AWS SDK for PHP 3.x

Service ID: workmail

Version: 2017-10-01

This page describes the parameters and results for the operations of the Amazon WorkMail (2017-10-01), and shows how to use the Aws\WorkMail\WorkMailClient object to call the described operations. This documentation is specific to the 2017-10-01 API version of the service.

Operation Summary

Each of the following operations can be created from a client using $client->getCommand('CommandName'), where "CommandName" is the name of one of the following operations. Note: a command is a value that encapsulates an operation and the parameters used to create an HTTP request.

You can also create and send a command immediately using the magic methods available on a client object: $client->commandName(/* parameters */). You can send the command asynchronously (returning a promise) by appending the word "Async" to the operation name: $client->commandNameAsync(/* parameters */).

AssociateDelegateToResource ( array $params = [] ): Adds a member (user or group) to the resource's set of delegates.
AssociateMemberToGroup ( array $params = [] ): Adds a member (user or group) to the group's set.
AssumeImpersonationRole ( array $params = [] ): Assumes an impersonation role for the given WorkMail organization.
CancelMailboxExportJob ( array $params = [] ): Cancels a mailbox export job.
CreateAlias ( array $params = [] ): Adds an alias to the set of a given member (user or group) of WorkMail.
CreateAvailabilityConfiguration ( array $params = [] ): Creates an AvailabilityConfiguration for the given WorkMail organization and domain.
CreateGroup ( array $params = [] ): Creates a group that can be used in WorkMail by calling the RegisterToWorkMail operation.
CreateIdentityCenterApplication ( array $params = [] ): Creates the WorkMail application in IAM Identity Center that can be used later in the WorkMail - IdC integration.
CreateImpersonationRole ( array $params = [] ): Creates an impersonation role for the given WorkMail organization.
CreateMobileDeviceAccessRule ( array $params = [] ): Creates a new mobile device access rule for the specified WorkMail organization.
CreateOrganization ( array $params = [] ): Creates a new WorkMail organization.
CreateResource ( array $params = [] ): Creates a new WorkMail resource.
CreateUser ( array $params = [] ): Creates a user who can be used in WorkMail by calling the RegisterToWorkMail operation.
DeleteAccessControlRule ( array $params = [] ): Deletes an access control rule for the specified WorkMail organization.
DeleteAlias ( array $params = [] ): Remove one or more specified aliases from a set of aliases for a given user.
DeleteAvailabilityConfiguration ( array $params = [] ): Deletes the AvailabilityConfiguration for the given WorkMail organization and domain.
DeleteEmailMonitoringConfiguration ( array $params = [] ): Deletes the email monitoring configuration for a specified organization.
DeleteGroup ( array $params = [] ): Deletes a group from WorkMail.
DeleteIdentityCenterApplication ( array $params = [] ): Deletes the IAM Identity Center application from WorkMail.
DeleteIdentityProviderConfiguration ( array $params = [] ): Disables the integration between IdC and WorkMail.
DeleteImpersonationRole ( array $params = [] ): Deletes an impersonation role for the given WorkMail organization.
DeleteMailboxPermissions ( array $params = [] ): Deletes permissions granted to a member (user or group).
DeleteMobileDeviceAccessOverride ( array $params = [] ): Deletes the mobile device access override for the given WorkMail organization, user, and device.
DeleteMobileDeviceAccessRule ( array $params = [] ): Deletes a mobile device access rule for the specified WorkMail organization.
DeleteOrganization ( array $params = [] ): Deletes an WorkMail organization and all underlying AWS resources managed by WorkMail as part of the organization.
DeletePersonalAccessToken ( array $params = [] ): Deletes the Personal Access Token from the provided WorkMail Organization.
DeleteResource ( array $params = [] ): Deletes the specified resource.
DeleteRetentionPolicy ( array $params = [] ): Deletes the specified retention policy from the specified organization.
DeleteUser ( array $params = [] ): Deletes a user from WorkMail and all subsequent systems.
DeregisterFromWorkMail ( array $params = [] ): Mark a user, group, or resource as no longer used in WorkMail.
DeregisterMailDomain ( array $params = [] ): Removes a domain from WorkMail, stops email routing to WorkMail, and removes the authorization allowing WorkMail use.
DescribeEmailMonitoringConfiguration ( array $params = [] ): Describes the current email monitoring configuration for a specified organization.
DescribeEntity ( array $params = [] ): Returns basic details about an entity in WorkMail.
DescribeGroup ( array $params = [] ): Returns the data available for the group.
DescribeIdentityProviderConfiguration ( array $params = [] ): Returns detailed information on the current IdC setup for the WorkMail organization.
DescribeInboundDmarcSettings ( array $params = [] ): Lists the settings in a DMARC policy for a specified organization.
DescribeMailboxExportJob ( array $params = [] ): Describes the current status of a mailbox export job.
DescribeOrganization ( array $params = [] ): Provides more information regarding a given organization based on its identifier.
DescribeResource ( array $params = [] ): Returns the data available for the resource.
DescribeUser ( array $params = [] ): Provides information regarding the user.
DisassociateDelegateFromResource ( array $params = [] ): Removes a member from the resource's set of delegates.
DisassociateMemberFromGroup ( array $params = [] ): Removes a member from a group.
GetAccessControlEffect ( array $params = [] ): Gets the effects of an organization's access control rules as they apply to a specified IPv4 address, access protocol action, and user ID or impersonation role ID.
GetDefaultRetentionPolicy ( array $params = [] ): Gets the default retention policy details for the specified organization.
GetImpersonationRole ( array $params = [] ): Gets the impersonation role details for the given WorkMail organization.
GetImpersonationRoleEffect ( array $params = [] ): Tests whether the given impersonation role can impersonate a target user.
GetMailDomain ( array $params = [] ): Gets details for a mail domain, including domain records required to configure your domain with recommended security.
GetMailboxDetails ( array $params = [] ): Requests a user's mailbox details for a specified organization and user.
GetMobileDeviceAccessEffect ( array $params = [] ): Simulates the effect of the mobile device access rules for the given attributes of a sample access event.
GetMobileDeviceAccessOverride ( array $params = [] ): Gets the mobile device access override for the given WorkMail organization, user, and device.
GetPersonalAccessTokenMetadata ( array $params = [] ): Requests details of a specific Personal Access Token within the WorkMail organization.
ListAccessControlRules ( array $params = [] ): Lists the access control rules for the specified organization.
ListAliases ( array $params = [] ): Creates a paginated call to list the aliases associated with a given entity.
ListAvailabilityConfigurations ( array $params = [] ): List all the AvailabilityConfiguration's for the given WorkMail organization.
ListGroupMembers ( array $params = [] ): Returns an overview of the members of a group.
ListGroups ( array $params = [] ): Returns summaries of the organization's groups.
ListGroupsForEntity ( array $params = [] ): Returns all the groups to which an entity belongs.
ListImpersonationRoles ( array $params = [] ): Lists all the impersonation roles for the given WorkMail organization.
ListMailDomains ( array $params = [] ): Lists the mail domains in a given WorkMail organization.
ListMailboxExportJobs ( array $params = [] ): Lists the mailbox export jobs started for the specified organization within the last seven days.
ListMailboxPermissions ( array $params = [] ): Lists the mailbox permissions associated with a user, group, or resource mailbox.
ListMobileDeviceAccessOverrides ( array $params = [] ): Lists all the mobile device access overrides for any given combination of WorkMail organization, user, or device.
ListMobileDeviceAccessRules ( array $params = [] ): Lists the mobile device access rules for the specified WorkMail organization.
ListOrganizations ( array $params = [] ): Returns summaries of the customer's organizations.
ListPersonalAccessTokens ( array $params = [] ): Returns a summary of your Personal Access Tokens.
ListResourceDelegates ( array $params = [] ): Lists the delegates associated with a resource.
ListResources ( array $params = [] ): Returns summaries of the organization's resources.
ListTagsForResource ( array $params = [] ): Lists the tags applied to an WorkMail organization resource.
ListUsers ( array $params = [] ): Returns summaries of the organization's users.
PutAccessControlRule ( array $params = [] ): Adds a new access control rule for the specified organization.
PutEmailMonitoringConfiguration ( array $params = [] ): Creates or updates the email monitoring configuration for a specified organization.
PutIdentityProviderConfiguration ( array $params = [] ): Enables integration between IAM Identity Center (IdC) and WorkMail to proxy authentication requests for mailbox users.
PutInboundDmarcSettings ( array $params = [] ): Enables or disables a DMARC policy for a given organization.
PutMailboxPermissions ( array $params = [] ): Sets permissions for a user, group, or resource.
PutMobileDeviceAccessOverride ( array $params = [] ): Creates or updates a mobile device access override for the given WorkMail organization, user, and device.
PutRetentionPolicy ( array $params = [] ): Puts a retention policy to the specified organization.
RegisterMailDomain ( array $params = [] ): Registers a new domain in WorkMail and SES, and configures it for use by WorkMail.
RegisterToWorkMail ( array $params = [] ): Registers an existing and disabled user, group, or resource for WorkMail use by associating a mailbox and calendaring capabilities.
ResetPassword ( array $params = [] ): Allows the administrator to reset the password for a user.
StartMailboxExportJob ( array $params = [] ): Starts a mailbox export job to export MIME-format email messages and calendar items from the specified mailbox to the specified Amazon Simple Storage Service (Amazon S3) bucket.
TagResource ( array $params = [] ): Applies the specified tags to the specified WorkMailorganization resource.
TestAvailabilityConfiguration ( array $params = [] ): Performs a test on an availability provider to ensure that access is allowed.
UntagResource ( array $params = [] ): Untags the specified tags from the specified WorkMail organization resource.
UpdateAvailabilityConfiguration ( array $params = [] ): Updates an existing AvailabilityConfiguration for the given WorkMail organization and domain.
UpdateDefaultMailDomain ( array $params = [] ): Updates the default mail domain for an organization.
UpdateGroup ( array $params = [] ): Updates attributes in a group.
UpdateImpersonationRole ( array $params = [] ): Updates an impersonation role for the given WorkMail organization.
UpdateMailboxQuota ( array $params = [] ): Updates a user's current mailbox quota for a specified organization and user.
UpdateMobileDeviceAccessRule ( array $params = [] ): Updates a mobile device access rule for the specified WorkMail organization.
UpdatePrimaryEmailAddress ( array $params = [] ): Updates the primary email for a user, group, or resource.
UpdateResource ( array $params = [] ): Updates data for the resource.
UpdateUser ( array $params = [] ): Updates data for the user.

Paginators

Paginators handle automatically iterating over paginated API results. Paginators are associated with specific API operations, and they accept the parameters that the corresponding API operation accepts. You can get a paginator from a client class using getPaginator($paginatorName, $operationParameters). This client supports the following paginators:

ListAliases
ListAvailabilityConfigurations
ListGroupMembers
ListGroups
ListGroupsForEntity
ListImpersonationRoles
ListMailDomains
ListMailboxExportJobs
ListMailboxPermissions
ListMobileDeviceAccessOverrides
ListOrganizations
ListPersonalAccessTokens
ListResourceDelegates
ListResources
ListUsers

Operations

AssociateDelegateToResource

$result = $client->associateDelegateToResource([/* ... */]);
$promise = $client->associateDelegateToResourceAsync([/* ... */]);

Adds a member (user or group) to the resource's set of delegates.

Parameter Syntax

$result = $client->associateDelegateToResource([
    'EntityId' => '<string>', // REQUIRED
    'OrganizationId' => '<string>', // REQUIRED
    'ResourceId' => '<string>', // REQUIRED
]);

Parameter Details

Members

EntityId

: Required: Yes
: Type: string

The member (user or group) to associate to the resource.

The entity ID can accept UserId or GroupID, Username or Groupname, or email.

Entity: 12345678-1234-1234-1234-123456789012 or S-1-1-12-1234567890-123456789-123456789-1234
Email address: entity@domain.tld
Entity: entity

OrganizationId

: Required: Yes
: Type: string

The organization under which the resource exists.

ResourceId

: Required: Yes
: Type: string

The resource for which members (users or groups) are associated.

The identifier can accept ResourceId, Resourcename, or email. The following identity formats are available:

Resource ID: r-0123456789a0123456789b0123456789
Email address: resource@domain.tld
Resource name: resource

Result Syntax

[]

Result Details

The results for this operation are always empty.

Errors

EntityNotFoundException:: The identifier supplied for the user, group, or resource does not exist in your organization.
EntityStateException:: You are performing an operation on a user, group, or resource that isn't in the expected state, such as trying to delete an active user.
InvalidParameterException:: One or more of the input parameters don't match the service's restrictions.
OrganizationNotFoundException:: An operation received a valid organization identifier that either doesn't belong or exist in the system.
OrganizationStateException:: The organization must have a valid state to perform certain operations on the organization or its members.
UnsupportedOperationException:: You can't perform a write operation against a read-only directory.

AssociateMemberToGroup

$result = $client->associateMemberToGroup([/* ... */]);
$promise = $client->associateMemberToGroupAsync([/* ... */]);

Adds a member (user or group) to the group's set.

Parameter Syntax

$result = $client->associateMemberToGroup([
    'GroupId' => '<string>', // REQUIRED
    'MemberId' => '<string>', // REQUIRED
    'OrganizationId' => '<string>', // REQUIRED
]);

Parameter Details

Members

GroupId

: Required: Yes
: Type: string

The group to which the member (user or group) is associated.

The identifier can accept GroupId, Groupname, or email. The following identity formats are available:

Group ID: 12345678-1234-1234-1234-123456789012 or S-1-1-12-1234567890-123456789-123456789-1234
Email address: group@domain.tld
Group name: group

MemberId

: Required: Yes
: Type: string

The member (user or group) to associate to the group.

The member ID can accept UserID or GroupId, Username or Groupname, or email.

Member: 12345678-1234-1234-1234-123456789012 or S-1-1-12-1234567890-123456789-123456789-1234
Email address: member@domain.tld
Member name: member

OrganizationId

: Required: Yes
: Type: string

The organization under which the group exists.

Result Syntax

[]

Result Details

The results for this operation are always empty.

Errors

DirectoryServiceAuthenticationFailedException:: The directory service doesn't recognize the credentials supplied by WorkMail.
DirectoryUnavailableException:: The directory is unavailable. It might be located in another Region or deleted.
EntityNotFoundException:: The identifier supplied for the user, group, or resource does not exist in your organization.
EntityStateException:: You are performing an operation on a user, group, or resource that isn't in the expected state, such as trying to delete an active user.
InvalidParameterException:: One or more of the input parameters don't match the service's restrictions.
OrganizationNotFoundException:: An operation received a valid organization identifier that either doesn't belong or exist in the system.
OrganizationStateException:: The organization must have a valid state to perform certain operations on the organization or its members.
UnsupportedOperationException:: You can't perform a write operation against a read-only directory.

AssumeImpersonationRole

$result = $client->assumeImpersonationRole([/* ... */]);
$promise = $client->assumeImpersonationRoleAsync([/* ... */]);

Assumes an impersonation role for the given WorkMail organization. This method returns an authentication token you can use to make impersonated calls.

Parameter Syntax

$result = $client->assumeImpersonationRole([
    'ImpersonationRoleId' => '<string>', // REQUIRED
    'OrganizationId' => '<string>', // REQUIRED
]);

Parameter Details

Members

ImpersonationRoleId

: Required: Yes
: Type: string

The impersonation role ID to assume.

OrganizationId

: Required: Yes
: Type: string

The WorkMail organization under which the impersonation role will be assumed.

Result Syntax

[
    'ExpiresIn' => <integer>,
    'Token' => '<string>',
]

Result Details

Members

ExpiresIn

: Type: long (int|float)

The authentication token's validity, in seconds.

Token

: Type: string

The authentication token for the impersonation role.

Errors

InvalidParameterException:: One or more of the input parameters don't match the service's restrictions.
OrganizationNotFoundException:: An operation received a valid organization identifier that either doesn't belong or exist in the system.
OrganizationStateException:: The organization must have a valid state to perform certain operations on the organization or its members.
ResourceNotFoundException:: The resource cannot be found.

CancelMailboxExportJob

$result = $client->cancelMailboxExportJob([/* ... */]);
$promise = $client->cancelMailboxExportJobAsync([/* ... */]);

Cancels a mailbox export job.

If the mailbox export job is near completion, it might not be possible to cancel it.

Parameter Syntax

$result = $client->cancelMailboxExportJob([
    'ClientToken' => '<string>', // REQUIRED
    'JobId' => '<string>', // REQUIRED
    'OrganizationId' => '<string>', // REQUIRED
]);

Parameter Details

Members

ClientToken

: Required: Yes
: Type: string

The idempotency token for the client request.

JobId

: Required: Yes
: Type: string

The job ID.

OrganizationId

: Required: Yes
: Type: string

The organization ID.

Result Syntax

[]

Result Details

The results for this operation are always empty.

Errors

InvalidParameterException:: One or more of the input parameters don't match the service's restrictions.
OrganizationNotFoundException:: An operation received a valid organization identifier that either doesn't belong or exist in the system.
OrganizationStateException:: The organization must have a valid state to perform certain operations on the organization or its members.
EntityNotFoundException:: The identifier supplied for the user, group, or resource does not exist in your organization.

CreateAlias

$result = $client->createAlias([/* ... */]);
$promise = $client->createAliasAsync([/* ... */]);

Adds an alias to the set of a given member (user or group) of WorkMail.

Parameter Syntax

$result = $client->createAlias([
    'Alias' => '<string>', // REQUIRED
    'EntityId' => '<string>', // REQUIRED
    'OrganizationId' => '<string>', // REQUIRED
]);

Parameter Details

Members

Alias

: Required: Yes
: Type: string

The alias to add to the member set.

EntityId

: Required: Yes
: Type: string

The member (user or group) to which this alias is added.

OrganizationId

: Required: Yes
: Type: string

The organization under which the member (user or group) exists.

Result Syntax

[]

Result Details

The results for this operation are always empty.

Errors

EmailAddressInUseException:: The email address that you're trying to assign is already created for a different user, group, or resource.
EntityNotFoundException:: The identifier supplied for the user, group, or resource does not exist in your organization.
EntityStateException:: You are performing an operation on a user, group, or resource that isn't in the expected state, such as trying to delete an active user.
InvalidParameterException:: One or more of the input parameters don't match the service's restrictions.
MailDomainNotFoundException:: The domain specified is not found in your organization.
MailDomainStateException:: After a domain has been added to the organization, it must be verified. The domain is not yet verified.
OrganizationNotFoundException:: An operation received a valid organization identifier that either doesn't belong or exist in the system.
OrganizationStateException:: The organization must have a valid state to perform certain operations on the organization or its members.
LimitExceededException:: The request exceeds the limit of the resource.

CreateAvailabilityConfiguration

$result = $client->createAvailabilityConfiguration([/* ... */]);
$promise = $client->createAvailabilityConfigurationAsync([/* ... */]);

Creates an AvailabilityConfiguration for the given WorkMail organization and domain.

Parameter Syntax

$result = $client->createAvailabilityConfiguration([
    'ClientToken' => '<string>',
    'DomainName' => '<string>', // REQUIRED
    'EwsProvider' => [
        'EwsEndpoint' => '<string>', // REQUIRED
        'EwsPassword' => '<string>', // REQUIRED
        'EwsUsername' => '<string>', // REQUIRED
    ],
    'LambdaProvider' => [
        'LambdaArn' => '<string>', // REQUIRED
    ],
    'OrganizationId' => '<string>', // REQUIRED
]);

Parameter Details

Members

ClientToken

: Type: string

An idempotent token that ensures that an API request is executed only once.

DomainName

: Required: Yes
: Type: string

The domain to which the provider applies.

EwsProvider

: Type: EwsAvailabilityProvider structure

Exchange Web Services (EWS) availability provider definition. The request must contain exactly one provider definition, either EwsProvider or LambdaProvider.

LambdaProvider

: Type: LambdaAvailabilityProvider structure

Lambda availability provider definition. The request must contain exactly one provider definition, either EwsProvider or LambdaProvider.

OrganizationId

: Required: Yes
: Type: string

The WorkMail organization for which the AvailabilityConfiguration will be created.

Result Syntax

[]

Result Details

The results for this operation are always empty.

Errors

OrganizationNotFoundException:: An operation received a valid organization identifier that either doesn't belong or exist in the system.
OrganizationStateException:: The organization must have a valid state to perform certain operations on the organization or its members.
NameAvailabilityException:: The user, group, or resource name isn't unique in WorkMail.
InvalidParameterException:: One or more of the input parameters don't match the service's restrictions.
LimitExceededException:: The request exceeds the limit of the resource.

CreateGroup

$result = $client->createGroup([/* ... */]);
$promise = $client->createGroupAsync([/* ... */]);

Creates a group that can be used in WorkMail by calling the RegisterToWorkMail operation.

Parameter Syntax

$result = $client->createGroup([
    'HiddenFromGlobalAddressList' => true || false,
    'Name' => '<string>', // REQUIRED
    'OrganizationId' => '<string>', // REQUIRED
]);

Parameter Details

Members

HiddenFromGlobalAddressList

: Type: boolean

If this parameter is enabled, the group will be hidden from the address book.

Name

: Required: Yes
: Type: string

The name of the group.

OrganizationId

: Required: Yes
: Type: string

The organization under which the group is to be created.

Result Syntax

[
    'GroupId' => '<string>',
]

Result Details

Members

GroupId

: Type: string

The identifier of the group.

Errors

DirectoryServiceAuthenticationFailedException:: The directory service doesn't recognize the credentials supplied by WorkMail.
DirectoryUnavailableException:: The directory is unavailable. It might be located in another Region or deleted.
InvalidParameterException:: One or more of the input parameters don't match the service's restrictions.
NameAvailabilityException:: The user, group, or resource name isn't unique in WorkMail.
OrganizationNotFoundException:: An operation received a valid organization identifier that either doesn't belong or exist in the system.
OrganizationStateException:: The organization must have a valid state to perform certain operations on the organization or its members.
ReservedNameException:: This user, group, or resource name is not allowed in WorkMail.
UnsupportedOperationException:: You can't perform a write operation against a read-only directory.

CreateIdentityCenterApplication

$result = $client->createIdentityCenterApplication([/* ... */]);
$promise = $client->createIdentityCenterApplicationAsync([/* ... */]);

Creates the WorkMail application in IAM Identity Center that can be used later in the WorkMail - IdC integration. For more information, see PutIdentityProviderConfiguration. This action does not affect the authentication settings for any WorkMail organizations.

Parameter Syntax

$result = $client->createIdentityCenterApplication([
    'ClientToken' => '<string>',
    'InstanceArn' => '<string>', // REQUIRED
    'Name' => '<string>', // REQUIRED
]);

Parameter Details

Members

ClientToken

: Type: string

The idempotency token associated with the request.

InstanceArn

: Required: Yes
: Type: string

The Amazon Resource Name (ARN) of the instance.

Name

: Required: Yes
: Type: string

The name of the IAM Identity Center application.

Result Syntax

[
    'ApplicationArn' => '<string>',
]

Result Details

Members

ApplicationArn

: Type: string

The Amazon Resource Name (ARN) of the application.

Errors

InvalidParameterException:: One or more of the input parameters don't match the service's restrictions.

CreateImpersonationRole

$result = $client->createImpersonationRole([/* ... */]);
$promise = $client->createImpersonationRoleAsync([/* ... */]);

Creates an impersonation role for the given WorkMail organization.

Idempotency ensures that an API request completes no more than one time. With an idempotent request, if the original request completes successfully, any subsequent retries also complete successfully without performing any further actions.

Parameter Syntax

$result = $client->createImpersonationRole([
    'ClientToken' => '<string>',
    'Description' => '<string>',
    'Name' => '<string>', // REQUIRED
    'OrganizationId' => '<string>', // REQUIRED
    'Rules' => [ // REQUIRED
        [
            'Description' => '<string>',
            'Effect' => 'ALLOW|DENY', // REQUIRED
            'ImpersonationRuleId' => '<string>', // REQUIRED
            'Name' => '<string>',
            'NotTargetUsers' => ['<string>', ...],
            'TargetUsers' => ['<string>', ...],
        ],
        // ...
    ],
    'Type' => 'FULL_ACCESS|READ_ONLY', // REQUIRED
]);

Parameter Details

Members

ClientToken

: Type: string

The idempotency token for the client request.

Description

: Type: string

The description of the new impersonation role.

Name

: Required: Yes
: Type: string

The name of the new impersonation role.

OrganizationId

: Required: Yes
: Type: string

The WorkMail organization to create the new impersonation role within.

Rules

: Required: Yes
: Type: Array of ImpersonationRule structures

The list of rules for the impersonation role.

Type

: Required: Yes
: Type: string

The impersonation role's type. The available impersonation role types are READ_ONLY or FULL_ACCESS.

Result Syntax

[
    'ImpersonationRoleId' => '<string>',
]

Result Details

Members

ImpersonationRoleId

: Type: string

The new impersonation role ID.

Errors

InvalidParameterException:: One or more of the input parameters don't match the service's restrictions.
OrganizationNotFoundException:: An operation received a valid organization identifier that either doesn't belong or exist in the system.
OrganizationStateException:: The organization must have a valid state to perform certain operations on the organization or its members.
EntityNotFoundException:: The identifier supplied for the user, group, or resource does not exist in your organization.
EntityStateException:: You are performing an operation on a user, group, or resource that isn't in the expected state, such as trying to delete an active user.
LimitExceededException:: The request exceeds the limit of the resource.

CreateMobileDeviceAccessRule

$result = $client->createMobileDeviceAccessRule([/* ... */]);
$promise = $client->createMobileDeviceAccessRuleAsync([/* ... */]);

Creates a new mobile device access rule for the specified WorkMail organization.

Parameter Syntax

$result = $client->createMobileDeviceAccessRule([
    'ClientToken' => '<string>',
    'Description' => '<string>',
    'DeviceModels' => ['<string>', ...],
    'DeviceOperatingSystems' => ['<string>', ...],
    'DeviceTypes' => ['<string>', ...],
    'DeviceUserAgents' => ['<string>', ...],
    'Effect' => 'ALLOW|DENY', // REQUIRED
    'Name' => '<string>', // REQUIRED
    'NotDeviceModels' => ['<string>', ...],
    'NotDeviceOperatingSystems' => ['<string>', ...],
    'NotDeviceTypes' => ['<string>', ...],
    'NotDeviceUserAgents' => ['<string>', ...],
    'OrganizationId' => '<string>', // REQUIRED
]);

Parameter Details

Members

ClientToken

: Type: string

The idempotency token for the client request.

Description

: Type: string

The rule description.

DeviceModels

: Type: Array of strings

Device models that the rule will match.

DeviceOperatingSystems

: Type: Array of strings

Device operating systems that the rule will match.

DeviceTypes

: Type: Array of strings

Device types that the rule will match.

DeviceUserAgents

: Type: Array of strings

Device user agents that the rule will match.

Effect

: Required: Yes
: Type: string

The effect of the rule when it matches. Allowed values are ALLOW or DENY.

Name

: Required: Yes
: Type: string

The rule name.

NotDeviceModels

: Type: Array of strings

Device models that the rule will not match. All other device models will match.

NotDeviceOperatingSystems

: Type: Array of strings

Device operating systems that the rule will not match. All other device operating systems will match.

NotDeviceTypes

: Type: Array of strings

Device types that the rule will not match. All other device types will match.

NotDeviceUserAgents

: Type: Array of strings

Device user agents that the rule will not match. All other device user agents will match.

OrganizationId

: Required: Yes
: Type: string

The WorkMail organization under which the rule will be created.

Result Syntax

[
    'MobileDeviceAccessRuleId' => '<string>',
]

Result Details

Members

MobileDeviceAccessRuleId

: Type: string

The identifier for the newly created mobile device access rule.

Errors

InvalidParameterException:: One or more of the input parameters don't match the service's restrictions.
LimitExceededException:: The request exceeds the limit of the resource.
OrganizationNotFoundException:: An operation received a valid organization identifier that either doesn't belong or exist in the system.
OrganizationStateException:: The organization must have a valid state to perform certain operations on the organization or its members.

CreateOrganization

$result = $client->createOrganization([/* ... */]);
$promise = $client->createOrganizationAsync([/* ... */]);

Creates a new WorkMail organization. Optionally, you can choose to associate an existing AWS Directory Service directory with your organization. If an AWS Directory Service directory ID is specified, the organization alias must match the directory alias. If you choose not to associate an existing directory with your organization, then we create a new WorkMail directory for you. For more information, see Adding an organization in the WorkMail Administrator Guide.

You can associate multiple email domains with an organization, then choose your default email domain from the WorkMail console. You can also associate a domain that is managed in an Amazon Route 53 public hosted zone. For more information, see Adding a domain and Choosing the default domain in the WorkMail Administrator Guide.

Optionally, you can use a customer managed key from AWS Key Management Service (AWS KMS) to encrypt email for your organization. If you don't associate an AWS KMS key, WorkMail creates a default, AWS managed key for you.

Parameter Syntax

$result = $client->createOrganization([
    'Alias' => '<string>', // REQUIRED
    'ClientToken' => '<string>',
    'DirectoryId' => '<string>',
    'Domains' => [
        [
            'DomainName' => '<string>', // REQUIRED
            'HostedZoneId' => '<string>',
        ],
        // ...
    ],
    'EnableInteroperability' => true || false,
    'KmsKeyArn' => '<string>',
]);

Parameter Details

Members

Alias

: Required: Yes
: Type: string

The organization alias.

ClientToken

: Type: string

The idempotency token associated with the request.

DirectoryId

: Type: string

The AWS Directory Service directory ID.

Domains

: Type: Array of Domain structures

The email domains to associate with the organization.

EnableInteroperability

: Type: boolean

When true, allows organization interoperability between WorkMail and Microsoft Exchange. If true, you must include a AD Connector directory ID in the request.

KmsKeyArn

: Type: string

The Amazon Resource Name (ARN) of a customer managed key from AWS KMS.

Result Syntax

[
    'OrganizationId' => '<string>',
]

Result Details

Members

OrganizationId

: Type: string

The organization ID.

Errors

InvalidParameterException:: One or more of the input parameters don't match the service's restrictions.
DirectoryInUseException:: The directory is already in use by another WorkMail organization in the same account and Region.
DirectoryUnavailableException:: The directory is unavailable. It might be located in another Region or deleted.
LimitExceededException:: The request exceeds the limit of the resource.
NameAvailabilityException:: The user, group, or resource name isn't unique in WorkMail.

CreateResource

$result = $client->createResource([/* ... */]);
$promise = $client->createResourceAsync([/* ... */]);

Creates a new WorkMail resource.

Parameter Syntax

$result = $client->createResource([
    'Description' => '<string>',
    'HiddenFromGlobalAddressList' => true || false,
    'Name' => '<string>', // REQUIRED
    'OrganizationId' => '<string>', // REQUIRED
    'Type' => 'ROOM|EQUIPMENT', // REQUIRED
]);

Parameter Details

Members

Description

: Type: string

Resource description.

HiddenFromGlobalAddressList

: Type: boolean

If this parameter is enabled, the resource will be hidden from the address book.

Name

: Required: Yes
: Type: string

The name of the new resource.

OrganizationId

: Required: Yes
: Type: string

The identifier associated with the organization for which the resource is created.

Type

: Required: Yes
: Type: string

The type of the new resource. The available types are equipment and room.

Result Syntax

[
    'ResourceId' => '<string>',
]

Result Details

Members

ResourceId

: Type: string

The identifier of the new resource.

Errors

DirectoryServiceAuthenticationFailedException:: The directory service doesn't recognize the credentials supplied by WorkMail.
DirectoryUnavailableException:: The directory is unavailable. It might be located in another Region or deleted.
InvalidParameterException:: One or more of the input parameters don't match the service's restrictions.
NameAvailabilityException:: The user, group, or resource name isn't unique in WorkMail.
OrganizationNotFoundException:: An operation received a valid organization identifier that either doesn't belong or exist in the system.
OrganizationStateException:: The organization must have a valid state to perform certain operations on the organization or its members.
ReservedNameException:: This user, group, or resource name is not allowed in WorkMail.
UnsupportedOperationException:: You can't perform a write operation against a read-only directory.

CreateUser

$result = $client->createUser([/* ... */]);
$promise = $client->createUserAsync([/* ... */]);

Creates a user who can be used in WorkMail by calling the RegisterToWorkMail operation.

Parameter Syntax

$result = $client->createUser([
    'DisplayName' => '<string>', // REQUIRED
    'FirstName' => '<string>',
    'HiddenFromGlobalAddressList' => true || false,
    'IdentityProviderUserId' => '<string>',
    'LastName' => '<string>',
    'Name' => '<string>', // REQUIRED
    'OrganizationId' => '<string>', // REQUIRED
    'Password' => '<string>',
    'Role' => 'USER|RESOURCE|SYSTEM_USER|REMOTE_USER',
]);

Parameter Details

Members

DisplayName

: Required: Yes
: Type: string

The display name for the new user.

FirstName

: Type: string

The first name of the new user.

HiddenFromGlobalAddressList

: Type: boolean

If this parameter is enabled, the user will be hidden from the address book.

IdentityProviderUserId

: Type: string

User ID from the IAM Identity Center. If this parameter is empty it will be updated automatically when the user logs in for the first time to the mailbox associated with WorkMail.

LastName

: Type: string

The last name of the new user.

Name

: Required: Yes
: Type: string

The name for the new user. WorkMail directory user names have a maximum length of 64. All others have a maximum length of 20.

OrganizationId

: Required: Yes
: Type: string

The identifier of the organization for which the user is created.

Password

: Type: string

The password for the new user.

Role

: Type: string

The role of the new user.

You cannot pass SYSTEM_USER or RESOURCE role in a single request. When a user role is not selected, the default role of USER is selected.

Result Syntax

[
    'UserId' => '<string>',
]

Result Details

Members

UserId

: Type: string

The identifier for the new user.

Errors

DirectoryServiceAuthenticationFailedException:: The directory service doesn't recognize the credentials supplied by WorkMail.
DirectoryUnavailableException:: The directory is unavailable. It might be located in another Region or deleted.
InvalidParameterException:: One or more of the input parameters don't match the service's restrictions.
InvalidPasswordException:: The supplied password doesn't match the minimum security constraints, such as length or use of special characters.
NameAvailabilityException:: The user, group, or resource name isn't unique in WorkMail.
OrganizationNotFoundException:: An operation received a valid organization identifier that either doesn't belong or exist in the system.
OrganizationStateException:: The organization must have a valid state to perform certain operations on the organization or its members.
ReservedNameException:: This user, group, or resource name is not allowed in WorkMail.
UnsupportedOperationException:: You can't perform a write operation against a read-only directory.

DeleteAccessControlRule

$result = $client->deleteAccessControlRule([/* ... */]);
$promise = $client->deleteAccessControlRuleAsync([/* ... */]);

Deletes an access control rule for the specified WorkMail organization.

Deleting already deleted and non-existing rules does not produce an error. In those cases, the service sends back an HTTP 200 response with an empty HTTP body.

Parameter Syntax

$result = $client->deleteAccessControlRule([
    'Name' => '<string>', // REQUIRED
    'OrganizationId' => '<string>', // REQUIRED
]);

Parameter Details

Members

Name

: Required: Yes
: Type: string

The name of the access control rule.

OrganizationId

: Required: Yes
: Type: string

The identifier for the organization.

Result Syntax

[]

Result Details

The results for this operation are always empty.

Errors

OrganizationNotFoundException:: An operation received a valid organization identifier that either doesn't belong or exist in the system.
OrganizationStateException:: The organization must have a valid state to perform certain operations on the organization or its members.

DeleteAlias

$result = $client->deleteAlias([/* ... */]);
$promise = $client->deleteAliasAsync([/* ... */]);

Remove one or more specified aliases from a set of aliases for a given user.

Parameter Syntax

$result = $client->deleteAlias([
    'Alias' => '<string>', // REQUIRED
    'EntityId' => '<string>', // REQUIRED
    'OrganizationId' => '<string>', // REQUIRED
]);

Parameter Details

Members

Alias

: Required: Yes
: Type: string

The aliases to be removed from the user's set of aliases. Duplicate entries in the list are collapsed into single entries (the list is transformed into a set).

EntityId

: Required: Yes
: Type: string

The identifier for the member (user or group) from which to have the aliases removed.

OrganizationId

: Required: Yes
: Type: string

The identifier for the organization under which the user exists.

Result Syntax

[]

Result Details

The results for this operation are always empty.

Errors

EntityNotFoundException:: The identifier supplied for the user, group, or resource does not exist in your organization.
EntityStateException:: You are performing an operation on a user, group, or resource that isn't in the expected state, such as trying to delete an active user.
InvalidParameterException:: One or more of the input parameters don't match the service's restrictions.
OrganizationNotFoundException:: An operation received a valid organization identifier that either doesn't belong or exist in the system.
OrganizationStateException:: The organization must have a valid state to perform certain operations on the organization or its members.

DeleteAvailabilityConfiguration

$result = $client->deleteAvailabilityConfiguration([/* ... */]);
$promise = $client->deleteAvailabilityConfigurationAsync([/* ... */]);

Deletes the AvailabilityConfiguration for the given WorkMail organization and domain.

Parameter Syntax

$result = $client->deleteAvailabilityConfiguration([
    'DomainName' => '<string>', // REQUIRED
    'OrganizationId' => '<string>', // REQUIRED
]);

Parameter Details

Members

DomainName

: Required: Yes
: Type: string

The domain for which the AvailabilityConfiguration will be deleted.

OrganizationId

: Required: Yes
: Type: string

The WorkMail organization for which the AvailabilityConfiguration will be deleted.

Result Syntax

[]

Result Details

The results for this operation are always empty.

Errors

OrganizationNotFoundException:: An operation received a valid organization identifier that either doesn't belong or exist in the system.
OrganizationStateException:: The organization must have a valid state to perform certain operations on the organization or its members.

DeleteEmailMonitoringConfiguration

$result = $client->deleteEmailMonitoringConfiguration([/* ... */]);
$promise = $client->deleteEmailMonitoringConfigurationAsync([/* ... */]);

Deletes the email monitoring configuration for a specified organization.

Parameter Syntax

$result = $client->deleteEmailMonitoringConfiguration([
    'OrganizationId' => '<string>', // REQUIRED
]);

Parameter Details

Members

OrganizationId

: Required: Yes
: Type: string

The ID of the organization from which the email monitoring configuration is deleted.

Result Syntax

[]

Result Details

The results for this operation are always empty.

Errors

InvalidParameterException:: One or more of the input parameters don't match the service's restrictions.
OrganizationNotFoundException:: An operation received a valid organization identifier that either doesn't belong or exist in the system.
OrganizationStateException:: The organization must have a valid state to perform certain operations on the organization or its members.

DeleteGroup

$result = $client->deleteGroup([/* ... */]);
$promise = $client->deleteGroupAsync([/* ... */]);

Deletes a group from WorkMail.

Parameter Syntax

$result = $client->deleteGroup([
    'GroupId' => '<string>', // REQUIRED
    'OrganizationId' => '<string>', // REQUIRED
]);

Parameter Details

Members

GroupId

: Required: Yes
: Type: string

The identifier of the group to be deleted.

The identifier can be the GroupId, or Groupname. The following identity formats are available:

Group ID: 12345678-1234-1234-1234-123456789012 or S-1-1-12-1234567890-123456789-123456789-1234
Group name: group

OrganizationId

: Required: Yes
: Type: string

The organization that contains the group.

Result Syntax

[]

Result Details

The results for this operation are always empty.

Errors

DirectoryServiceAuthenticationFailedException:: The directory service doesn't recognize the credentials supplied by WorkMail.
DirectoryUnavailableException:: The directory is unavailable. It might be located in another Region or deleted.
EntityStateException:: You are performing an operation on a user, group, or resource that isn't in the expected state, such as trying to delete an active user.
InvalidParameterException:: One or more of the input parameters don't match the service's restrictions.
OrganizationNotFoundException:: An operation received a valid organization identifier that either doesn't belong or exist in the system.
OrganizationStateException:: The organization must have a valid state to perform certain operations on the organization or its members.
UnsupportedOperationException:: You can't perform a write operation against a read-only directory.

DeleteIdentityCenterApplication

$result = $client->deleteIdentityCenterApplication([/* ... */]);
$promise = $client->deleteIdentityCenterApplicationAsync([/* ... */]);

Deletes the IAM Identity Center application from WorkMail. This action does not affect the authentication settings for any WorkMail organizations.

Parameter Syntax

$result = $client->deleteIdentityCenterApplication([
    'ApplicationArn' => '<string>', // REQUIRED
]);

Parameter Details

Members

ApplicationArn

: Required: Yes
: Type: string

The Amazon Resource Name (ARN) of the application.

Result Syntax

[]

Result Details

The results for this operation are always empty.

Errors

InvalidParameterException:: One or more of the input parameters don't match the service's restrictions.
OrganizationStateException:: The organization must have a valid state to perform certain operations on the organization or its members.

DeleteIdentityProviderConfiguration

$result = $client->deleteIdentityProviderConfiguration([/* ... */]);
$promise = $client->deleteIdentityProviderConfigurationAsync([/* ... */]);

Disables the integration between IdC and WorkMail. Authentication will continue with the directory as it was before the IdC integration. You might have to reset your directory passwords and reconfigure your desktop and mobile email clients.

Parameter Syntax

$result = $client->deleteIdentityProviderConfiguration([
    'OrganizationId' => '<string>', // REQUIRED
]);

Parameter Details

Members

OrganizationId

: Required: Yes
: Type: string

The Organization ID.

Result Syntax

[]

Result Details

The results for this operation are always empty.

Errors

InvalidParameterException:: One or more of the input parameters don't match the service's restrictions.
OrganizationNotFoundException:: An operation received a valid organization identifier that either doesn't belong or exist in the system.
OrganizationStateException:: The organization must have a valid state to perform certain operations on the organization or its members.

DeleteImpersonationRole

$result = $client->deleteImpersonationRole([/* ... */]);
$promise = $client->deleteImpersonationRoleAsync([/* ... */]);

Deletes an impersonation role for the given WorkMail organization.

Parameter Syntax

$result = $client->deleteImpersonationRole([
    'ImpersonationRoleId' => '<string>', // REQUIRED
    'OrganizationId' => '<string>', // REQUIRED
]);

Parameter Details

Members

ImpersonationRoleId

: Required: Yes
: Type: string

The ID of the impersonation role to delete.

OrganizationId

: Required: Yes
: Type: string

The WorkMail organization from which to delete the impersonation role.

Result Syntax

[]

Result Details

The results for this operation are always empty.

Errors

InvalidParameterException:: One or more of the input parameters don't match the service's restrictions.
OrganizationNotFoundException:: An operation received a valid organization identifier that either doesn't belong or exist in the system.
OrganizationStateException:: The organization must have a valid state to perform certain operations on the organization or its members.

DeleteMailboxPermissions

$result = $client->deleteMailboxPermissions([/* ... */]);
$promise = $client->deleteMailboxPermissionsAsync([/* ... */]);

Deletes permissions granted to a member (user or group).

Parameter Syntax

$result = $client->deleteMailboxPermissions([
    'EntityId' => '<string>', // REQUIRED
    'GranteeId' => '<string>', // REQUIRED
    'OrganizationId' => '<string>', // REQUIRED
]);

Parameter Details

Members

EntityId

: Required: Yes
: Type: string

The identifier of the entity that owns the mailbox.

The identifier can be UserId or Group Id, Username or Groupname, or email.

Entity ID: 12345678-1234-1234-1234-123456789012, r-0123456789a0123456789b0123456789, or S-1-1-12-1234567890-123456789-123456789-1234
Email address: entity@domain.tld
Entity name: entity

GranteeId

: Required: Yes
: Type: string

The identifier of the entity for which to delete granted permissions.

The identifier can be UserId, ResourceID, or Group Id, Username or Groupname, or email.

Grantee ID: 12345678-1234-1234-1234-123456789012,r-0123456789a0123456789b0123456789, or S-1-1-12-1234567890-123456789-123456789-1234
Email address: grantee@domain.tld
Grantee name: grantee

OrganizationId

: Required: Yes
: Type: string

The identifier of the organization under which the member (user or group) exists.

Result Syntax

[]

Result Details

The results for this operation are always empty.

Errors

EntityNotFoundException:: The identifier supplied for the user, group, or resource does not exist in your organization.
EntityStateException:: You are performing an operation on a user, group, or resource that isn't in the expected state, such as trying to delete an active user.
InvalidParameterException:: One or more of the input parameters don't match the service's restrictions.
OrganizationNotFoundException:: An operation received a valid organization identifier that either doesn't belong or exist in the system.
OrganizationStateException:: The organization must have a valid state to perform certain operations on the organization or its members.

DeleteMobileDeviceAccessOverride

$result = $client->deleteMobileDeviceAccessOverride([/* ... */]);
$promise = $client->deleteMobileDeviceAccessOverrideAsync([/* ... */]);

Deletes the mobile device access override for the given WorkMail organization, user, and device.

Deleting already deleted and non-existing overrides does not produce an error. In those cases, the service sends back an HTTP 200 response with an empty HTTP body.

Parameter Syntax

$result = $client->deleteMobileDeviceAccessOverride([
    'DeviceId' => '<string>', // REQUIRED
    'OrganizationId' => '<string>', // REQUIRED
    'UserId' => '<string>', // REQUIRED
]);

Parameter Details

Members

DeviceId

: Required: Yes
: Type: string

The mobile device for which you delete the override. DeviceId is case insensitive.

OrganizationId

: Required: Yes
: Type: string

The WorkMail organization for which the access override will be deleted.

UserId

: Required: Yes
: Type: string

The WorkMail user for which you want to delete the override. Accepts the following types of user identities:

User ID: 12345678-1234-1234-1234-123456789012 or S-1-1-12-1234567890-123456789-123456789-1234
Email address: user@domain.tld
User name: user

Result Syntax

[]

Result Details

The results for this operation are always empty.

Errors

InvalidParameterException:: One or more of the input parameters don't match the service's restrictions.
OrganizationNotFoundException:: An operation received a valid organization identifier that either doesn't belong or exist in the system.
OrganizationStateException:: The organization must have a valid state to perform certain operations on the organization or its members.
EntityNotFoundException:: The identifier supplied for the user, group, or resource does not exist in your organization.

DeleteMobileDeviceAccessRule

$result = $client->deleteMobileDeviceAccessRule([/* ... */]);
$promise = $client->deleteMobileDeviceAccessRuleAsync([/* ... */]);

Deletes a mobile device access rule for the specified WorkMail organization.

Deleting already deleted and non-existing rules does not produce an error. In those cases, the service sends back an HTTP 200 response with an empty HTTP body.

Parameter Syntax

$result = $client->deleteMobileDeviceAccessRule([
    'MobileDeviceAccessRuleId' => '<string>', // REQUIRED
    'OrganizationId' => '<string>', // REQUIRED
]);

Parameter Details

Members

MobileDeviceAccessRuleId

: Required: Yes
: Type: string

The identifier of the rule to be deleted.

OrganizationId

: Required: Yes
: Type: string

The WorkMail organization under which the rule will be deleted.

Result Syntax

[]

Result Details

The results for this operation are always empty.

Errors

InvalidParameterException:: One or more of the input parameters don't match the service's restrictions.
OrganizationNotFoundException:: An operation received a valid organization identifier that either doesn't belong or exist in the system.
OrganizationStateException:: The organization must have a valid state to perform certain operations on the organization or its members.

DeleteOrganization

$result = $client->deleteOrganization([/* ... */]);
$promise = $client->deleteOrganizationAsync([/* ... */]);

Deletes an WorkMail organization and all underlying AWS resources managed by WorkMail as part of the organization. You can choose whether to delete the associated directory. For more information, see Removing an organization in the WorkMail Administrator Guide.

Parameter Syntax

$result = $client->deleteOrganization([
    'ClientToken' => '<string>',
    'DeleteDirectory' => true || false, // REQUIRED
    'DeleteIdentityCenterApplication' => true || false,
    'ForceDelete' => true || false,
    'OrganizationId' => '<string>', // REQUIRED
]);

Parameter Details

Members

ClientToken

: Type: string

The idempotency token associated with the request.

DeleteDirectory

: Required: Yes
: Type: boolean

If true, deletes the AWS Directory Service directory associated with the organization.

DeleteIdentityCenterApplication

: Type: boolean

Deletes IAM Identity Center application for WorkMail. This action does not affect authentication settings for any organization.

ForceDelete

: Type: boolean

Deletes a WorkMail organization even if the organization has enabled users.

OrganizationId

: Required: Yes
: Type: string

The organization ID.

Result Syntax

[
    'OrganizationId' => '<string>',
    'State' => '<string>',
]

Result Details

Members

OrganizationId

: Type: string

The organization ID.

State

: Type: string

The state of the organization.

Errors

InvalidParameterException:: One or more of the input parameters don't match the service's restrictions.
OrganizationNotFoundException:: An operation received a valid organization identifier that either doesn't belong or exist in the system.
OrganizationStateException:: The organization must have a valid state to perform certain operations on the organization or its members.

DeletePersonalAccessToken

$result = $client->deletePersonalAccessToken([/* ... */]);
$promise = $client->deletePersonalAccessTokenAsync([/* ... */]);

Deletes the Personal Access Token from the provided WorkMail Organization.

Parameter Syntax

$result = $client->deletePersonalAccessToken([
    'OrganizationId' => '<string>', // REQUIRED
    'PersonalAccessTokenId' => '<string>', // REQUIRED
]);

Parameter Details

Members

OrganizationId

: Required: Yes
: Type: string

The Organization ID.

PersonalAccessTokenId

: Required: Yes
: Type: string

The Personal Access Token ID.

Result Syntax

[]

Result Details

The results for this operation are always empty.

Errors

InvalidParameterException:: One or more of the input parameters don't match the service's restrictions.
OrganizationNotFoundException:: An operation received a valid organization identifier that either doesn't belong or exist in the system.
OrganizationStateException:: The organization must have a valid state to perform certain operations on the organization or its members.

DeleteResource

$result = $client->deleteResource([/* ... */]);
$promise = $client->deleteResourceAsync([/* ... */]);

Deletes the specified resource.

Parameter Syntax

$result = $client->deleteResource([
    'OrganizationId' => '<string>', // REQUIRED
    'ResourceId' => '<string>', // REQUIRED
]);

Parameter Details

Members

OrganizationId

: Required: Yes
: Type: string

The identifier associated with the organization from which the resource is deleted.

ResourceId

: Required: Yes
: Type: string

The identifier of the resource to be deleted.

The identifier can accept ResourceId, or Resourcename. The following identity formats are available:

Resource ID: r-0123456789a0123456789b0123456789
Resource name: resource

Result Syntax

[]

Result Details

The results for this operation are always empty.

Errors

EntityStateException:: You are performing an operation on a user, group, or resource that isn't in the expected state, such as trying to delete an active user.
InvalidParameterException:: One or more of the input parameters don't match the service's restrictions.
OrganizationNotFoundException:: An operation received a valid organization identifier that either doesn't belong or exist in the system.
OrganizationStateException:: The organization must have a valid state to perform certain operations on the organization or its members.
UnsupportedOperationException:: You can't perform a write operation against a read-only directory.

DeleteRetentionPolicy

$result = $client->deleteRetentionPolicy([/* ... */]);
$promise = $client->deleteRetentionPolicyAsync([/* ... */]);

Deletes the specified retention policy from the specified organization.

Parameter Syntax

$result = $client->deleteRetentionPolicy([
    'Id' => '<string>', // REQUIRED
    'OrganizationId' => '<string>', // REQUIRED
]);

Parameter Details

Members

Id

: Required: Yes
: Type: string

The retention policy ID.

OrganizationId

: Required: Yes
: Type: string

The organization ID.

Result Syntax

[]

Result Details

The results for this operation are always empty.

Errors

InvalidParameterException:: One or more of the input parameters don't match the service's restrictions.
OrganizationNotFoundException:: An operation received a valid organization identifier that either doesn't belong or exist in the system.
OrganizationStateException:: The organization must have a valid state to perform certain operations on the organization or its members.

DeleteUser

$result = $client->deleteUser([/* ... */]);
$promise = $client->deleteUserAsync([/* ... */]);

Deletes a user from WorkMail and all subsequent systems. Before you can delete a user, the user state must be DISABLED. Use the DescribeUser action to confirm the user state.

Deleting a user is permanent and cannot be undone. WorkMail archives user mailboxes for 30 days before they are permanently removed.

Parameter Syntax

$result = $client->deleteUser([
    'OrganizationId' => '<string>', // REQUIRED
    'UserId' => '<string>', // REQUIRED
]);

Parameter Details

Members

OrganizationId

: Required: Yes
: Type: string

The organization that contains the user to be deleted.

UserId

: Required: Yes
: Type: string

The identifier of the user to be deleted.

The identifier can be the UserId or Username. The following identity formats are available:

User ID: 12345678-1234-1234-1234-123456789012 or S-1-1-12-1234567890-123456789-123456789-1234
User name: user

Result Syntax

[]

Result Details

The results for this operation are always empty.

Errors

DirectoryServiceAuthenticationFailedException:: The directory service doesn't recognize the credentials supplied by WorkMail.
DirectoryUnavailableException:: The directory is unavailable. It might be located in another Region or deleted.
EntityStateException:: You are performing an operation on a user, group, or resource that isn't in the expected state, such as trying to delete an active user.
InvalidParameterException:: One or more of the input parameters don't match the service's restrictions.
OrganizationNotFoundException:: An operation received a valid organization identifier that either doesn't belong or exist in the system.
OrganizationStateException:: The organization must have a valid state to perform certain operations on the organization or its members.
UnsupportedOperationException:: You can't perform a write operation against a read-only directory.

DeregisterFromWorkMail

$result = $client->deregisterFromWorkMail([/* ... */]);
$promise = $client->deregisterFromWorkMailAsync([/* ... */]);

Mark a user, group, or resource as no longer used in WorkMail. This action disassociates the mailbox and schedules it for clean-up. WorkMail keeps mailboxes for 30 days before they are permanently removed. The functionality in the console is Disable.

Parameter Syntax

$result = $client->deregisterFromWorkMail([
    'EntityId' => '<string>', // REQUIRED
    'OrganizationId' => '<string>', // REQUIRED
]);

Parameter Details

Members

EntityId

: Required: Yes
: Type: string

The identifier for the member to be updated.

The identifier can be UserId, ResourceId, or Group Id, Username, Resourcename, or Groupname, or email.

Entity ID: 12345678-1234-1234-1234-123456789012, r-0123456789a0123456789b0123456789, or S-1-1-12-1234567890-123456789-123456789-1234
Email address: entity@domain.tld
Entity name: entity

OrganizationId

: Required: Yes
: Type: string

The identifier for the organization under which the WorkMail entity exists.

Result Syntax

[]

Result Details

The results for this operation are always empty.

Errors

EntityNotFoundException:: The identifier supplied for the user, group, or resource does not exist in your organization.
EntityStateException:: You are performing an operation on a user, group, or resource that isn't in the expected state, such as trying to delete an active user.
InvalidParameterException:: One or more of the input parameters don't match the service's restrictions.
OrganizationNotFoundException:: An operation received a valid organization identifier that either doesn't belong or exist in the system.
OrganizationStateException:: The organization must have a valid state to perform certain operations on the organization or its members.

DeregisterMailDomain

$result = $client->deregisterMailDomain([/* ... */]);
$promise = $client->deregisterMailDomainAsync([/* ... */]);

Removes a domain from WorkMail, stops email routing to WorkMail, and removes the authorization allowing WorkMail use. SES keeps the domain because other applications may use it. You must first remove any email address used by WorkMail entities before you remove the domain.

Parameter Syntax

$result = $client->deregisterMailDomain([
    'DomainName' => '<string>', // REQUIRED
    'OrganizationId' => '<string>', // REQUIRED
]);

Parameter Details

Members

DomainName

: Required: Yes
: Type: string

The domain to deregister in WorkMail and SES.

OrganizationId

: Required: Yes
: Type: string

The WorkMail organization for which the domain will be deregistered.

Result Syntax

[]

Result Details

The results for this operation are always empty.

Errors

MailDomainInUseException:: The domain you're trying to change is in use by another user or organization in your account. See the error message for details.
OrganizationNotFoundException:: An operation received a valid organization identifier that either doesn't belong or exist in the system.
OrganizationStateException:: The organization must have a valid state to perform certain operations on the organization or its members.
InvalidParameterException:: One or more of the input parameters don't match the service's restrictions.
InvalidCustomSesConfigurationException:: You SES configuration has customizations that WorkMail cannot save. The error message lists the invalid setting. For examples of invalid settings, refer to CreateReceiptRule.

DescribeEmailMonitoringConfiguration

$result = $client->describeEmailMonitoringConfiguration([/* ... */]);
$promise = $client->describeEmailMonitoringConfigurationAsync([/* ... */]);

Describes the current email monitoring configuration for a specified organization.

Parameter Syntax

$result = $client->describeEmailMonitoringConfiguration([
    'OrganizationId' => '<string>', // REQUIRED
]);

Parameter Details

Members

OrganizationId

: Required: Yes
: Type: string

The ID of the organization for which the email monitoring configuration is described.

Result Syntax

[
    'LogGroupArn' => '<string>',
    'RoleArn' => '<string>',
]

Result Details

Members

LogGroupArn

: Type: string

The Amazon Resource Name (ARN) of the CloudWatch Log group associated with the email monitoring configuration.

RoleArn

: Type: string

The Amazon Resource Name (ARN) of the IAM Role associated with the email monitoring configuration.

Errors

ResourceNotFoundException:: The resource cannot be found.
InvalidParameterException:: One or more of the input parameters don't match the service's restrictions.
OrganizationNotFoundException:: An operation received a valid organization identifier that either doesn't belong or exist in the system.
OrganizationStateException:: The organization must have a valid state to perform certain operations on the organization or its members.

DescribeEntity

$result = $client->describeEntity([/* ... */]);
$promise = $client->describeEntityAsync([/* ... */]);

Returns basic details about an entity in WorkMail.

Parameter Syntax

$result = $client->describeEntity([
    'Email' => '<string>', // REQUIRED
    'OrganizationId' => '<string>', // REQUIRED
]);

Parameter Details

Members

Email

: Required: Yes
: Type: string

The email under which the entity exists.

OrganizationId

: Required: Yes
: Type: string

The identifier for the organization under which the entity exists.

Result Syntax

[
    'EntityId' => '<string>',
    'Name' => '<string>',
    'Type' => 'GROUP|USER|RESOURCE',
]

Result Details

Members

EntityId

: Type: string

The entity ID under which the entity exists.

Name

: Type: string

Username, GroupName, or ResourceName based on entity type.

Type

: Type: string

Entity type.

Errors

EntityNotFoundException:: The identifier supplied for the user, group, or resource does not exist in your organization.
InvalidParameterException:: One or more of the input parameters don't match the service's restrictions.
OrganizationNotFoundException:: An operation received a valid organization identifier that either doesn't belong or exist in the system.
OrganizationStateException:: The organization must have a valid state to perform certain operations on the organization or its members.

DescribeGroup

$result = $client->describeGroup([/* ... */]);
$promise = $client->describeGroupAsync([/* ... */]);

Returns the data available for the group.

Parameter Syntax

$result = $client->describeGroup([
    'GroupId' => '<string>', // REQUIRED
    'OrganizationId' => '<string>', // REQUIRED
]);

Parameter Details

Members

GroupId

: Required: Yes
: Type: string

The identifier for the group to be described.

The identifier can accept GroupId, Groupname, or email. The following identity formats are available:

Group ID: 12345678-1234-1234-1234-123456789012 or S-1-1-12-1234567890-123456789-123456789-1234
Email address: group@domain.tld
Group name: group

OrganizationId

: Required: Yes
: Type: string

The identifier for the organization under which the group exists.

Result Syntax

[
    'DisabledDate' => <DateTime>,
    'Email' => '<string>',
    'EnabledDate' => <DateTime>,
    'GroupId' => '<string>',
    'HiddenFromGlobalAddressList' => true || false,
    'Name' => '<string>',
    'State' => 'ENABLED|DISABLED|DELETED',
]

Result Details

Members

DisabledDate

: Type: timestamp (string|DateTime or anything parsable by strtotime)

The date and time when a user was deregistered from WorkMail, in UNIX epoch time format.

Email

: Type: string

The email of the described group.

EnabledDate

: Type: timestamp (string|DateTime or anything parsable by strtotime)

The date and time when a user was registered to WorkMail, in UNIX epoch time format.

GroupId

: Type: string

The identifier of the described group.

HiddenFromGlobalAddressList

: Type: boolean

If the value is set to true, the group is hidden from the address book.

Name

: Type: string

The name of the described group.

State

: Type: string

The state of the user: enabled (registered to WorkMail) or disabled (deregistered or never registered to WorkMail).

Errors

EntityNotFoundException:: The identifier supplied for the user, group, or resource does not exist in your organization.
InvalidParameterException:: One or more of the input parameters don't match the service's restrictions.
OrganizationNotFoundException:: An operation received a valid organization identifier that either doesn't belong or exist in the system.
OrganizationStateException:: The organization must have a valid state to perform certain operations on the organization or its members.

DescribeIdentityProviderConfiguration

$result = $client->describeIdentityProviderConfiguration([/* ... */]);
$promise = $client->describeIdentityProviderConfigurationAsync([/* ... */]);

Returns detailed information on the current IdC setup for the WorkMail organization.

Parameter Syntax

$result = $client->describeIdentityProviderConfiguration([
    'OrganizationId' => '<string>', // REQUIRED
]);

Parameter Details

Members

OrganizationId

: Required: Yes
: Type: string

The Organization ID.

Result Syntax

[
    'AuthenticationMode' => 'IDENTITY_PROVIDER_ONLY|IDENTITY_PROVIDER_AND_DIRECTORY',
    'IdentityCenterConfiguration' => [
        'ApplicationArn' => '<string>',
        'InstanceArn' => '<string>',
    ],
    'PersonalAccessTokenConfiguration' => [
        'LifetimeInDays' => <integer>,
        'Status' => 'ACTIVE|INACTIVE',
    ],
]

Result Details

Members

AuthenticationMode

: Type: string

The authentication mode used in WorkMail.

IdentityCenterConfiguration

: Type: IdentityCenterConfiguration structure

The details of the IAM Identity Center configuration.

PersonalAccessTokenConfiguration

: Type: PersonalAccessTokenConfiguration structure

The details of the Personal Access Token configuration.

Errors

InvalidParameterException:: One or more of the input parameters don't match the service's restrictions.
OrganizationNotFoundException:: An operation received a valid organization identifier that either doesn't belong or exist in the system.
OrganizationStateException:: The organization must have a valid state to perform certain operations on the organization or its members.
ResourceNotFoundException:: The resource cannot be found.

DescribeInboundDmarcSettings

$result = $client->describeInboundDmarcSettings([/* ... */]);
$promise = $client->describeInboundDmarcSettingsAsync([/* ... */]);

Lists the settings in a DMARC policy for a specified organization.

Parameter Syntax

$result = $client->describeInboundDmarcSettings([
    'OrganizationId' => '<string>', // REQUIRED
]);

Parameter Details

Members

OrganizationId

: Required: Yes
: Type: string

Lists the ID of the given organization.

Result Syntax

[
    'Enforced' => true || false,
]

Result Details

Members

Enforced

: Type: boolean

Lists the enforcement setting of the applied policy.

Errors

OrganizationNotFoundException:: An operation received a valid organization identifier that either doesn't belong or exist in the system.
OrganizationStateException:: The organization must have a valid state to perform certain operations on the organization or its members.

DescribeMailboxExportJob

$result = $client->describeMailboxExportJob([/* ... */]);
$promise = $client->describeMailboxExportJobAsync([/* ... */]);

Describes the current status of a mailbox export job.

Parameter Syntax

$result = $client->describeMailboxExportJob([
    'JobId' => '<string>', // REQUIRED
    'OrganizationId' => '<string>', // REQUIRED
]);

Parameter Details

Members

JobId

: Required: Yes
: Type: string

The mailbox export job ID.

OrganizationId

: Required: Yes
: Type: string

The organization ID.

Result Syntax

[
    'Description' => '<string>',
    'EndTime' => <DateTime>,
    'EntityId' => '<string>',
    'ErrorInfo' => '<string>',
    'EstimatedProgress' => <integer>,
    'KmsKeyArn' => '<string>',
    'RoleArn' => '<string>',
    'S3BucketName' => '<string>',
    'S3Path' => '<string>',
    'S3Prefix' => '<string>',
    'StartTime' => <DateTime>,
    'State' => 'RUNNING|COMPLETED|FAILED|CANCELLED',
]

Result Details

Members

Description

: Type: string

The mailbox export job description.

EndTime

: Type: timestamp (string|DateTime or anything parsable by strtotime)

The mailbox export job end timestamp.

EntityId

: Type: string

The identifier of the user or resource associated with the mailbox.

ErrorInfo

: Type: string

Error information for failed mailbox export jobs.

EstimatedProgress

: Type: int

The estimated progress of the mailbox export job, in percentage points.

KmsKeyArn

: Type: string

The Amazon Resource Name (ARN) of the symmetric AWS Key Management Service (AWS KMS) key that encrypts the exported mailbox content.

RoleArn

: Type: string

The ARN of the AWS Identity and Access Management (IAM) role that grants write permission to the Amazon Simple Storage Service (Amazon S3) bucket.

S3BucketName

: Type: string

The name of the S3 bucket.

S3Path

: Type: string

The path to the S3 bucket and file that the mailbox export job is exporting to.

S3Prefix

: Type: string

The S3 bucket prefix.

StartTime

: Type: timestamp (string|DateTime or anything parsable by strtotime)

The mailbox export job start timestamp.

State

: Type: string

The state of the mailbox export job.

Errors

InvalidParameterException:: One or more of the input parameters don't match the service's restrictions.
OrganizationNotFoundException:: An operation received a valid organization identifier that either doesn't belong or exist in the system.
OrganizationStateException:: The organization must have a valid state to perform certain operations on the organization or its members.
EntityNotFoundException:: The identifier supplied for the user, group, or resource does not exist in your organization.

DescribeOrganization

$result = $client->describeOrganization([/* ... */]);
$promise = $client->describeOrganizationAsync([/* ... */]);

Provides more information regarding a given organization based on its identifier.

Parameter Syntax

$result = $client->describeOrganization([
    'OrganizationId' => '<string>', // REQUIRED
]);

Parameter Details

Members

OrganizationId

: Required: Yes
: Type: string

The identifier for the organization to be described.

Result Syntax

[
    'ARN' => '<string>',
    'Alias' => '<string>',
    'CompletedDate' => <DateTime>,
    'DefaultMailDomain' => '<string>',
    'DirectoryId' => '<string>',
    'DirectoryType' => '<string>',
    'ErrorMessage' => '<string>',
    'InteroperabilityEnabled' => true || false,
    'MigrationAdmin' => '<string>',
    'OrganizationId' => '<string>',
    'State' => '<string>',
]

Result Details

Members

ARN

: Type: string

The Amazon Resource Name (ARN) of the organization.

Alias

: Type: string

The alias for an organization.

CompletedDate

: Type: timestamp (string|DateTime or anything parsable by strtotime)

The date at which the organization became usable in the WorkMail context, in UNIX epoch time format.

DefaultMailDomain

: Type: string

The default mail domain associated with the organization.

DirectoryId

: Type: string

The identifier for the directory associated with an WorkMail organization.

DirectoryType

: Type: string

The type of directory associated with the WorkMail organization.

ErrorMessage

: Type: string

(Optional) The error message indicating if unexpected behavior was encountered with regards to the organization.

InteroperabilityEnabled

: Type: boolean

Indicates if interoperability is enabled for this organization.

MigrationAdmin

: Type: string

The user ID of the migration admin if migration is enabled for the organization.

OrganizationId

: Type: string

The identifier of an organization.

State

: Type: string

The state of an organization.

Errors

InvalidParameterException:: One or more of the input parameters don't match the service's restrictions.
OrganizationNotFoundException:: An operation received a valid organization identifier that either doesn't belong or exist in the system.

DescribeResource

$result = $client->describeResource([/* ... */]);
$promise = $client->describeResourceAsync([/* ... */]);

Returns the data available for the resource.

Parameter Syntax

$result = $client->describeResource([
    'OrganizationId' => '<string>', // REQUIRED
    'ResourceId' => '<string>', // REQUIRED
]);

Parameter Details

Members

OrganizationId

: Required: Yes
: Type: string

The identifier associated with the organization for which the resource is described.

ResourceId

: Required: Yes
: Type: string

The identifier of the resource to be described.

The identifier can accept ResourceId, Resourcename, or email. The following identity formats are available:

Resource ID: r-0123456789a0123456789b0123456789
Email address: resource@domain.tld
Resource name: resource

Result Syntax

[
    'BookingOptions' => [
        'AutoAcceptRequests' => true || false,
        'AutoDeclineConflictingRequests' => true || false,
        'AutoDeclineRecurringRequests' => true || false,
    ],
    'Description' => '<string>',
    'DisabledDate' => <DateTime>,
    'Email' => '<string>',
    'EnabledDate' => <DateTime>,
    'HiddenFromGlobalAddressList' => true || false,
    'Name' => '<string>',
    'ResourceId' => '<string>',
    'State' => 'ENABLED|DISABLED|DELETED',
    'Type' => 'ROOM|EQUIPMENT',
]

Result Details

Members

BookingOptions

: Type: BookingOptions structure

The booking options for the described resource.

Description

: Type: string

Description of the resource.

DisabledDate

: Type: timestamp (string|DateTime or anything parsable by strtotime)

The date and time when a resource was disabled from WorkMail, in UNIX epoch time format.

Email

: Type: string

The email of the described resource.

EnabledDate

: Type: timestamp (string|DateTime or anything parsable by strtotime)

The date and time when a resource was enabled for WorkMail, in UNIX epoch time format.

HiddenFromGlobalAddressList

: Type: boolean

If enabled, the resource is hidden from the global address list.

Name

: Type: string

The name of the described resource.

ResourceId

: Type: string

The identifier of the described resource.

State

: Type: string

The state of the resource: enabled (registered to WorkMail), disabled (deregistered or never registered to WorkMail), or deleted.

Type

: Type: string

The type of the described resource.

Errors

EntityNotFoundException:: The identifier supplied for the user, group, or resource does not exist in your organization.
InvalidParameterException:: One or more of the input parameters don't match the service's restrictions.
OrganizationNotFoundException:: An operation received a valid organization identifier that either doesn't belong or exist in the system.
OrganizationStateException:: The organization must have a valid state to perform certain operations on the organization or its members.
UnsupportedOperationException:: You can't perform a write operation against a read-only directory.

DescribeUser

$result = $client->describeUser([/* ... */]);
$promise = $client->describeUserAsync([/* ... */]);

Provides information regarding the user.

Parameter Syntax

$result = $client->describeUser([
    'OrganizationId' => '<string>', // REQUIRED
    'UserId' => '<string>', // REQUIRED
]);

Parameter Details

Members

OrganizationId

: Required: Yes
: Type: string

The identifier for the organization under which the user exists.

UserId

: Required: Yes
: Type: string

The identifier for the user to be described.

The identifier can be the UserId, Username, or email. The following identity formats are available:

User ID: 12345678-1234-1234-1234-123456789012 or S-1-1-12-1234567890-123456789-123456789-1234
Email address: user@domain.tld
User name: user

Result Syntax

[
    'City' => '<string>',
    'Company' => '<string>',
    'Country' => '<string>',
    'Department' => '<string>',
    'DisabledDate' => <DateTime>,
    'DisplayName' => '<string>',
    'Email' => '<string>',
    'EnabledDate' => <DateTime>,
    'FirstName' => '<string>',
    'HiddenFromGlobalAddressList' => true || false,
    'IdentityProviderIdentityStoreId' => '<string>',
    'IdentityProviderUserId' => '<string>',
    'Initials' => '<string>',
    'JobTitle' => '<string>',
    'LastName' => '<string>',
    'MailboxDeprovisionedDate' => <DateTime>,
    'MailboxProvisionedDate' => <DateTime>,
    'Name' => '<string>',
    'Office' => '<string>',
    'State' => 'ENABLED|DISABLED|DELETED',
    'Street' => '<string>',
    'Telephone' => '<string>',
    'UserId' => '<string>',
    'UserRole' => 'USER|RESOURCE|SYSTEM_USER|REMOTE_USER',
    'ZipCode' => '<string>',
]

Result Details

Members

City

: Type: string

City where the user is located.

Company

: Type: string

Company of the user.

Country

: Type: string

Country where the user is located.

Department

: Type: string

Department of the user.

DisabledDate

: Type: timestamp (string|DateTime or anything parsable by strtotime)

The date and time at which the user was disabled for WorkMail usage, in UNIX epoch time format.

DisplayName

: Type: string

The display name of the user.

Email

: Type: string

The email of the user.

EnabledDate

: Type: timestamp (string|DateTime or anything parsable by strtotime)

The date and time at which the user was enabled for WorkMailusage, in UNIX epoch time format.

FirstName

: Type: string

First name of the user.

HiddenFromGlobalAddressList

: Type: boolean

If enabled, the user is hidden from the global address list.

IdentityProviderIdentityStoreId

: Type: string

Identity Store ID from the IAM Identity Center. If this parameter is empty it will be updated automatically when the user logs in for the first time to the mailbox associated with WorkMail.

IdentityProviderUserId

: Type: string

User ID from the IAM Identity Center. If this parameter is empty it will be updated automatically when the user logs in for the first time to the mailbox associated with WorkMail.

Initials

: Type: string

Initials of the user.

JobTitle

: Type: string

Job title of the user.

LastName

: Type: string

Last name of the user.

MailboxDeprovisionedDate

: Type: timestamp (string|DateTime or anything parsable by strtotime)

The date when the mailbox was removed for the user.

MailboxProvisionedDate

: Type: timestamp (string|DateTime or anything parsable by strtotime)

The date when the mailbox was created for the user.

Name

: Type: string

The name for the user.

Office

: Type: string

Office where the user is located.

State

: Type: string

The state of a user: enabled (registered to WorkMail) or disabled (deregistered or never registered to WorkMail).

Street

: Type: string

Street where the user is located.

Telephone

: Type: string

User's contact number.

UserId

: Type: string

The identifier for the described user.

UserRole

: Type: string

In certain cases, other entities are modeled as users. If interoperability is enabled, resources are imported into WorkMail as users. Because different WorkMail organizations rely on different directory types, administrators can distinguish between an unregistered user (account is disabled and has a user role) and the directory administrators. The values are USER, RESOURCE, SYSTEM_USER, and REMOTE_USER.

ZipCode

: Type: string

Zip code of the user.

Errors

DirectoryServiceAuthenticationFailedException:: The directory service doesn't recognize the credentials supplied by WorkMail.
DirectoryUnavailableException:: The directory is unavailable. It might be located in another Region or deleted.
EntityNotFoundException:: The identifier supplied for the user, group, or resource does not exist in your organization.
InvalidParameterException:: One or more of the input parameters don't match the service's restrictions.
OrganizationNotFoundException:: An operation received a valid organization identifier that either doesn't belong or exist in the system.
OrganizationStateException:: The organization must have a valid state to perform certain operations on the organization or its members.

DisassociateDelegateFromResource

$result = $client->disassociateDelegateFromResource([/* ... */]);
$promise = $client->disassociateDelegateFromResourceAsync([/* ... */]);

Removes a member from the resource's set of delegates.

Parameter Syntax

$result = $client->disassociateDelegateFromResource([
    'EntityId' => '<string>', // REQUIRED
    'OrganizationId' => '<string>', // REQUIRED
    'ResourceId' => '<string>', // REQUIRED
]);

Parameter Details

Members

EntityId

: Required: Yes
: Type: string

The identifier for the member (user, group) to be removed from the resource's delegates.

The entity ID can accept UserId or GroupID, Username or Groupname, or email.

Entity: 12345678-1234-1234-1234-123456789012 or S-1-1-12-1234567890-123456789-123456789-1234
Email address: entity@domain.tld
Entity: entity

OrganizationId

: Required: Yes
: Type: string

The identifier for the organization under which the resource exists.

ResourceId

: Required: Yes
: Type: string

The identifier of the resource from which delegates' set members are removed.

The identifier can accept ResourceId, Resourcename, or email. The following identity formats are available:

Resource ID: r-0123456789a0123456789b0123456789
Email address: resource@domain.tld
Resource name: resource

Result Syntax

[]

Result Details

The results for this operation are always empty.

Errors

EntityNotFoundException:: The identifier supplied for the user, group, or resource does not exist in your organization.
EntityStateException:: You are performing an operation on a user, group, or resource that isn't in the expected state, such as trying to delete an active user.
InvalidParameterException:: One or more of the input parameters don't match the service's restrictions.
OrganizationNotFoundException:: An operation received a valid organization identifier that either doesn't belong or exist in the system.
OrganizationStateException:: The organization must have a valid state to perform certain operations on the organization or its members.
UnsupportedOperationException:: You can't perform a write operation against a read-only directory.

DisassociateMemberFromGroup

$result = $client->disassociateMemberFromGroup([/* ... */]);
$promise = $client->disassociateMemberFromGroupAsync([/* ... */]);

Removes a member from a group.

Parameter Syntax

$result = $client->disassociateMemberFromGroup([
    'GroupId' => '<string>', // REQUIRED
    'MemberId' => '<string>', // REQUIRED
    'OrganizationId' => '<string>', // REQUIRED
]);

Parameter Details

Members

GroupId

: Required: Yes
: Type: string

The identifier for the group from which members are removed.

The identifier can accept GroupId, Groupname, or email. The following identity formats are available:

Group ID: 12345678-1234-1234-1234-123456789012 or S-1-1-12-1234567890-123456789-123456789-1234
Email address: group@domain.tld
Group name: group

MemberId

: Required: Yes
: Type: string

The identifier for the member to be removed from the group.

The member ID can accept UserID or GroupId, Username or Groupname, or email.

Member ID: 12345678-1234-1234-1234-123456789012 or S-1-1-12-1234567890-123456789-123456789-1234
Email address: member@domain.tld
Member name: member

OrganizationId

: Required: Yes
: Type: string

The identifier for the organization under which the group exists.

Result Syntax

[]

Result Details

The results for this operation are always empty.

Errors

DirectoryServiceAuthenticationFailedException:: The directory service doesn't recognize the credentials supplied by WorkMail.
DirectoryUnavailableException:: The directory is unavailable. It might be located in another Region or deleted.
EntityNotFoundException:: The identifier supplied for the user, group, or resource does not exist in your organization.
EntityStateException:: You are performing an operation on a user, group, or resource that isn't in the expected state, such as trying to delete an active user.
InvalidParameterException:: One or more of the input parameters don't match the service's restrictions.
OrganizationNotFoundException:: An operation received a valid organization identifier that either doesn't belong or exist in the system.
OrganizationStateException:: The organization must have a valid state to perform certain operations on the organization or its members.
UnsupportedOperationException:: You can't perform a write operation against a read-only directory.

GetAccessControlEffect

$result = $client->getAccessControlEffect([/* ... */]);
$promise = $client->getAccessControlEffectAsync([/* ... */]);

Gets the effects of an organization's access control rules as they apply to a specified IPv4 address, access protocol action, and user ID or impersonation role ID. You must provide either the user ID or impersonation role ID. Impersonation role ID can only be used with Action EWS.

Parameter Syntax

$result = $client->getAccessControlEffect([
    'Action' => '<string>', // REQUIRED
    'ImpersonationRoleId' => '<string>',
    'IpAddress' => '<string>', // REQUIRED
    'OrganizationId' => '<string>', // REQUIRED
    'UserId' => '<string>',
]);

Parameter Details

Members

Action

: Required: Yes
: Type: string

The access protocol action. Valid values include ActiveSync, AutoDiscover, EWS, IMAP, SMTP, WindowsOutlook, and WebMail.

ImpersonationRoleId

: Type: string

The impersonation role ID.

IpAddress

: Required: Yes
: Type: string

The IPv4 address.

OrganizationId

: Required: Yes
: Type: string

The identifier for the organization.

UserId

: Type: string

The user ID.

Result Syntax

[
    'Effect' => 'ALLOW|DENY',
    'MatchedRules' => ['<string>', ...],
]

Result Details

Members

Effect

: Type: string

The rule effect.

MatchedRules

: Type: Array of strings

The rules that match the given parameters, resulting in an effect.

Errors

EntityNotFoundException:: The identifier supplied for the user, group, or resource does not exist in your organization.
ResourceNotFoundException:: The resource cannot be found.
InvalidParameterException:: One or more of the input parameters don't match the service's restrictions.
OrganizationNotFoundException:: An operation received a valid organization identifier that either doesn't belong or exist in the system.
OrganizationStateException:: The organization must have a valid state to perform certain operations on the organization or its members.

GetDefaultRetentionPolicy

$result = $client->getDefaultRetentionPolicy([/* ... */]);
$promise = $client->getDefaultRetentionPolicyAsync([/* ... */]);

Gets the default retention policy details for the specified organization.

Parameter Syntax

$result = $client->getDefaultRetentionPolicy([
    'OrganizationId' => '<string>', // REQUIRED
]);

Parameter Details

Members

OrganizationId

: Required: Yes
: Type: string

The organization ID.

Result Syntax

[
    'Description' => '<string>',
    'FolderConfigurations' => [
        [
            'Action' => 'NONE|DELETE|PERMANENTLY_DELETE',
            'Name' => 'INBOX|DELETED_ITEMS|SENT_ITEMS|DRAFTS|JUNK_EMAIL',
            'Period' => <integer>,
        ],
        // ...
    ],
    'Id' => '<string>',
    'Name' => '<string>',
]

Result Details

Members

Description

: Type: string

The retention policy description.

FolderConfigurations

: Type: Array of FolderConfiguration structures

The retention policy folder configurations.

Id

: Type: string

The retention policy ID.

Name

: Type: string

The retention policy name.

Errors

InvalidParameterException:: One or more of the input parameters don't match the service's restrictions.
OrganizationNotFoundException:: An operation received a valid organization identifier that either doesn't belong or exist in the system.
OrganizationStateException:: The organization must have a valid state to perform certain operations on the organization or its members.
EntityNotFoundException:: The identifier supplied for the user, group, or resource does not exist in your organization.

GetImpersonationRole

$result = $client->getImpersonationRole([/* ... */]);
$promise = $client->getImpersonationRoleAsync([/* ... */]);

Gets the impersonation role details for the given WorkMail organization.

Parameter Syntax

$result = $client->getImpersonationRole([
    'ImpersonationRoleId' => '<string>', // REQUIRED
    'OrganizationId' => '<string>', // REQUIRED
]);

Parameter Details

Members

ImpersonationRoleId

: Required: Yes
: Type: string

The impersonation role ID to retrieve.

OrganizationId

: Required: Yes
: Type: string

The WorkMail organization from which to retrieve the impersonation role.

Result Syntax

[
    'DateCreated' => <DateTime>,
    'DateModified' => <DateTime>,
    'Description' => '<string>',
    'ImpersonationRoleId' => '<string>',
    'Name' => '<string>',
    'Rules' => [
        [
            'Description' => '<string>',
            'Effect' => 'ALLOW|DENY',
            'ImpersonationRuleId' => '<string>',
            'Name' => '<string>',
            'NotTargetUsers' => ['<string>', ...],
            'TargetUsers' => ['<string>', ...],
        ],
        // ...
    ],
    'Type' => 'FULL_ACCESS|READ_ONLY',
]

Result Details

Members

DateCreated

: Type: timestamp (string|DateTime or anything parsable by strtotime)

The date when the impersonation role was created.

DateModified

: Type: timestamp (string|DateTime or anything parsable by strtotime)

The date when the impersonation role was last modified.

Description

: Type: string

The impersonation role description.

ImpersonationRoleId

: Type: string

The impersonation role ID.

Name

: Type: string

The impersonation role name.

Rules

: Type: Array of ImpersonationRule structures

The list of rules for the given impersonation role.

Type

: Type: string

The impersonation role type.

Errors

InvalidParameterException:: One or more of the input parameters don't match the service's restrictions.
OrganizationNotFoundException:: An operation received a valid organization identifier that either doesn't belong or exist in the system.
OrganizationStateException:: The organization must have a valid state to perform certain operations on the organization or its members.
ResourceNotFoundException:: The resource cannot be found.

GetImpersonationRoleEffect

$result = $client->getImpersonationRoleEffect([/* ... */]);
$promise = $client->getImpersonationRoleEffectAsync([/* ... */]);

Tests whether the given impersonation role can impersonate a target user.

Parameter Syntax

$result = $client->getImpersonationRoleEffect([
    'ImpersonationRoleId' => '<string>', // REQUIRED
    'OrganizationId' => '<string>', // REQUIRED
    'TargetUser' => '<string>', // REQUIRED
]);

Parameter Details

Members

ImpersonationRoleId

: Required: Yes
: Type: string

The impersonation role ID to test.

OrganizationId

: Required: Yes
: Type: string

The WorkMail organization where the impersonation role is defined.

TargetUser

: Required: Yes
: Type: string

The WorkMail organization user chosen to test the impersonation role. The following identity formats are available:

User ID: 12345678-1234-1234-1234-123456789012 or S-1-1-12-1234567890-123456789-123456789-1234
Email address: user@domain.tld
User name: user

Result Syntax

[
    'Effect' => 'ALLOW|DENY',
    'MatchedRules' => [
        [
            'ImpersonationRuleId' => '<string>',
            'Name' => '<string>',
        ],
        // ...
    ],
    'Type' => 'FULL_ACCESS|READ_ONLY',
]

Result Details

Members

Effect

: Type: string

Effect of the impersonation role on the target user based on its rules. Available effects are ALLOW or DENY.


		
			MatchedRules
		
		

	
		
Type: Array of ImpersonationMatchedRule structures
	

			A list of the rules that match the input and produce the configured effect.
		
		
			Type
		
		

	
		
Type: string
	

			The impersonation role type.


	Errors
	
		
			InvalidParameterException: 
			
One or more of the input parameters don't match the service's restrictions.
		
		
			OrganizationNotFoundException: 
			
An operation received a valid organization identifier that either doesn't belong or exist in the system.
		
		
			OrganizationStateException: 
			
The organization must have a valid state to perform certain operations on the organization or its members.
		
		
			ResourceNotFoundException: 
			
The resource cannot be found.
		
		
			EntityNotFoundException: 
			
The identifier supplied for the user, group, or resource does not exist in your organization.
		
		
			EntityStateException: 
			
You are performing an operation on a user, group, or resource that isn't in the expected state, such as trying to delete an active user.



	 GetMailDomain 
	$result = $client->getMailDomain([/* ... */]);
$promise = $client->getMailDomainAsync([/* ... */]);

	
Gets details for a mail domain, including domain records required to configure your domain with recommended security.

	Parameter Syntax
	$result = $client->getMailDomain([
    'DomainName' => '<string>', // REQUIRED
    'OrganizationId' => '<string>', // REQUIRED
]);

	Parameter Details

	Members
	
		
			DomainName
		
		

	
		
Required: Yes
		
Type: string
	

			The domain from which you want to retrieve details.
		
		
			OrganizationId
		
		

	
		
Required: Yes
		
Type: string
	

			The WorkMail organization for which the domain is retrieved.
		
	

	Result Syntax
	[
    'DkimVerificationStatus' => 'PENDING|VERIFIED|FAILED',
    'IsDefault' => true || false,
    'IsTestDomain' => true || false,
    'OwnershipVerificationStatus' => 'PENDING|VERIFIED|FAILED',
    'Records' => [
        [
            'Hostname' => '<string>',
            'Type' => '<string>',
            'Value' => '<string>',
        ],
        // ...
    ],
]
	Result Details

	Members
	
		
			DkimVerificationStatus
		
		

	
		
Type: string
	

			Indicates the status of a DKIM verification.
		
		
			IsDefault
		
		

	
		
Type: boolean
	

			Specifies whether the domain is the default domain for your organization.
		
		
			IsTestDomain
		
		

	
		
Type: boolean
	

			Specifies whether the domain is a test domain provided by WorkMail, or a custom domain.
		
		
			OwnershipVerificationStatus
		
		

	
		
Type: string
	

			 Indicates the status of the domain ownership verification.
		
		
			Records
		
		

	
		
Type: Array of DnsRecord structures
	

			A list of the DNS records that WorkMail recommends adding in your DNS provider for the best user experience. The records configure your domain with DMARC, SPF, DKIM, and direct incoming email traffic to SES. See admin guide for more details.
		
	

	Errors
	
		
			MailDomainNotFoundException: 
			
The domain specified is not found in your organization.
		
		
			OrganizationNotFoundException: 
			
An operation received a valid organization identifier that either doesn't belong or exist in the system.
		
		
			OrganizationStateException: 
			
The organization must have a valid state to perform certain operations on the organization or its members.
		
		
			InvalidParameterException: 
			
One or more of the input parameters don't match the service's restrictions.
		
	


	 GetMailboxDetails 
	$result = $client->getMailboxDetails([/* ... */]);
$promise = $client->getMailboxDetailsAsync([/* ... */]);

	
Requests a user's mailbox details for a specified organization and user.

	Parameter Syntax
	$result = $client->getMailboxDetails([
    'OrganizationId' => '<string>', // REQUIRED
    'UserId' => '<string>', // REQUIRED
]);

	Parameter Details

	Members
	
		
			OrganizationId
		
		

	
		
Required: Yes
		
Type: string
	

			The identifier for the organization that contains the user whose mailbox details are being requested.
		
		
			UserId
		
		

	
		
Required: Yes
		
Type: string
	

			The identifier for the user whose mailbox details are being requested.
 The identifier can be the UserId, Username, or email. The following identity formats are available:
   User ID: 12345678-1234-1234-1234-123456789012 or S-1-1-12-1234567890-123456789-123456789-1234
 
  Email address: user@domain.tld
 
  User name: user
 
 
		
	

	Result Syntax
	[
    'MailboxQuota' => <integer>,
    'MailboxSize' => <float>,
]
	Result Details

	Members
	
		
			MailboxQuota
		
		

	
		
Type: int
	

			The maximum allowed mailbox size, in MB, for the specified user.
		
		
			MailboxSize
		
		

	
		
Type: double
	

			The current mailbox size, in MB, for the specified user.
		
	

	Errors
	
		
			InvalidParameterException: 
			
One or more of the input parameters don't match the service's restrictions.
		
		
			OrganizationNotFoundException: 
			
An operation received a valid organization identifier that either doesn't belong or exist in the system.
		
		
			OrganizationStateException: 
			
The organization must have a valid state to perform certain operations on the organization or its members.
		
		
			EntityNotFoundException: 
			
The identifier supplied for the user, group, or resource does not exist in your organization.
		
	


	 GetMobileDeviceAccessEffect 
	$result = $client->getMobileDeviceAccessEffect([/* ... */]);
$promise = $client->getMobileDeviceAccessEffectAsync([/* ... */]);

	
Simulates the effect of the mobile device access rules for the given attributes of a sample access event. Use this method to test the effects of the current set of mobile device access rules for the WorkMail organization for a particular user's attributes.

	Parameter Syntax
	$result = $client->getMobileDeviceAccessEffect([
    'DeviceModel' => '<string>',
    'DeviceOperatingSystem' => '<string>',
    'DeviceType' => '<string>',
    'DeviceUserAgent' => '<string>',
    'OrganizationId' => '<string>', // REQUIRED
]);

	Parameter Details

	Members
	
		
			DeviceModel
		
		

	
		
Type: string
	

			Device model the simulated user will report.
		
		
			DeviceOperatingSystem
		
		

	
		
Type: string
	

			Device operating system the simulated user will report.
		
		
			DeviceType
		
		

	
		
Type: string
	

			Device type the simulated user will report.
		
		
			DeviceUserAgent
		
		

	
		
Type: string
	

			Device user agent the simulated user will report.
		
		
			OrganizationId
		
		

	
		
Required: Yes
		
Type: string
	

			The WorkMail organization to simulate the access effect for.
		
	

	Result Syntax
	[
    'Effect' => 'ALLOW|DENY',
    'MatchedRules' => [
        [
            'MobileDeviceAccessRuleId' => '<string>',
            'Name' => '<string>',
        ],
        // ...
    ],
]
	Result Details

	Members
	
		
			Effect
		
		

	
		
Type: string
	

			The effect of the simulated access, ALLOW or DENY, after evaluating mobile device access rules in the WorkMail organization for the simulated user parameters.
		
		
			MatchedRules
		
		

	
		
Type: Array of MobileDeviceAccessMatchedRule structures
	

			A list of the rules which matched the simulated user input and produced the effect.
		
	

	Errors
	
		
			InvalidParameterException: 
			
One or more of the input parameters don't match the service's restrictions.
		
		
			OrganizationNotFoundException: 
			
An operation received a valid organization identifier that either doesn't belong or exist in the system.
		
		
			OrganizationStateException: 
			
The organization must have a valid state to perform certain operations on the organization or its members.
		
	


	 GetMobileDeviceAccessOverride 
	$result = $client->getMobileDeviceAccessOverride([/* ... */]);
$promise = $client->getMobileDeviceAccessOverrideAsync([/* ... */]);

	
Gets the mobile device access override for the given WorkMail organization, user, and device.

	Parameter Syntax
	$result = $client->getMobileDeviceAccessOverride([
    'DeviceId' => '<string>', // REQUIRED
    'OrganizationId' => '<string>', // REQUIRED
    'UserId' => '<string>', // REQUIRED
]);

	Parameter Details

	Members
	
		
			DeviceId
		
		

	
		
Required: Yes
		
Type: string
	

			The mobile device to which the override applies. DeviceId is case insensitive.
		
		
			OrganizationId
		
		

	
		
Required: Yes
		
Type: string
	

			The WorkMail organization to which you want to apply the override.
		
		
			UserId
		
		

	
		
Required: Yes
		
Type: string
	

			Identifies the WorkMail user for the override. Accepts the following types of user identities: 
   User ID: 12345678-1234-1234-1234-123456789012 or S-1-1-12-1234567890-123456789-123456789-1234 
 
  Email address: user@domain.tld 
 
  User name: user 
 
 
		
	

	Result Syntax
	[
    'DateCreated' => <DateTime>,
    'DateModified' => <DateTime>,
    'Description' => '<string>',
    'DeviceId' => '<string>',
    'Effect' => 'ALLOW|DENY',
    'UserId' => '<string>',
]
	Result Details

	Members
	
		
			DateCreated
		
		

	
		
Type: timestamp (string|DateTime or anything parsable by strtotime)
	

			The date the override was first created.
		
		
			DateModified
		
		

	
		
Type: timestamp (string|DateTime or anything parsable by strtotime)
	

			The date the description was last modified.
		
		
			Description
		
		

	
		
Type: string
	

			A description of the override.
		
		
			DeviceId
		
		

	
		
Type: string
	

			The device to which the access override applies.
		
		
			Effect
		
		

	
		
Type: string
	

			The effect of the override, ALLOW or DENY.
		
		
			UserId
		
		

	
		
Type: string
	

			The WorkMail user to which the access override applies.
		
	

	Errors
	
		
			InvalidParameterException: 
			
One or more of the input parameters don't match the service's restrictions.
		
		
			OrganizationNotFoundException: 
			
An operation received a valid organization identifier that either doesn't belong or exist in the system.
		
		
			OrganizationStateException: 
			
The organization must have a valid state to perform certain operations on the organization or its members.
		
		
			EntityNotFoundException: 
			
The identifier supplied for the user, group, or resource does not exist in your organization.
		
		
			ResourceNotFoundException: 
			
The resource cannot be found.
		
	


	 GetPersonalAccessTokenMetadata 
	$result = $client->getPersonalAccessTokenMetadata([/* ... */]);
$promise = $client->getPersonalAccessTokenMetadataAsync([/* ... */]);

	
 Requests details of a specific Personal Access Token within the WorkMail organization. 

	Parameter Syntax
	$result = $client->getPersonalAccessTokenMetadata([
    'OrganizationId' => '<string>', // REQUIRED
    'PersonalAccessTokenId' => '<string>', // REQUIRED
]);

	Parameter Details

	Members
	
		
			OrganizationId
		
		

	
		
Required: Yes
		
Type: string
	

			 The Organization ID. 
		
		
			PersonalAccessTokenId
		
		

	
		
Required: Yes
		
Type: string
	

			 The Personal Access Token ID.
		
	

	Result Syntax
	[
    'DateCreated' => <DateTime>,
    'DateLastUsed' => <DateTime>,
    'ExpiresTime' => <DateTime>,
    'Name' => '<string>',
    'PersonalAccessTokenId' => '<string>',
    'Scopes' => ['<string>', ...],
    'UserId' => '<string>',
]
	Result Details

	Members
	
		
			DateCreated
		
		

	
		
Type: timestamp (string|DateTime or anything parsable by strtotime)
	

			 The date when the Personal Access Token ID was created. 
		
		
			DateLastUsed
		
		

	
		
Type: timestamp (string|DateTime or anything parsable by strtotime)
	

			 The date when the Personal Access Token ID was last used. 
		
		
			ExpiresTime
		
		

	
		
Type: timestamp (string|DateTime or anything parsable by strtotime)
	

			 The time when the Personal Access Token ID will expire. 
		
		
			Name
		
		

	
		
Type: string
	

			 The Personal Access Token name. 
		
		
			PersonalAccessTokenId
		
		

	
		
Type: string
	

			 The Personal Access Token ID.
		
		
			Scopes
		
		

	
		
Type: Array of strings
	

			 Lists all the Personal Access Token permissions for a mailbox. 
		
		
			UserId
		
		

	
		
Type: string
	

			 The WorkMail User ID. 
		
	

	Errors
	
		
			ResourceNotFoundException: 
			
The resource cannot be found.
		
		
			InvalidParameterException: 
			
One or more of the input parameters don't match the service's restrictions.
		
		
			OrganizationNotFoundException: 
			
An operation received a valid organization identifier that either doesn't belong or exist in the system.
		
		
			OrganizationStateException: 
			
The organization must have a valid state to perform certain operations on the organization or its members.
		
	


	 ListAccessControlRules 
	$result = $client->listAccessControlRules([/* ... */]);
$promise = $client->listAccessControlRulesAsync([/* ... */]);

	
Lists the access control rules for the specified organization.

	Parameter Syntax
	$result = $client->listAccessControlRules([
    'OrganizationId' => '<string>', // REQUIRED
]);

	Parameter Details

	Members
	
		
			OrganizationId
		
		

	
		
Required: Yes
		
Type: string
	

			The identifier for the organization.
		
	

	Result Syntax
	[
    'Rules' => [
        [
            'Actions' => ['<string>', ...],
            'DateCreated' => <DateTime>,
            'DateModified' => <DateTime>,
            'Description' => '<string>',
            'Effect' => 'ALLOW|DENY',
            'ImpersonationRoleIds' => ['<string>', ...],
            'IpRanges' => ['<string>', ...],
            'Name' => '<string>',
            'NotActions' => ['<string>', ...],
            'NotImpersonationRoleIds' => ['<string>', ...],
            'NotIpRanges' => ['<string>', ...],
            'NotUserIds' => ['<string>', ...],
            'UserIds' => ['<string>', ...],
        ],
        // ...
    ],
]
	Result Details

	Members
	
		
			Rules
		
		

	
		
Type: Array of AccessControlRule structures
	

			The access control rules.
		
	

	Errors
	
		
			OrganizationNotFoundException: 
			
An operation received a valid organization identifier that either doesn't belong or exist in the system.
		
		
			OrganizationStateException: 
			
The organization must have a valid state to perform certain operations on the organization or its members.
		
	


	 ListAliases 
	$result = $client->listAliases([/* ... */]);
$promise = $client->listAliasesAsync([/* ... */]);

	
Creates a paginated call to list the aliases associated with a given entity.

	Parameter Syntax
	$result = $client->listAliases([
    'EntityId' => '<string>', // REQUIRED
    'MaxResults' => <integer>,
    'NextToken' => '<string>',
    'OrganizationId' => '<string>', // REQUIRED
]);

	Parameter Details

	Members
	
		
			EntityId
		
		

	
		
Required: Yes
		
Type: string
	

			The identifier for the entity for which to list the aliases.
		
		
			MaxResults
		
		

	
		
Type: int
	

			The maximum number of results to return in a single call.
		
		
			NextToken
		
		

	
		
Type: string
	

			The token to use to retrieve the next page of results. The first call does not contain any tokens.
		
		
			OrganizationId
		
		

	
		
Required: Yes
		
Type: string
	

			The identifier for the organization under which the entity exists.
		
	

	Result Syntax
	[
    'Aliases' => ['<string>', ...],
    'NextToken' => '<string>',
]
	Result Details

	Members
	
		
			Aliases
		
		

	
		
Type: Array of strings
	

			The entity's paginated aliases.
		
		
			NextToken
		
		

	
		
Type: string
	

			The token to use to retrieve the next page of results. The value is "null" when there are no more results to return.
		
	

	Errors
	
		
			EntityNotFoundException: 
			
The identifier supplied for the user, group, or resource does not exist in your organization.
		
		
			EntityStateException: 
			
You are performing an operation on a user, group, or resource that isn't in the expected state, such as trying to delete an active user.
		
		
			InvalidParameterException: 
			
One or more of the input parameters don't match the service's restrictions.
		
		
			OrganizationNotFoundException: 
			
An operation received a valid organization identifier that either doesn't belong or exist in the system.
		
		
			OrganizationStateException: 
			
The organization must have a valid state to perform certain operations on the organization or its members.
		
	


	 ListAvailabilityConfigurations 
	$result = $client->listAvailabilityConfigurations([/* ... */]);
$promise = $client->listAvailabilityConfigurationsAsync([/* ... */]);

	
List all the AvailabilityConfiguration's for the given WorkMail organization.

	Parameter Syntax
	$result = $client->listAvailabilityConfigurations([
    'MaxResults' => <integer>,
    'NextToken' => '<string>',
    'OrganizationId' => '<string>', // REQUIRED
]);

	Parameter Details

	Members
	
		
			MaxResults
		
		

	
		
Type: int
	

			The maximum number of results to return in a single call.
		
		
			NextToken
		
		

	
		
Type: string
	

			The token to use to retrieve the next page of results. The first call does not require a token.
		
		
			OrganizationId
		
		

	
		
Required: Yes
		
Type: string
	

			The WorkMail organization for which the AvailabilityConfiguration's will be listed.
		
	

	Result Syntax
	[
    'AvailabilityConfigurations' => [
        [
            'DateCreated' => <DateTime>,
            'DateModified' => <DateTime>,
            'DomainName' => '<string>',
            'EwsProvider' => [
                'EwsEndpoint' => '<string>',
                'EwsUsername' => '<string>',
            ],
            'LambdaProvider' => [
                'LambdaArn' => '<string>',
            ],
            'ProviderType' => 'EWS|LAMBDA',
        ],
        // ...
    ],
    'NextToken' => '<string>',
]
	Result Details

	Members
	
		
			AvailabilityConfigurations
		
		

	
		
Type: Array of AvailabilityConfiguration structures
	

			The list of AvailabilityConfiguration's that exist for the specified WorkMail organization.
		
		
			NextToken
		
		

	
		
Type: string
	

			The token to use to retrieve the next page of results. The value is null when there are no further results to return.
		
	

	Errors
	
		
			OrganizationNotFoundException: 
			
An operation received a valid organization identifier that either doesn't belong or exist in the system.
		
		
			OrganizationStateException: 
			
The organization must have a valid state to perform certain operations on the organization or its members.
		
		
			InvalidParameterException: 
			
One or more of the input parameters don't match the service's restrictions.
		
	


	 ListGroupMembers 
	$result = $client->listGroupMembers([/* ... */]);
$promise = $client->listGroupMembersAsync([/* ... */]);

	
Returns an overview of the members of a group. Users and groups can be members of a group.

	Parameter Syntax
	$result = $client->listGroupMembers([
    'GroupId' => '<string>', // REQUIRED
    'MaxResults' => <integer>,
    'NextToken' => '<string>',
    'OrganizationId' => '<string>', // REQUIRED
]);

	Parameter Details

	Members
	
		
			GroupId
		
		

	
		
Required: Yes
		
Type: string
	

			The identifier for the group to which the members (users or groups) are associated.
 The identifier can accept GroupId, Groupname, or email. The following identity formats are available:
   Group ID: 12345678-1234-1234-1234-123456789012 or S-1-1-12-1234567890-123456789-123456789-1234
 
  Email address: group@domain.tld
 
  Group name: group
 
 
		
		
			MaxResults
		
		

	
		
Type: int
	

			The maximum number of results to return in a single call.
		
		
			NextToken
		
		

	
		
Type: string
	

			 The token to use to retrieve the next page of results. The first call does not contain any tokens.
		
		
			OrganizationId
		
		

	
		
Required: Yes
		
Type: string
	

			The identifier for the organization under which the group exists.
		
	

	Result Syntax
	[
    'Members' => [
        [
            'DisabledDate' => <DateTime>,
            'EnabledDate' => <DateTime>,
            'Id' => '<string>',
            'Name' => '<string>',
            'State' => 'ENABLED|DISABLED|DELETED',
            'Type' => 'GROUP|USER',
        ],
        // ...
    ],
    'NextToken' => '<string>',
]
	Result Details

	Members
	
		
			Members
		
		

	
		
Type: Array of Member structures
	

			The members associated to the group.
		
		
			NextToken
		
		

	
		
Type: string
	

			The token to use to retrieve the next page of results. The first call does not contain any tokens.
		
	

	Errors
	
		
			EntityNotFoundException: 
			
The identifier supplied for the user, group, or resource does not exist in your organization.
		
		
			EntityStateException: 
			
You are performing an operation on a user, group, or resource that isn't in the expected state, such as trying to delete an active user.
		
		
			InvalidParameterException: 
			
One or more of the input parameters don't match the service's restrictions.
		
		
			OrganizationNotFoundException: 
			
An operation received a valid organization identifier that either doesn't belong or exist in the system.
		
		
			OrganizationStateException: 
			
The organization must have a valid state to perform certain operations on the organization or its members.
		
	


	 ListGroups 
	$result = $client->listGroups([/* ... */]);
$promise = $client->listGroupsAsync([/* ... */]);

	
Returns summaries of the organization's groups.

	Parameter Syntax
	$result = $client->listGroups([
    'Filters' => [
        'NamePrefix' => '<string>',
        'PrimaryEmailPrefix' => '<string>',
        'State' => 'ENABLED|DISABLED|DELETED',
    ],
    'MaxResults' => <integer>,
    'NextToken' => '<string>',
    'OrganizationId' => '<string>', // REQUIRED
]);

	Parameter Details

	Members
	
		
			Filters
		
		

	
		
Type: ListGroupsFilters structure
	

			Limit the search results based on the filter criteria. Only one filter per request is supported.
		
		
			MaxResults
		
		

	
		
Type: int
	

			The maximum number of results to return in a single call.
		
		
			NextToken
		
		

	
		
Type: string
	

			The token to use to retrieve the next page of results. The first call does not contain any tokens.
		
		
			OrganizationId
		
		

	
		
Required: Yes
		
Type: string
	

			The identifier for the organization under which the groups exist.
		
	

	Result Syntax
	[
    'Groups' => [
        [
            'DisabledDate' => <DateTime>,
            'Email' => '<string>',
            'EnabledDate' => <DateTime>,
            'Id' => '<string>',
            'Name' => '<string>',
            'State' => 'ENABLED|DISABLED|DELETED',
        ],
        // ...
    ],
    'NextToken' => '<string>',
]
	Result Details

	Members
	
		
			Groups
		
		

	
		
Type: Array of Group structures
	

			The overview of groups for an organization.
		
		
			NextToken
		
		

	
		
Type: string
	

			The token to use to retrieve the next page of results. The value is "null" when there are no more results to return.
		
	

	Errors
	
		
			EntityNotFoundException: 
			
The identifier supplied for the user, group, or resource does not exist in your organization.
		
		
			InvalidParameterException: 
			
One or more of the input parameters don't match the service's restrictions.
		
		
			OrganizationNotFoundException: 
			
An operation received a valid organization identifier that either doesn't belong or exist in the system.
		
		
			OrganizationStateException: 
			
The organization must have a valid state to perform certain operations on the organization or its members.
		
	


	 ListGroupsForEntity 
	$result = $client->listGroupsForEntity([/* ... */]);
$promise = $client->listGroupsForEntityAsync([/* ... */]);

	
Returns all the groups to which an entity belongs.

	Parameter Syntax
	$result = $client->listGroupsForEntity([
    'EntityId' => '<string>', // REQUIRED
    'Filters' => [
        'GroupNamePrefix' => '<string>',
    ],
    'MaxResults' => <integer>,
    'NextToken' => '<string>',
    'OrganizationId' => '<string>', // REQUIRED
]);

	Parameter Details

	Members
	
		
			EntityId
		
		

	
		
Required: Yes
		
Type: string
	

			The identifier for the entity.
 The entity ID can accept UserId or GroupID, Username or Groupname, or email.
   Entity ID: 12345678-1234-1234-1234-123456789012 or S-1-1-12-1234567890-123456789-123456789-1234
 
  Email address: entity@domain.tld
 
  Entity name: entity
 
 
		
		
			Filters
		
		

	
		
Type: ListGroupsForEntityFilters structure
	

			Limit the search results based on the filter criteria.
		
		
			MaxResults
		
		

	
		
Type: int
	

			The maximum number of results to return in a single call.
		
		
			NextToken
		
		

	
		
Type: string
	

			The token to use to retrieve the next page of results. The first call does not contain any tokens.
		
		
			OrganizationId
		
		

	
		
Required: Yes
		
Type: string
	

			The identifier for the organization under which the entity exists.
		
	

	Result Syntax
	[
    'Groups' => [
        [
            'GroupId' => '<string>',
            'GroupName' => '<string>',
        ],
        // ...
    ],
    'NextToken' => '<string>',
]
	Result Details

	Members
	
		
			Groups
		
		

	
		
Type: Array of GroupIdentifier structures
	

			The overview of groups in an organization.
		
		
			NextToken
		
		

	
		
Type: string
	

			The token to use to retrieve the next page of results. This value is `null` when there are no more results to return.
		
	

	Errors
	
		
			EntityNotFoundException: 
			
The identifier supplied for the user, group, or resource does not exist in your organization.
		
		
			EntityStateException: 
			
You are performing an operation on a user, group, or resource that isn't in the expected state, such as trying to delete an active user.
		
		
			OrganizationNotFoundException: 
			
An operation received a valid organization identifier that either doesn't belong or exist in the system.
		
		
			OrganizationStateException: 
			
The organization must have a valid state to perform certain operations on the organization or its members.
		
		
			InvalidParameterException: 
			
One or more of the input parameters don't match the service's restrictions.
		
	


	 ListImpersonationRoles 
	$result = $client->listImpersonationRoles([/* ... */]);
$promise = $client->listImpersonationRolesAsync([/* ... */]);

	
Lists all the impersonation roles for the given WorkMail organization.

	Parameter Syntax
	$result = $client->listImpersonationRoles([
    'MaxResults' => <integer>,
    'NextToken' => '<string>',
    'OrganizationId' => '<string>', // REQUIRED
]);

	Parameter Details

	Members
	
		
			MaxResults
		
		

	
		
Type: int
	

			The maximum number of results returned in a single call.
		
		
			NextToken
		
		

	
		
Type: string
	

			The token used to retrieve the next page of results. The first call doesn't require a token.
		
		
			OrganizationId
		
		

	
		
Required: Yes
		
Type: string
	

			The WorkMail organization to which the listed impersonation roles belong.
		
	

	Result Syntax
	[
    'NextToken' => '<string>',
    'Roles' => [
        [
            'DateCreated' => <DateTime>,
            'DateModified' => <DateTime>,
            'ImpersonationRoleId' => '<string>',
            'Name' => '<string>',
            'Type' => 'FULL_ACCESS|READ_ONLY',
        ],
        // ...
    ],
]
	Result Details

	Members
	
		
			NextToken
		
		

	
		
Type: string
	

			The token to retrieve the next page of results. The value is null when there are no results to return.
		
		
			Roles
		
		

	
		
Type: Array of ImpersonationRole structures
	

			The list of impersonation roles under the given WorkMail organization.
		
	

	Errors
	
		
			InvalidParameterException: 
			
One or more of the input parameters don't match the service's restrictions.
		
		
			OrganizationNotFoundException: 
			
An operation received a valid organization identifier that either doesn't belong or exist in the system.
		
		
			OrganizationStateException: 
			
The organization must have a valid state to perform certain operations on the organization or its members.
		
	


	 ListMailDomains 
	$result = $client->listMailDomains([/* ... */]);
$promise = $client->listMailDomainsAsync([/* ... */]);

	
Lists the mail domains in a given WorkMail organization.

	Parameter Syntax
	$result = $client->listMailDomains([
    'MaxResults' => <integer>,
    'NextToken' => '<string>',
    'OrganizationId' => '<string>', // REQUIRED
]);

	Parameter Details

	Members
	
		
			MaxResults
		
		

	
		
Type: int
	

			The maximum number of results to return in a single call.
		
		
			NextToken
		
		

	
		
Type: string
	

			The token to use to retrieve the next page of results. The first call does not require a token.
		
		
			OrganizationId
		
		

	
		
Required: Yes
		
Type: string
	

			The WorkMail organization for which to list domains.
		
	

	Result Syntax
	[
    'MailDomains' => [
        [
            'DefaultDomain' => true || false,
            'DomainName' => '<string>',
        ],
        // ...
    ],
    'NextToken' => '<string>',
]
	Result Details

	Members
	
		
			MailDomains
		
		

	
		
Type: Array of MailDomainSummary structures
	

			The list of mail domain summaries, specifying domains that exist in the specified WorkMail organization, along with the information about whether the domain is or isn't the default.
		
		
			NextToken
		
		

	
		
Type: string
	

			The token to use to retrieve the next page of results. The value becomes null when there are no more results to return.
		
	

	Errors
	
		
			InvalidParameterException: 
			
One or more of the input parameters don't match the service's restrictions.
		
		
			OrganizationNotFoundException: 
			
An operation received a valid organization identifier that either doesn't belong or exist in the system.
		
		
			OrganizationStateException: 
			
The organization must have a valid state to perform certain operations on the organization or its members.
		
	


	 ListMailboxExportJobs 
	$result = $client->listMailboxExportJobs([/* ... */]);
$promise = $client->listMailboxExportJobsAsync([/* ... */]);

	
Lists the mailbox export jobs started for the specified organization within the last seven days.

	Parameter Syntax
	$result = $client->listMailboxExportJobs([
    'MaxResults' => <integer>,
    'NextToken' => '<string>',
    'OrganizationId' => '<string>', // REQUIRED
]);

	Parameter Details

	Members
	
		
			MaxResults
		
		

	
		
Type: int
	

			The maximum number of results to return in a single call.
		
		
			NextToken
		
		

	
		
Type: string
	

			The token to use to retrieve the next page of results.
		
		
			OrganizationId
		
		

	
		
Required: Yes
		
Type: string
	

			The organization ID.
		
	

	Result Syntax
	[
    'Jobs' => [
        [
            'Description' => '<string>',
            'EndTime' => <DateTime>,
            'EntityId' => '<string>',
            'EstimatedProgress' => <integer>,
            'JobId' => '<string>',
            'S3BucketName' => '<string>',
            'S3Path' => '<string>',
            'StartTime' => <DateTime>,
            'State' => 'RUNNING|COMPLETED|FAILED|CANCELLED',
        ],
        // ...
    ],
    'NextToken' => '<string>',
]
	Result Details

	Members
	
		
			Jobs
		
		

	
		
Type: Array of MailboxExportJob structures
	

			The mailbox export job details.
		
		
			NextToken
		
		

	
		
Type: string
	

			The token to use to retrieve the next page of results.
		
	

	Errors
	
		
			InvalidParameterException: 
			
One or more of the input parameters don't match the service's restrictions.
		
		
			OrganizationNotFoundException: 
			
An operation received a valid organization identifier that either doesn't belong or exist in the system.
		
		
			OrganizationStateException: 
			
The organization must have a valid state to perform certain operations on the organization or its members.
		
	


	 ListMailboxPermissions 
	$result = $client->listMailboxPermissions([/* ... */]);
$promise = $client->listMailboxPermissionsAsync([/* ... */]);

	
Lists the mailbox permissions associated with a user, group, or resource mailbox.

	Parameter Syntax
	$result = $client->listMailboxPermissions([
    'EntityId' => '<string>', // REQUIRED
    'MaxResults' => <integer>,
    'NextToken' => '<string>',
    'OrganizationId' => '<string>', // REQUIRED
]);

	Parameter Details

	Members
	
		
			EntityId
		
		

	
		
Required: Yes
		
Type: string
	

			The identifier of the user, or resource for which to list mailbox permissions.
 The entity ID can accept UserId or ResourceId, Username or Resourcename, or email.
   Entity ID: 12345678-1234-1234-1234-123456789012, or r-0123456789a0123456789b0123456789
 
  Email address: entity@domain.tld
 
  Entity name: entity
 
 
		
		
			MaxResults
		
		

	
		
Type: int
	

			The maximum number of results to return in a single call.
		
		
			NextToken
		
		

	
		
Type: string
	

			The token to use to retrieve the next page of results. The first call does not contain any tokens.
		
		
			OrganizationId
		
		

	
		
Required: Yes
		
Type: string
	

			The identifier of the organization under which the user, group, or resource exists.
		
	

	Result Syntax
	[
    'NextToken' => '<string>',
    'Permissions' => [
        [
            'GranteeId' => '<string>',
            'GranteeType' => 'GROUP|USER',
            'PermissionValues' => ['<string>', ...],
        ],
        // ...
    ],
]
	Result Details

	Members
	
		
			NextToken
		
		

	
		
Type: string
	

			The token to use to retrieve the next page of results. The value is "null" when there are no more results to return.
		
		
			Permissions
		
		

	
		
Type: Array of Permission structures
	

			One page of the user, group, or resource mailbox permissions.
		
	

	Errors
	
		
			EntityNotFoundException: 
			
The identifier supplied for the user, group, or resource does not exist in your organization.
		
		
			InvalidParameterException: 
			
One or more of the input parameters don't match the service's restrictions.
		
		
			OrganizationNotFoundException: 
			
An operation received a valid organization identifier that either doesn't belong or exist in the system.
		
		
			OrganizationStateException: 
			
The organization must have a valid state to perform certain operations on the organization or its members.
		
	


	 ListMobileDeviceAccessOverrides 
	$result = $client->listMobileDeviceAccessOverrides([/* ... */]);
$promise = $client->listMobileDeviceAccessOverridesAsync([/* ... */]);

	
Lists all the mobile device access overrides for any given combination of WorkMail organization, user, or device.

	Parameter Syntax
	$result = $client->listMobileDeviceAccessOverrides([
    'DeviceId' => '<string>',
    'MaxResults' => <integer>,
    'NextToken' => '<string>',
    'OrganizationId' => '<string>', // REQUIRED
    'UserId' => '<string>',
]);

	Parameter Details

	Members
	
		
			DeviceId
		
		

	
		
Type: string
	

			The mobile device to which the access override applies.
		
		
			MaxResults
		
		

	
		
Type: int
	

			The maximum number of results to return in a single call.
		
		
			NextToken
		
		

	
		
Type: string
	

			The token to use to retrieve the next page of results. The first call does not require a token.
		
		
			OrganizationId
		
		

	
		
Required: Yes
		
Type: string
	

			The WorkMail organization under which to list mobile device access overrides.
		
		
			UserId
		
		

	
		
Type: string
	

			The WorkMail user under which you list the mobile device access overrides. Accepts the following types of user identities:
   User ID: 12345678-1234-1234-1234-123456789012 or S-1-1-12-1234567890-123456789-123456789-1234 
 
  Email address: user@domain.tld 
 
  User name: user 
 
 
		
	

	Result Syntax
	[
    'NextToken' => '<string>',
    'Overrides' => [
        [
            'DateCreated' => <DateTime>,
            'DateModified' => <DateTime>,
            'Description' => '<string>',
            'DeviceId' => '<string>',
            'Effect' => 'ALLOW|DENY',
            'UserId' => '<string>',
        ],
        // ...
    ],
]
	Result Details

	Members
	
		
			NextToken
		
		

	
		
Type: string
	

			The token to use to retrieve the next page of results. The value is “null” when there are no more results to return.
		
		
			Overrides
		
		

	
		
Type: Array of MobileDeviceAccessOverride structures
	

			The list of mobile device access overrides that exist for the specified WorkMail organization and user.
		
	

	Errors
	
		
			InvalidParameterException: 
			
One or more of the input parameters don't match the service's restrictions.
		
		
			OrganizationNotFoundException: 
			
An operation received a valid organization identifier that either doesn't belong or exist in the system.
		
		
			OrganizationStateException: 
			
The organization must have a valid state to perform certain operations on the organization or its members.
		
		
			EntityNotFoundException: 
			
The identifier supplied for the user, group, or resource does not exist in your organization.
		
	


	 ListMobileDeviceAccessRules 
	$result = $client->listMobileDeviceAccessRules([/* ... */]);
$promise = $client->listMobileDeviceAccessRulesAsync([/* ... */]);

	
Lists the mobile device access rules for the specified WorkMail organization.

	Parameter Syntax
	$result = $client->listMobileDeviceAccessRules([
    'OrganizationId' => '<string>', // REQUIRED
]);

	Parameter Details

	Members
	
		
			OrganizationId
		
		

	
		
Required: Yes
		
Type: string
	

			The WorkMail organization for which to list the rules.
		
	

	Result Syntax
	[
    'Rules' => [
        [
            'DateCreated' => <DateTime>,
            'DateModified' => <DateTime>,
            'Description' => '<string>',
            'DeviceModels' => ['<string>', ...],
            'DeviceOperatingSystems' => ['<string>', ...],
            'DeviceTypes' => ['<string>', ...],
            'DeviceUserAgents' => ['<string>', ...],
            'Effect' => 'ALLOW|DENY',
            'MobileDeviceAccessRuleId' => '<string>',
            'Name' => '<string>',
            'NotDeviceModels' => ['<string>', ...],
            'NotDeviceOperatingSystems' => ['<string>', ...],
            'NotDeviceTypes' => ['<string>', ...],
            'NotDeviceUserAgents' => ['<string>', ...],
        ],
        // ...
    ],
]
	Result Details

	Members
	
		
			Rules
		
		

	
		
Type: Array of MobileDeviceAccessRule structures
	

			The list of mobile device access rules that exist under the specified WorkMail organization.
		
	

	Errors
	
		
			InvalidParameterException: 
			
One or more of the input parameters don't match the service's restrictions.
		
		
			OrganizationNotFoundException: 
			
An operation received a valid organization identifier that either doesn't belong or exist in the system.
		
		
			OrganizationStateException: 
			
The organization must have a valid state to perform certain operations on the organization or its members.
		
	


	 ListOrganizations 
	$result = $client->listOrganizations([/* ... */]);
$promise = $client->listOrganizationsAsync([/* ... */]);

	
Returns summaries of the customer's organizations.

	Parameter Syntax
	$result = $client->listOrganizations([
    'MaxResults' => <integer>,
    'NextToken' => '<string>',
]);

	Parameter Details

	Members
	
		
			MaxResults
		
		

	
		
Type: int
	

			The maximum number of results to return in a single call.
		
		
			NextToken
		
		

	
		
Type: string
	

			The token to use to retrieve the next page of results. The first call does not contain any tokens.
		
	

	Result Syntax
	[
    'NextToken' => '<string>',
    'OrganizationSummaries' => [
        [
            'Alias' => '<string>',
            'DefaultMailDomain' => '<string>',
            'ErrorMessage' => '<string>',
            'OrganizationId' => '<string>',
            'State' => '<string>',
        ],
        // ...
    ],
]
	Result Details

	Members
	
		
			NextToken
		
		

	
		
Type: string
	

			The token to use to retrieve the next page of results. The value is "null" when there are no more results to return.
		
		
			OrganizationSummaries
		
		

	
		
Type: Array of OrganizationSummary structures
	

			The overview of owned organizations presented as a list of organization summaries.
		
	

	Errors
	
		
			InvalidParameterException: 
			
One or more of the input parameters don't match the service's restrictions.
		
	


	 ListPersonalAccessTokens 
	$result = $client->listPersonalAccessTokens([/* ... */]);
$promise = $client->listPersonalAccessTokensAsync([/* ... */]);

	
 Returns a summary of your Personal Access Tokens. 

	Parameter Syntax
	$result = $client->listPersonalAccessTokens([
    'MaxResults' => <integer>,
    'NextToken' => '<string>',
    'OrganizationId' => '<string>', // REQUIRED
    'UserId' => '<string>',
]);

	Parameter Details

	Members
	
		
			MaxResults
		
		

	
		
Type: int
	

			 The maximum amount of items that should be returned in a response. 
		
		
			NextToken
		
		

	
		
Type: string
	

			 The token from the previous response to query the next page.
		
		
			OrganizationId
		
		

	
		
Required: Yes
		
Type: string
	

			 The Organization ID. 
		
		
			UserId
		
		

	
		
Type: string
	

			 The WorkMail User ID. 
		
	

	Result Syntax
	[
    'NextToken' => '<string>',
    'PersonalAccessTokenSummaries' => [
        [
            'DateCreated' => <DateTime>,
            'DateLastUsed' => <DateTime>,
            'ExpiresTime' => <DateTime>,
            'Name' => '<string>',
            'PersonalAccessTokenId' => '<string>',
            'Scopes' => ['<string>', ...],
            'UserId' => '<string>',
        ],
        // ...
    ],
]
	Result Details

	Members
	
		
			NextToken
		
		

	
		
Type: string
	

			 The token from the previous response to query the next page.
		
		
			PersonalAccessTokenSummaries
		
		

	
		
Type: Array of PersonalAccessTokenSummary structures
	

			 Lists all the personal tokens in an organization or user, if user ID is provided. 
		
	

	Errors
	
		
			InvalidParameterException: 
			
One or more of the input parameters don't match the service's restrictions.
		
		
			EntityNotFoundException: 
			
The identifier supplied for the user, group, or resource does not exist in your organization.
		
		
			EntityStateException: 
			
You are performing an operation on a user, group, or resource that isn't in the expected state, such as trying to delete an active user.
		
		
			OrganizationNotFoundException: 
			
An operation received a valid organization identifier that either doesn't belong or exist in the system.
		
		
			OrganizationStateException: 
			
The organization must have a valid state to perform certain operations on the organization or its members.
		
	


	 ListResourceDelegates 
	$result = $client->listResourceDelegates([/* ... */]);
$promise = $client->listResourceDelegatesAsync([/* ... */]);

	
Lists the delegates associated with a resource. Users and groups can be resource delegates and answer requests on behalf of the resource.

	Parameter Syntax
	$result = $client->listResourceDelegates([
    'MaxResults' => <integer>,
    'NextToken' => '<string>',
    'OrganizationId' => '<string>', // REQUIRED
    'ResourceId' => '<string>', // REQUIRED
]);

	Parameter Details

	Members
	
		
			MaxResults
		
		

	
		
Type: int
	

			The number of maximum results in a page.
		
		
			NextToken
		
		

	
		
Type: string
	

			The token used to paginate through the delegates associated with a resource.
		
		
			OrganizationId
		
		

	
		
Required: Yes
		
Type: string
	

			The identifier for the organization that contains the resource for which delegates are listed.
		
		
			ResourceId
		
		

	
		
Required: Yes
		
Type: string
	

			The identifier for the resource whose delegates are listed.
 The identifier can accept ResourceId, Resourcename, or email. The following identity formats are available:
   Resource ID: r-0123456789a0123456789b0123456789
 
  Email address: resource@domain.tld
 
  Resource name: resource
 
 
		
	

	Result Syntax
	[
    'Delegates' => [
        [
            'Id' => '<string>',
            'Type' => 'GROUP|USER',
        ],
        // ...
    ],
    'NextToken' => '<string>',
]
	Result Details

	Members
	
		
			Delegates
		
		

	
		
Type: Array of Delegate structures
	

			One page of the resource's delegates.
		
		
			NextToken
		
		

	
		
Type: string
	

			The token used to paginate through the delegates associated with a resource. While results are still available, it has an associated value. When the last page is reached, the token is empty.
		
	

	Errors
	
		
			EntityNotFoundException: 
			
The identifier supplied for the user, group, or resource does not exist in your organization.
		
		
			EntityStateException: 
			
You are performing an operation on a user, group, or resource that isn't in the expected state, such as trying to delete an active user.
		
		
			InvalidParameterException: 
			
One or more of the input parameters don't match the service's restrictions.
		
		
			OrganizationNotFoundException: 
			
An operation received a valid organization identifier that either doesn't belong or exist in the system.
		
		
			OrganizationStateException: 
			
The organization must have a valid state to perform certain operations on the organization or its members.
		
		
			UnsupportedOperationException: 
			
You can't perform a write operation against a read-only directory.
		
	


	 ListResources 
	$result = $client->listResources([/* ... */]);
$promise = $client->listResourcesAsync([/* ... */]);

	
Returns summaries of the organization's resources.

	Parameter Syntax
	$result = $client->listResources([
    'Filters' => [
        'NamePrefix' => '<string>',
        'PrimaryEmailPrefix' => '<string>',
        'State' => 'ENABLED|DISABLED|DELETED',
    ],
    'MaxResults' => <integer>,
    'NextToken' => '<string>',
    'OrganizationId' => '<string>', // REQUIRED
]);

	Parameter Details

	Members
	
		
			Filters
		
		

	
		
Type: ListResourcesFilters structure
	

			Limit the resource search results based on the filter criteria. You can only use one filter per request.
		
		
			MaxResults
		
		

	
		
Type: int
	

			The maximum number of results to return in a single call.
		
		
			NextToken
		
		

	
		
Type: string
	

			The token to use to retrieve the next page of results. The first call does not contain any tokens.
		
		
			OrganizationId
		
		

	
		
Required: Yes
		
Type: string
	

			The identifier for the organization under which the resources exist.
		
	

	Result Syntax
	[
    'NextToken' => '<string>',
    'Resources' => [
        [
            'Description' => '<string>',
            'DisabledDate' => <DateTime>,
            'Email' => '<string>',
            'EnabledDate' => <DateTime>,
            'Id' => '<string>',
            'Name' => '<string>',
            'State' => 'ENABLED|DISABLED|DELETED',
            'Type' => 'ROOM|EQUIPMENT',
        ],
        // ...
    ],
]
	Result Details

	Members
	
		
			NextToken
		
		

	
		
Type: string
	

			 The token used to paginate through all the organization's resources. While results are still available, it has an associated value. When the last page is reached, the token is empty.
		
		
			Resources
		
		

	
		
Type: Array of Resource structures
	

			One page of the organization's resource representation.
		
	

	Errors
	
		
			InvalidParameterException: 
			
One or more of the input parameters don't match the service's restrictions.
		
		
			OrganizationNotFoundException: 
			
An operation received a valid organization identifier that either doesn't belong or exist in the system.
		
		
			OrganizationStateException: 
			
The organization must have a valid state to perform certain operations on the organization or its members.
		
		
			UnsupportedOperationException: 
			
You can't perform a write operation against a read-only directory.
		
	


	 ListTagsForResource 
	$result = $client->listTagsForResource([/* ... */]);
$promise = $client->listTagsForResourceAsync([/* ... */]);

	
Lists the tags applied to an WorkMail organization resource.

	Parameter Syntax
	$result = $client->listTagsForResource([
    'ResourceARN' => '<string>', // REQUIRED
]);

	Parameter Details

	Members
	
		
			ResourceARN
		
		

	
		
Required: Yes
		
Type: string
	

			The resource ARN.
		
	

	Result Syntax
	[
    'Tags' => [
        [
            'Key' => '<string>',
            'Value' => '<string>',
        ],
        // ...
    ],
]
	Result Details

	Members
	
		
			Tags
		
		

	
		
Type: Array of Tag structures
	

			A list of tag key-value pairs.
		
	

	Errors
	
		
			ResourceNotFoundException: 
			
The resource cannot be found.
		
	


	 ListUsers 
	$result = $client->listUsers([/* ... */]);
$promise = $client->listUsersAsync([/* ... */]);

	
Returns summaries of the organization's users.

	Parameter Syntax
	$result = $client->listUsers([
    'Filters' => [
        'DisplayNamePrefix' => '<string>',
        'IdentityProviderUserIdPrefix' => '<string>',
        'PrimaryEmailPrefix' => '<string>',
        'State' => 'ENABLED|DISABLED|DELETED',
        'UsernamePrefix' => '<string>',
    ],
    'MaxResults' => <integer>,
    'NextToken' => '<string>',
    'OrganizationId' => '<string>', // REQUIRED
]);

	Parameter Details

	Members
	
		
			Filters
		
		

	
		
Type: ListUsersFilters structure
	

			Limit the user search results based on the filter criteria. You can only use one filter per request.
		
		
			MaxResults
		
		

	
		
Type: int
	

			The maximum number of results to return in a single call.
		
		
			NextToken
		
		

	
		
Type: string
	

			The token to use to retrieve the next page of results. The first call does not contain any tokens.
		
		
			OrganizationId
		
		

	
		
Required: Yes
		
Type: string
	

			The identifier for the organization under which the users exist.
		
	

	Result Syntax
	[
    'NextToken' => '<string>',
    'Users' => [
        [
            'DisabledDate' => <DateTime>,
            'DisplayName' => '<string>',
            'Email' => '<string>',
            'EnabledDate' => <DateTime>,
            'Id' => '<string>',
            'IdentityProviderIdentityStoreId' => '<string>',
            'IdentityProviderUserId' => '<string>',
            'Name' => '<string>',
            'State' => 'ENABLED|DISABLED|DELETED',
            'UserRole' => 'USER|RESOURCE|SYSTEM_USER|REMOTE_USER',
        ],
        // ...
    ],
]
	Result Details

	Members
	
		
			NextToken
		
		

	
		
Type: string
	

			 The token to use to retrieve the next page of results. This value is `null` when there are no more results to return.
		
		
			Users
		
		

	
		
Type: Array of User structures
	

			The overview of users for an organization.
		
	

	Errors
	
		
			InvalidParameterException: 
			
One or more of the input parameters don't match the service's restrictions.
		
		
			OrganizationNotFoundException: 
			
An operation received a valid organization identifier that either doesn't belong or exist in the system.
		
		
			OrganizationStateException: 
			
The organization must have a valid state to perform certain operations on the organization or its members.
		
	


	 PutAccessControlRule 
	$result = $client->putAccessControlRule([/* ... */]);
$promise = $client->putAccessControlRuleAsync([/* ... */]);

	
Adds a new access control rule for the specified organization. The rule allows or denies access to the organization for the specified IPv4 addresses, access protocol actions, user IDs and impersonation IDs. Adding a new rule with the same name as an existing rule replaces the older rule.

	Parameter Syntax
	$result = $client->putAccessControlRule([
    'Actions' => ['<string>', ...],
    'Description' => '<string>', // REQUIRED
    'Effect' => 'ALLOW|DENY', // REQUIRED
    'ImpersonationRoleIds' => ['<string>', ...],
    'IpRanges' => ['<string>', ...],
    'Name' => '<string>', // REQUIRED
    'NotActions' => ['<string>', ...],
    'NotImpersonationRoleIds' => ['<string>', ...],
    'NotIpRanges' => ['<string>', ...],
    'NotUserIds' => ['<string>', ...],
    'OrganizationId' => '<string>', // REQUIRED
    'UserIds' => ['<string>', ...],
]);

	Parameter Details

	Members
	
		
			Actions
		
		

	
		
Type: Array of strings
	

			Access protocol actions to include in the rule. Valid values include ActiveSync, AutoDiscover, EWS, IMAP, SMTP, WindowsOutlook, and WebMail.
		
		
			Description
		
		

	
		
Required: Yes
		
Type: string
	

			The rule description.
		
		
			Effect
		
		

	
		
Required: Yes
		
Type: string
	

			The rule effect.
		
		
			ImpersonationRoleIds
		
		

	
		
Type: Array of strings
	

			Impersonation role IDs to include in the rule.
		
		
			IpRanges
		
		

	
		
Type: Array of strings
	

			IPv4 CIDR ranges to include in the rule.
		
		
			Name
		
		

	
		
Required: Yes
		
Type: string
	

			The rule name.
		
		
			NotActions
		
		

	
		
Type: Array of strings
	

			Access protocol actions to exclude from the rule. Valid values include ActiveSync, AutoDiscover, EWS, IMAP, SMTP, WindowsOutlook, and WebMail.
		
		
			NotImpersonationRoleIds
		
		

	
		
Type: Array of strings
	

			Impersonation role IDs to exclude from the rule.
		
		
			NotIpRanges
		
		

	
		
Type: Array of strings
	

			IPv4 CIDR ranges to exclude from the rule.
		
		
			NotUserIds
		
		

	
		
Type: Array of strings
	

			User IDs to exclude from the rule.
		
		
			OrganizationId
		
		

	
		
Required: Yes
		
Type: string
	

			The identifier of the organization.
		
		
			UserIds
		
		

	
		
Type: Array of strings
	

			User IDs to include in the rule.
		
	

	Result Syntax
	[]
	Result Details
	The results for this operation are always empty.
	Errors
	
		
			LimitExceededException: 
			
The request exceeds the limit of the resource.
		
		
			InvalidParameterException: 
			
One or more of the input parameters don't match the service's restrictions.
		
		
			EntityNotFoundException: 
			
The identifier supplied for the user, group, or resource does not exist in your organization.
		
		
			ResourceNotFoundException: 
			
The resource cannot be found.
		
		
			OrganizationNotFoundException: 
			
An operation received a valid organization identifier that either doesn't belong or exist in the system.
		
		
			OrganizationStateException: 
			
The organization must have a valid state to perform certain operations on the organization or its members.
		
	


	 PutEmailMonitoringConfiguration 
	$result = $client->putEmailMonitoringConfiguration([/* ... */]);
$promise = $client->putEmailMonitoringConfigurationAsync([/* ... */]);

	
Creates or updates the email monitoring configuration for a specified organization.

	Parameter Syntax
	$result = $client->putEmailMonitoringConfiguration([
    'LogGroupArn' => '<string>', // REQUIRED
    'OrganizationId' => '<string>', // REQUIRED
    'RoleArn' => '<string>', // REQUIRED
]);

	Parameter Details

	Members
	
		
			LogGroupArn
		
		

	
		
Required: Yes
		
Type: string
	

			The Amazon Resource Name (ARN) of the CloudWatch Log group associated with the email monitoring configuration.
		
		
			OrganizationId
		
		

	
		
Required: Yes
		
Type: string
	

			The ID of the organization for which the email monitoring configuration is set.
		
		
			RoleArn
		
		

	
		
Required: Yes
		
Type: string
	

			The Amazon Resource Name (ARN) of the IAM Role associated with the email monitoring configuration.
		
	

	Result Syntax
	[]
	Result Details
	The results for this operation are always empty.
	Errors
	
		
			ResourceNotFoundException: 
			
The resource cannot be found.
		
		
			InvalidParameterException: 
			
One or more of the input parameters don't match the service's restrictions.
		
		
			OrganizationNotFoundException: 
			
An operation received a valid organization identifier that either doesn't belong or exist in the system.
		
		
			OrganizationStateException: 
			
The organization must have a valid state to perform certain operations on the organization or its members.
		
	


	 PutIdentityProviderConfiguration 
	$result = $client->putIdentityProviderConfiguration([/* ... */]);
$promise = $client->putIdentityProviderConfigurationAsync([/* ... */]);

	
 Enables integration between IAM Identity Center (IdC) and WorkMail to proxy authentication requests for mailbox users. You can connect your IdC directory or your external directory to WorkMail through IdC and manage access to WorkMail mailboxes in a single place. For enhanced protection, you could enable Multifactor Authentication (MFA) and Personal Access Tokens. 

	Parameter Syntax
	$result = $client->putIdentityProviderConfiguration([
    'AuthenticationMode' => 'IDENTITY_PROVIDER_ONLY|IDENTITY_PROVIDER_AND_DIRECTORY', // REQUIRED
    'IdentityCenterConfiguration' => [ // REQUIRED
        'ApplicationArn' => '<string>', // REQUIRED
        'InstanceArn' => '<string>', // REQUIRED
    ],
    'OrganizationId' => '<string>', // REQUIRED
    'PersonalAccessTokenConfiguration' => [ // REQUIRED
        'LifetimeInDays' => <integer>,
        'Status' => 'ACTIVE|INACTIVE', // REQUIRED
    ],
]);

	Parameter Details

	Members
	
		
			AuthenticationMode
		
		

	
		
Required: Yes
		
Type: string
	

			 The authentication mode used in WorkMail.
		
		
			IdentityCenterConfiguration
		
		

	
		
Required: Yes
		
Type: IdentityCenterConfiguration structure
	

			 The details of the IAM Identity Center configuration.
		
		
			OrganizationId
		
		

	
		
Required: Yes
		
Type: string
	

			 The ID of the WorkMail Organization. 
		
		
			PersonalAccessTokenConfiguration
		
		

	
		
Required: Yes
		
Type: PersonalAccessTokenConfiguration structure
	

			 The details of the Personal Access Token configuration. 
		
	

	Result Syntax
	[]
	Result Details
	The results for this operation are always empty.
	Errors
	
		
			InvalidParameterException: 
			
One or more of the input parameters don't match the service's restrictions.
		
		
			OrganizationNotFoundException: 
			
An operation received a valid organization identifier that either doesn't belong or exist in the system.
		
		
			OrganizationStateException: 
			
The organization must have a valid state to perform certain operations on the organization or its members.
		
		
			ResourceNotFoundException: 
			
The resource cannot be found.
		
	


	 PutInboundDmarcSettings 
	$result = $client->putInboundDmarcSettings([/* ... */]);
$promise = $client->putInboundDmarcSettingsAsync([/* ... */]);

	
Enables or disables a DMARC policy for a given organization.

	Parameter Syntax
	$result = $client->putInboundDmarcSettings([
    'Enforced' => true || false, // REQUIRED
    'OrganizationId' => '<string>', // REQUIRED
]);

	Parameter Details

	Members
	
		
			Enforced
		
		

	
		
Required: Yes
		
Type: boolean
	

			Enforces or suspends a policy after it's applied.
		
		
			OrganizationId
		
		

	
		
Required: Yes
		
Type: string
	

			The ID of the organization that you are applying the DMARC policy to.
		
	

	Result Syntax
	[]
	Result Details
	The results for this operation are always empty.
	Errors
	
		
			OrganizationNotFoundException: 
			
An operation received a valid organization identifier that either doesn't belong or exist in the system.
		
		
			OrganizationStateException: 
			
The organization must have a valid state to perform certain operations on the organization or its members.
		
	


	 PutMailboxPermissions 
	$result = $client->putMailboxPermissions([/* ... */]);
$promise = $client->putMailboxPermissionsAsync([/* ... */]);

	
Sets permissions for a user, group, or resource. This replaces any pre-existing permissions.

	Parameter Syntax
	$result = $client->putMailboxPermissions([
    'EntityId' => '<string>', // REQUIRED
    'GranteeId' => '<string>', // REQUIRED
    'OrganizationId' => '<string>', // REQUIRED
    'PermissionValues' => ['<string>', ...], // REQUIRED
]);

	Parameter Details

	Members
	
		
			EntityId
		
		

	
		
Required: Yes
		
Type: string
	

			The identifier of the user or resource for which to update mailbox permissions.
 The identifier can be UserId, ResourceID, or Group Id, Username, Resourcename, or Groupname, or email.
   Entity ID: 12345678-1234-1234-1234-123456789012, r-0123456789a0123456789b0123456789, or S-1-1-12-1234567890-123456789-123456789-1234
 
  Email address: entity@domain.tld
 
  Entity name: entity
 
 
		
		
			GranteeId
		
		

	
		
Required: Yes
		
Type: string
	

			The identifier of the user, group, or resource to which to grant the permissions.
 The identifier can be UserId, ResourceID, or Group Id, Username, Resourcename, or Groupname, or email.
   Grantee ID: 12345678-1234-1234-1234-123456789012, r-0123456789a0123456789b0123456789, or S-1-1-12-1234567890-123456789-123456789-1234
 
  Email address: grantee@domain.tld
 
  Grantee name: grantee
 
 
		
		
			OrganizationId
		
		

	
		
Required: Yes
		
Type: string
	

			The identifier of the organization under which the user, group, or resource exists.
		
		
			PermissionValues
		
		

	
		
Required: Yes
		
Type: Array of strings
	

			The permissions granted to the grantee. SEND_AS allows the grantee to send email as the owner of the mailbox (the grantee is not mentioned on these emails). SEND_ON_BEHALF allows the grantee to send email on behalf of the owner of the mailbox (the grantee is not mentioned as the physical sender of these emails). FULL_ACCESS allows the grantee full access to the mailbox, irrespective of other folder-level permissions set on the mailbox.
		
	

	Result Syntax
	[]
	Result Details
	The results for this operation are always empty.
	Errors
	
		
			EntityNotFoundException: 
			
The identifier supplied for the user, group, or resource does not exist in your organization.
		
		
			EntityStateException: 
			
You are performing an operation on a user, group, or resource that isn't in the expected state, such as trying to delete an active user.
		
		
			InvalidParameterException: 
			
One or more of the input parameters don't match the service's restrictions.
		
		
			OrganizationNotFoundException: 
			
An operation received a valid organization identifier that either doesn't belong or exist in the system.
		
		
			OrganizationStateException: 
			
The organization must have a valid state to perform certain operations on the organization or its members.
		
	


	 PutMobileDeviceAccessOverride 
	$result = $client->putMobileDeviceAccessOverride([/* ... */]);
$promise = $client->putMobileDeviceAccessOverrideAsync([/* ... */]);

	
Creates or updates a mobile device access override for the given WorkMail organization, user, and device.

	Parameter Syntax
	$result = $client->putMobileDeviceAccessOverride([
    'Description' => '<string>',
    'DeviceId' => '<string>', // REQUIRED
    'Effect' => 'ALLOW|DENY', // REQUIRED
    'OrganizationId' => '<string>', // REQUIRED
    'UserId' => '<string>', // REQUIRED
]);

	Parameter Details

	Members
	
		
			Description
		
		

	
		
Type: string
	

			A description of the override.
		
		
			DeviceId
		
		

	
		
Required: Yes
		
Type: string
	

			The mobile device for which you create the override. DeviceId is case insensitive.
		
		
			Effect
		
		

	
		
Required: Yes
		
Type: string
	

			The effect of the override, ALLOW or DENY.
		
		
			OrganizationId
		
		

	
		
Required: Yes
		
Type: string
	

			Identifies the WorkMail organization for which you create the override.
		
		
			UserId
		
		

	
		
Required: Yes
		
Type: string
	

			The WorkMail user for which you create the override. Accepts the following types of user identities:
   User ID: 12345678-1234-1234-1234-123456789012 or S-1-1-12-1234567890-123456789-123456789-1234 
 
  Email address: user@domain.tld 
 
  User name: user 
 
 
		
	

	Result Syntax
	[]
	Result Details
	The results for this operation are always empty.
	Errors
	
		
			InvalidParameterException: 
			
One or more of the input parameters don't match the service's restrictions.
		
		
			OrganizationNotFoundException: 
			
An operation received a valid organization identifier that either doesn't belong or exist in the system.
		
		
			OrganizationStateException: 
			
The organization must have a valid state to perform certain operations on the organization or its members.
		
		
			EntityNotFoundException: 
			
The identifier supplied for the user, group, or resource does not exist in your organization.
		
		
			EntityStateException: 
			
You are performing an operation on a user, group, or resource that isn't in the expected state, such as trying to delete an active user.
		
	


	 PutRetentionPolicy 
	$result = $client->putRetentionPolicy([/* ... */]);
$promise = $client->putRetentionPolicyAsync([/* ... */]);

	
Puts a retention policy to the specified organization.

	Parameter Syntax
	$result = $client->putRetentionPolicy([
    'Description' => '<string>',
    'FolderConfigurations' => [ // REQUIRED
        [
            'Action' => 'NONE|DELETE|PERMANENTLY_DELETE', // REQUIRED
            'Name' => 'INBOX|DELETED_ITEMS|SENT_ITEMS|DRAFTS|JUNK_EMAIL', // REQUIRED
            'Period' => <integer>,
        ],
        // ...
    ],
    'Id' => '<string>',
    'Name' => '<string>', // REQUIRED
    'OrganizationId' => '<string>', // REQUIRED
]);

	Parameter Details

	Members
	
		
			Description
		
		

	
		
Type: string
	

			The retention policy description.
		
		
			FolderConfigurations
		
		

	
		
Required: Yes
		
Type: Array of FolderConfiguration structures
	

			The retention policy folder configurations.
		
		
			Id
		
		

	
		
Type: string
	

			The retention policy ID.
		
		
			Name
		
		

	
		
Required: Yes
		
Type: string
	

			The retention policy name.
		
		
			OrganizationId
		
		

	
		
Required: Yes
		
Type: string
	

			The organization ID.
		
	

	Result Syntax
	[]
	Result Details
	The results for this operation are always empty.
	Errors
	
		
			InvalidParameterException: 
			
One or more of the input parameters don't match the service's restrictions.
		
		
			OrganizationNotFoundException: 
			
An operation received a valid organization identifier that either doesn't belong or exist in the system.
		
		
			OrganizationStateException: 
			
The organization must have a valid state to perform certain operations on the organization or its members.
		
		
			LimitExceededException: 
			
The request exceeds the limit of the resource.
		
	


	 RegisterMailDomain 
	$result = $client->registerMailDomain([/* ... */]);
$promise = $client->registerMailDomainAsync([/* ... */]);

	
Registers a new domain in WorkMail and SES, and configures it for use by WorkMail. Emails received by SES for this domain are routed to the specified WorkMail organization, and WorkMail has permanent permission to use the specified domain for sending your users' emails.

	Parameter Syntax
	$result = $client->registerMailDomain([
    'ClientToken' => '<string>',
    'DomainName' => '<string>', // REQUIRED
    'OrganizationId' => '<string>', // REQUIRED
]);

	Parameter Details

	Members
	
		
			ClientToken
		
		

	
		
Type: string
	

			Idempotency token used when retrying requests.
		
		
			DomainName
		
		

	
		
Required: Yes
		
Type: string
	

			The name of the mail domain to create in WorkMail and SES.
		
		
			OrganizationId
		
		

	
		
Required: Yes
		
Type: string
	

			The WorkMail organization under which you're creating the domain.
		
	

	Result Syntax
	[]
	Result Details
	The results for this operation are always empty.
	Errors
	
		
			MailDomainInUseException: 
			
The domain you're trying to change is in use by another user or organization in your account. See the error message for details.
		
		
			OrganizationNotFoundException: 
			
An operation received a valid organization identifier that either doesn't belong or exist in the system.
		
		
			OrganizationStateException: 
			
The organization must have a valid state to perform certain operations on the organization or its members.
		
		
			LimitExceededException: 
			
The request exceeds the limit of the resource.
		
		
			InvalidParameterException: 
			
One or more of the input parameters don't match the service's restrictions.
		
	


	 RegisterToWorkMail 
	$result = $client->registerToWorkMail([/* ... */]);
$promise = $client->registerToWorkMailAsync([/* ... */]);

	
Registers an existing and disabled user, group, or resource for WorkMail use by associating a mailbox and calendaring capabilities. It performs no change if the user, group, or resource is enabled and fails if the user, group, or resource is deleted. This operation results in the accumulation of costs. For more information, see Pricing. The equivalent console functionality for this operation is Enable.
 Users can either be created by calling the CreateUser API operation or they can be synchronized from your directory. For more information, see DeregisterFromWorkMail.

	Parameter Syntax
	$result = $client->registerToWorkMail([
    'Email' => '<string>', // REQUIRED
    'EntityId' => '<string>', // REQUIRED
    'OrganizationId' => '<string>', // REQUIRED
]);

	Parameter Details

	Members
	
		
			Email
		
		

	
		
Required: Yes
		
Type: string
	

			The email for the user, group, or resource to be updated.
		
		
			EntityId
		
		

	
		
Required: Yes
		
Type: string
	

			The identifier for the user, group, or resource to be updated.
 The identifier can accept UserId, ResourceId, or GroupId, or Username, Resourcename, or Groupname. The following identity formats are available:
   Entity ID: 12345678-1234-1234-1234-123456789012, r-0123456789a0123456789b0123456789, or S-1-1-12-1234567890-123456789-123456789-1234
 
  Entity name: entity
 
 
		
		
			OrganizationId
		
		

	
		
Required: Yes
		
Type: string
	

			The identifier for the organization under which the user, group, or resource exists.
		
	

	Result Syntax
	[]
	Result Details
	The results for this operation are always empty.
	Errors
	
		
			DirectoryServiceAuthenticationFailedException: 
			
The directory service doesn't recognize the credentials supplied by WorkMail.
		
		
			DirectoryUnavailableException: 
			
The directory is unavailable. It might be located in another Region or deleted.
		
		
			EmailAddressInUseException: 
			
The email address that you're trying to assign is already created for a different user, group, or resource.
		
		
			EntityNotFoundException: 
			
The identifier supplied for the user, group, or resource does not exist in your organization.
		
		
			EntityStateException: 
			
You are performing an operation on a user, group, or resource that isn't in the expected state, such as trying to delete an active user.
		
		
			EntityAlreadyRegisteredException: 
			
The user, group, or resource that you're trying to register is already registered.
		
		
			InvalidParameterException: 
			
One or more of the input parameters don't match the service's restrictions.
		
		
			MailDomainNotFoundException: 
			
The domain specified is not found in your organization.
		
		
			MailDomainStateException: 
			
After a domain has been added to the organization, it must be verified. The domain is not yet verified.
		
		
			OrganizationNotFoundException: 
			
An operation received a valid organization identifier that either doesn't belong or exist in the system.
		
		
			OrganizationStateException: 
			
The organization must have a valid state to perform certain operations on the organization or its members.
		
	


	 ResetPassword 
	$result = $client->resetPassword([/* ... */]);
$promise = $client->resetPasswordAsync([/* ... */]);

	
Allows the administrator to reset the password for a user.

	Parameter Syntax
	$result = $client->resetPassword([
    'OrganizationId' => '<string>', // REQUIRED
    'Password' => '<string>', // REQUIRED
    'UserId' => '<string>', // REQUIRED
]);

	Parameter Details

	Members
	
		
			OrganizationId
		
		

	
		
Required: Yes
		
Type: string
	

			The identifier of the organization that contains the user for which the password is reset.
		
		
			Password
		
		

	
		
Required: Yes
		
Type: string
	

			The new password for the user.
		
		
			UserId
		
		

	
		
Required: Yes
		
Type: string
	

			The identifier of the user for whom the password is reset.
		
	

	Result Syntax
	[]
	Result Details
	The results for this operation are always empty.
	Errors
	
		
			DirectoryServiceAuthenticationFailedException: 
			
The directory service doesn't recognize the credentials supplied by WorkMail.
		
		
			DirectoryUnavailableException: 
			
The directory is unavailable. It might be located in another Region or deleted.
		
		
			EntityNotFoundException: 
			
The identifier supplied for the user, group, or resource does not exist in your organization.
		
		
			EntityStateException: 
			
You are performing an operation on a user, group, or resource that isn't in the expected state, such as trying to delete an active user.
		
		
			InvalidParameterException: 
			
One or more of the input parameters don't match the service's restrictions.
		
		
			InvalidPasswordException: 
			
The supplied password doesn't match the minimum security constraints, such as length or use of special characters.
		
		
			OrganizationNotFoundException: 
			
An operation received a valid organization identifier that either doesn't belong or exist in the system.
		
		
			OrganizationStateException: 
			
The organization must have a valid state to perform certain operations on the organization or its members.
		
		
			UnsupportedOperationException: 
			
You can't perform a write operation against a read-only directory.
		
	


	 StartMailboxExportJob 
	$result = $client->startMailboxExportJob([/* ... */]);
$promise = $client->startMailboxExportJobAsync([/* ... */]);

	
Starts a mailbox export job to export MIME-format email messages and calendar items from the specified mailbox to the specified Amazon Simple Storage Service (Amazon S3) bucket. For more information, see Exporting mailbox content in the WorkMail Administrator Guide.

	Parameter Syntax
	$result = $client->startMailboxExportJob([
    'ClientToken' => '<string>', // REQUIRED
    'Description' => '<string>',
    'EntityId' => '<string>', // REQUIRED
    'KmsKeyArn' => '<string>', // REQUIRED
    'OrganizationId' => '<string>', // REQUIRED
    'RoleArn' => '<string>', // REQUIRED
    'S3BucketName' => '<string>', // REQUIRED
    'S3Prefix' => '<string>', // REQUIRED
]);

	Parameter Details

	Members
	
		
			ClientToken
		
		

	
		
Required: Yes
		
Type: string
	

			The idempotency token for the client request.
		
		
			Description
		
		

	
		
Type: string
	

			The mailbox export job description.
		
		
			EntityId
		
		

	
		
Required: Yes
		
Type: string
	

			The identifier of the user or resource associated with the mailbox.
 The identifier can accept UserId or ResourceId, Username or Resourcename, or email. The following identity formats are available:
   Entity ID: 12345678-1234-1234-1234-123456789012, r-0123456789a0123456789b0123456789 , or S-1-1-12-1234567890-123456789-123456789-1234
 
  Email address: entity@domain.tld
 
  Entity name: entity
 
 
		
		
			KmsKeyArn
		
		

	
		
Required: Yes
		
Type: string
	

			The Amazon Resource Name (ARN) of the symmetric AWS Key Management Service (AWS KMS) key that encrypts the exported mailbox content.
		
		
			OrganizationId
		
		

	
		
Required: Yes
		
Type: string
	

			The identifier associated with the organization.
		
		
			RoleArn
		
		

	
		
Required: Yes
		
Type: string
	

			The ARN of the AWS Identity and Access Management (IAM) role that grants write permission to the S3 bucket.
		
		
			S3BucketName
		
		

	
		
Required: Yes
		
Type: string
	

			The name of the S3 bucket.
		
		
			S3Prefix
		
		

	
		
Required: Yes
		
Type: string
	

			The S3 bucket prefix.
		
	

	Result Syntax
	[
    'JobId' => '<string>',
]
	Result Details

	Members
	
		
			JobId
		
		

	
		
Type: string
	

			The job ID.
		
	

	Errors
	
		
			InvalidParameterException: 
			
One or more of the input parameters don't match the service's restrictions.
		
		
			OrganizationNotFoundException: 
			
An operation received a valid organization identifier that either doesn't belong or exist in the system.
		
		
			OrganizationStateException: 
			
The organization must have a valid state to perform certain operations on the organization or its members.
		
		
			EntityNotFoundException: 
			
The identifier supplied for the user, group, or resource does not exist in your organization.
		
		
			LimitExceededException: 
			
The request exceeds the limit of the resource.
		
	


	 TagResource 
	$result = $client->tagResource([/* ... */]);
$promise = $client->tagResourceAsync([/* ... */]);

	
Applies the specified tags to the specified WorkMailorganization resource.

	Parameter Syntax
	$result = $client->tagResource([
    'ResourceARN' => '<string>', // REQUIRED
    'Tags' => [ // REQUIRED
        [
            'Key' => '<string>', // REQUIRED
            'Value' => '<string>', // REQUIRED
        ],
        // ...
    ],
]);

	Parameter Details

	Members
	
		
			ResourceARN
		
		

	
		
Required: Yes
		
Type: string
	

			The resource ARN.
		
		
			Tags
		
		

	
		
Required: Yes
		
Type: Array of Tag structures
	

			The tag key-value pairs.
		
	

	Result Syntax
	[]
	Result Details
	The results for this operation are always empty.
	Errors
	
		
			InvalidParameterException: 
			
One or more of the input parameters don't match the service's restrictions.
		
		
			ResourceNotFoundException: 
			
The resource cannot be found.
		
		
			TooManyTagsException: 
			
The resource can have up to 50 user-applied tags.
		
		
			OrganizationStateException: 
			
The organization must have a valid state to perform certain operations on the organization or its members.
		
	


	 TestAvailabilityConfiguration 
	$result = $client->testAvailabilityConfiguration([/* ... */]);
$promise = $client->testAvailabilityConfigurationAsync([/* ... */]);

	
Performs a test on an availability provider to ensure that access is allowed. For EWS, it verifies the provided credentials can be used to successfully log in. For Lambda, it verifies that the Lambda function can be invoked and that the resource access policy was configured to deny anonymous access. An anonymous invocation is one done without providing either a SourceArn or SourceAccount header.
  The request must contain either one provider definition (EwsProvider or LambdaProvider) or the DomainName parameter. If the DomainName parameter is provided, the configuration stored under the DomainName will be tested.
 
	Parameter Syntax
	$result = $client->testAvailabilityConfiguration([
    'DomainName' => '<string>',
    'EwsProvider' => [
        'EwsEndpoint' => '<string>', // REQUIRED
        'EwsPassword' => '<string>', // REQUIRED
        'EwsUsername' => '<string>', // REQUIRED
    ],
    'LambdaProvider' => [
        'LambdaArn' => '<string>', // REQUIRED
    ],
    'OrganizationId' => '<string>', // REQUIRED
]);

	Parameter Details

	Members
	
		
			DomainName
		
		

	
		
Type: string
	

			The domain to which the provider applies. If this field is provided, a stored availability provider associated to this domain name will be tested.
		
		
			EwsProvider
		
		

	
		
Type: EwsAvailabilityProvider structure
	

			Describes an EWS based availability provider. This is only used as input to the service.
		
		
			LambdaProvider
		
		

	
		
Type: LambdaAvailabilityProvider structure
	

			Describes a Lambda based availability provider.
		
		
			OrganizationId
		
		

	
		
Required: Yes
		
Type: string
	

			The WorkMail organization where the availability provider will be tested.
		
	

	Result Syntax
	[
    'FailureReason' => '<string>',
    'TestPassed' => true || false,
]
	Result Details

	Members
	
		
			FailureReason
		
		

	
		
Type: string
	

			String containing the reason for a failed test if TestPassed is false.
		
		
			TestPassed
		
		

	
		
Type: boolean
	

			Boolean indicating whether the test passed or failed.
		
	

	Errors
	
		
			OrganizationNotFoundException: 
			
An operation received a valid organization identifier that either doesn't belong or exist in the system.
		
		
			OrganizationStateException: 
			
The organization must have a valid state to perform certain operations on the organization or its members.
		
		
			ResourceNotFoundException: 
			
The resource cannot be found.
		
		
			InvalidParameterException: 
			
One or more of the input parameters don't match the service's restrictions.
		
	


	 UntagResource 
	$result = $client->untagResource([/* ... */]);
$promise = $client->untagResourceAsync([/* ... */]);

	
Untags the specified tags from the specified WorkMail organization resource.

	Parameter Syntax
	$result = $client->untagResource([
    'ResourceARN' => '<string>', // REQUIRED
    'TagKeys' => ['<string>', ...], // REQUIRED
]);

	Parameter Details

	Members
	
		
			ResourceARN
		
		

	
		
Required: Yes
		
Type: string
	

			The resource ARN.
		
		
			TagKeys
		
		

	
		
Required: Yes
		
Type: Array of strings
	

			The tag keys.
		
	

	Result Syntax
	[]
	Result Details
	The results for this operation are always empty.
	Errors
	
		
			ResourceNotFoundException: 
			
The resource cannot be found.
		
	


	 UpdateAvailabilityConfiguration 
	$result = $client->updateAvailabilityConfiguration([/* ... */]);
$promise = $client->updateAvailabilityConfigurationAsync([/* ... */]);

	
Updates an existing AvailabilityConfiguration for the given WorkMail organization and domain.

	Parameter Syntax
	$result = $client->updateAvailabilityConfiguration([
    'DomainName' => '<string>', // REQUIRED
    'EwsProvider' => [
        'EwsEndpoint' => '<string>', // REQUIRED
        'EwsPassword' => '<string>', // REQUIRED
        'EwsUsername' => '<string>', // REQUIRED
    ],
    'LambdaProvider' => [
        'LambdaArn' => '<string>', // REQUIRED
    ],
    'OrganizationId' => '<string>', // REQUIRED
]);

	Parameter Details

	Members
	
		
			DomainName
		
		

	
		
Required: Yes
		
Type: string
	

			The domain to which the provider applies the availability configuration.
		
		
			EwsProvider
		
		

	
		
Type: EwsAvailabilityProvider structure
	

			The EWS availability provider definition. The request must contain exactly one provider definition, either EwsProvider or LambdaProvider. The previously stored provider will be overridden by the one provided.
		
		
			LambdaProvider
		
		

	
		
Type: LambdaAvailabilityProvider structure
	

			The Lambda availability provider definition. The request must contain exactly one provider definition, either EwsProvider or LambdaProvider. The previously stored provider will be overridden by the one provided.
		
		
			OrganizationId
		
		

	
		
Required: Yes
		
Type: string
	

			The WorkMail organization for which the AvailabilityConfiguration will be updated.
		
	

	Result Syntax
	[]
	Result Details
	The results for this operation are always empty.
	Errors
	
		
			OrganizationNotFoundException: 
			
An operation received a valid organization identifier that either doesn't belong or exist in the system.
		
		
			OrganizationStateException: 
			
The organization must have a valid state to perform certain operations on the organization or its members.
		
		
			ResourceNotFoundException: 
			
The resource cannot be found.
		
		
			InvalidParameterException: 
			
One or more of the input parameters don't match the service's restrictions.
		
	


	 UpdateDefaultMailDomain 
	$result = $client->updateDefaultMailDomain([/* ... */]);
$promise = $client->updateDefaultMailDomainAsync([/* ... */]);

	
Updates the default mail domain for an organization. The default mail domain is used by the WorkMail AWS Console to suggest an email address when enabling a mail user. You can only have one default domain.

	Parameter Syntax
	$result = $client->updateDefaultMailDomain([
    'DomainName' => '<string>', // REQUIRED
    'OrganizationId' => '<string>', // REQUIRED
]);

	Parameter Details

	Members
	
		
			DomainName
		
		

	
		
Required: Yes
		
Type: string
	

			The domain name that will become the default domain.
		
		
			OrganizationId
		
		

	
		
Required: Yes
		
Type: string
	

			The WorkMail organization for which to list domains.
		
	

	Result Syntax
	[]
	Result Details
	The results for this operation are always empty.
	Errors
	
		
			MailDomainNotFoundException: 
			
The domain specified is not found in your organization.
		
		
			MailDomainStateException: 
			
After a domain has been added to the organization, it must be verified. The domain is not yet verified.
		
		
			OrganizationNotFoundException: 
			
An operation received a valid organization identifier that either doesn't belong or exist in the system.
		
		
			OrganizationStateException: 
			
The organization must have a valid state to perform certain operations on the organization or its members.
		
		
			InvalidParameterException: 
			
One or more of the input parameters don't match the service's restrictions.
		
	


	 UpdateGroup 
	$result = $client->updateGroup([/* ... */]);
$promise = $client->updateGroupAsync([/* ... */]);

	
Updates attributes in a group.

	Parameter Syntax
	$result = $client->updateGroup([
    'GroupId' => '<string>', // REQUIRED
    'HiddenFromGlobalAddressList' => true || false,
    'OrganizationId' => '<string>', // REQUIRED
]);

	Parameter Details

	Members
	
		
			GroupId
		
		

	
		
Required: Yes
		
Type: string
	

			The identifier for the group to be updated.
 The identifier can accept GroupId, Groupname, or email. The following identity formats are available:
   Group ID: 12345678-1234-1234-1234-123456789012 or S-1-1-12-1234567890-123456789-123456789-1234
 
  Email address: group@domain.tld
 
  Group name: group
 
 
		
		
			HiddenFromGlobalAddressList
		
		

	
		
Type: boolean
	

			If enabled, the group is hidden from the global address list.
		
		
			OrganizationId
		
		

	
		
Required: Yes
		
Type: string
	

			The identifier for the organization under which the group exists.
		
	

	Result Syntax
	[]
	Result Details
	The results for this operation are always empty.
	Errors
	
		
			EntityNotFoundException: 
			
The identifier supplied for the user, group, or resource does not exist in your organization.
		
		
			EntityStateException: 
			
You are performing an operation on a user, group, or resource that isn't in the expected state, such as trying to delete an active user.
		
		
			OrganizationNotFoundException: 
			
An operation received a valid organization identifier that either doesn't belong or exist in the system.
		
		
			OrganizationStateException: 
			
The organization must have a valid state to perform certain operations on the organization or its members.
		
		
			UnsupportedOperationException: 
			
You can't perform a write operation against a read-only directory.
		
		
			InvalidParameterException: 
			
One or more of the input parameters don't match the service's restrictions.
		
	


	 UpdateImpersonationRole 
	$result = $client->updateImpersonationRole([/* ... */]);
$promise = $client->updateImpersonationRoleAsync([/* ... */]);

	
Updates an impersonation role for the given WorkMail organization.

	Parameter Syntax
	$result = $client->updateImpersonationRole([
    'Description' => '<string>',
    'ImpersonationRoleId' => '<string>', // REQUIRED
    'Name' => '<string>', // REQUIRED
    'OrganizationId' => '<string>', // REQUIRED
    'Rules' => [ // REQUIRED
        [
            'Description' => '<string>',
            'Effect' => 'ALLOW|DENY', // REQUIRED
            'ImpersonationRuleId' => '<string>', // REQUIRED
            'Name' => '<string>',
            'NotTargetUsers' => ['<string>', ...],
            'TargetUsers' => ['<string>', ...],
        ],
        // ...
    ],
    'Type' => 'FULL_ACCESS|READ_ONLY', // REQUIRED
]);

	Parameter Details

	Members
	
		
			Description
		
		

	
		
Type: string
	

			The updated impersonation role description.
		
		
			ImpersonationRoleId
		
		

	
		
Required: Yes
		
Type: string
	

			The ID of the impersonation role to update.
		
		
			Name
		
		

	
		
Required: Yes
		
Type: string
	

			The updated impersonation role name.
		
		
			OrganizationId
		
		

	
		
Required: Yes
		
Type: string
	

			The WorkMail organization that contains the impersonation role to update.
		
		
			Rules
		
		

	
		
Required: Yes
		
Type: Array of ImpersonationRule structures
	

			The updated list of rules.
		
		
			Type
		
		

	
		
Required: Yes
		
Type: string
	

			The updated impersonation role type.
		
	

	Result Syntax
	[]
	Result Details
	The results for this operation are always empty.
	Errors
	
		
			InvalidParameterException: 
			
One or more of the input parameters don't match the service's restrictions.
		
		
			OrganizationNotFoundException: 
			
An operation received a valid organization identifier that either doesn't belong or exist in the system.
		
		
			OrganizationStateException: 
			
The organization must have a valid state to perform certain operations on the organization or its members.
		
		
			ResourceNotFoundException: 
			
The resource cannot be found.
		
		
			EntityNotFoundException: 
			
The identifier supplied for the user, group, or resource does not exist in your organization.
		
		
			EntityStateException: 
			
You are performing an operation on a user, group, or resource that isn't in the expected state, such as trying to delete an active user.
		
		
			LimitExceededException: 
			
The request exceeds the limit of the resource.
		
	


	 UpdateMailboxQuota 
	$result = $client->updateMailboxQuota([/* ... */]);
$promise = $client->updateMailboxQuotaAsync([/* ... */]);

	
Updates a user's current mailbox quota for a specified organization and user.

	Parameter Syntax
	$result = $client->updateMailboxQuota([
    'MailboxQuota' => <integer>, // REQUIRED
    'OrganizationId' => '<string>', // REQUIRED
    'UserId' => '<string>', // REQUIRED
]);

	Parameter Details

	Members
	
		
			MailboxQuota
		
		

	
		
Required: Yes
		
Type: int
	

			The updated mailbox quota, in MB, for the specified user.
		
		
			OrganizationId
		
		

	
		
Required: Yes
		
Type: string
	

			The identifier for the organization that contains the user for whom to update the mailbox quota.
		
		
			UserId
		
		

	
		
Required: Yes
		
Type: string
	

			The identifer for the user for whom to update the mailbox quota.
 The identifier can be the UserId, Username, or email. The following identity formats are available:
   User ID: 12345678-1234-1234-1234-123456789012 or S-1-1-12-1234567890-123456789-123456789-1234
 
  Email address: user@domain.tld
 
  User name: user
 
 
		
	

	Result Syntax
	[]
	Result Details
	The results for this operation are always empty.
	Errors
	
		
			InvalidParameterException: 
			
One or more of the input parameters don't match the service's restrictions.
		
		
			OrganizationNotFoundException: 
			
An operation received a valid organization identifier that either doesn't belong or exist in the system.
		
		
			OrganizationStateException: 
			
The organization must have a valid state to perform certain operations on the organization or its members.
		
		
			EntityNotFoundException: 
			
The identifier supplied for the user, group, or resource does not exist in your organization.
		
		
			EntityStateException: 
			
You are performing an operation on a user, group, or resource that isn't in the expected state, such as trying to delete an active user.
		
	


	 UpdateMobileDeviceAccessRule 
	$result = $client->updateMobileDeviceAccessRule([/* ... */]);
$promise = $client->updateMobileDeviceAccessRuleAsync([/* ... */]);

	
Updates a mobile device access rule for the specified WorkMail organization.

	Parameter Syntax
	$result = $client->updateMobileDeviceAccessRule([
    'Description' => '<string>',
    'DeviceModels' => ['<string>', ...],
    'DeviceOperatingSystems' => ['<string>', ...],
    'DeviceTypes' => ['<string>', ...],
    'DeviceUserAgents' => ['<string>', ...],
    'Effect' => 'ALLOW|DENY', // REQUIRED
    'MobileDeviceAccessRuleId' => '<string>', // REQUIRED
    'Name' => '<string>', // REQUIRED
    'NotDeviceModels' => ['<string>', ...],
    'NotDeviceOperatingSystems' => ['<string>', ...],
    'NotDeviceTypes' => ['<string>', ...],
    'NotDeviceUserAgents' => ['<string>', ...],
    'OrganizationId' => '<string>', // REQUIRED
]);

	Parameter Details

	Members
	
		
			Description
		
		

	
		
Type: string
	

			The updated rule description.
		
		
			DeviceModels
		
		

	
		
Type: Array of strings
	

			Device models that the updated rule will match.
		
		
			DeviceOperatingSystems
		
		

	
		
Type: Array of strings
	

			Device operating systems that the updated rule will match.
		
		
			DeviceTypes
		
		

	
		
Type: Array of strings
	

			Device types that the updated rule will match.
		
		
			DeviceUserAgents
		
		

	
		
Type: Array of strings
	

			User agents that the updated rule will match.
		
		
			Effect
		
		

	
		
Required: Yes
		
Type: string
	

			The effect of the rule when it matches. Allowed values are ALLOW or DENY.
		
		
			MobileDeviceAccessRuleId
		
		

	
		
Required: Yes
		
Type: string
	

			The identifier of the rule to be updated.
		
		
			Name
		
		

	
		
Required: Yes
		
Type: string
	

			The updated rule name.
		
		
			NotDeviceModels
		
		

	
		
Type: Array of strings
	

			Device models that the updated rule will not match. All other device models will match.
		
		
			NotDeviceOperatingSystems
		
		

	
		
Type: Array of strings
	

			Device operating systems that the updated rule will not match. All other device operating systems will match.
		
		
			NotDeviceTypes
		
		

	
		
Type: Array of strings
	

			Device types that the updated rule will not match. All other device types will match.
		
		
			NotDeviceUserAgents
		
		

	
		
Type: Array of strings
	

			User agents that the updated rule will not match. All other user agents will match.
		
		
			OrganizationId
		
		

	
		
Required: Yes
		
Type: string
	

			The WorkMail organization under which the rule will be updated.
		
	

	Result Syntax
	[]
	Result Details
	The results for this operation are always empty.
	Errors
	
		
			InvalidParameterException: 
			
One or more of the input parameters don't match the service's restrictions.
		
		
			EntityNotFoundException: 
			
The identifier supplied for the user, group, or resource does not exist in your organization.
		
		
			OrganizationNotFoundException: 
			
An operation received a valid organization identifier that either doesn't belong or exist in the system.
		
		
			OrganizationStateException: 
			
The organization must have a valid state to perform certain operations on the organization or its members.
		
	


	 UpdatePrimaryEmailAddress 
	$result = $client->updatePrimaryEmailAddress([/* ... */]);
$promise = $client->updatePrimaryEmailAddressAsync([/* ... */]);

	
Updates the primary email for a user, group, or resource. The current email is moved into the list of aliases (or swapped between an existing alias and the current primary email), and the email provided in the input is promoted as the primary.

	Parameter Syntax
	$result = $client->updatePrimaryEmailAddress([
    'Email' => '<string>', // REQUIRED
    'EntityId' => '<string>', // REQUIRED
    'OrganizationId' => '<string>', // REQUIRED
]);

	Parameter Details

	Members
	
		
			Email
		
		

	
		
Required: Yes
		
Type: string
	

			The value of the email to be updated as primary.
		
		
			EntityId
		
		

	
		
Required: Yes
		
Type: string
	

			The user, group, or resource to update.
 The identifier can accept UseriD, ResourceId, or GroupId, Username, Resourcename, or Groupname, or email. The following identity formats are available:
   Entity ID: 12345678-1234-1234-1234-123456789012, r-0123456789a0123456789b0123456789, or S-1-1-12-1234567890-123456789-123456789-1234
 
  Email address: entity@domain.tld
 
  Entity name: entity
 
 
		
		
			OrganizationId
		
		

	
		
Required: Yes
		
Type: string
	

			The organization that contains the user, group, or resource to update.
		
	

	Result Syntax
	[]
	Result Details
	The results for this operation are always empty.
	Errors
	
		
			DirectoryServiceAuthenticationFailedException: 
			
The directory service doesn't recognize the credentials supplied by WorkMail.
		
		
			DirectoryUnavailableException: 
			
The directory is unavailable. It might be located in another Region or deleted.
		
		
			EmailAddressInUseException: 
			
The email address that you're trying to assign is already created for a different user, group, or resource.
		
		
			EntityNotFoundException: 
			
The identifier supplied for the user, group, or resource does not exist in your organization.
		
		
			EntityStateException: 
			
You are performing an operation on a user, group, or resource that isn't in the expected state, such as trying to delete an active user.
		
		
			InvalidParameterException: 
			
One or more of the input parameters don't match the service's restrictions.
		
		
			MailDomainNotFoundException: 
			
The domain specified is not found in your organization.
		
		
			MailDomainStateException: 
			
After a domain has been added to the organization, it must be verified. The domain is not yet verified.
		
		
			InvalidParameterException: 
			
One or more of the input parameters don't match the service's restrictions.
		
		
			OrganizationNotFoundException: 
			
An operation received a valid organization identifier that either doesn't belong or exist in the system.
		
		
			OrganizationStateException: 
			
The organization must have a valid state to perform certain operations on the organization or its members.
		
		
			UnsupportedOperationException: 
			
You can't perform a write operation against a read-only directory.
		
	


	 UpdateResource 
	$result = $client->updateResource([/* ... */]);
$promise = $client->updateResourceAsync([/* ... */]);

	
Updates data for the resource. To have the latest information, it must be preceded by a DescribeResource call. The dataset in the request should be the one expected when performing another DescribeResource call.

	Parameter Syntax
	$result = $client->updateResource([
    'BookingOptions' => [
        'AutoAcceptRequests' => true || false,
        'AutoDeclineConflictingRequests' => true || false,
        'AutoDeclineRecurringRequests' => true || false,
    ],
    'Description' => '<string>',
    'HiddenFromGlobalAddressList' => true || false,
    'Name' => '<string>',
    'OrganizationId' => '<string>', // REQUIRED
    'ResourceId' => '<string>', // REQUIRED
    'Type' => 'ROOM|EQUIPMENT',
]);

	Parameter Details

	Members
	
		
			BookingOptions
		
		

	
		
Type: BookingOptions structure
	

			The resource's booking options to be updated.
		
		
			Description
		
		

	
		
Type: string
	

			Updates the resource description.
		
		
			HiddenFromGlobalAddressList
		
		

	
		
Type: boolean
	

			If enabled, the resource is hidden from the global address list.
		
		
			Name
		
		

	
		
Type: string
	

			The name of the resource to be updated.
		
		
			OrganizationId
		
		

	
		
Required: Yes
		
Type: string
	

			The identifier associated with the organization for which the resource is updated.
		
		
			ResourceId
		
		

	
		
Required: Yes
		
Type: string
	

			The identifier of the resource to be updated.
 The identifier can accept ResourceId, Resourcename, or email. The following identity formats are available:
   Resource ID: r-0123456789a0123456789b0123456789
 
  Email address: resource@domain.tld
 
  Resource name: resource
 
 
		
		
			Type
		
		

	
		
Type: string
	

			Updates the resource type.
		
	

	Result Syntax
	[]
	Result Details
	The results for this operation are always empty.
	Errors
	
		
			DirectoryUnavailableException: 
			
The directory is unavailable. It might be located in another Region or deleted.
		
		
			EntityNotFoundException: 
			
The identifier supplied for the user, group, or resource does not exist in your organization.
		
		
			EntityStateException: 
			
You are performing an operation on a user, group, or resource that isn't in the expected state, such as trying to delete an active user.
		
		
			InvalidConfigurationException: 
			
The configuration for a resource isn't valid. A resource must either be able to auto-respond to requests or have at least one delegate associated that can do so on its behalf.
		
		
			EmailAddressInUseException: 
			
The email address that you're trying to assign is already created for a different user, group, or resource.
		
		
			MailDomainNotFoundException: 
			
The domain specified is not found in your organization.
		
		
			MailDomainStateException: 
			
After a domain has been added to the organization, it must be verified. The domain is not yet verified.
		
		
			NameAvailabilityException: 
			
The user, group, or resource name isn't unique in WorkMail.
		
		
			OrganizationNotFoundException: 
			
An operation received a valid organization identifier that either doesn't belong or exist in the system.
		
		
			OrganizationStateException: 
			
The organization must have a valid state to perform certain operations on the organization or its members.
		
		
			UnsupportedOperationException: 
			
You can't perform a write operation against a read-only directory.
		
		
			InvalidParameterException: 
			
One or more of the input parameters don't match the service's restrictions.
		
	


	 UpdateUser 
	$result = $client->updateUser([/* ... */]);
$promise = $client->updateUserAsync([/* ... */]);

	
Updates data for the user. To have the latest information, it must be preceded by a DescribeUser call. The dataset in the request should be the one expected when performing another DescribeUser call.

	Parameter Syntax
	$result = $client->updateUser([
    'City' => '<string>',
    'Company' => '<string>',
    'Country' => '<string>',
    'Department' => '<string>',
    'DisplayName' => '<string>',
    'FirstName' => '<string>',
    'HiddenFromGlobalAddressList' => true || false,
    'IdentityProviderUserId' => '<string>',
    'Initials' => '<string>',
    'JobTitle' => '<string>',
    'LastName' => '<string>',
    'Office' => '<string>',
    'OrganizationId' => '<string>', // REQUIRED
    'Role' => 'USER|RESOURCE|SYSTEM_USER|REMOTE_USER',
    'Street' => '<string>',
    'Telephone' => '<string>',
    'UserId' => '<string>', // REQUIRED
    'ZipCode' => '<string>',
]);

	Parameter Details

	Members
	
		
			City
		
		

	
		
Type: string
	

			Updates the user's city.
		
		
			Company
		
		

	
		
Type: string
	

			Updates the user's company.
		
		
			Country
		
		

	
		
Type: string
	

			Updates the user's country.
		
		
			Department
		
		

	
		
Type: string
	

			Updates the user's department.
		
		
			DisplayName
		
		

	
		
Type: string
	

			Updates the display name of the user.
		
		
			FirstName
		
		

	
		
Type: string
	

			Updates the user's first name.
		
		
			HiddenFromGlobalAddressList
		
		

	
		
Type: boolean
	

			If enabled, the user is hidden from the global address list.
		
		
			IdentityProviderUserId
		
		

	
		
Type: string
	

			User ID from the IAM Identity Center. If this parameter is empty it will be updated automatically when the user logs in for the first time to the mailbox associated with WorkMail.
		
		
			Initials
		
		

	
		
Type: string
	

			Updates the user's initials.
		
		
			JobTitle
		
		

	
		
Type: string
	

			Updates the user's job title.
		
		
			LastName
		
		

	
		
Type: string
	

			Updates the user's last name.
		
		
			Office
		
		

	
		
Type: string
	

			Updates the user's office.
		
		
			OrganizationId
		
		

	
		
Required: Yes
		
Type: string
	

			The identifier for the organization under which the user exists.
		
		
			Role
		
		

	
		
Type: string
	

			Updates the user role.
 You cannot pass SYSTEM_USER or RESOURCE.
		
		
			Street
		
		

	
		
Type: string
	

			Updates the user's street address.
		
		
			Telephone
		
		

	
		
Type: string
	

			Updates the user's contact details.
		
		
			UserId
		
		

	
		
Required: Yes
		
Type: string
	

			The identifier for the user to be updated.
 The identifier can be the UserId, Username, or email. The following identity formats are available:
   User ID: 12345678-1234-1234-1234-123456789012 or S-1-1-12-1234567890-123456789-123456789-1234
 
  Email address: user@domain.tld
 
  User name: user
 
 
		
		
			ZipCode
		
		

	
		
Type: string
	

			Updates the user's zip code.
		
	

	Result Syntax
	[]
	Result Details
	The results for this operation are always empty.
	Errors
	
		
			DirectoryServiceAuthenticationFailedException: 
			
The directory service doesn't recognize the credentials supplied by WorkMail.
		
		
			DirectoryUnavailableException: 
			
The directory is unavailable. It might be located in another Region or deleted.
		
		
			EntityNotFoundException: 
			
The identifier supplied for the user, group, or resource does not exist in your organization.
		
		
			InvalidParameterException: 
			
One or more of the input parameters don't match the service's restrictions.
		
		
			OrganizationNotFoundException: 
			
An operation received a valid organization identifier that either doesn't belong or exist in the system.
		
		
			OrganizationStateException: 
			
The organization must have a valid state to perform certain operations on the organization or its members.
		
		
			UnsupportedOperationException: 
			
You can't perform a write operation against a read-only directory.
		
		
			EntityStateException: 
			
You are performing an operation on a user, group, or resource that isn't in the expected state, such as trying to delete an active user.



	Shapes 
	
		AccessControlRule 

	Description
	A rule that controls access to an WorkMail organization.
	Members
	
		
			Actions
		
		

	
		
Type: Array of strings
	

			Access protocol actions to include in the rule. Valid values include ActiveSync, AutoDiscover, EWS, IMAP, SMTP, WindowsOutlook, and WebMail.
		
		
			DateCreated
		
		

	
		
Type: timestamp (string|DateTime or anything parsable by strtotime)
	

			The date that the rule was created.
		
		
			DateModified
		
		

	
		
Type: timestamp (string|DateTime or anything parsable by strtotime)
	

			The date that the rule was modified.
		
		
			Description
		
		

	
		
Type: string
	

			The rule description.
		
		
			Effect
		
		

	
		
Type: string
	

			The rule effect.
		
		
			ImpersonationRoleIds
		
		

	
		
Type: Array of strings
	

			Impersonation role IDs to include in the rule.
		
		
			IpRanges
		
		

	
		
Type: Array of strings
	

			IPv4 CIDR ranges to include in the rule.
		
		
			Name
		
		

	
		
Type: string
	

			The rule name.
		
		
			NotActions
		
		

	
		
Type: Array of strings
	

			Access protocol actions to exclude from the rule. Valid values include ActiveSync, AutoDiscover, EWS, IMAP, SMTP, WindowsOutlook, and WebMail.
		
		
			NotImpersonationRoleIds
		
		

	
		
Type: Array of strings
	

			Impersonation role IDs to exclude from the rule.
		
		
			NotIpRanges
		
		

	
		
Type: Array of strings
	

			IPv4 CIDR ranges to exclude from the rule.
		
		
			NotUserIds
		
		

	
		
Type: Array of strings
	

			User IDs to exclude from the rule.
		
		
			UserIds
		
		

	
		
Type: Array of strings
	

			User IDs to include in the rule.
		
	

	
	
		AvailabilityConfiguration 

	Description
	List all the AvailabilityConfiguration's for the given WorkMail organization.
	Members
	
		
			DateCreated
		
		

	
		
Type: timestamp (string|DateTime or anything parsable by strtotime)
	

			The date and time at which the availability configuration was created.
		
		
			DateModified
		
		

	
		
Type: timestamp (string|DateTime or anything parsable by strtotime)
	

			The date and time at which the availability configuration was last modified.
		
		
			DomainName
		
		

	
		
Type: string
	

			Displays the domain to which the provider applies.
		
		
			EwsProvider
		
		

	
		
Type: RedactedEwsAvailabilityProvider structure
	

			If ProviderType is EWS, then this field contains RedactedEwsAvailabilityProvider. Otherwise, it is not required.
		
		
			LambdaProvider
		
		

	
		
Type: LambdaAvailabilityProvider structure
	

			If ProviderType is LAMBDA then this field contains LambdaAvailabilityProvider. Otherwise, it is not required.
		
		
			ProviderType
		
		

	
		
Type: string
	

			Displays the provider type that applies to this domain.
		
	

	
	
		BookingOptions 

	Description
	At least one delegate must be associated to the resource to disable automatic replies from the resource.
	Members
	
		
			AutoAcceptRequests
		
		

	
		
Type: boolean
	

			The resource's ability to automatically reply to requests. If disabled, delegates must be associated to the resource.
		
		
			AutoDeclineConflictingRequests
		
		

	
		
Type: boolean
	

			The resource's ability to automatically decline any conflicting requests.
		
		
			AutoDeclineRecurringRequests
		
		

	
		
Type: boolean
	

			The resource's ability to automatically decline any recurring requests.
		
	

	
	
		Delegate 

	Description
	The name of the attribute, which is one of the values defined in the UserAttribute enumeration.
	Members
	
		
			Id
		
		

	
		
Required: Yes
		
Type: string
	

			The identifier for the user or group associated as the resource's delegate.
		
		
			Type
		
		

	
		
Required: Yes
		
Type: string
	

			The type of the delegate: user or group.
		
	

	
	
		DirectoryInUseException 

	Description
	The directory is already in use by another WorkMail organization in the same account and Region.
	Members
	
		
			Message
		
		

	
		
Type: string
	

			
		
	

	
	
		DirectoryServiceAuthenticationFailedException 

	Description
	The directory service doesn't recognize the credentials supplied by WorkMail.
	Members
	
		
			Message
		
		

	
		
Type: string
	

			
		
	

	
	
		DirectoryUnavailableException 

	Description
	The directory is unavailable. It might be located in another Region or deleted.
	Members
	
		
			Message
		
		

	
		
Type: string
	

			
		
	

	
	
		DnsRecord 

	Description
	A DNS record uploaded to your DNS provider.
	Members
	
		
			Hostname
		
		

	
		
Type: string
	

			The DNS hostname.- For example, domain.example.com.
		
		
			Type
		
		

	
		
Type: string
	

			The RFC 1035 record type. Possible values: CNAME, A, MX.
		
		
			Value
		
		

	
		
Type: string
	

			The value returned by the DNS for a query to that hostname and record type.
		
	

	
	
		Domain 

	Description
	The domain to associate with an WorkMail organization.
 When you configure a domain hosted in Amazon Route 53 (Route 53), all recommended DNS records are added to the organization when you create it. For more information, see Adding a domain in the WorkMail Administrator Guide.
	Members
	
		
			DomainName
		
		

	
		
Required: Yes
		
Type: string
	

			The fully qualified domain name.
		
		
			HostedZoneId
		
		

	
		
Type: string
	

			The hosted zone ID for a domain hosted in Route 53. Required when configuring a domain hosted in Route 53.
		
	

	
	
		EmailAddressInUseException 

	Description
	The email address that you're trying to assign is already created for a different user, group, or resource.
	Members
	
		
			Message
		
		

	
		
Type: string
	

			
		
	

	
	
		EntityAlreadyRegisteredException 

	Description
	The user, group, or resource that you're trying to register is already registered.
	Members
	
		
			Message
		
		

	
		
Type: string
	

			
		
	

	
	
		EntityNotFoundException 

	Description
	The identifier supplied for the user, group, or resource does not exist in your organization.
	Members
	
		
			Message
		
		

	
		
Type: string
	

			
		
	

	
	
		EntityStateException 

	Description
	You are performing an operation on a user, group, or resource that isn't in the expected state, such as trying to delete an active user.
	Members
	
		
			Message
		
		

	
		
Type: string
	

			
		
	

	
	
		EwsAvailabilityProvider 

	Description
	Describes an EWS based availability provider. This is only used as input to the service.
	Members
	
		
			EwsEndpoint
		
		

	
		
Required: Yes
		
Type: string
	

			The endpoint of the remote EWS server.
		
		
			EwsPassword
		
		

	
		
Required: Yes
		
Type: string
	

			The password used to authenticate the remote EWS server.
		
		
			EwsUsername
		
		

	
		
Required: Yes
		
Type: string
	

			The username used to authenticate the remote EWS server.
		
	

	
	
		FolderConfiguration 

	Description
	The configuration applied to an organization's folders by its retention policy.
	Members
	
		
			Action
		
		

	
		
Required: Yes
		
Type: string
	

			The action to take on the folder contents at the end of the folder configuration period.
		
		
			Name
		
		

	
		
Required: Yes
		
Type: string
	

			The folder name.
		
		
			Period
		
		

	
		
Type: int
	

			The number of days for which the folder-configuration action applies.
		
	

	
	
		Group 

	Description
	The representation of an WorkMail group.
	Members
	
		
			DisabledDate
		
		

	
		
Type: timestamp (string|DateTime or anything parsable by strtotime)
	

			The date indicating when the group was disabled from WorkMail use.
		
		
			Email
		
		

	
		
Type: string
	

			The email of the group.
		
		
			EnabledDate
		
		

	
		
Type: timestamp (string|DateTime or anything parsable by strtotime)
	

			The date indicating when the group was enabled for WorkMail use.
		
		
			Id
		
		

	
		
Type: string
	

			The identifier of the group.
		
		
			Name
		
		

	
		
Type: string
	

			The name of the group.
		
		
			State
		
		

	
		
Type: string
	

			The state of the group, which can be ENABLED, DISABLED, or DELETED.
		
	

	
	
		GroupIdentifier 

	Description
	The identifier that contains the Group ID and name of a group.
	Members
	
		
			GroupId
		
		

	
		
Type: string
	

			Group ID that matched the group.
		
		
			GroupName
		
		

	
		
Type: string
	

			Group name that matched the group.
		
	

	
	
		IdentityCenterConfiguration 

	Description
	 The IAM Identity Center configuration. 
	Members
	
		
			ApplicationArn
		
		

	
		
Required: Yes
		
Type: string
	

			 The Amazon Resource Name (ARN) of IAMIdentity Center Application for WorkMail. Must be created by the WorkMail API, see CreateIdentityCenterApplication.
		
		
			InstanceArn
		
		

	
		
Required: Yes
		
Type: string
	

			 The Amazon Resource Name (ARN) of the of IAM Identity Center instance. Must be in the same AWS account and region as WorkMail organization.
		
	

	
	
		ImpersonationMatchedRule 

	Description
	The impersonation rule that matched the input.
	Members
	
		
			ImpersonationRuleId
		
		

	
		
Type: string
	

			The ID of the rule that matched the input
		
		
			Name
		
		

	
		
Type: string
	

			The name of the rule that matched the input.
		
	

	
	
		ImpersonationRole 

	Description
	An impersonation role for the given WorkMail organization.
	Members
	
		
			DateCreated
		
		

	
		
Type: timestamp (string|DateTime or anything parsable by strtotime)
	

			The date when the impersonation role was created.
		
		
			DateModified
		
		

	
		
Type: timestamp (string|DateTime or anything parsable by strtotime)
	

			The date when the impersonation role was last modified.
		
		
			ImpersonationRoleId
		
		

	
		
Type: string
	

			The identifier of the impersonation role.
		
		
			Name
		
		

	
		
Type: string
	

			The impersonation role name.
		
		
			Type
		
		

	
		
Type: string
	

			The impersonation role type.
		
	

	
	
		ImpersonationRule 

	Description
	The rules for the given impersonation role.
	Members
	
		
			Description
		
		

	
		
Type: string
	

			The rule description.
		
		
			Effect
		
		

	
		
Required: Yes
		
Type: string
	

			The effect of the rule when it matches the input. Allowed effect values are ALLOW or DENY.
		
		
			ImpersonationRuleId
		
		

	
		
Required: Yes
		
Type: string
	

			The identifier of the rule.
		
		
			Name
		
		

	
		
Type: string
	

			The rule name.
		
		
			NotTargetUsers
		
		

	
		
Type: Array of strings
	

			A list of user IDs that don't match the rule.
		
		
			TargetUsers
		
		

	
		
Type: Array of strings
	

			A list of user IDs that match the rule.
		
	

	
	
		InvalidConfigurationException 

	Description
	The configuration for a resource isn't valid. A resource must either be able to auto-respond to requests or have at least one delegate associated that can do so on its behalf.
	Members
	
		
			Message
		
		

	
		
Type: string
	

			
		
	

	
	
		InvalidCustomSesConfigurationException 

	Description
	You SES configuration has customizations that WorkMail cannot save. The error message lists the invalid setting. For examples of invalid settings, refer to CreateReceiptRule.
	Members
	
		
			Message
		
		

	
		
Type: string
	

			
		
	

	
	
		InvalidParameterException 

	Description
	One or more of the input parameters don't match the service's restrictions.
	Members
	
		
			Message
		
		

	
		
Type: string
	

			
		
	

	
	
		InvalidPasswordException 

	Description
	The supplied password doesn't match the minimum security constraints, such as length or use of special characters.
	Members
	
		
			Message
		
		

	
		
Type: string
	

			
		
	

	
	
		LambdaAvailabilityProvider 

	Description
	Describes a Lambda based availability provider.
	Members
	
		
			LambdaArn
		
		

	
		
Required: Yes
		
Type: string
	

			The Amazon Resource Name (ARN) of the Lambda that acts as the availability provider.
		
	

	
	
		LimitExceededException 

	Description
	The request exceeds the limit of the resource.
	Members
	
		
			Message
		
		

	
		
Type: string
	

			
		
	

	
	
		ListGroupsFilters 

	Description
	 Filtering options for ListGroups operation. This is only used as input to Operation.
	Members
	
		
			NamePrefix
		
		

	
		
Type: string
	

			Filters only groups with the provided name prefix.
		
		
			PrimaryEmailPrefix
		
		

	
		
Type: string
	

			Filters only groups with the provided primary email prefix.
		
		
			State
		
		

	
		
Type: string
	

			Filters only groups with the provided state.
		
	

	
	
		ListGroupsForEntityFilters 

	Description
	 Filtering options for ListGroupsForEntity operation. This is only used as input to Operation.
	Members
	
		
			GroupNamePrefix
		
		

	
		
Type: string
	

			Filters only group names that start with the provided name prefix.
		
	

	
	
		ListResourcesFilters 

	Description
	Filtering options for ListResources operation. This is only used as input to Operation.
	Members
	
		
			NamePrefix
		
		

	
		
Type: string
	

			Filters only resource that start with the entered name prefix .
		
		
			PrimaryEmailPrefix
		
		

	
		
Type: string
	

			Filters only resource with the provided primary email prefix.
		
		
			State
		
		

	
		
Type: string
	

			Filters only resource with the provided state.
		
	

	
	
		ListUsersFilters 

	Description
	 Filtering options for ListUsers operation. This is only used as input to Operation.
	Members
	
		
			DisplayNamePrefix
		
		

	
		
Type: string
	

			Filters only users with the provided display name prefix.
		
		
			IdentityProviderUserIdPrefix
		
		

	
		
Type: string
	

			Filters only users with the ID from the IAM Identity Center.
		
		
			PrimaryEmailPrefix
		
		

	
		
Type: string
	

			Filters only users with the provided email prefix.
		
		
			State
		
		

	
		
Type: string
	

			Filters only users with the provided state.
		
		
			UsernamePrefix
		
		

	
		
Type: string
	

			Filters only users with the provided username prefix.
		
	

	
	
		MailDomainInUseException 

	Description
	The domain you're trying to change is in use by another user or organization in your account. See the error message for details.
	Members
	
		
			Message
		
		

	
		
Type: string
	

			
		
	

	
	
		MailDomainNotFoundException 

	Description
	The domain specified is not found in your organization.
	Members
	
		
			Message
		
		

	
		
Type: string
	

			
		
	

	
	
		MailDomainStateException 

	Description
	After a domain has been added to the organization, it must be verified. The domain is not yet verified.
	Members
	
		
			Message
		
		

	
		
Type: string
	

			
		
	

	
	
		MailDomainSummary 

	Description
	The data for a given domain.
	Members
	
		
			DefaultDomain
		
		

	
		
Type: boolean
	

			Whether the domain is default or not.
		
		
			DomainName
		
		

	
		
Type: string
	

			The domain name.
		
	

	
	
		MailboxExportJob 

	Description
	The details of a mailbox export job, including the user or resource ID associated with the mailbox and the S3 bucket that the mailbox contents are exported to.
	Members
	
		
			Description
		
		

	
		
Type: string
	

			The mailbox export job description.
		
		
			EndTime
		
		

	
		
Type: timestamp (string|DateTime or anything parsable by strtotime)
	

			The mailbox export job end timestamp.
		
		
			EntityId
		
		

	
		
Type: string
	

			The identifier of the user or resource associated with the mailbox.
		
		
			EstimatedProgress
		
		

	
		
Type: int
	

			The estimated progress of the mailbox export job, in percentage points.
		
		
			JobId
		
		

	
		
Type: string
	

			The identifier of the mailbox export job.
		
		
			S3BucketName
		
		

	
		
Type: string
	

			The name of the S3 bucket.
		
		
			S3Path
		
		

	
		
Type: string
	

			The path to the S3 bucket and file that the mailbox export job exports to.
		
		
			StartTime
		
		

	
		
Type: timestamp (string|DateTime or anything parsable by strtotime)
	

			The mailbox export job start timestamp.
		
		
			State
		
		

	
		
Type: string
	

			The state of the mailbox export job.
		
	

	
	
		Member 

	Description
	The representation of a user or group.
	Members
	
		
			DisabledDate
		
		

	
		
Type: timestamp (string|DateTime or anything parsable by strtotime)
	

			The date indicating when the member was disabled from WorkMail use.
		
		
			EnabledDate
		
		

	
		
Type: timestamp (string|DateTime or anything parsable by strtotime)
	

			The date indicating when the member was enabled for WorkMail use.
		
		
			Id
		
		

	
		
Type: string
	

			The identifier of the member.
		
		
			Name
		
		

	
		
Type: string
	

			The name of the member.
		
		
			State
		
		

	
		
Type: string
	

			The state of the member, which can be ENABLED, DISABLED, or DELETED.
		
		
			Type
		
		

	
		
Type: string
	

			A member can be a user or group.
		
	

	
	
		MobileDeviceAccessMatchedRule 

	Description
	The rule that a simulated user matches.
	Members
	
		
			MobileDeviceAccessRuleId
		
		

	
		
Type: string
	

			Identifier of the rule that a simulated user matches.
		
		
			Name
		
		

	
		
Type: string
	

			Name of a rule that a simulated user matches.
		
	

	
	
		MobileDeviceAccessOverride 

	Description
	The override object.
	Members
	
		
			DateCreated
		
		

	
		
Type: timestamp (string|DateTime or anything parsable by strtotime)
	

			The date the override was first created.
		
		
			DateModified
		
		

	
		
Type: timestamp (string|DateTime or anything parsable by strtotime)
	

			The date the override was last modified.
		
		
			Description
		
		

	
		
Type: string
	

			A description of the override.
		
		
			DeviceId
		
		

	
		
Type: string
	

			The device to which the override applies.
		
		
			Effect
		
		

	
		
Type: string
	

			The effect of the override, ALLOW or DENY.
		
		
			UserId
		
		

	
		
Type: string
	

			The WorkMail user to which the access override applies.
		
	

	
	
		MobileDeviceAccessRule 

	Description
	A rule that controls access to mobile devices for an WorkMail group.
	Members
	
		
			DateCreated
		
		

	
		
Type: timestamp (string|DateTime or anything parsable by strtotime)
	

			The date and time at which an access rule was created.
		
		
			DateModified
		
		

	
		
Type: timestamp (string|DateTime or anything parsable by strtotime)
	

			The date and time at which an access rule was modified.
		
		
			Description
		
		

	
		
Type: string
	

			The description of a mobile access rule.
		
		
			DeviceModels
		
		

	
		
Type: Array of strings
	

			Device models that a rule will match.
		
		
			DeviceOperatingSystems
		
		

	
		
Type: Array of strings
	

			Device operating systems that a rule will match.
		
		
			DeviceTypes
		
		

	
		
Type: Array of strings
	

			Device types that a rule will match.
		
		
			DeviceUserAgents
		
		

	
		
Type: Array of strings
	

			Device user agents that a rule will match.
		
		
			Effect
		
		

	
		
Type: string
	

			The effect of the rule when it matches. Allowed values are ALLOW or DENY.
		
		
			MobileDeviceAccessRuleId
		
		

	
		
Type: string
	

			The ID assigned to a mobile access rule.
		
		
			Name
		
		

	
		
Type: string
	

			The name of a mobile access rule.
		
		
			NotDeviceModels
		
		

	
		
Type: Array of strings
	

			Device models that a rule will not match. All other device models will match.
		
		
			NotDeviceOperatingSystems
		
		

	
		
Type: Array of strings
	

			Device operating systems that a rule will not match. All other device types will match.
		
		
			NotDeviceTypes
		
		

	
		
Type: Array of strings
	

			Device types that a rule will not match. All other device types will match.
		
		
			NotDeviceUserAgents
		
		

	
		
Type: Array of strings
	

			Device user agents that a rule will not match. All other device user agents will match.
		
	

	
	
		NameAvailabilityException 

	Description
	The user, group, or resource name isn't unique in WorkMail.
	Members
	
		
			Message
		
		

	
		
Type: string
	

			
		
	

	
	
		OrganizationNotFoundException 

	Description
	An operation received a valid organization identifier that either doesn't belong or exist in the system.
	Members
	
		
			Message
		
		

	
		
Type: string
	

			
		
	

	
	
		OrganizationStateException 

	Description
	The organization must have a valid state to perform certain operations on the organization or its members.
	Members
	
		
			Message
		
		

	
		
Type: string
	

			
		
	

	
	
		OrganizationSummary 

	Description
	The representation of an organization.
	Members
	
		
			Alias
		
		

	
		
Type: string
	

			The alias associated with the organization.
		
		
			DefaultMailDomain
		
		

	
		
Type: string
	

			The default email domain associated with the organization.
		
		
			ErrorMessage
		
		

	
		
Type: string
	

			The error message associated with the organization. It is only present if unexpected behavior has occurred with regards to the organization. It provides insight or solutions regarding unexpected behavior.
		
		
			OrganizationId
		
		

	
		
Type: string
	

			The identifier associated with the organization.
		
		
			State
		
		

	
		
Type: string
	

			The state associated with the organization.
		
	

	
	
		Permission 

	Description
	Permission granted to a user, group, or resource to access a certain aspect of another user, group, or resource mailbox.
	Members
	
		
			GranteeId
		
		

	
		
Required: Yes
		
Type: string
	

			The identifier of the user, group, or resource to which the permissions are granted.
		
		
			GranteeType
		
		

	
		
Required: Yes
		
Type: string
	

			The type of user, group, or resource referred to in GranteeId.
		
		
			PermissionValues
		
		

	
		
Required: Yes
		
Type: Array of strings
	

			The permissions granted to the grantee. SEND_AS allows the grantee to send email as the owner of the mailbox (the grantee is not mentioned on these emails). SEND_ON_BEHALF allows the grantee to send email on behalf of the owner of the mailbox (the grantee is not mentioned as the physical sender of these emails). FULL_ACCESS allows the grantee full access to the mailbox, irrespective of other folder-level permissions set on the mailbox.
		
	

	
	
		PersonalAccessTokenConfiguration 

	Description
	 Displays the Personal Access Token status. 
	Members
	
		
			LifetimeInDays
		
		

	
		
Type: int
	

			 The validity of the Personal Access Token status in days. 
		
		
			Status
		
		

	
		
Required: Yes
		
Type: string
	

			 The status of the Personal Access Token allowed for the organization. 
    Active - Mailbox users can login to the web application and choose Settings to see the new Personal Access Tokens page to create and delete the Personal Access Tokens. Mailbox users can use the Personal Access Tokens to set up mailbox connection from desktop or mobile email clients.
 
   Inactive - Personal Access Tokens are disabled for your organization. Mailbox users can’t create, list, or delete Personal Access Tokens and can’t use them to connect to their mailboxes from desktop or mobile email clients.
 
 
		
	

	
	
		PersonalAccessTokenSummary 

	Description
	 The summary of the Personal Access Token. 
	Members
	
		
			DateCreated
		
		

	
		
Type: timestamp (string|DateTime or anything parsable by strtotime)
	

			 The date when the Personal Access Token was created. 
		
		
			DateLastUsed
		
		

	
		
Type: timestamp (string|DateTime or anything parsable by strtotime)
	

			 The date when the Personal Access Token was last used. 
		
		
			ExpiresTime
		
		

	
		
Type: timestamp (string|DateTime or anything parsable by strtotime)
	

			 The date when the Personal Access Token will expire. 
		
		
			Name
		
		

	
		
Type: string
	

			 The name of the Personal Access Token. 
		
		
			PersonalAccessTokenId
		
		

	
		
Type: string
	

			 The ID of the Personal Access Token. 
		
		
			Scopes
		
		

	
		
Type: Array of strings
	

			 Lists all the Personal Access Token permissions for a mailbox. 
		
		
			UserId
		
		

	
		
Type: string
	

			 The user ID of the WorkMail user associated with the Personal Access Token. 
		
	

	
	
		RedactedEwsAvailabilityProvider 

	Description
	Describes an EWS based availability provider when returned from the service. It does not contain the password of the endpoint.
	Members
	
		
			EwsEndpoint
		
		

	
		
Type: string
	

			The endpoint of the remote EWS server.
		
		
			EwsUsername
		
		

	
		
Type: string
	

			The username used to authenticate the remote EWS server.
		
	

	
	
		ReservedNameException 

	Description
	This user, group, or resource name is not allowed in WorkMail.
	Members
	
		
			Message
		
		

	
		
Type: string
	

			
		
	

	
	
		Resource 

	Description
	The representation of a resource.
	Members
	
		
			Description
		
		

	
		
Type: string
	

			Resource description.
		
		
			DisabledDate
		
		

	
		
Type: timestamp (string|DateTime or anything parsable by strtotime)
	

			The date indicating when the resource was disabled from WorkMail use.
		
		
			Email
		
		

	
		
Type: string
	

			The email of the resource.
		
		
			EnabledDate
		
		

	
		
Type: timestamp (string|DateTime or anything parsable by strtotime)
	

			The date indicating when the resource was enabled for WorkMail use.
		
		
			Id
		
		

	
		
Type: string
	

			The identifier of the resource.
		
		
			Name
		
		

	
		
Type: string
	

			The name of the resource.
		
		
			State
		
		

	
		
Type: string
	

			The state of the resource, which can be ENABLED, DISABLED, or DELETED.
		
		
			Type
		
		

	
		
Type: string
	

			The type of the resource: equipment or room.
		
	

	
	
		ResourceNotFoundException 

	Description
	The resource cannot be found.
	Members
	
		
			Message
		
		

	
		
Type: string
	

			
		
	

	
	
		Tag 

	Description
	Describes a tag applied to a resource.
	Members
	
		
			Key
		
		

	
		
Required: Yes
		
Type: string
	

			The key of the tag.
		
		
			Value
		
		

	
		
Required: Yes
		
Type: string
	

			The value of the tag.
		
	

	
	
		TooManyTagsException 

	Description
	The resource can have up to 50 user-applied tags.
	Members
	
		
			Message
		
		

	
		
Type: string
	

			
		
	

	
	
		UnsupportedOperationException 

	Description
	You can't perform a write operation against a read-only directory.
	Members
	
		
			Message
		
		

	
		
Type: string
	

			
		
	

	
	
		User 

	Description
	The representation of an WorkMail user.
	Members
	
		
			DisabledDate
		
		

	
		
Type: timestamp (string|DateTime or anything parsable by strtotime)
	

			The date indicating when the user was disabled from WorkMail use.
		
		
			DisplayName
		
		

	
		
Type: string
	

			The display name of the user.
		
		
			Email
		
		

	
		
Type: string
	

			The email of the user.
		
		
			EnabledDate
		
		

	
		
Type: timestamp (string|DateTime or anything parsable by strtotime)
	

			The date indicating when the user was enabled for WorkMail use.
		
		
			Id
		
		

	
		
Type: string
	

			The identifier of the user.
		
		
			IdentityProviderIdentityStoreId
		
		

	
		
Type: string
	

			Identity store ID from the IAM Identity Center. If this parameter is empty it will be updated automatically when the user logs in for the first time to the mailbox associated with WorkMail.
		
		
			IdentityProviderUserId
		
		

	
		
Type: string
	

			User ID from the IAM Identity Center. If this parameter is empty it will be updated automatically when the user logs in for the first time to the mailbox associated with WorkMail.
		
		
			Name
		
		

	
		
Type: string
	

			The name of the user.
		
		
			State
		
		

	
		
Type: string
	

			The state of the user, which can be ENABLED, DISABLED, or DELETED.
		
		
			UserRole
		
		

	
		
Type: string
	

			The role of the user.

Amazon WorkMail 2017-10-01

Operation Summary

Paginators

Operations

AssociateDelegateToResource

Parameter Syntax

Parameter Details

Members

Result Syntax

Result Details

Errors

AssociateMemberToGroup

Parameter Syntax

Parameter Details

Members

Result Syntax

Result Details

Errors

AssumeImpersonationRole

Parameter Syntax

Parameter Details

Members

Result Syntax

Result Details

Members

Errors

CancelMailboxExportJob

Parameter Syntax

Parameter Details

Members

Result Syntax

Result Details

Errors

CreateAlias

Parameter Syntax

Parameter Details

Members

Result Syntax

Result Details

Errors

CreateAvailabilityConfiguration

Parameter Syntax

Parameter Details

Members

Result Syntax

Result Details

Errors

CreateGroup

Parameter Syntax

Parameter Details

Members

Result Syntax

Result Details

Members

Errors

CreateIdentityCenterApplication

Parameter Syntax

Parameter Details

Members

Result Syntax

Result Details

Members

Errors

CreateImpersonationRole

Parameter Syntax

Parameter Details

Members

Result Syntax

Result Details

Members

Errors

CreateMobileDeviceAccessRule

Parameter Syntax

Parameter Details

Members

Result Syntax

Result Details

Members

Errors

CreateOrganization