CreateImpersonationRole - Amazon WorkMail
Request SyntaxRequest ParametersResponse SyntaxResponse ElementsErrorsSee Also

CreateImpersonationRole

Creates an impersonation role for the given WorkMail organization.

Idempotency ensures that an API request completes no more than one time. With an idempotent request, if the original request completes successfully, any subsequent retries also complete successfully without performing any further actions.

Request Syntax

{
   "ClientToken": "string",
   "Description": "string",
   "Name": "string",
   "OrganizationId": "string",
   "Rules": [ 
      { 
         "Description": "string",
         "Effect": "string",
         "ImpersonationRuleId": "string",
         "Name": "string",
         "NotTargetUsers": [ "string" ],
         "TargetUsers": [ "string" ]
      }
   ],
   "Type": "string"
}

Request Parameters

For information about the parameters that are common to all actions, see Common Parameters.

The request accepts the following data in JSON format.

ClientToken

The idempotency token for the client request.

Type: String

Length Constraints: Minimum length of 1. Maximum length of 128.

Pattern: [\x21-\x7e]+

Required: No

Description

The description of the new impersonation role.

Type: String

Length Constraints: Minimum length of 1. Maximum length of 256.

Pattern: [^\x00-\x09\x0B\x0C\x0E-\x1F\x7F\x3C\x3E\x5C]+

Required: No

Name

The name of the new impersonation role.

Type: String

Length Constraints: Minimum length of 1. Maximum length of 64.

Pattern: [^\x00-\x1F\x7F\x3C\x3E\x5C]+

Required: Yes

OrganizationId

The WorkMail organization to create the new impersonation role within.

Type: String

Length Constraints: Fixed length of 34.

Pattern: ^m-[0-9a-f]{32}$

Required: Yes

Rules

The list of rules for the impersonation role.

Type: Array of ImpersonationRule objects

Array Members: Minimum number of 0 items. Maximum number of 10 items.

Required: Yes

Type

The impersonation role's type. The available impersonation role types are READ_ONLY or FULL_ACCESS.

Type: String

Valid Values: FULL_ACCESS | READ_ONLY

Required: Yes

Response Syntax

{
   "ImpersonationRoleId": "string"
}

Response Elements

If the action is successful, the service sends back an HTTP 200 response.

The following data is returned in JSON format by the service.

ImpersonationRoleId

The new impersonation role ID.

Type: String

Length Constraints: Minimum length of 1. Maximum length of 64.

Pattern: [a-zA-Z0-9_-]+

Errors

For information about the errors that are common to all actions, see Common Errors.

EntityNotFoundException

The identifier supplied for the user, group, or resource does not exist in your organization.

HTTP Status Code: 400

EntityStateException

You are performing an operation on a user, group, or resource that isn't in the expected state, such as trying to delete an active user.

HTTP Status Code: 400

InvalidParameterException

One or more of the input parameters don't match the service's restrictions.

HTTP Status Code: 400

LimitExceededException

The request exceeds the limit of the resource.

HTTP Status Code: 400

OrganizationNotFoundException

An operation received a valid organization identifier that either doesn't belong or exist in the system.

HTTP Status Code: 400

OrganizationStateException

The organization must have a valid state to perform certain operations on the organization or its members.

HTTP Status Code: 400

See Also

For more information about using this API in one of the language-specific AWS SDKs, see the following: