WorkMailClient

Adds a member (user or group) to the group's set.

Assumes an impersonation role for the given WorkMail organization. This method returns an authentication token you can use to make impersonated calls.

Cancels a mailbox export job.

Adds an alias to the set of a given member (user or group) of WorkMail.

Creates an AvailabilityConfiguration for the given WorkMail organization and domain.

Creates a group that can be used in WorkMail by calling the RegisterToWorkMail operation.

Creates the WorkMail application in IAM Identity Center that can be used later in the WorkMail - IdC integration. For more information, see PutIdentityProviderConfiguration. This action does not affect the authentication settings for any WorkMail organizations.

Creates an impersonation role for the given WorkMail organization.

Idempotency ensures that an API request completes no more than one time. With an idempotent request, if the original request completes successfully, any subsequent retries also complete successfully without performing any further actions.

Creates a new mobile device access rule for the specified WorkMail organization.

Creates a new WorkMail organization. Optionally, you can choose to associate an existing AWS Directory Service directory with your organization. If an AWS Directory Service directory ID is specified, the organization alias must match the directory alias. If you choose not to associate an existing directory with your organization, then we create a new WorkMail directory for you. For more information, see Adding an organization  in the WorkMail Administrator Guide.

You can associate multiple email domains with an organization, then choose your default email domain from the WorkMail console. You can also associate a domain that is managed in an Amazon Route 53 public hosted zone. For more information, see Adding a domain  and Choosing the default domain  in the WorkMail Administrator Guide.

Optionally, you can use a customer managed key from AWS Key Management Service (AWS KMS) to encrypt email for your organization. If you don't associate an AWS KMS key, WorkMail creates a default, AWS managed key for you.

Creates a new WorkMail resource.

Creates a user who can be used in WorkMail by calling the RegisterToWorkMail operation.

Deletes an access control rule for the specified WorkMail organization.

Remove one or more specified aliases from a set of aliases for a given user.

Deletes the AvailabilityConfiguration for the given WorkMail organization and domain.

Deletes the email monitoring configuration for a specified organization.

Deletes a group from WorkMail.

Deletes the IAM Identity Center application from WorkMail. This action does not affect the authentication settings for any WorkMail organizations.

Disables the integration between IdC and WorkMail. Authentication will continue with the directory as it was before the IdC integration. You might have to reset your directory passwords and reconfigure your desktop and mobile email clients.

Deletes an impersonation role for the given WorkMail organization.

Deletes permissions granted to a member (user or group).

Deletes the mobile device access override for the given WorkMail organization, user, and device.

Deletes a mobile device access rule for the specified WorkMail organization.

Deletes an WorkMail organization and all underlying AWS resources managed by WorkMail as part of the organization. You can choose whether to delete the associated directory. For more information, see Removing an organization  in the WorkMail Administrator Guide.

Deletes the Personal Access Token from the provided WorkMail Organization.

Deletes the specified resource.

Deletes the specified retention policy from the specified organization.

Deletes a user from WorkMail and all subsequent systems. Before you can delete a user, the user state must be DISABLED. Use the DescribeUser action to confirm the user state.

Deleting a user is permanent and cannot be undone. WorkMail archives user mailboxes for 30 days before they are permanently removed.

Mark a user, group, or resource as no longer used in WorkMail. This action disassociates the mailbox and schedules it for clean-up. WorkMail keeps mailboxes for 30 days before they are permanently removed. The functionality in the console is Disable.

Removes a domain from WorkMail, stops email routing to WorkMail, and removes the authorization allowing WorkMail use. SES keeps the domain because other applications may use it. You must first remove any email address used by WorkMail entities before you remove the domain.

Describes the current email monitoring configuration for a specified organization.

Returns basic details about an entity in WorkMail.

Returns the data available for the group.

Returns detailed information on the current IdC setup for the WorkMail organization.

Lists the settings in a DMARC policy for a specified organization.

Describes the current status of a mailbox export job.

Provides more information regarding a given organization based on its identifier.

Returns the data available for the resource.

Provides information regarding the user.

Removes a member from the resource's set of delegates.

Removes a member from a group.

Gets the effects of an organization's access control rules as they apply to a specified IPv4 address, access protocol action, and user ID or impersonation role ID. You must provide either the user ID or impersonation role ID. Impersonation role ID can only be used with Action EWS.

Gets the default retention policy details for the specified organization.

Gets the impersonation role details for the given WorkMail organization.

Tests whether the given impersonation role can impersonate a target user.

Gets details for a mail domain, including domain records required to configure your domain with recommended security.

Requests a user's mailbox details for a specified organization and user.

Simulates the effect of the mobile device access rules for the given attributes of a sample access event. Use this method to test the effects of the current set of mobile device access rules for the WorkMail organization for a particular user's attributes.

Gets the mobile device access override for the given WorkMail organization, user, and device.

Requests details of a specific Personal Access Token within the WorkMail organization.

Lists the access control rules for the specified organization.

Creates a paginated call to list the aliases associated with a given entity.

List all the AvailabilityConfiguration's for the given WorkMail organization.

Returns an overview of the members of a group. Users and groups can be members of a group.

Returns summaries of the organization's groups.

Returns all the groups to which an entity belongs.

Lists all the impersonation roles for the given WorkMail organization.

Lists the mail domains in a given WorkMail organization.

Lists the mailbox export jobs started for the specified organization within the last seven days.

Lists the mailbox permissions associated with a user, group, or resource mailbox.

Lists all the mobile device access overrides for any given combination of WorkMail organization, user, or device.

Lists the mobile device access rules for the specified WorkMail organization.

Returns summaries of the customer's organizations.

Returns a summary of your Personal Access Tokens.

Lists the delegates associated with a resource. Users and groups can be resource delegates and answer requests on behalf of the resource.

Returns summaries of the organization's resources.

Lists the tags applied to an WorkMail organization resource.

Returns summaries of the organization's users.

Adds a new access control rule for the specified organization. The rule allows or denies access to the organization for the specified IPv4 addresses, access protocol actions, user IDs and impersonation IDs. Adding a new rule with the same name as an existing rule replaces the older rule.

Creates or updates the email monitoring configuration for a specified organization.

Enables integration between IAM Identity Center (IdC) and WorkMail to proxy authentication requests for mailbox users. You can connect your IdC directory or your external directory to WorkMail through IdC and manage access to WorkMail mailboxes in a single place. For enhanced protection, you could enable Multifactor Authentication (MFA) and Personal Access Tokens.

Enables or disables a DMARC policy for a given organization.

Sets permissions for a user, group, or resource. This replaces any pre-existing permissions.

Creates or updates a mobile device access override for the given WorkMail organization, user, and device.

Puts a retention policy to the specified organization.

Registers a new domain in WorkMail and SES, and configures it for use by WorkMail. Emails received by SES for this domain are routed to the specified WorkMail organization, and WorkMail has permanent permission to use the specified domain for sending your users' emails.

Registers an existing and disabled user, group, or resource for WorkMail use by associating a mailbox and calendaring capabilities. It performs no change if the user, group, or resource is enabled and fails if the user, group, or resource is deleted. This operation results in the accumulation of costs. For more information, see Pricing . The equivalent console functionality for this operation is Enable.

Users can either be created by calling the CreateUser API operation or they can be synchronized from your directory. For more information, see DeregisterFromWorkMail.

Allows the administrator to reset the password for a user.

Starts a mailbox export job to export MIME-format email messages and calendar items from the specified mailbox to the specified Amazon Simple Storage Service (Amazon S3) bucket. For more information, see Exporting mailbox content  in the WorkMail Administrator Guide.

Applies the specified tags to the specified WorkMailorganization resource.

Performs a test on an availability provider to ensure that access is allowed. For EWS, it verifies the provided credentials can be used to successfully log in. For Lambda, it verifies that the Lambda function can be invoked and that the resource access policy was configured to deny anonymous access. An anonymous invocation is one done without providing either a SourceArn or SourceAccount header.

Untags the specified tags from the specified WorkMail organization resource.

Updates an existing AvailabilityConfiguration for the given WorkMail organization and domain.

Updates the default mail domain for an organization. The default mail domain is used by the WorkMail AWS Console to suggest an email address when enabling a mail user. You can only have one default domain.

Updates attributes in a group.

Updates an impersonation role for the given WorkMail organization.

Updates a user's current mailbox quota for a specified organization and user.

Updates a mobile device access rule for the specified WorkMail organization.

Updates the primary email for a user, group, or resource. The current email is moved into the list of aliases (or swapped between an existing alias and the current primary email), and the email provided in the input is promoted as the primary.

Updates data for the resource. To have the latest information, it must be preceded by a DescribeResource call. The dataset in the request should be the one expected when performing another DescribeResource call.