with your organization, then we create a new WorkMail directory for you. For more information, see Adding an organization in the *WorkMail Administrator Guide*. You can associate multiple email domains with an organization, then choose your default email domain from the WorkMail console. You can also associate a domain that is managed in an Amazon Route 53 public hosted zone. For more information, see Adding a domain and Choosing the default domain in the *WorkMail Administrator Guide*. Optionally, you can use a customer managed key from AWS Key Management Service (AWS KMS) to encrypt email for your organization. If you don't associate an AWS KMS key, WorkMail creates a default, AWS managed key for you. See also: AWS API Documentation **Request Syntax** response = client.create_organization( DirectoryId='string', Alias='string', ClientToken='string', Domains=[ { 'DomainName': 'string', 'HostedZoneId': 'string' }, ], KmsKeyArn='string', EnableInteroperability=True|False ) Parameters: * **DirectoryId** (*string*) -- The AWS Directory Service directory ID. * **Alias** (*string*) -- **[REQUIRED]** The organization alias. * **ClientToken** (*string*) -- The idempotency token associated with the request. This field is autopopulated if not provided. * **Domains** (*list*) -- The email domains to associate with the organization. * *(dict) --* The domain to associate with an WorkMail organization. When you configure a domain hosted in Amazon Route 53 (Route 53), all recommended DNS records are added to the organization when you create it. For more information, see Adding a domain in the *WorkMail Administrator Guide*. * **DomainName** *(string) --* **[REQUIRED]** The fully qualified domain name. * **HostedZoneId** *(string) --* The hosted zone ID for a domain hosted in Route 53. Required when configuring a domain hosted in Route 53. * **KmsKeyArn** (*string*) -- The Amazon Resource Name (ARN) of a customer managed key from AWS KMS. * **EnableInteroperability** (*boolean*) -- When "true", allows organization interoperability between WorkMail and Microsoft Exchange. If "true", you must include a AD Connector directory ID in the request. Return type: dict Returns: **Response Syntax** { 'OrganizationId': 'string' } **Response Structure** * *(dict) --* * **OrganizationId** *(string) --* The organization ID. **Exceptions** * "WorkMail.Client.exceptions.InvalidParameterException" * "WorkMail.Client.exceptions.DirectoryInUseException" * "WorkMail.Client.exceptions.DirectoryUnavailableException" * "WorkMail.Client.exceptions.LimitExceededException" * "WorkMail.Client.exceptions.NameAvailabilityException" WorkMail / Client / untag_resource untag_resource ************** WorkMail.Client.untag_resource(**kwargs) Untags the specified tags from the specified WorkMail organization resource. See also: AWS API Documentation **Request Syntax** response = client.untag_resource( ResourceARN='string', TagKeys=[ 'string', ] ) Parameters: * **ResourceARN** (*string*) -- **[REQUIRED]** The resource ARN. * **TagKeys** (*list*) -- **[REQUIRED]** The tag keys. * *(string) --* Return type: dict Returns: **Response Syntax** {} **Response Structure** * *(dict) --* **Exceptions** * "WorkMail.Client.exceptions.ResourceNotFoundException" WorkMail / Client / describe_mailbox_export_job describe_mailbox_export_job *************************** WorkMail.Client.describe_mailbox_export_job(**kwargs) Describes the current status of a mailbox export job. See also: AWS API Documentation **Request Syntax** response = client.describe_mailbox_export_job( JobId='string', OrganizationId='string' ) Parameters: * **JobId** (*string*) -- **[REQUIRED]** The mailbox export job ID. * **OrganizationId** (*string*) -- **[REQUIRED]** The organization ID. Return type: dict Returns: **Response Syntax** { 'EntityId': 'string', 'Description': 'string', 'RoleArn': 'string', 'KmsKeyArn': 'string', 'S3BucketName': 'string', 'S3Prefix': 'string', 'S3Path': 'string', 'EstimatedProgress': 123, 'State': 'RUNNING'|'COMPLETED'|'FAILED'|'CANCELLED', 'ErrorInfo': 'string', 'StartTime': datetime(2015, 1, 1), 'EndTime': datetime(2015, 1, 1) } **Response Structure** * *(dict) --* * **EntityId** *(string) --* The identifier of the user or resource associated with the mailbox. * **Description** *(string) --* The mailbox export job description. * **RoleArn** *(string) --* The ARN of the AWS Identity and Access Management (IAM) role that grants write permission to the Amazon Simple Storage Service (Amazon S3) bucket. * **KmsKeyArn** *(string) --* The Amazon Resource Name (ARN) of the symmetric AWS Key Management Service (AWS KMS) key that encrypts the exported mailbox content. * **S3BucketName** *(string) --* The name of the S3 bucket. * **S3Prefix** *(string) --* The S3 bucket prefix. * **S3Path** *(string) --* The path to the S3 bucket and file that the mailbox export job is exporting to. * **EstimatedProgress** *(integer) --* The estimated progress of the mailbox export job, in percentage points. * **State** *(string) --* The state of the mailbox export job. * **ErrorInfo** *(string) --* Error information for failed mailbox export jobs. * **StartTime** *(datetime) --* The mailbox export job start timestamp. * **EndTime** *(datetime) --* The mailbox export job end timestamp. **Exceptions** * "WorkMail.Client.exceptions.InvalidParameterException" * "WorkMail.Client.exceptions.OrganizationNotFoundException" * "WorkMail.Client.exceptions.OrganizationStateException" * "WorkMail.Client.exceptions.EntityNotFoundException" WorkMail / Client / update_mobile_device_access_rule update_mobile_device_access_rule ******************************** WorkMail.Client.update_mobile_device_access_rule(**kwargs) Updates a mobile device access rule for the specified WorkMail organization. See also: AWS API Documentation **Request Syntax** response = client.update_mobile_device_access_rule( OrganizationId='string', MobileDeviceAccessRuleId='string', Name='string', Description='string', Effect='ALLOW'|'DENY', DeviceTypes=[ 'string', ], NotDeviceTypes=[ 'string', ], DeviceModels=[ 'string', ], NotDeviceModels=[ 'string', ], DeviceOperatingSystems=[ 'string', ], NotDeviceOperatingSystems=[ 'string', ], DeviceUserAgents=[ 'string', ], NotDeviceUserAgents=[ 'string', ] ) Parameters: * **OrganizationId** (*string*) -- **[REQUIRED]** The WorkMail organization under which the rule will be updated. * **MobileDeviceAccessRuleId** (*string*) -- **[REQUIRED]** The identifier of the rule to be updated. * **Name** (*string*) -- **[REQUIRED]** The updated rule name. * **Description** (*string*) -- The updated rule description. * **Effect** (*string*) -- **[REQUIRED]** The effect of the rule when it matches. Allowed values are "ALLOW" or "DENY". * **DeviceTypes** (*list*) -- Device types that the updated rule will match. * *(string) --* * **NotDeviceTypes** (*list*) -- Device types that the updated rule **will not** match. All other device types will match. * *(string) --* * **DeviceModels** (*list*) -- Device models that the updated rule will match. * *(string) --* * **NotDeviceModels** (*list*) -- Device models that the updated rule **will not** match. All other device models will match. * *(string) --* * **DeviceOperatingSystems** (*list*) -- Device operating systems that the updated rule will match. * *(string) --* * **NotDeviceOperatingSystems** (*list*) -- Device operating systems that the updated rule **will not** match. All other device operating systems will match. * *(string) --* * **DeviceUserAgents** (*list*) -- User agents that the updated rule will match. * *(string) --* * **NotDeviceUserAgents** (*list*) -- User agents that the updated rule **will not** match. All other user agents will match. * *(string) --* Return type: dict Returns: **Response Syntax** {} **Response Structure** * *(dict) --* **Exceptions** * "WorkMail.Client.exceptions.InvalidParameterException" * "WorkMail.Client.exceptions.EntityNotFoundException" * "WorkMail.Client.exceptions.OrganizationNotFoundException" * "WorkMail.Client.exceptions.OrganizationStateException" WorkMail / Client / delete_availability_configuration delete_availability_configuration ********************************* WorkMail.Client.delete_availability_configuration(**kwargs) Deletes the "AvailabilityConfiguration" for the given WorkMail organization and domain. See also: AWS API Documentation **Request Syntax** response = client.delete_availability_configuration( OrganizationId='string', DomainName='string' ) Parameters: * **OrganizationId** (*string*) -- **[REQUIRED]** The WorkMail organization for which the "AvailabilityConfiguration" will be deleted. * **DomainName** (*string*) -- **[REQUIRED]** The domain for which the "AvailabilityConfiguration" will be deleted. Return type: dict Returns: **Response Syntax** {} **Response Structure** * *(dict) --* **Exceptions** * "WorkMail.Client.exceptions.OrganizationNotFoundException" * "WorkMail.Client.exceptions.OrganizationStateException" WorkMail / Client / get_waiter get_waiter ********** WorkMail.Client.get_waiter(waiter_name) Returns an object that can wait for some condition. Parameters: **waiter_name** (*str*) -- The name of the waiter to get. See the waiters section of the service docs for a list of available waiters. Returns: The specified waiter object. Return type: "botocore.waiter.Waiter" WorkMail / Client / list_resources list_resources ************** WorkMail.Client.list_resources(**kwargs) Returns summaries of the organization's resources. See also: AWS API Documentation **Request Syntax** response = client.list_resources( OrganizationId='string', NextToken='string', MaxResults=123, Filters={ 'NamePrefix': 'string', 'PrimaryEmailPrefix': 'string', 'State': 'ENABLED'|'DISABLED'|'DELETED' } ) Parameters: * **OrganizationId** (*string*) -- **[REQUIRED]** The identifier for the organization under which the resources exist. * **NextToken** (*string*) -- The token to use to retrieve the next page of results. The first call does not contain any tokens. * **MaxResults** (*integer*) -- The maximum number of results to return in a single call. * **Filters** (*dict*) -- Limit the resource search results based on the filter criteria. You can only use one filter per request. * **NamePrefix** *(string) --* Filters only resource that start with the entered name prefix . * **PrimaryEmailPrefix** *(string) --* Filters only resource with the provided primary email prefix. * **State** *(string) --* Filters only resource with the provided state. Return type: dict Returns: **Response Syntax** { 'Resources': [ { 'Id': 'string', 'Email': 'string', 'Name': 'string', 'Type': 'ROOM'|'EQUIPMENT', 'State': 'ENABLED'|'DISABLED'|'DELETED', 'EnabledDate': datetime(2015, 1, 1), 'DisabledDate': datetime(2015, 1, 1), 'Description': 'string' }, ], 'NextToken': 'string' } **Response Structure** * *(dict) --* * **Resources** *(list) --* One page of the organization's resource representation. * *(dict) --* The representation of a resource. * **Id** *(string) --* The identifier of the resource. * **Email** *(string) --* The email of the resource. * **Name** *(string) --* The name of the resource. * **Type** *(string) --* The type of the resource: equipment or room. * **State** *(string) --* The state of the resource, which can be ENABLED, DISABLED, or DELETED. * **EnabledDate** *(datetime) --* The date indicating when the resource was enabled for WorkMail use. * **DisabledDate** *(datetime) --* The date indicating when the resource was disabled from WorkMail use. * **Description** *(string) --* Resource description. * **NextToken** *(string) --* The token used to paginate through all the organization's resources. While results are still available, it has an associated value. When the last page is reached, the token is empty. **Exceptions** * "WorkMail.Client.exceptions.InvalidParameterException" * "WorkMail.Client.exceptions.OrganizationNotFoundException" * "WorkMail.Client.exceptions.OrganizationStateException" * "WorkMail.Client.exceptions.UnsupportedOperationException" WorkMail / Client / get_access_control_effect get_access_control_effect ************************* WorkMail.Client.get_access_control_effect(**kwargs) Gets the effects of an organization's access control rules as they apply to a specified IPv4 address, access protocol action, and user ID or impersonation role ID. You must provide either the user ID or impersonation role ID. Impersonation role ID can only be used with Action EWS. See also: AWS API Documentation **Request Syntax** response = client.get_access_control_effect( OrganizationId='string', IpAddress='string', Action='string', UserId='string', ImpersonationRoleId='string' ) Parameters: * **OrganizationId** (*string*) -- **[REQUIRED]** The identifier for the organization. * **IpAddress** (*string*) -- **[REQUIRED]** The IPv4 address. * **Action** (*string*) -- **[REQUIRED]** The access protocol action. Valid values include "ActiveSync", "AutoDiscover", "EWS", "IMAP", "SMTP", "WindowsOutlook", and "WebMail". * **UserId** (*string*) -- The user ID. * **ImpersonationRoleId** (*string*) -- The impersonation role ID. Return type: dict Returns: **Response Syntax** { 'Effect': 'ALLOW'|'DENY', 'MatchedRules': [ 'string', ] } **Response Structure** * *(dict) --* * **Effect** *(string) --* The rule effect. * **MatchedRules** *(list) --* The rules that match the given parameters, resulting in an effect. * *(string) --* **Exceptions** * "WorkMail.Client.exceptions.EntityNotFoundException" * "WorkMail.Client.exceptions.ResourceNotFoundException" * "WorkMail.Client.exceptions.InvalidParameterException" * "WorkMail.Client.exceptions.OrganizationNotFoundException" * "WorkMail.Client.exceptions.OrganizationStateException" WorkMail / Client / delete_identity_provider_configuration delete_identity_provider_configuration ************************************** WorkMail.Client.delete_identity_provider_configuration(**kwargs) Disables the integration between IdC and WorkMail. Authentication will continue with the directory as it was before the IdC integration. You might have to reset your directory passwords and reconfigure your desktop and mobile email clients. See also: AWS API Documentation **Request Syntax** response = client.delete_identity_provider_configuration( OrganizationId='string' ) Parameters: **OrganizationId** (*string*) -- **[REQUIRED]** The Organization ID. Return type: dict Returns: **Response Syntax** {} **Response Structure** * *(dict) --* **Exceptions** * "WorkMail.Client.exceptions.InvalidParameterException" * "WorkMail.Client.exceptions.OrganizationNotFoundException" * "WorkMail.Client.exceptions.OrganizationStateException" WorkMail / Client / create_identity_center_application create_identity_center_application ********************************** WorkMail.Client.create_identity_center_application(**kwargs) Creates the WorkMail application in IAM Identity Center that can be used later in the WorkMail - IdC integration. For more information, see PutIdentityProviderConfiguration. This action does not affect the authentication settings for any WorkMail organizations. See also: AWS API Documentation **Request Syntax** response = client.create_identity_center_application( Name='string', InstanceArn='string', ClientToken='string' ) Parameters: * **Name** (*string*) -- **[REQUIRED]** The name of the IAM Identity Center application. * **InstanceArn** (*string*) -- **[REQUIRED]** The Amazon Resource Name (ARN) of the instance. * **ClientToken** (*string*) -- The idempotency token associated with the request. This field is autopopulated if not provided. Return type: dict Returns: **Response Syntax** { 'ApplicationArn': 'string' } **Response Structure** * *(dict) --* * **ApplicationArn** *(string) --* The Amazon Resource Name (ARN) of the application. **Exceptions** * "WorkMail.Client.exceptions.InvalidParameterException" WorkMail / Client / list_users list_users ********** WorkMail.Client.list_users(**kwargs) Returns summaries of the organization's users. See also: AWS API Documentation **Request Syntax** response = client.list_users( OrganizationId='string', NextToken='string', MaxResults=123, Filters={ 'UsernamePrefix': 'string', 'DisplayNamePrefix': 'string', 'PrimaryEmailPrefix': 'string', 'State': 'ENABLED'|'DISABLED'|'DELETED', 'IdentityProviderUserIdPrefix': 'string' } ) Parameters: * **OrganizationId** (*string*) -- **[REQUIRED]** The identifier for the organization under which the users exist. * **NextToken** (*string*) -- The token to use to retrieve the next page of results. The first call does not contain any tokens. * **MaxResults** (*integer*) -- The maximum number of results to return in a single call. * **Filters** (*dict*) -- Limit the user search results based on the filter criteria. You can only use one filter per request. * **UsernamePrefix** *(string) --* Filters only users with the provided username prefix. * **DisplayNamePrefix** *(string) --* Filters only users with the provided display name prefix. * **PrimaryEmailPrefix** *(string) --* Filters only users with the provided email prefix. * **State** *(string) --* Filters only users with the provided state. * **IdentityProviderUserIdPrefix** *(string) --* Filters only users with the ID from the IAM Identity Center. Return type: dict Returns: **Response Syntax** { 'Users': [ { 'Id': 'string', 'Email': 'string', 'Name': 'string', 'DisplayName': 'string', 'State': 'ENABLED'|'DISABLED'|'DELETED', 'UserRole': 'USER'|'RESOURCE'|'SYSTEM_USER'|'REMOTE_USER', 'EnabledDate': datetime(2015, 1, 1), 'DisabledDate': datetime(2015, 1, 1), 'IdentityProviderUserId': 'string', 'IdentityProviderIdentityStoreId': 'string' }, ], 'NextToken': 'string' } **Response Structure** * *(dict) --* * **Users** *(list) --* The overview of users for an organization. * *(dict) --* The representation of an WorkMail user. * **Id** *(string) --* The identifier of the user. * **Email** *(string) --* The email of the user. * **Name** *(string) --* The name of the user. * **DisplayName** *(string) --* The display name of the user. * **State** *(string) --* The state of the user, which can be ENABLED, DISABLED, or DELETED. * **UserRole** *(string) --* The role of the user. * **EnabledDate** *(datetime) --* The date indicating when the user was enabled for WorkMail use. * **DisabledDate** *(datetime) --* The date indicating when the user was disabled from WorkMail use. * **IdentityProviderUserId** *(string) --* User ID from the IAM Identity Center. If this parameter is empty it will be updated automatically when the user logs in for the first time to the mailbox associated with WorkMail. * **IdentityProviderIdentityStoreId** *(string) --* Identity store ID from the IAM Identity Center. If this parameter is empty it will be updated automatically when the user logs in for the first time to the mailbox associated with WorkMail. * **NextToken** *(string) --* The token to use to retrieve the next page of results. This value is *null* when there are no more results to return. **Exceptions** * "WorkMail.Client.exceptions.InvalidParameterException" * "WorkMail.Client.exceptions.OrganizationNotFoundException" * "WorkMail.Client.exceptions.OrganizationStateException" WorkMail / Client / describe_organization describe_organization ********************* WorkMail.Client.describe_organization(**kwargs) Provides more information regarding a given organization based on its identifier. See also: AWS API Documentation **Request Syntax** response = client.describe_organization( OrganizationId='string' ) Parameters: **OrganizationId** (*string*) -- **[REQUIRED]** The identifier for the organization to be described. Return type: dict Returns: **Response Syntax** { 'OrganizationId': 'string', 'Alias': 'string', 'State': 'string', 'DirectoryId': 'string', 'DirectoryType': 'string', 'DefaultMailDomain': 'string', 'CompletedDate': datetime(2015, 1, 1), 'ErrorMessage': 'string', 'ARN': 'string', 'MigrationAdmin': 'string', 'InteroperabilityEnabled': True|False } **Response Structure** * *(dict) --* * **OrganizationId** *(string) --* The identifier of an organization. * **Alias** *(string) --* The alias for an organization. * **State** *(string) --* The state of an organization. * **DirectoryId** *(string) --* The identifier for the directory associated with an WorkMail organization. * **DirectoryType** *(string) --* The type of directory associated with the WorkMail organization. * **DefaultMailDomain** *(string) --* The default mail domain associated with the organization. * **CompletedDate** *(datetime) --* The date at which the organization became usable in the WorkMail context, in UNIX epoch time format. * **ErrorMessage** *(string) --* (Optional) The error message indicating if unexpected behavior was encountered with regards to the organization. * **ARN** *(string) --* The Amazon Resource Name (ARN) of the organization. * **MigrationAdmin** *(string) --* The user ID of the migration admin if migration is enabled for the organization. * **InteroperabilityEnabled** *(boolean) --* Indicates if interoperability is enabled for this organization. **Exceptions** * "WorkMail.Client.exceptions.InvalidParameterException" * "WorkMail.Client.exceptions.OrganizationNotFoundException" WorkMail / Client / delete_user delete_user *********** WorkMail.Client.delete_user(**kwargs) Deletes a user from WorkMail and all subsequent systems. Before you can delete a user, the user state must be "DISABLED". Use the DescribeUser action to confirm the user state. Deleting a user is permanent and cannot be undone. WorkMail archives user mailboxes for 30 days before they are permanently removed. See also: AWS API Documentation **Request Syntax** response = client.delete_user( OrganizationId='string', UserId='string' ) Parameters: * **OrganizationId** (*string*) -- **[REQUIRED]** The organization that contains the user to be deleted. * **UserId** (*string*) -- **[REQUIRED]** The identifier of the user to be deleted. The identifier can be the *UserId* or *Username*. The following identity formats are available: * User ID: 12345678-1234-1234-1234-123456789012 or S-1-1-12-1234567890-123456789-123456789-1234 * User name: user Return type: dict Returns: **Response Syntax** {} **Response Structure** * *(dict) --* **Exceptions** * "WorkMail.Client.exceptions.DirectoryServiceAuthenticationFailed Exception" * "WorkMail.Client.exceptions.DirectoryUnavailableException" * "WorkMail.Client.exceptions.EntityStateException" * "WorkMail.Client.exceptions.InvalidParameterException" * "WorkMail.Client.exceptions.OrganizationNotFoundException" * "WorkMail.Client.exceptions.OrganizationStateException" * "WorkMail.Client.exceptions.UnsupportedOperationException" WorkMail / Client / get_mobile_device_access_effect get_mobile_device_access_effect ******************************* WorkMail.Client.get_mobile_device_access_effect(**kwargs) Simulates the effect of the mobile device access rules for the given attributes of a sample access event. Use this method to test the effects of the current set of mobile device access rules for the WorkMail organization for a particular user's attributes. See also: AWS API Documentation **Request Syntax** response = client.get_mobile_device_access_effect( OrganizationId='string', DeviceType='string', DeviceModel='string', DeviceOperatingSystem='string', DeviceUserAgent='string' ) Parameters: * **OrganizationId** (*string*) -- **[REQUIRED]** The WorkMail organization to simulate the access effect for. * **DeviceType** (*string*) -- Device type the simulated user will report. * **DeviceModel** (*string*) -- Device model the simulated user will report. * **DeviceOperatingSystem** (*string*) -- Device operating system the simulated user will report. * **DeviceUserAgent** (*string*) -- Device user agent the simulated user will report. Return type: dict Returns: **Response Syntax** { 'Effect': 'ALLOW'|'DENY', 'MatchedRules': [ { 'MobileDeviceAccessRuleId': 'string', 'Name': 'string' }, ] } **Response Structure** * *(dict) --* * **Effect** *(string) --* The effect of the simulated access, "ALLOW" or "DENY", after evaluating mobile device access rules in the WorkMail organization for the simulated user parameters. * **MatchedRules** *(list) --* A list of the rules which matched the simulated user input and produced the effect. * *(dict) --* The rule that a simulated user matches. * **MobileDeviceAccessRuleId** *(string) --* Identifier of the rule that a simulated user matches. * **Name** *(string) --* Name of a rule that a simulated user matches. **Exceptions** * "WorkMail.Client.exceptions.InvalidParameterException" * "WorkMail.Client.exceptions.OrganizationNotFoundException" * "WorkMail.Client.exceptions.OrganizationStateException" WorkMail / Client / list_availability_configurations list_availability_configurations ******************************** WorkMail.Client.list_availability_configurations(**kwargs) List all the "AvailabilityConfiguration"'s for the given WorkMail organization. See also: AWS API Documentation **Request Syntax** response = client.list_availability_configurations( OrganizationId='string', MaxResults=123, NextToken='string' ) Parameters: * **OrganizationId** (*string*) -- **[REQUIRED]** The WorkMail organization for which the "AvailabilityConfiguration"'s will be listed. * **MaxResults** (*integer*) -- The maximum number of results to return in a single call. * **NextToken** (*string*) -- The token to use to retrieve the next page of results. The first call does not require a token. Return type: dict Returns: **Response Syntax** { 'AvailabilityConfigurations': [ { 'DomainName': 'string', 'ProviderType': 'EWS'|'LAMBDA', 'EwsProvider': { 'EwsEndpoint': 'string', 'EwsUsername': 'string' }, 'LambdaProvider': { 'LambdaArn': 'string' }, 'DateCreated': datetime(2015, 1, 1), 'DateModified': datetime(2015, 1, 1) }, ], 'NextToken': 'string' } **Response Structure** * *(dict) --* * **AvailabilityConfigurations** *(list) --* The list of "AvailabilityConfiguration"'s that exist for the specified WorkMail organization. * *(dict) --* List all the "AvailabilityConfiguration"'s for the given WorkMail organization. * **DomainName** *(string) --* Displays the domain to which the provider applies. * **ProviderType** *(string) --* Displays the provider type that applies to this domain. * **EwsProvider** *(dict) --* If "ProviderType" is "EWS", then this field contains "RedactedEwsAvailabilityProvider". Otherwise, it is not required. * **EwsEndpoint** *(string) --* The endpoint of the remote EWS server. * **EwsUsername** *(string) --* The username used to authenticate the remote EWS server. * **LambdaProvider** *(dict) --* If ProviderType is "LAMBDA" then this field contains "LambdaAvailabilityProvider". Otherwise, it is not required. * **LambdaArn** *(string) --* The Amazon Resource Name (ARN) of the Lambda that acts as the availability provider. * **DateCreated** *(datetime) --* The date and time at which the availability configuration was created. * **DateModified** *(datetime) --* The date and time at which the availability configuration was last modified. * **NextToken** *(string) --* The token to use to retrieve the next page of results. The value is "null" when there are no further results to return. **Exceptions** * "WorkMail.Client.exceptions.OrganizationNotFoundException" * "WorkMail.Client.exceptions.OrganizationStateException" * "WorkMail.Client.exceptions.InvalidParameterException" WorkMail / Client / update_resource update_resource *************** WorkMail.Client.update_resource(**kwargs) Updates data for the resource. To have the latest information, it must be preceded by a DescribeResource call. The dataset in the request should be the one expected when performing another "DescribeResource" call. See also: AWS API Documentation **Request Syntax** response = client.update_resource( OrganizationId='string', ResourceId='string', Name='string', BookingOptions={ 'AutoAcceptRequests': True|False, 'AutoDeclineRecurringRequests': True|False, 'AutoDeclineConflictingRequests': True|False }, Description='string', Type='ROOM'|'EQUIPMENT', HiddenFromGlobalAddressList=True|False ) Parameters: * **OrganizationId** (*string*) -- **[REQUIRED]** The identifier associated with the organization for which the resource is updated. * **ResourceId** (*string*) -- **[REQUIRED]** The identifier of the resource to be updated. The identifier can accept *ResourceId*, *Resourcename*, or *email*. The following identity formats are available: * Resource ID: r-0123456789a0123456789b0123456789 * Email address: resource@domain.tld * Resource name: resource * **Name** (*string*) -- The name of the resource to be updated. * **BookingOptions** (*dict*) -- The resource's booking options to be updated. * **AutoAcceptRequests** *(boolean) --* The resource's ability to automatically reply to requests. If disabled, delegates must be associated to the resource. * **AutoDeclineRecurringRequests** *(boolean) --* The resource's ability to automatically decline any recurring requests. * **AutoDeclineConflictingRequests** *(boolean) --* The resource's ability to automatically decline any conflicting requests. * **Description** (*string*) -- Updates the resource description. * **Type** (*string*) -- Updates the resource type. * **HiddenFromGlobalAddressList** (*boolean*) -- If enabled, the resource is hidden from the global address list. Return type: dict Returns: **Response Syntax** {} **Response Structure** * *(dict) --* **Exceptions** * "WorkMail.Client.exceptions.DirectoryUnavailableException" * "WorkMail.Client.exceptions.EntityNotFoundException" * "WorkMail.Client.exceptions.EntityStateException" * "WorkMail.Client.exceptions.InvalidConfigurationException" * "WorkMail.Client.exceptions.EmailAddressInUseException" * "WorkMail.Client.exceptions.MailDomainNotFoundException" * "WorkMail.Client.exceptions.MailDomainStateException" * "WorkMail.Client.exceptions.NameAvailabilityException" * "WorkMail.Client.exceptions.OrganizationNotFoundException" * "WorkMail.Client.exceptions.OrganizationStateException" * "WorkMail.Client.exceptions.UnsupportedOperationException" * "WorkMail.Client.exceptions.InvalidParameterException" WorkMail / Client / list_organizations list_organizations ****************** WorkMail.Client.list_organizations(**kwargs) Returns summaries of the customer's organizations. See also: AWS API Documentation **Request Syntax** response = client.list_organizations( NextToken='string', MaxResults=123 ) Parameters: * **NextToken** (*string*) -- The token to use to retrieve the next page of results. The first call does not contain any tokens. * **MaxResults** (*integer*) -- The maximum number of results to return in a single call. Return type: dict Returns: **Response Syntax** { 'OrganizationSummaries': [ { 'OrganizationId': 'string', 'Alias': 'string', 'DefaultMailDomain': 'string', 'ErrorMessage': 'string', 'State': 'string' }, ], 'NextToken': 'string' } **Response Structure** * *(dict) --* * **OrganizationSummaries** *(list) --* The overview of owned organizations presented as a list of organization summaries. * *(dict) --* The representation of an organization. * **OrganizationId** *(string) --* The identifier associated with the organization. * **Alias** *(string) --* The alias associated with the organization. * **DefaultMailDomain** *(string) --* The default email domain associated with the organization. * **ErrorMessage** *(string) --* The error message associated with the organization. It is only present if unexpected behavior has occurred with regards to the organization. It provides insight or solutions regarding unexpected behavior. * **State** *(string) --* The state associated with the organization. * **NextToken** *(string) --* The token to use to retrieve the next page of results. The value is "null" when there are no more results to return. **Exceptions** * "WorkMail.Client.exceptions.InvalidParameterException" WorkMail / Client / describe_resource describe_resource ***************** WorkMail.Client.describe_resource(**kwargs) Returns the data available for the resource. See also: AWS API Documentation **Request Syntax** response = client.describe_resource( OrganizationId='string', ResourceId='string' ) Parameters: * **OrganizationId** (*string*) -- **[REQUIRED]** The identifier associated with the organization for which the resource is described. * **ResourceId** (*string*) -- **[REQUIRED]** The identifier of the resource to be described. The identifier can accept *ResourceId*, *Resourcename*, or *email*. The following identity formats are available: * Resource ID: r-0123456789a0123456789b0123456789 * Email address: resource@domain.tld * Resource name: resource Return type: dict Returns: **Response Syntax** { 'ResourceId': 'string', 'Email': 'string', 'Name': 'string', 'Type': 'ROOM'|'EQUIPMENT', 'BookingOptions': { 'AutoAcceptRequests': True|False, 'AutoDeclineRecurringRequests': True|False, 'AutoDeclineConflictingRequests': True|False }, 'State': 'ENABLED'|'DISABLED'|'DELETED', 'EnabledDate': datetime(2015, 1, 1), 'DisabledDate': datetime(2015, 1, 1), 'Description': 'string', 'HiddenFromGlobalAddressList': True|False } **Response Structure** * *(dict) --* * **ResourceId** *(string) --* The identifier of the described resource. * **Email** *(string) --* The email of the described resource. * **Name** *(string) --* The name of the described resource. * **Type** *(string) --* The type of the described resource. * **BookingOptions** *(dict) --* The booking options for the described resource. * **AutoAcceptRequests** *(boolean) --* The resource's ability to automatically reply to requests. If disabled, delegates must be associated to the resource. * **AutoDeclineRecurringRequests** *(boolean) --* The resource's ability to automatically decline any recurring requests. * **AutoDeclineConflictingRequests** *(boolean) --* The resource's ability to automatically decline any conflicting requests. * **State** *(string) --* The state of the resource: enabled (registered to WorkMail), disabled (deregistered or never registered to WorkMail), or deleted. * **EnabledDate** *(datetime) --* The date and time when a resource was enabled for WorkMail, in UNIX epoch time format. * **DisabledDate** *(datetime) --* The date and time when a resource was disabled from WorkMail, in UNIX epoch time format. * **Description** *(string) --* Description of the resource. * **HiddenFromGlobalAddressList** *(boolean) --* If enabled, the resource is hidden from the global address list. **Exceptions** * "WorkMail.Client.exceptions.EntityNotFoundException" * "WorkMail.Client.exceptions.InvalidParameterException" * "WorkMail.Client.exceptions.OrganizationNotFoundException" * "WorkMail.Client.exceptions.OrganizationStateException" * "WorkMail.Client.exceptions.UnsupportedOperationException" WorkMail / Client / associate_member_to_group associate_member_to_group ************************* WorkMail.Client.associate_member_to_group(**kwargs) Adds a member (user or group) to the group's set. See also: AWS API Documentation **Request Syntax** response = client.associate_member_to_group( OrganizationId='string', GroupId='string', MemberId='string' ) Parameters: * **OrganizationId** (*string*) -- **[REQUIRED]** The organization under which the group exists. * **GroupId** (*string*) -- **[REQUIRED]** The group to which the member (user or group) is associated. The identifier can accept *GroupId*, *Groupname*, or *email*. The following identity formats are available: * Group ID: 12345678-1234-1234-1234-123456789012 or S-1-1-12-1234567890-123456789-123456789-1234 * Email address: group@domain.tld * Group name: group * **MemberId** (*string*) -- **[REQUIRED]** The member (user or group) to associate to the group. The member ID can accept *UserID or GroupId*, *Username or Groupname*, or *email*. * Member: 12345678-1234-1234-1234-123456789012 or S-1-1-12-1234567890-123456789-123456789-1234 * Email address: member@domain.tld * Member name: member Return type: dict Returns: **Response Syntax** {} **Response Structure** * *(dict) --* **Exceptions** * "WorkMail.Client.exceptions.DirectoryServiceAuthenticationFailed Exception" * "WorkMail.Client.exceptions.DirectoryUnavailableException" * "WorkMail.Client.exceptions.EntityNotFoundException" * "WorkMail.Client.exceptions.EntityStateException" * "WorkMail.Client.exceptions.InvalidParameterException" * "WorkMail.Client.exceptions.OrganizationNotFoundException" * "WorkMail.Client.exceptions.OrganizationStateException" * "WorkMail.Client.exceptions.UnsupportedOperationException" WorkMail / Client / assume_impersonation_role assume_impersonation_role ************************* WorkMail.Client.assume_impersonation_role(**kwargs) Assumes an impersonation role for the given WorkMail organization. This method returns an authentication token you can use to make impersonated calls. See also: AWS API Documentation **Request Syntax** response = client.assume_impersonation_role( OrganizationId='string', ImpersonationRoleId='string' ) Parameters: * **OrganizationId** (*string*) -- **[REQUIRED]** The WorkMail organization under which the impersonation role will be assumed. * **ImpersonationRoleId** (*string*) -- **[REQUIRED]** The impersonation role ID to assume. Return type: dict Returns: **Response Syntax** { 'Token': 'string', 'ExpiresIn': 123 } **Response Structure** * *(dict) --* * **Token** *(string) --* The authentication token for the impersonation role. * **ExpiresIn** *(integer) --* The authentication token's validity, in seconds. **Exceptions** * "WorkMail.Client.exceptions.InvalidParameterException" * "WorkMail.Client.exceptions.OrganizationNotFoundException" * "WorkMail.Client.exceptions.OrganizationStateException" * "WorkMail.Client.exceptions.ResourceNotFoundException" WorkMail / Client / update_mailbox_quota update_mailbox_quota ******************** WorkMail.Client.update_mailbox_quota(**kwargs) Updates a user's current mailbox quota for a specified organization and user. See also: AWS API Documentation **Request Syntax** response = client.update_mailbox_quota( OrganizationId='string', UserId='string', MailboxQuota=123 ) Parameters: * **OrganizationId** (*string*) -- **[REQUIRED]** The identifier for the organization that contains the user for whom to update the mailbox quota. * **UserId** (*string*) -- **[REQUIRED]** The identifer for the user for whom to update the mailbox quota. The identifier can be the *UserId*, *Username*, or *email*. The following identity formats are available: * User ID: 12345678-1234-1234-1234-123456789012 or S-1-1-12-1234567890-123456789-123456789-1234 * Email address: user@domain.tld * User name: user * **MailboxQuota** (*integer*) -- **[REQUIRED]** The updated mailbox quota, in MB, for the specified user. Return type: dict Returns: **Response Syntax** {} **Response Structure** * *(dict) --* **Exceptions** * "WorkMail.Client.exceptions.InvalidParameterException" * "WorkMail.Client.exceptions.OrganizationNotFoundException" * "WorkMail.Client.exceptions.OrganizationStateException" * "WorkMail.Client.exceptions.EntityNotFoundException" * "WorkMail.Client.exceptions.EntityStateException" WorkMail / Client / get_mailbox_details get_mailbox_details ******************* WorkMail.Client.get_mailbox_details(**kwargs) Requests a user's mailbox details for a specified organization and user. See also: AWS API Documentation **Request Syntax** response = client.get_mailbox_details( OrganizationId='string', UserId='string' ) Parameters: * **OrganizationId** (*string*) -- **[REQUIRED]** The identifier for the organization that contains the user whose mailbox details are being requested. * **UserId** (*string*) -- **[REQUIRED]** The identifier for the user whose mailbox details are being requested. The identifier can be the *UserId*, *Username*, or *email*. The following identity formats are available: * User ID: 12345678-1234-1234-1234-123456789012 or S-1-1-12-1234567890-123456789-123456789-1234 * Email address: user@domain.tld * User name: user Return type: dict Returns: **Response Syntax** { 'MailboxQuota': 123, 'MailboxSize': 123.0 } **Response Structure** * *(dict) --* * **MailboxQuota** *(integer) --* The maximum allowed mailbox size, in MB, for the specified user. * **MailboxSize** *(float) --* The current mailbox size, in MB, for the specified user. **Exceptions** * "WorkMail.Client.exceptions.InvalidParameterException" * "WorkMail.Client.exceptions.OrganizationNotFoundException" * "WorkMail.Client.exceptions.OrganizationStateException" * "WorkMail.Client.exceptions.EntityNotFoundException" WorkMail / Client / cancel_mailbox_export_job cancel_mailbox_export_job ************************* WorkMail.Client.cancel_mailbox_export_job(**kwargs) Cancels a mailbox export job. Note: If the mailbox export job is near completion, it might not be possible to cancel it. See also: AWS API Documentation **Request Syntax** response = client.cancel_mailbox_export_job( ClientToken='string', JobId='string', OrganizationId='string' ) Parameters: * **ClientToken** (*string*) -- **[REQUIRED]** The idempotency token for the client request. This field is autopopulated if not provided. * **JobId** (*string*) -- **[REQUIRED]** The job ID. * **OrganizationId** (*string*) -- **[REQUIRED]** The organization ID. Return type: dict Returns: **Response Syntax** {} **Response Structure** * *(dict) --* **Exceptions** * "WorkMail.Client.exceptions.InvalidParameterException" * "WorkMail.Client.exceptions.OrganizationNotFoundException" * "WorkMail.Client.exceptions.OrganizationStateException" * "WorkMail.Client.exceptions.EntityNotFoundException" WorkMail / Client / get_impersonation_role get_impersonation_role ********************** WorkMail.Client.get_impersonation_role(**kwargs) Gets the impersonation role details for the given WorkMail organization. See also: AWS API Documentation **Request Syntax** response = client.get_impersonation_role( OrganizationId='string', ImpersonationRoleId='string' ) Parameters: * **OrganizationId** (*string*) -- **[REQUIRED]** The WorkMail organization from which to retrieve the impersonation role. * **ImpersonationRoleId** (*string*) -- **[REQUIRED]** The impersonation role ID to retrieve. Return type: dict Returns: **Response Syntax** { 'ImpersonationRoleId': 'string', 'Name': 'string', 'Type': 'FULL_ACCESS'|'READ_ONLY', 'Description': 'string', 'Rules': [ { 'ImpersonationRuleId': 'string', 'Name': 'string', 'Description': 'string', 'Effect': 'ALLOW'|'DENY', 'TargetUsers': [ 'string', ], 'NotTargetUsers': [ 'string', ] }, ], 'DateCreated': datetime(2015, 1, 1), 'DateModified': datetime(2015, 1, 1) } **Response Structure** * *(dict) --* * **ImpersonationRoleId** *(string) --* The impersonation role ID. * **Name** *(string) --* The impersonation role name. * **Type** *(string) --* The impersonation role type. * **Description** *(string) --* The impersonation role description. * **Rules** *(list) --* The list of rules for the given impersonation role. * *(dict) --* The rules for the given impersonation role. * **ImpersonationRuleId** *(string) --* The identifier of the rule. * **Name** *(string) --* The rule name. * **Description** *(string) --* The rule description. * **Effect** *(string) --* The effect of the rule when it matches the input. Allowed effect values are "ALLOW" or "DENY". * **TargetUsers** *(list) --* A list of user IDs that match the rule. * *(string) --* * **NotTargetUsers** *(list) --* A list of user IDs that don't match the rule. * *(string) --* * **DateCreated** *(datetime) --* The date when the impersonation role was created. * **DateModified** *(datetime) --* The date when the impersonation role was last modified. **Exceptions** * "WorkMail.Client.exceptions.InvalidParameterException" * "WorkMail.Client.exceptions.OrganizationNotFoundException" * "WorkMail.Client.exceptions.OrganizationStateException" * "WorkMail.Client.exceptions.ResourceNotFoundException" WorkMail / Client / put_identity_provider_configuration put_identity_provider_configuration *********************************** WorkMail.Client.put_identity_provider_configuration(**kwargs) Enables integration between IAM Identity Center (IdC) and WorkMail to proxy authentication requests for mailbox users. You can connect your IdC directory or your external directory to WorkMail through IdC and manage access to WorkMail mailboxes in a single place. For enhanced protection, you could enable Multifactor Authentication (MFA) and Personal Access Tokens. See also: AWS API Documentation **Request Syntax** response = client.put_identity_provider_configuration( OrganizationId='string', AuthenticationMode='IDENTITY_PROVIDER_ONLY'|'IDENTITY_PROVIDER_AND_DIRECTORY', IdentityCenterConfiguration={ 'InstanceArn': 'string', 'ApplicationArn': 'string' }, PersonalAccessTokenConfiguration={ 'Status': 'ACTIVE'|'INACTIVE', 'LifetimeInDays': 123 } ) Parameters: * **OrganizationId** (*string*) -- **[REQUIRED]** The ID of the WorkMail Organization. * **AuthenticationMode** (*string*) -- **[REQUIRED]** The authentication mode used in WorkMail. * **IdentityCenterConfiguration** (*dict*) -- **[REQUIRED]** The details of the IAM Identity Center configuration. * **InstanceArn** *(string) --* **[REQUIRED]** The Amazon Resource Name (ARN) of the of IAM Identity Center instance. Must be in the same AWS account and region as WorkMail organization. * **ApplicationArn** *(string) --* **[REQUIRED]** The Amazon Resource Name (ARN) of IAMIdentity Center Application for WorkMail. Must be created by the WorkMail API, see CreateIdentityCenterApplication. * **PersonalAccessTokenConfiguration** (*dict*) -- **[REQUIRED]** The details of the Personal Access Token configuration. * **Status** *(string) --* **[REQUIRED]** The status of the Personal Access Token allowed for the organization. * *Active* - Mailbox users can login to the web application and choose *Settings* to see the new *Personal Access Tokens* page to create and delete the Personal Access Tokens. Mailbox users can use the Personal Access Tokens to set up mailbox connection from desktop or mobile email clients. * *Inactive* - Personal Access Tokens are disabled for your organization. Mailbox users can’t create, list, or delete Personal Access Tokens and can’t use them to connect to their mailboxes from desktop or mobile email clients. * **LifetimeInDays** *(integer) --* The validity of the Personal Access Token status in days. Return type: dict Returns: **Response Syntax** {} **Response Structure** * *(dict) --* **Exceptions** * "WorkMail.Client.exceptions.InvalidParameterException" * "WorkMail.Client.exceptions.OrganizationNotFoundException" * "WorkMail.Client.exceptions.OrganizationStateException" * "WorkMail.Client.exceptions.ResourceNotFoundException" WorkMail / Client / delete_organization delete_organization ******************* WorkMail.Client.delete_organization(**kwargs) Deletes an WorkMail organization and all underlying AWS resources managed by WorkMail as part of the organization. You can choose whether to delete the associated directory. For more information, see Removing an organization in the *WorkMail Administrator Guide*. See also: AWS API Documentation **Request Syntax** response = client.delete_organization( ClientToken='string', OrganizationId='string', DeleteDirectory=True|False, ForceDelete=True|False, DeleteIdentityCenterApplication=True|False ) Parameters: * **ClientToken** (*string*) -- The idempotency token associated with the request. This field is autopopulated if not provided. * **OrganizationId** (*string*) -- **[REQUIRED]** The organization ID. * **DeleteDirectory** (*boolean*) -- **[REQUIRED]** If true, deletes the AWS Directory Service directory associated with the organization. * **ForceDelete** (*boolean*) -- Deletes a WorkMail organization even if the organization has enabled users. * **DeleteIdentityCenterApplication** (*boolean*) -- Deletes IAM Identity Center application for WorkMail. This action does not affect authentication settings for any organization. Return type: dict Returns: **Response Syntax** { 'OrganizationId': 'string', 'State': 'string' } **Response Structure** * *(dict) --* * **OrganizationId** *(string) --* The organization ID. * **State** *(string) --* The state of the organization. **Exceptions** * "WorkMail.Client.exceptions.InvalidParameterException" * "WorkMail.Client.exceptions.OrganizationNotFoundException" * "WorkMail.Client.exceptions.OrganizationStateException" WorkMail / Client / list_personal_access_tokens list_personal_access_tokens *************************** WorkMail.Client.list_personal_access_tokens(**kwargs) Returns a summary of your Personal Access Tokens. See also: AWS API Documentation **Request Syntax** response = client.list_personal_access_tokens( OrganizationId='string', UserId='string', NextToken='string', MaxResults=123 ) Parameters: * **OrganizationId** (*string*) -- **[REQUIRED]** The Organization ID. * **UserId** (*string*) -- The WorkMail User ID. * **NextToken** (*string*) -- The token from the previous response to query the next page. * **MaxResults** (*integer*) -- The maximum amount of items that should be returned in a response. Return type: dict Returns: **Response Syntax** { 'NextToken': 'string', 'PersonalAccessTokenSummaries': [ { 'PersonalAccessTokenId': 'string', 'UserId': 'string', 'Name': 'string', 'DateCreated': datetime(2015, 1, 1), 'DateLastUsed': datetime(2015, 1, 1), 'ExpiresTime': datetime(2015, 1, 1), 'Scopes': [ 'string', ] }, ] } **Response Structure** * *(dict) --* * **NextToken** *(string) --* The token from the previous response to query the next page. * **PersonalAccessTokenSummaries** *(list) --* Lists all the personal tokens in an organization or user, if user ID is provided. * *(dict) --* The summary of the Personal Access Token. * **PersonalAccessTokenId** *(string) --* The ID of the Personal Access Token. * **UserId** *(string) --* The user ID of the WorkMail user associated with the Personal Access Token. * **Name** *(string) --* The name of the Personal Access Token. * **DateCreated** *(datetime) --* The date when the Personal Access Token was created. * **DateLastUsed** *(datetime) --* The date when the Personal Access Token was last used. * **ExpiresTime** *(datetime) --* The date when the Personal Access Token will expire. * **Scopes** *(list) --* Lists all the Personal Access Token permissions for a mailbox. * *(string) --* **Exceptions** * "WorkMail.Client.exceptions.InvalidParameterException" * "WorkMail.Client.exceptions.EntityNotFoundException" * "WorkMail.Client.exceptions.EntityStateException" * "WorkMail.Client.exceptions.OrganizationNotFoundException" * "WorkMail.Client.exceptions.OrganizationStateException" WorkMail / Client / put_retention_policy put_retention_policy ******************** WorkMail.Client.put_retention_policy(**kwargs) Puts a retention policy to the specified organization. See also: AWS API Documentation **Request Syntax** response = client.put_retention_policy( OrganizationId='string', Id='string', Name='string', Description='string', FolderConfigurations=[ { 'Name': 'INBOX'|'DELETED_ITEMS'|'SENT_ITEMS'|'DRAFTS'|'JUNK_EMAIL', 'Action': 'NONE'|'DELETE'|'PERMANENTLY_DELETE', 'Period': 123 }, ] ) Parameters: * **OrganizationId** (*string*) -- **[REQUIRED]** The organization ID. * **Id** (*string*) -- The retention policy ID. * **Name** (*string*) -- **[REQUIRED]** The retention policy name. * **Description** (*string*) -- The retention policy description. * **FolderConfigurations** (*list*) -- **[REQUIRED]** The retention policy folder configurations. * *(dict) --* The configuration applied to an organization's folders by its retention policy. * **Name** *(string) --* **[REQUIRED]** The folder name. * **Action** *(string) --* **[REQUIRED]** The action to take on the folder contents at the end of the folder configuration period. * **Period** *(integer) --* The number of days for which the folder-configuration action applies. Return type: dict Returns: **Response Syntax** {} **Response Structure** * *(dict) --* **Exceptions** * "WorkMail.Client.exceptions.InvalidParameterException" * "WorkMail.Client.exceptions.OrganizationNotFoundException" * "WorkMail.Client.exceptions.OrganizationStateException" * "WorkMail.Client.exceptions.LimitExceededException" WorkMail / Client / disassociate_member_from_group disassociate_member_from_group ****************************** WorkMail.Client.disassociate_member_from_group(**kwargs) Removes a member from a group. See also: AWS API Documentation **Request Syntax** response = client.disassociate_member_from_group( OrganizationId='string', GroupId='string', MemberId='string' ) Parameters: * **OrganizationId** (*string*) -- **[REQUIRED]** The identifier for the organization under which the group exists. * **GroupId** (*string*) -- **[REQUIRED]** The identifier for the group from which members are removed. The identifier can accept *GroupId*, *Groupname*, or *email*. The following identity formats are available: * Group ID: 12345678-1234-1234-1234-123456789012 or S-1-1-12-1234567890-123456789-123456789-1234 * Email address: group@domain.tld * Group name: group * **MemberId** (*string*) -- **[REQUIRED]** The identifier for the member to be removed from the group. The member ID can accept *UserID or GroupId*, *Username or Groupname*, or *email*. * Member ID: 12345678-1234-1234-1234-123456789012 or S-1-1-12-1234567890-123456789-123456789-1234 * Email address: member@domain.tld * Member name: member Return type: dict Returns: **Response Syntax** {} **Response Structure** * *(dict) --* **Exceptions** * "WorkMail.Client.exceptions.DirectoryServiceAuthenticationFailed Exception" * "WorkMail.Client.exceptions.DirectoryUnavailableException" * "WorkMail.Client.exceptions.EntityNotFoundException" * "WorkMail.Client.exceptions.EntityStateException" * "WorkMail.Client.exceptions.InvalidParameterException" * "WorkMail.Client.exceptions.OrganizationNotFoundException" * "WorkMail.Client.exceptions.OrganizationStateException" * "WorkMail.Client.exceptions.UnsupportedOperationException" WorkMail / Client / associate_delegate_to_resource associate_delegate_to_resource ****************************** WorkMail.Client.associate_delegate_to_resource(**kwargs) Adds a member (user or group) to the resource's set of delegates. See also: AWS API Documentation **Request Syntax** response = client.associate_delegate_to_resource( OrganizationId='string', ResourceId='string', EntityId='string' ) Parameters: * **OrganizationId** (*string*) -- **[REQUIRED]** The organization under which the resource exists. * **ResourceId** (*string*) -- **[REQUIRED]** The resource for which members (users or groups) are associated. The identifier can accept *ResourceId*, *Resourcename*, or *email*. The following identity formats are available: * Resource ID: r-0123456789a0123456789b0123456789 * Email address: resource@domain.tld * Resource name: resource * **EntityId** (*string*) -- **[REQUIRED]** The member (user or group) to associate to the resource. The entity ID can accept *UserId or GroupID*, *Username or Groupname*, or *email*. * Entity: 12345678-1234-1234-1234-123456789012 or S-1-1-12-1234567890-123456789-123456789-1234 * Email address: entity@domain.tld * Entity: entity Return type: dict Returns: **Response Syntax** {} **Response Structure** * *(dict) --* **Exceptions** * "WorkMail.Client.exceptions.EntityNotFoundException" * "WorkMail.Client.exceptions.EntityStateException" * "WorkMail.Client.exceptions.InvalidParameterException" * "WorkMail.Client.exceptions.OrganizationNotFoundException" * "WorkMail.Client.exceptions.OrganizationStateException" * "WorkMail.Client.exceptions.UnsupportedOperationException" WorkMail / Client / get_personal_access_token_metadata get_personal_access_token_metadata ********************************** WorkMail.Client.get_personal_access_token_metadata(**kwargs) Requests details of a specific Personal Access Token within the WorkMail organization. See also: AWS API Documentation **Request Syntax** response = client.get_personal_access_token_metadata( OrganizationId='string', PersonalAccessTokenId='string' ) Parameters: * **OrganizationId** (*string*) -- **[REQUIRED]** The Organization ID. * **PersonalAccessTokenId** (*string*) -- **[REQUIRED]** The Personal Access Token ID. Return type: dict Returns: **Response Syntax** { 'PersonalAccessTokenId': 'string', 'UserId': 'string', 'Name': 'string', 'DateCreated': datetime(2015, 1, 1), 'DateLastUsed': datetime(2015, 1, 1), 'ExpiresTime': datetime(2015, 1, 1), 'Scopes': [ 'string', ] } **Response Structure** * *(dict) --* * **PersonalAccessTokenId** *(string) --* The Personal Access Token ID. * **UserId** *(string) --* The WorkMail User ID. * **Name** *(string) --* The Personal Access Token name. * **DateCreated** *(datetime) --* The date when the Personal Access Token ID was created. * **DateLastUsed** *(datetime) --* The date when the Personal Access Token ID was last used. * **ExpiresTime** *(datetime) --* The time when the Personal Access Token ID will expire. * **Scopes** *(list) --* Lists all the Personal Access Token permissions for a mailbox. * *(string) --* **Exceptions** * "WorkMail.Client.exceptions.ResourceNotFoundException" * "WorkMail.Client.exceptions.InvalidParameterException" * "WorkMail.Client.exceptions.OrganizationNotFoundException" * "WorkMail.Client.exceptions.OrganizationStateException" WorkMail / Client / list_mobile_device_access_overrides list_mobile_device_access_overrides *********************************** WorkMail.Client.list_mobile_device_access_overrides(**kwargs) Lists all the mobile device access overrides for any given combination of WorkMail organization, user, or device. See also: AWS API Documentation **Request Syntax** response = client.list_mobile_device_access_overrides( OrganizationId='string', UserId='string', DeviceId='string', NextToken='string', MaxResults=123 ) Parameters: * **OrganizationId** (*string*) -- **[REQUIRED]** The WorkMail organization under which to list mobile device access overrides. * **UserId** (*string*) -- The WorkMail user under which you list the mobile device access overrides. Accepts the following types of user identities: * User ID: "12345678-1234-1234-1234-123456789012" or "S-1-1-12-1234567890-123456789-123456789-1234" * Email address: "user@domain.tld" * User name: "user" * **DeviceId** (*string*) -- The mobile device to which the access override applies. * **NextToken** (*string*) -- The token to use to retrieve the next page of results. The first call does not require a token. * **MaxResults** (*integer*) -- The maximum number of results to return in a single call. Return type: dict Returns: **Response Syntax** { 'Overrides': [ { 'UserId': 'string', 'DeviceId': 'string', 'Effect': 'ALLOW'|'DENY', 'Description': 'string', 'DateCreated': datetime(2015, 1, 1), 'DateModified': datetime(2015, 1, 1) }, ], 'NextToken': 'string' } **Response Structure** * *(dict) --* * **Overrides** *(list) --* The list of mobile device access overrides that exist for the specified WorkMail organization and user. * *(dict) --* The override object. * **UserId** *(string) --* The WorkMail user to which the access override applies. * **DeviceId** *(string) --* The device to which the override applies. * **Effect** *(string) --* The effect of the override, "ALLOW" or "DENY". * **Description** *(string) --* A description of the override. * **DateCreated** *(datetime) --* The date the override was first created. * **DateModified** *(datetime) --* The date the override was last modified. * **NextToken** *(string) --* The token to use to retrieve the next page of results. The value is “null” when there are no more results to return. **Exceptions** * "WorkMail.Client.exceptions.InvalidParameterException" * "WorkMail.Client.exceptions.OrganizationNotFoundException" * "WorkMail.Client.exceptions.OrganizationStateException" * "WorkMail.Client.exceptions.EntityNotFoundException" WorkMail / Client / describe_user describe_user ************* WorkMail.Client.describe_user(**kwargs) Provides information regarding the user. See also: AWS API Documentation **Request Syntax** response = client.describe_user( OrganizationId='string', UserId='string' ) Parameters: * **OrganizationId** (*string*) -- **[REQUIRED]** The identifier for the organization under which the user exists. * **UserId** (*string*) -- **[REQUIRED]** The identifier for the user to be described. The identifier can be the *UserId*, *Username*, or *email*. The following identity formats are available: * User ID: 12345678-1234-1234-1234-123456789012 or S-1-1-12-1234567890-123456789-123456789-1234 * Email address: user@domain.tld * User name: user Return type: dict Returns: **Response Syntax** { 'UserId': 'string', 'Name': 'string', 'Email': 'string', 'DisplayName': 'string', 'State': 'ENABLED'|'DISABLED'|'DELETED', 'UserRole': 'USER'|'RESOURCE'|'SYSTEM_USER'|'REMOTE_USER', 'EnabledDate': datetime(2015, 1, 1), 'DisabledDate': datetime(2015, 1, 1), 'MailboxProvisionedDate': datetime(2015, 1, 1), 'MailboxDeprovisionedDate': datetime(2015, 1, 1), 'FirstName': 'string', 'LastName': 'string', 'HiddenFromGlobalAddressList': True|False, 'Initials': 'string', 'Telephone': 'string', 'Street': 'string', 'JobTitle': 'string', 'City': 'string', 'Company': 'string', 'ZipCode': 'string', 'Department': 'string', 'Country': 'string', 'Office': 'string', 'IdentityProviderUserId': 'string', 'IdentityProviderIdentityStoreId': 'string' } **Response Structure** * *(dict) --* * **UserId** *(string) --* The identifier for the described user. * **Name** *(string) --* The name for the user. * **Email** *(string) --* The email of the user. * **DisplayName** *(string) --* The display name of the user. * **State** *(string) --* The state of a user: enabled (registered to WorkMail) or disabled (deregistered or never registered to WorkMail). * **UserRole** *(string) --* In certain cases, other entities are modeled as users. If interoperability is enabled, resources are imported into WorkMail as users. Because different WorkMail organizations rely on different directory types, administrators can distinguish between an unregistered user (account is disabled and has a user role) and the directory administrators. The values are USER, RESOURCE, SYSTEM_USER, and REMOTE_USER. * **EnabledDate** *(datetime) --* The date and time at which the user was enabled for WorkMailusage, in UNIX epoch time format. * **DisabledDate** *(datetime) --* The date and time at which the user was disabled for WorkMail usage, in UNIX epoch time format. * **MailboxProvisionedDate** *(datetime) --* The date when the mailbox was created for the user. * **MailboxDeprovisionedDate** *(datetime) --* The date when the mailbox was removed for the user. * **FirstName** *(string) --* First name of the user. * **LastName** *(string) --* Last name of the user. * **HiddenFromGlobalAddressList** *(boolean) --* If enabled, the user is hidden from the global address list. * **Initials** *(string) --* Initials of the user. * **Telephone** *(string) --* User's contact number. * **Street** *(string) --* Street where the user is located. * **JobTitle** *(string) --* Job title of the user. * **City** *(string) --* City where the user is located. * **Company** *(string) --* Company of the user. * **ZipCode** *(string) --* Zip code of the user. * **Department** *(string) --* Department of the user. * **Country** *(string) --* Country where the user is located. * **Office** *(string) --* Office where the user is located. * **IdentityProviderUserId** *(string) --* User ID from the IAM Identity Center. If this parameter is empty it will be updated automatically when the user logs in for the first time to the mailbox associated with WorkMail. * **IdentityProviderIdentityStoreId** *(string) --* Identity Store ID from the IAM Identity Center. If this parameter is empty it will be updated automatically when the user logs in for the first time to the mailbox associated with WorkMail. **Exceptions** * "WorkMail.Client.exceptions.DirectoryServiceAuthenticationFailed Exception" * "WorkMail.Client.exceptions.DirectoryUnavailableException" * "WorkMail.Client.exceptions.EntityNotFoundException" * "WorkMail.Client.exceptions.InvalidParameterException" * "WorkMail.Client.exceptions.OrganizationNotFoundException" * "WorkMail.Client.exceptions.OrganizationStateException" WorkMail / Client / delete_retention_policy delete_retention_policy *********************** WorkMail.Client.delete_retention_policy(**kwargs) Deletes the specified retention policy from the specified organization. See also: AWS API Documentation **Request Syntax** response = client.delete_retention_policy( OrganizationId='string', Id='string' ) Parameters: * **OrganizationId** (*string*) -- **[REQUIRED]** The organization ID. * **Id** (*string*) -- **[REQUIRED]** The retention policy ID. Return type: dict Returns: **Response Syntax** {} **Response Structure** * *(dict) --* **Exceptions** * "WorkMail.Client.exceptions.InvalidParameterException" * "WorkMail.Client.exceptions.OrganizationNotFoundException" * "WorkMail.Client.exceptions.OrganizationStateException" WorkMail / Client / list_group_members list_group_members ****************** WorkMail.Client.list_group_members(**kwargs) Returns an overview of the members of a group. Users and groups can be members of a group. See also: AWS API Documentation **Request Syntax** response = client.list_group_members( OrganizationId='string', GroupId='string', NextToken='string', MaxResults=123 ) Parameters: * **OrganizationId** (*string*) -- **[REQUIRED]** The identifier for the organization under which the group exists. * **GroupId** (*string*) -- **[REQUIRED]** The identifier for the group to which the members (users or groups) are associated. The identifier can accept *GroupId*, *Groupname*, or *email*. The following identity formats are available: * Group ID: 12345678-1234-1234-1234-123456789012 or S-1-1-12-1234567890-123456789-123456789-1234 * Email address: group@domain.tld * Group name: group * **NextToken** (*string*) -- The token to use to retrieve the next page of results. The first call does not contain any tokens. * **MaxResults** (*integer*) -- The maximum number of results to return in a single call. Return type: dict Returns: **Response Syntax** { 'Members': [ { 'Id': 'string', 'Name': 'string', 'Type': 'GROUP'|'USER', 'State': 'ENABLED'|'DISABLED'|'DELETED', 'EnabledDate': datetime(2015, 1, 1), 'DisabledDate': datetime(2015, 1, 1) }, ], 'NextToken': 'string' } **Response Structure** * *(dict) --* * **Members** *(list) --* The members associated to the group. * *(dict) --* The representation of a user or group. * **Id** *(string) --* The identifier of the member. * **Name** *(string) --* The name of the member. * **Type** *(string) --* A member can be a user or group. * **State** *(string) --* The state of the member, which can be ENABLED, DISABLED, or DELETED. * **EnabledDate** *(datetime) --* The date indicating when the member was enabled for WorkMail use. * **DisabledDate** *(datetime) --* The date indicating when the member was disabled from WorkMail use. * **NextToken** *(string) --* The token to use to retrieve the next page of results. The first call does not contain any tokens. **Exceptions** * "WorkMail.Client.exceptions.EntityNotFoundException" * "WorkMail.Client.exceptions.EntityStateException" * "WorkMail.Client.exceptions.InvalidParameterException" * "WorkMail.Client.exceptions.OrganizationNotFoundException" * "WorkMail.Client.exceptions.OrganizationStateException" WorkMail / Client / create_resource create_resource *************** WorkMail.Client.create_resource(**kwargs) Creates a new WorkMail resource. See also: AWS API Documentation **Request Syntax** response = client.create_resource( OrganizationId='string', Name='string', Type='ROOM'|'EQUIPMENT', Description='string', HiddenFromGlobalAddressList=True|False ) Parameters: * **OrganizationId** (*string*) -- **[REQUIRED]** The identifier associated with the organization for which the resource is created. * **Name** (*string*) -- **[REQUIRED]** The name of the new resource. * **Type** (*string*) -- **[REQUIRED]** The type of the new resource. The available types are "equipment" and "room". * **Description** (*string*) -- Resource description. * **HiddenFromGlobalAddressList** (*boolean*) -- If this parameter is enabled, the resource will be hidden from the address book. Return type: dict Returns: **Response Syntax** { 'ResourceId': 'string' } **Response Structure** * *(dict) --* * **ResourceId** *(string) --* The identifier of the new resource. **Exceptions** * "WorkMail.Client.exceptions.DirectoryServiceAuthenticationFailed Exception" * "WorkMail.Client.exceptions.DirectoryUnavailableException" * "WorkMail.Client.exceptions.InvalidParameterException" * "WorkMail.Client.exceptions.NameAvailabilityException" * "WorkMail.Client.exceptions.OrganizationNotFoundException" * "WorkMail.Client.exceptions.OrganizationStateException" * "WorkMail.Client.exceptions.ReservedNameException" * "WorkMail.Client.exceptions.UnsupportedOperationException" WorkMail / Client / test_availability_configuration test_availability_configuration ******************************* WorkMail.Client.test_availability_configuration(**kwargs) Performs a test on an availability provider to ensure that access is allowed. For EWS, it verifies the provided credentials can be used to successfully log in. For Lambda, it verifies that the Lambda function can be invoked and that the resource access policy was configured to deny anonymous access. An anonymous invocation is one done without providing either a "SourceArn" or "SourceAccount" header. Note: The request must contain either one provider definition ( "EwsProvider" or "LambdaProvider") or the "DomainName" parameter. If the "DomainName" parameter is provided, the configuration stored under the "DomainName" will be tested. See also: AWS API Documentation **Request Syntax** response = client.test_availability_configuration( OrganizationId='string', DomainName='string', EwsProvider={ 'EwsEndpoint': 'string', 'EwsUsername': 'string', 'EwsPassword': 'string' }, LambdaProvider={ 'LambdaArn': 'string' } ) Parameters: * **OrganizationId** (*string*) -- **[REQUIRED]** The WorkMail organization where the availability provider will be tested. * **DomainName** (*string*) -- The domain to which the provider applies. If this field is provided, a stored availability provider associated to this domain name will be tested. * **EwsProvider** (*dict*) -- Describes an EWS based availability provider. This is only used as input to the service. * **EwsEndpoint** *(string) --* **[REQUIRED]** The endpoint of the remote EWS server. * **EwsUsername** *(string) --* **[REQUIRED]** The username used to authenticate the remote EWS server. * **EwsPassword** *(string) --* **[REQUIRED]** The password used to authenticate the remote EWS server. * **LambdaProvider** (*dict*) -- Describes a Lambda based availability provider. * **LambdaArn** *(string) --* **[REQUIRED]** The Amazon Resource Name (ARN) of the Lambda that acts as the availability provider. Return type: dict Returns: **Response Syntax** { 'TestPassed': True|False, 'FailureReason': 'string' } **Response Structure** * *(dict) --* * **TestPassed** *(boolean) --* Boolean indicating whether the test passed or failed. * **FailureReason** *(string) --* String containing the reason for a failed test if "TestPassed" is false. **Exceptions** * "WorkMail.Client.exceptions.OrganizationNotFoundException" * "WorkMail.Client.exceptions.OrganizationStateException" * "WorkMail.Client.exceptions.ResourceNotFoundException" * "WorkMail.Client.exceptions.InvalidParameterException" WorkMail / Client / create_group create_group ************ WorkMail.Client.create_group(**kwargs) Creates a group that can be used in WorkMail by calling the RegisterToWorkMail operation. See also: AWS API Documentation **Request Syntax** response = client.create_group( OrganizationId='string', Name='string', HiddenFromGlobalAddressList=True|False ) Parameters: * **OrganizationId** (*string*) -- **[REQUIRED]** The organization under which the group is to be created. * **Name** (*string*) -- **[REQUIRED]** The name of the group. * **HiddenFromGlobalAddressList** (*boolean*) -- If this parameter is enabled, the group will be hidden from the address book. Return type: dict Returns: **Response Syntax** { 'GroupId': 'string' } **Response Structure** * *(dict) --* * **GroupId** *(string) --* The identifier of the group. **Exceptions** * "WorkMail.Client.exceptions.DirectoryServiceAuthenticationFailed Exception" * "WorkMail.Client.exceptions.DirectoryUnavailableException" * "WorkMail.Client.exceptions.InvalidParameterException" * "WorkMail.Client.exceptions.NameAvailabilityException" * "WorkMail.Client.exceptions.OrganizationNotFoundException" * "WorkMail.Client.exceptions.OrganizationStateException" * "WorkMail.Client.exceptions.ReservedNameException" * "WorkMail.Client.exceptions.UnsupportedOperationException" WorkMail / Client / put_email_monitoring_configuration put_email_monitoring_configuration ********************************** WorkMail.Client.put_email_monitoring_configuration(**kwargs) Creates or updates the email monitoring configuration for a specified organization. See also: AWS API Documentation **Request Syntax** response = client.put_email_monitoring_configuration( OrganizationId='string', RoleArn='string', LogGroupArn='string' ) Parameters: * **OrganizationId** (*string*) -- **[REQUIRED]** The ID of the organization for which the email monitoring configuration is set. * **RoleArn** (*string*) -- **[REQUIRED]** The Amazon Resource Name (ARN) of the IAM Role associated with the email monitoring configuration. * **LogGroupArn** (*string*) -- **[REQUIRED]** The Amazon Resource Name (ARN) of the CloudWatch Log group associated with the email monitoring configuration. Return type: dict Returns: **Response Syntax** {} **Response Structure** * *(dict) --* **Exceptions** * "WorkMail.Client.exceptions.ResourceNotFoundException" * "WorkMail.Client.exceptions.InvalidParameterException" * "WorkMail.Client.exceptions.OrganizationNotFoundException" * "WorkMail.Client.exceptions.OrganizationStateException" WorkMail / Client / list_mailbox_permissions list_mailbox_permissions ************************ WorkMail.Client.list_mailbox_permissions(**kwargs) Lists the mailbox permissions associated with a user, group, or resource mailbox. See also: AWS API Documentation **Request Syntax** response = client.list_mailbox_permissions( OrganizationId='string', EntityId='string', NextToken='string', MaxResults=123 ) Parameters: * **OrganizationId** (*string*) -- **[REQUIRED]** The identifier of the organization under which the user, group, or resource exists. * **EntityId** (*string*) -- **[REQUIRED]** The identifier of the user, or resource for which to list mailbox permissions. The entity ID can accept *UserId or ResourceId*, *Username or Resourcename*, or *email*. * Entity ID: 12345678-1234-1234-1234-123456789012, or r-0123456789a0123456789b0123456789 * Email address: entity@domain.tld * Entity name: entity * **NextToken** (*string*) -- The token to use to retrieve the next page of results. The first call does not contain any tokens. * **MaxResults** (*integer*) -- The maximum number of results to return in a single call. Return type: dict Returns: **Response Syntax** { 'Permissions': [ { 'GranteeId': 'string', 'GranteeType': 'GROUP'|'USER', 'PermissionValues': [ 'FULL_ACCESS'|'SEND_AS'|'SEND_ON_BEHALF', ] }, ], 'NextToken': 'string' } **Response Structure** * *(dict) --* * **Permissions** *(list) --* One page of the user, group, or resource mailbox permissions. * *(dict) --* Permission granted to a user, group, or resource to access a certain aspect of another user, group, or resource mailbox. * **GranteeId** *(string) --* The identifier of the user, group, or resource to which the permissions are granted. * **GranteeType** *(string) --* The type of user, group, or resource referred to in GranteeId. * **PermissionValues** *(list) --* The permissions granted to the grantee. SEND_AS allows the grantee to send email as the owner of the mailbox (the grantee is not mentioned on these emails). SEND_ON_BEHALF allows the grantee to send email on behalf of the owner of the mailbox (the grantee is not mentioned as the physical sender of these emails). FULL_ACCESS allows the grantee full access to the mailbox, irrespective of other folder-level permissions set on the mailbox. * *(string) --* * **NextToken** *(string) --* The token to use to retrieve the next page of results. The value is "null" when there are no more results to return. **Exceptions** * "WorkMail.Client.exceptions.EntityNotFoundException" * "WorkMail.Client.exceptions.InvalidParameterException" * "WorkMail.Client.exceptions.OrganizationNotFoundException" * "WorkMail.Client.exceptions.OrganizationStateException" WorkMail / Client / list_aliases list_aliases ************ WorkMail.Client.list_aliases(**kwargs) Creates a paginated call to list the aliases associated with a given entity. See also: AWS API Documentation **Request Syntax** response = client.list_aliases( OrganizationId='string', EntityId='string', NextToken='string', MaxResults=123 ) Parameters: * **OrganizationId** (*string*) -- **[REQUIRED]** The identifier for the organization under which the entity exists. * **EntityId** (*string*) -- **[REQUIRED]** The identifier for the entity for which to list the aliases. * **NextToken** (*string*) -- The token to use to retrieve the next page of results. The first call does not contain any tokens. * **MaxResults** (*integer*) -- The maximum number of results to return in a single call. Return type: dict Returns: **Response Syntax** { 'Aliases': [ 'string', ], 'NextToken': 'string' } **Response Structure** * *(dict) --* * **Aliases** *(list) --* The entity's paginated aliases. * *(string) --* * **NextToken** *(string) --* The token to use to retrieve the next page of results. The value is "null" when there are no more results to return. **Exceptions** * "WorkMail.Client.exceptions.EntityNotFoundException" * "WorkMail.Client.exceptions.EntityStateException" * "WorkMail.Client.exceptions.InvalidParameterException" * "WorkMail.Client.exceptions.OrganizationNotFoundException" * "WorkMail.Client.exceptions.OrganizationStateException" WorkMail / Client / put_access_control_rule put_access_control_rule *********************** WorkMail.Client.put_access_control_rule(**kwargs) Adds a new access control rule for the specified organization. The rule allows or denies access to the organization for the specified IPv4 addresses, access protocol actions, user IDs and impersonation IDs. Adding a new rule with the same name as an existing rule replaces the older rule. See also: AWS API Documentation **Request Syntax** response = client.put_access_control_rule( Name='string', Effect='ALLOW'|'DENY', Description='string', IpRanges=[ 'string', ], NotIpRanges=[ 'string', ], Actions=[ 'string', ], NotActions=[ 'string', ], UserIds=[ 'string', ], NotUserIds=[ 'string', ], OrganizationId='string', ImpersonationRoleIds=[ 'string', ], NotImpersonationRoleIds=[ 'string', ] ) Parameters: * **Name** (*string*) -- **[REQUIRED]** The rule name. * **Effect** (*string*) -- **[REQUIRED]** The rule effect. * **Description** (*string*) -- **[REQUIRED]** The rule description. * **IpRanges** (*list*) -- IPv4 CIDR ranges to include in the rule. * *(string) --* * **NotIpRanges** (*list*) -- IPv4 CIDR ranges to exclude from the rule. * *(string) --* * **Actions** (*list*) -- Access protocol actions to include in the rule. Valid values include "ActiveSync", "AutoDiscover", "EWS", "IMAP", "SMTP", "WindowsOutlook", and "WebMail". * *(string) --* * **NotActions** (*list*) -- Access protocol actions to exclude from the rule. Valid values include "ActiveSync", "AutoDiscover", "EWS", "IMAP", "SMTP", "WindowsOutlook", and "WebMail". * *(string) --* * **UserIds** (*list*) -- User IDs to include in the rule. * *(string) --* * **NotUserIds** (*list*) -- User IDs to exclude from the rule. * *(string) --* * **OrganizationId** (*string*) -- **[REQUIRED]** The identifier of the organization. * **ImpersonationRoleIds** (*list*) -- Impersonation role IDs to include in the rule. * *(string) --* * **NotImpersonationRoleIds** (*list*) -- Impersonation role IDs to exclude from the rule. * *(string) --* Return type: dict Returns: **Response Syntax** {} **Response Structure** * *(dict) --* **Exceptions** * "WorkMail.Client.exceptions.LimitExceededException" * "WorkMail.Client.exceptions.InvalidParameterException" * "WorkMail.Client.exceptions.EntityNotFoundException" * "WorkMail.Client.exceptions.ResourceNotFoundException" * "WorkMail.Client.exceptions.OrganizationNotFoundException" * "WorkMail.Client.exceptions.OrganizationStateException" WorkMail / Client / update_primary_email_address update_primary_email_address **************************** WorkMail.Client.update_primary_email_address(**kwargs) Updates the primary email for a user, group, or resource. The current email is moved into the list of aliases (or swapped between an existing alias and the current primary email), and the email provided in the input is promoted as the primary. See also: AWS API Documentation **Request Syntax** response = client.update_primary_email_address( OrganizationId='string', EntityId='string', Email='string' ) Parameters: * **OrganizationId** (*string*) -- **[REQUIRED]** The organization that contains the user, group, or resource to update. * **EntityId** (*string*) -- **[REQUIRED]** The user, group, or resource to update. The identifier can accept *UseriD, ResourceId, or GroupId*, *Username, Resourcename, or Groupname*, or *email*. The following identity formats are available: * Entity ID: 12345678-1234-1234-1234-123456789012, r-0123456789a0123456789b0123456789, or S-1-1-12-1234567890-123456789-123456789-1234 * Email address: entity@domain.tld * Entity name: entity * **Email** (*string*) -- **[REQUIRED]** The value of the email to be updated as primary. Return type: dict Returns: **Response Syntax** {} **Response Structure** * *(dict) --* **Exceptions** * "WorkMail.Client.exceptions.DirectoryServiceAuthenticationFailed Exception" * "WorkMail.Client.exceptions.DirectoryUnavailableException" * "WorkMail.Client.exceptions.EmailAddressInUseException" * "WorkMail.Client.exceptions.EntityNotFoundException" * "WorkMail.Client.exceptions.EntityStateException" * "WorkMail.Client.exceptions.InvalidParameterException" * "WorkMail.Client.exceptions.MailDomainNotFoundException" * "WorkMail.Client.exceptions.MailDomainStateException" * "WorkMail.Client.exceptions.InvalidParameterException" * "WorkMail.Client.exceptions.OrganizationNotFoundException" * "WorkMail.Client.exceptions.OrganizationStateException" * "WorkMail.Client.exceptions.UnsupportedOperationException" WorkMail / Client / delete_alias delete_alias ************ WorkMail.Client.delete_alias(**kwargs) Remove one or more specified aliases from a set of aliases for a given user. See also: AWS API Documentation **Request Syntax** response = client.delete_alias( OrganizationId='string', EntityId='string', Alias='string' ) Parameters: * **OrganizationId** (*string*) -- **[REQUIRED]** The identifier for the organization under which the user exists. * **EntityId** (*string*) -- **[REQUIRED]** The identifier for the member (user or group) from which to have the aliases removed. * **Alias** (*string*) -- **[REQUIRED]** The aliases to be removed from the user's set of aliases. Duplicate entries in the list are collapsed into single entries (the list is transformed into a set). Return type: dict Returns: **Response Syntax** {} **Response Structure** * *(dict) --* **Exceptions** * "WorkMail.Client.exceptions.EntityNotFoundException" * "WorkMail.Client.exceptions.EntityStateException" * "WorkMail.Client.exceptions.InvalidParameterException" * "WorkMail.Client.exceptions.OrganizationNotFoundException" * "WorkMail.Client.exceptions.OrganizationStateException" WorkMail / Client / close close ***** WorkMail.Client.close() Closes underlying endpoint connections. WorkMail / Client / list_groups list_groups *********** WorkMail.Client.list_groups(**kwargs) Returns summaries of the organization's groups. See also: AWS API Documentation **Request Syntax** response = client.list_groups( OrganizationId='string', NextToken='string', MaxResults=123, Filters={ 'NamePrefix': 'string', 'PrimaryEmailPrefix': 'string', 'State': 'ENABLED'|'DISABLED'|'DELETED' } ) Parameters: * **OrganizationId** (*string*) -- **[REQUIRED]** The identifier for the organization under which the groups exist. * **NextToken** (*string*) -- The token to use to retrieve the next page of results. The first call does not contain any tokens. * **MaxResults** (*integer*) -- The maximum number of results to return in a single call. * **Filters** (*dict*) -- Limit the search results based on the filter criteria. Only one filter per request is supported. * **NamePrefix** *(string) --* Filters only groups with the provided name prefix. * **PrimaryEmailPrefix** *(string) --* Filters only groups with the provided primary email prefix. * **State** *(string) --* Filters only groups with the provided state. Return type: dict Returns: **Response Syntax** { 'Groups': [ { 'Id': 'string', 'Email': 'string', 'Name': 'string', 'State': 'ENABLED'|'DISABLED'|'DELETED', 'EnabledDate': datetime(2015, 1, 1), 'DisabledDate': datetime(2015, 1, 1) }, ], 'NextToken': 'string' } **Response Structure** * *(dict) --* * **Groups** *(list) --* The overview of groups for an organization. * *(dict) --* The representation of an WorkMail group. * **Id** *(string) --* The identifier of the group. * **Email** *(string) --* The email of the group. * **Name** *(string) --* The name of the group. * **State** *(string) --* The state of the group, which can be ENABLED, DISABLED, or DELETED. * **EnabledDate** *(datetime) --* The date indicating when the group was enabled for WorkMail use. * **DisabledDate** *(datetime) --* The date indicating when the group was disabled from WorkMail use. * **NextToken** *(string) --* The token to use to retrieve the next page of results. The value is "null" when there are no more results to return. **Exceptions** * "WorkMail.Client.exceptions.EntityNotFoundException" * "WorkMail.Client.exceptions.InvalidParameterException" * "WorkMail.Client.exceptions.OrganizationNotFoundException" * "WorkMail.Client.exceptions.OrganizationStateException" WorkMail / Client / list_mailbox_export_jobs list_mailbox_export_jobs ************************ WorkMail.Client.list_mailbox_export_jobs(**kwargs) Lists the mailbox export jobs started for the specified organization within the last seven days. See also: AWS API Documentation **Request Syntax** response = client.list_mailbox_export_jobs( OrganizationId='string', NextToken='string', MaxResults=123 ) Parameters: * **OrganizationId** (*string*) -- **[REQUIRED]** The organization ID. * **NextToken** (*string*) -- The token to use to retrieve the next page of results. * **MaxResults** (*integer*) -- The maximum number of results to return in a single call. Return type: dict Returns: **Response Syntax** { 'Jobs': [ { 'JobId': 'string', 'EntityId': 'string', 'Description': 'string', 'S3BucketName': 'string', 'S3Path': 'string', 'EstimatedProgress': 123, 'State': 'RUNNING'|'COMPLETED'|'FAILED'|'CANCELLED', 'StartTime': datetime(2015, 1, 1), 'EndTime': datetime(2015, 1, 1) }, ], 'NextToken': 'string' } **Response Structure** * *(dict) --* * **Jobs** *(list) --* The mailbox export job details. * *(dict) --* The details of a mailbox export job, including the user or resource ID associated with the mailbox and the S3 bucket that the mailbox contents are exported to. * **JobId** *(string) --* The identifier of the mailbox export job. * **EntityId** *(string) --* The identifier of the user or resource associated with the mailbox. * **Description** *(string) --* The mailbox export job description. * **S3BucketName** *(string) --* The name of the S3 bucket. * **S3Path** *(string) --* The path to the S3 bucket and file that the mailbox export job exports to. * **EstimatedProgress** *(integer) --* The estimated progress of the mailbox export job, in percentage points. * **State** *(string) --* The state of the mailbox export job. * **StartTime** *(datetime) --* The mailbox export job start timestamp. * **EndTime** *(datetime) --* The mailbox export job end timestamp. * **NextToken** *(string) --* The token to use to retrieve the next page of results. **Exceptions** * "WorkMail.Client.exceptions.InvalidParameterException" * "WorkMail.Client.exceptions.OrganizationNotFoundException" * "WorkMail.Client.exceptions.OrganizationStateException" WorkMail / Client / describe_inbound_dmarc_settings describe_inbound_dmarc_settings ******************************* WorkMail.Client.describe_inbound_dmarc_settings(**kwargs) Lists the settings in a DMARC policy for a specified organization. See also: AWS API Documentation **Request Syntax** response = client.describe_inbound_dmarc_settings( OrganizationId='string' ) Parameters: **OrganizationId** (*string*) -- **[REQUIRED]** Lists the ID of the given organization. Return type: dict Returns: **Response Syntax** { 'Enforced': True|False } **Response Structure** * *(dict) --* * **Enforced** *(boolean) --* Lists the enforcement setting of the applied policy. **Exceptions** * "WorkMail.Client.exceptions.OrganizationNotFoundException" * "WorkMail.Client.exceptions.OrganizationStateException" WorkMail / Client / update_group update_group ************ WorkMail.Client.update_group(**kwargs) Updates attributes in a group. See also: AWS API Documentation **Request Syntax** response = client.update_group( OrganizationId='string', GroupId='string', HiddenFromGlobalAddressList=True|False ) Parameters: * **OrganizationId** (*string*) -- **[REQUIRED]** The identifier for the organization under which the group exists. * **GroupId** (*string*) -- **[REQUIRED]** The identifier for the group to be updated. The identifier can accept *GroupId*, *Groupname*, or *email*. The following identity formats are available: * Group ID: 12345678-1234-1234-1234-123456789012 or S-1-1-12-1234567890-123456789-123456789-1234 * Email address: group@domain.tld * Group name: group * **HiddenFromGlobalAddressList** (*boolean*) -- If enabled, the group is hidden from the global address list. Return type: dict Returns: **Response Syntax** {} **Response Structure** * *(dict) --* **Exceptions** * "WorkMail.Client.exceptions.EntityNotFoundException" * "WorkMail.Client.exceptions.EntityStateException" * "WorkMail.Client.exceptions.OrganizationNotFoundException" * "WorkMail.Client.exceptions.OrganizationStateException" * "WorkMail.Client.exceptions.UnsupportedOperationException" * "WorkMail.Client.exceptions.InvalidParameterException" WorkMail / Client / put_mailbox_permissions put_mailbox_permissions *********************** WorkMail.Client.put_mailbox_permissions(**kwargs) Sets permissions for a user, group, or resource. This replaces any pre-existing permissions. See also: AWS API Documentation **Request Syntax** response = client.put_mailbox_permissions( OrganizationId='string', EntityId='string', GranteeId='string', PermissionValues=[ 'FULL_ACCESS'|'SEND_AS'|'SEND_ON_BEHALF', ] ) Parameters: * **OrganizationId** (*string*) -- **[REQUIRED]** The identifier of the organization under which the user, group, or resource exists. * **EntityId** (*string*) -- **[REQUIRED]** The identifier of the user or resource for which to update mailbox permissions. The identifier can be *UserId, ResourceID, or Group Id*, *Username, Resourcename, or Groupname*, or *email*. * Entity ID: 12345678-1234-1234-1234-123456789012, r-0123456789a0123456789b0123456789, or S-1-1-12-1234567890-123456789-123456789-1234 * Email address: entity@domain.tld * Entity name: entity * **GranteeId** (*string*) -- **[REQUIRED]** The identifier of the user, group, or resource to which to grant the permissions. The identifier can be *UserId, ResourceID, or Group Id*, *Username, Resourcename, or Groupname*, or *email*. * Grantee ID: 12345678-1234-1234-1234-123456789012, r-0123456789a0123456789b0123456789, or S-1-1-12-1234567890-123456789-123456789-1234 * Email address: grantee@domain.tld * Grantee name: grantee * **PermissionValues** (*list*) -- **[REQUIRED]** The permissions granted to the grantee. SEND_AS allows the grantee to send email as the owner of the mailbox (the grantee is not mentioned on these emails). SEND_ON_BEHALF allows the grantee to send email on behalf of the owner of the mailbox (the grantee is not mentioned as the physical sender of these emails). FULL_ACCESS allows the grantee full access to the mailbox, irrespective of other folder-level permissions set on the mailbox. * *(string) --* Return type: dict Returns: **Response Syntax** {} **Response Structure** * *(dict) --* **Exceptions** * "WorkMail.Client.exceptions.EntityNotFoundException" * "WorkMail.Client.exceptions.EntityStateException" * "WorkMail.Client.exceptions.InvalidParameterException" * "WorkMail.Client.exceptions.OrganizationNotFoundException" * "WorkMail.Client.exceptions.OrganizationStateException" WorkMail / Client / list_groups_for_entity list_groups_for_entity ********************** WorkMail.Client.list_groups_for_entity(**kwargs) Returns all the groups to which an entity belongs. See also: AWS API Documentation **Request Syntax** response = client.list_groups_for_entity( OrganizationId='string', EntityId='string', Filters={ 'GroupNamePrefix': 'string' }, NextToken='string', MaxResults=123 ) Parameters: * **OrganizationId** (*string*) -- **[REQUIRED]** The identifier for the organization under which the entity exists. * **EntityId** (*string*) -- **[REQUIRED]** The identifier for the entity. The entity ID can accept *UserId or GroupID*, *Username or Groupname*, or *email*. * Entity ID: 12345678-1234-1234-1234-123456789012 or S-1-1-12-1234567890-123456789-123456789-1234 * Email address: entity@domain.tld * Entity name: entity * **Filters** (*dict*) -- Limit the search results based on the filter criteria. * **GroupNamePrefix** *(string) --* Filters only group names that start with the provided name prefix. * **NextToken** (*string*) -- The token to use to retrieve the next page of results. The first call does not contain any tokens. * **MaxResults** (*integer*) -- The maximum number of results to return in a single call. Return type: dict Returns: **Response Syntax** { 'Groups': [ { 'GroupId': 'string', 'GroupName': 'string' }, ], 'NextToken': 'string' } **Response Structure** * *(dict) --* * **Groups** *(list) --* The overview of groups in an organization. * *(dict) --* The identifier that contains the Group ID and name of a group. * **GroupId** *(string) --* Group ID that matched the group. * **GroupName** *(string) --* Group name that matched the group. * **NextToken** *(string) --* The token to use to retrieve the next page of results. This value is *null* when there are no more results to return. **Exceptions** * "WorkMail.Client.exceptions.EntityNotFoundException" * "WorkMail.Client.exceptions.EntityStateException" * "WorkMail.Client.exceptions.OrganizationNotFoundException" * "WorkMail.Client.exceptions.OrganizationStateException" * "WorkMail.Client.exceptions.InvalidParameterException" WorkMail / Client / put_inbound_dmarc_settings put_inbound_dmarc_settings ************************** WorkMail.Client.put_inbound_dmarc_settings(**kwargs) Enables or disables a DMARC policy for a given organization. See also: AWS API Documentation **Request Syntax** response = client.put_inbound_dmarc_settings( OrganizationId='string', Enforced=True|False ) Parameters: * **OrganizationId** (*string*) -- **[REQUIRED]** The ID of the organization that you are applying the DMARC policy to. * **Enforced** (*boolean*) -- **[REQUIRED]** Enforces or suspends a policy after it's applied. Return type: dict Returns: **Response Syntax** {} **Response Structure** * *(dict) --* **Exceptions** * "WorkMail.Client.exceptions.OrganizationNotFoundException" * "WorkMail.Client.exceptions.OrganizationStateException" WorkMail / Client / tag_resource tag_resource ************ WorkMail.Client.tag_resource(**kwargs) Applies the specified tags to the specified WorkMailorganization resource. See also: AWS API Documentation **Request Syntax** response = client.tag_resource( ResourceARN='string', Tags=[ { 'Key': 'string', 'Value': 'string' }, ] ) Parameters: * **ResourceARN** (*string*) -- **[REQUIRED]** The resource ARN. * **Tags** (*list*) -- **[REQUIRED]** The tag key-value pairs. * *(dict) --* Describes a tag applied to a resource. * **Key** *(string) --* **[REQUIRED]** The key of the tag. * **Value** *(string) --* **[REQUIRED]** The value of the tag. Return type: dict Returns: **Response Syntax** {} **Response Structure** * *(dict) --* **Exceptions** * "WorkMail.Client.exceptions.InvalidParameterException" * "WorkMail.Client.exceptions.ResourceNotFoundException" * "WorkMail.Client.exceptions.TooManyTagsException" * "WorkMail.Client.exceptions.OrganizationStateException" WorkMail / Client / create_mobile_device_access_rule create_mobile_device_access_rule ******************************** WorkMail.Client.create_mobile_device_access_rule(**kwargs) Creates a new mobile device access rule for the specified WorkMail organization. See also: AWS API Documentation **Request Syntax** response = client.create_mobile_device_access_rule( OrganizationId='string', ClientToken='string', Name='string', Description='string', Effect='ALLOW'|'DENY', DeviceTypes=[ 'string', ], NotDeviceTypes=[ 'string', ], DeviceModels=[ 'string', ], NotDeviceModels=[ 'string', ], DeviceOperatingSystems=[ 'string', ], NotDeviceOperatingSystems=[ 'string', ], DeviceUserAgents=[ 'string', ], NotDeviceUserAgents=[ 'string', ] ) Parameters: * **OrganizationId** (*string*) -- **[REQUIRED]** The WorkMail organization under which the rule will be created. * **ClientToken** (*string*) -- The idempotency token for the client request. This field is autopopulated if not provided. * **Name** (*string*) -- **[REQUIRED]** The rule name. * **Description** (*string*) -- The rule description. * **Effect** (*string*) -- **[REQUIRED]** The effect of the rule when it matches. Allowed values are "ALLOW" or "DENY". * **DeviceTypes** (*list*) -- Device types that the rule will match. * *(string) --* * **NotDeviceTypes** (*list*) -- Device types that the rule **will not** match. All other device types will match. * *(string) --* * **DeviceModels** (*list*) -- Device models that the rule will match. * *(string) --* * **NotDeviceModels** (*list*) -- Device models that the rule **will not** match. All other device models will match. * *(string) --* * **DeviceOperatingSystems** (*list*) -- Device operating systems that the rule will match. * *(string) --* * **NotDeviceOperatingSystems** (*list*) -- Device operating systems that the rule **will not** match. All other device operating systems will match. * *(string) --* * **DeviceUserAgents** (*list*) -- Device user agents that the rule will match. * *(string) --* * **NotDeviceUserAgents** (*list*) -- Device user agents that the rule **will not** match. All other device user agents will match. * *(string) --* Return type: dict Returns: **Response Syntax** { 'MobileDeviceAccessRuleId': 'string' } **Response Structure** * *(dict) --* * **MobileDeviceAccessRuleId** *(string) --* The identifier for the newly created mobile device access rule. **Exceptions** * "WorkMail.Client.exceptions.InvalidParameterException" * "WorkMail.Client.exceptions.LimitExceededException" * "WorkMail.Client.exceptions.OrganizationNotFoundException" * "WorkMail.Client.exceptions.OrganizationStateException" WorkMail / Client / list_mobile_device_access_rules list_mobile_device_access_rules ******************************* WorkMail.Client.list_mobile_device_access_rules(**kwargs) Lists the mobile device access rules for the specified WorkMail organization. See also: AWS API Documentation **Request Syntax** response = client.list_mobile_device_access_rules( OrganizationId='string' ) Parameters: **OrganizationId** (*string*) -- **[REQUIRED]** The WorkMail organization for which to list the rules. Return type: dict Returns: **Response Syntax** { 'Rules': [ { 'MobileDeviceAccessRuleId': 'string', 'Name': 'string', 'Description': 'string', 'Effect': 'ALLOW'|'DENY', 'DeviceTypes': [ 'string', ], 'NotDeviceTypes': [ 'string', ], 'DeviceModels': [ 'string', ], 'NotDeviceModels': [ 'string', ], 'DeviceOperatingSystems': [ 'string', ], 'NotDeviceOperatingSystems': [ 'string', ], 'DeviceUserAgents': [ 'string', ], 'NotDeviceUserAgents': [ 'string', ], 'DateCreated': datetime(2015, 1, 1), 'DateModified': datetime(2015, 1, 1) }, ] } **Response Structure** * *(dict) --* * **Rules** *(list) --* The list of mobile device access rules that exist under the specified WorkMail organization. * *(dict) --* A rule that controls access to mobile devices for an WorkMail group. * **MobileDeviceAccessRuleId** *(string) --* The ID assigned to a mobile access rule. * **Name** *(string) --* The name of a mobile access rule. * **Description** *(string) --* The description of a mobile access rule. * **Effect** *(string) --* The effect of the rule when it matches. Allowed values are "ALLOW" or "DENY". * **DeviceTypes** *(list) --* Device types that a rule will match. * *(string) --* * **NotDeviceTypes** *(list) --* Device types that a rule **will not** match. All other device types will match. * *(string) --* * **DeviceModels** *(list) --* Device models that a rule will match. * *(string) --* * **NotDeviceModels** *(list) --* Device models that a rule **will not** match. All other device models will match. * *(string) --* * **DeviceOperatingSystems** *(list) --* Device operating systems that a rule will match. * *(string) --* * **NotDeviceOperatingSystems** *(list) --* Device operating systems that a rule **will not** match. All other device types will match. * *(string) --* * **DeviceUserAgents** *(list) --* Device user agents that a rule will match. * *(string) --* * **NotDeviceUserAgents** *(list) --* Device user agents that a rule **will not** match. All other device user agents will match. * *(string) --* * **DateCreated** *(datetime) --* The date and time at which an access rule was created. * **DateModified** *(datetime) --* The date and time at which an access rule was modified. **Exceptions** * "WorkMail.Client.exceptions.InvalidParameterException" * "WorkMail.Client.exceptions.OrganizationNotFoundException" * "WorkMail.Client.exceptions.OrganizationStateException" WorkMail / Client / describe_entity describe_entity *************** WorkMail.Client.describe_entity(**kwargs) Returns basic details about an entity in WorkMail. See also: AWS API Documentation **Request Syntax** response = client.describe_entity( OrganizationId='string', Email='string' ) Parameters: * **OrganizationId** (*string*) -- **[REQUIRED]** The identifier for the organization under which the entity exists. * **Email** (*string*) -- **[REQUIRED]** The email under which the entity exists. Return type: dict Returns: **Response Syntax** { 'EntityId': 'string', 'Name': 'string', 'Type': 'GROUP'|'USER'|'RESOURCE' } **Response Structure** * *(dict) --* * **EntityId** *(string) --* The entity ID under which the entity exists. * **Name** *(string) --* Username, GroupName, or ResourceName based on entity type. * **Type** *(string) --* Entity type. **Exceptions** * "WorkMail.Client.exceptions.EntityNotFoundException" * "WorkMail.Client.exceptions.InvalidParameterException" * "WorkMail.Client.exceptions.OrganizationNotFoundException" * "WorkMail.Client.exceptions.OrganizationStateException" WorkMail / Client / list_access_control_rules list_access_control_rules ************************* WorkMail.Client.list_access_control_rules(**kwargs) Lists the access control rules for the specified organization. See also: AWS API Documentation **Request Syntax** response = client.list_access_control_rules( OrganizationId='string' ) Parameters: **OrganizationId** (*string*) -- **[REQUIRED]** The identifier for the organization. Return type: dict Returns: **Response Syntax** { 'Rules': [ { 'Name': 'string', 'Effect': 'ALLOW'|'DENY', 'Description': 'string', 'IpRanges': [ 'string', ], 'NotIpRanges': [ 'string', ], 'Actions': [ 'string', ], 'NotActions': [ 'string', ], 'UserIds': [ 'string', ], 'NotUserIds': [ 'string', ], 'DateCreated': datetime(2015, 1, 1), 'DateModified': datetime(2015, 1, 1), 'ImpersonationRoleIds': [ 'string', ], 'NotImpersonationRoleIds': [ 'string', ] }, ] } **Response Structure** * *(dict) --* * **Rules** *(list) --* The access control rules. * *(dict) --* A rule that controls access to an WorkMail organization. * **Name** *(string) --* The rule name. * **Effect** *(string) --* The rule effect. * **Description** *(string) --* The rule description. * **IpRanges** *(list) --* IPv4 CIDR ranges to include in the rule. * *(string) --* * **NotIpRanges** *(list) --* IPv4 CIDR ranges to exclude from the rule. * *(string) --* * **Actions** *(list) --* Access protocol actions to include in the rule. Valid values include "ActiveSync", "AutoDiscover", "EWS", "IMAP", "SMTP", "WindowsOutlook", and "WebMail". * *(string) --* * **NotActions** *(list) --* Access protocol actions to exclude from the rule. Valid values include "ActiveSync", "AutoDiscover", "EWS", "IMAP", "SMTP", "WindowsOutlook", and "WebMail". * *(string) --* * **UserIds** *(list) --* User IDs to include in the rule. * *(string) --* * **NotUserIds** *(list) --* User IDs to exclude from the rule. * *(string) --* * **DateCreated** *(datetime) --* The date that the rule was created. * **DateModified** *(datetime) --* The date that the rule was modified. * **ImpersonationRoleIds** *(list) --* Impersonation role IDs to include in the rule. * *(string) --* * **NotImpersonationRoleIds** *(list) --* Impersonation role IDs to exclude from the rule. * *(string) --* **Exceptions** * "WorkMail.Client.exceptions.OrganizationNotFoundException" * "WorkMail.Client.exceptions.OrganizationStateException" WorkMail / Client / list_impersonation_roles list_impersonation_roles ************************ WorkMail.Client.list_impersonation_roles(**kwargs) Lists all the impersonation roles for the given WorkMail organization. See also: AWS API Documentation **Request Syntax** response = client.list_impersonation_roles( OrganizationId='string', NextToken='string', MaxResults=123 ) Parameters: * **OrganizationId** (*string*) -- **[REQUIRED]** The WorkMail organization to which the listed impersonation roles belong. * **NextToken** (*string*) -- The token used to retrieve the next page of results. The first call doesn't require a token. * **MaxResults** (*integer*) -- The maximum number of results returned in a single call. Return type: dict Returns: **Response Syntax** { 'Roles': [ { 'ImpersonationRoleId': 'string', 'Name': 'string', 'Type': 'FULL_ACCESS'|'READ_ONLY', 'DateCreated': datetime(2015, 1, 1), 'DateModified': datetime(2015, 1, 1) }, ], 'NextToken': 'string' } **Response Structure** * *(dict) --* * **Roles** *(list) --* The list of impersonation roles under the given WorkMail organization. * *(dict) --* An impersonation role for the given WorkMail organization. * **ImpersonationRoleId** *(string) --* The identifier of the impersonation role. * **Name** *(string) --* The impersonation role name. * **Type** *(string) --* The impersonation role type. * **DateCreated** *(datetime) --* The date when the impersonation role was created. * **DateModified** *(datetime) --* The date when the impersonation role was last modified. * **NextToken** *(string) --* The token to retrieve the next page of results. The value is "null" when there are no results to return. **Exceptions** * "WorkMail.Client.exceptions.InvalidParameterException" * "WorkMail.Client.exceptions.OrganizationNotFoundException" * "WorkMail.Client.exceptions.OrganizationStateException" WorkMail / Client / deregister_mail_domain deregister_mail_domain ********************** WorkMail.Client.deregister_mail_domain(**kwargs) Removes a domain from WorkMail, stops email routing to WorkMail, and removes the authorization allowing WorkMail use. SES keeps the domain because other applications may use it. You must first remove any email address used by WorkMail entities before you remove the domain. See also: AWS API Documentation **Request Syntax** response = client.deregister_mail_domain( OrganizationId='string', DomainName='string' ) Parameters: * **OrganizationId** (*string*) -- **[REQUIRED]** The WorkMail organization for which the domain will be deregistered. * **DomainName** (*string*) -- **[REQUIRED]** The domain to deregister in WorkMail and SES. Return type: dict Returns: **Response Syntax** {} **Response Structure** * *(dict) --* **Exceptions** * "WorkMail.Client.exceptions.MailDomainInUseException" * "WorkMail.Client.exceptions.OrganizationNotFoundException" * "WorkMail.Client.exceptions.OrganizationStateException" * "WorkMail.Client.exceptions.InvalidParameterException" * "WorkMail.Client.exceptions.InvalidCustomSesConfigurationExcepti on" WorkMail / Client / describe_email_monitoring_configuration describe_email_monitoring_configuration *************************************** WorkMail.Client.describe_email_monitoring_configuration(**kwargs) Describes the current email monitoring configuration for a specified organization. See also: AWS API Documentation **Request Syntax** response = client.describe_email_monitoring_configuration( OrganizationId='string' ) Parameters: **OrganizationId** (*string*) -- **[REQUIRED]** The ID of the organization for which the email monitoring configuration is described. Return type: dict Returns: **Response Syntax** { 'RoleArn': 'string', 'LogGroupArn': 'string' } **Response Structure** * *(dict) --* * **RoleArn** *(string) --* The Amazon Resource Name (ARN) of the IAM Role associated with the email monitoring configuration. * **LogGroupArn** *(string) --* The Amazon Resource Name (ARN) of the CloudWatch Log group associated with the email monitoring configuration. **Exceptions** * "WorkMail.Client.exceptions.ResourceNotFoundException" * "WorkMail.Client.exceptions.InvalidParameterException" * "WorkMail.Client.exceptions.OrganizationNotFoundException" * "WorkMail.Client.exceptions.OrganizationStateException"