CreateImpersonationRole
Creates an impersonation role for the given WorkMail organization.
Idempotency ensures that an API request completes no more than one time. With an idempotent request, if the original request completes successfully, any subsequent retries also complete successfully without performing any further actions.
Request Syntax
{
"ClientToken": "string",
"Description": "string",
"Name": "string",
"OrganizationId": "string",
"Rules": [
{
"Description": "string",
"Effect": "string",
"ImpersonationRuleId": "string",
"Name": "string",
"NotTargetUsers": [ "string" ],
"TargetUsers": [ "string" ]
}
],
"Type": "string"
}Request Parameters
For information about the parameters that are common to all actions, see Common Parameters.
The request accepts the following data in JSON format.
- ClientToken
-
The idempotency token for the client request.
Type: String
Length Constraints: Minimum length of 1. Maximum length of 128.
Pattern:
[\x21-\x7e]+Required: No
- Description
-
The description of the new impersonation role.
Type: String
Length Constraints: Minimum length of 1. Maximum length of 256.
Pattern:
[^\x00-\x09\x0B\x0C\x0E-\x1F\x7F\x3C\x3E\x5C]+Required: No
- Name
-
The name of the new impersonation role.
Type: String
Length Constraints: Minimum length of 1. Maximum length of 64.
Pattern:
[^\x00-\x1F\x7F\x3C\x3E\x5C]+Required: Yes
- OrganizationId
-
The WorkMail organization to create the new impersonation role within.
Type: String
Length Constraints: Fixed length of 34.
Pattern:
^m-[0-9a-f]{32}$Required: Yes
- Rules
-
The list of rules for the impersonation role.
Type: Array of ImpersonationRule objects
Array Members: Minimum number of 0 items. Maximum number of 10 items.
Required: Yes
- Type
-
The impersonation role's type. The available impersonation role types are
READ_ONLYorFULL_ACCESS.Type: String
Valid Values:
FULL_ACCESS | READ_ONLYRequired: Yes
Response Syntax
{
"ImpersonationRoleId": "string"
}Response Elements
If the action is successful, the service sends back an HTTP 200 response.
The following data is returned in JSON format by the service.
- ImpersonationRoleId
-
The new impersonation role ID.
Type: String
Length Constraints: Minimum length of 1. Maximum length of 64.
Pattern:
[a-zA-Z0-9_-]+
Errors
For information about the errors that are common to all actions, see Common Errors.
- EntityNotFoundException
-
The identifier supplied for the user, group, or resource does not exist in your organization.
HTTP Status Code: 400
- EntityStateException
-
You are performing an operation on a user, group, or resource that isn't in the expected state, such as trying to delete an active user.
HTTP Status Code: 400
- InvalidParameterException
-
One or more of the input parameters don't match the service's restrictions.
HTTP Status Code: 400
- LimitExceededException
-
The request exceeds the limit of the resource.
HTTP Status Code: 400
- OrganizationNotFoundException
-
An operation received a valid organization identifier that either doesn't belong or exist in the system.
HTTP Status Code: 400
- OrganizationStateException
-
The organization must have a valid state to perform certain operations on the organization or its members.
HTTP Status Code: 400
See Also
For more information about using this API in one of the language-specific AWS SDKs, see the following:
