aws workmail
Amazon WorkMail is a secure, managed business email and calendaring service with support for existing desktop and mobile email clients. You can access your email, contacts, and calendars using Microsoft Outlook, your browser, or other native iOS and Android email applications. You can integrate WorkMail with your existing corporate directory and control both the keys that encrypt your data and the location in which your data is stored. The WorkMail API is designed for the following scenarios: Listing and describing organizations Managing users Managing groups Managing resources All WorkMail API operations are Amazon-authenticated and certificate-signed. They not only require the use of the AWS SDK, but also allow for the exclusive use of AWS Identity and Access Management users and roles to help facilitate access, trust, and permission policies. By creating a role and allowing an IAM user to access the WorkMail site, the IAM user gains full administrative visibility into the entire WorkMail organization (or as set in the IAM policy). This includes, but is not limited to, the ability to create, update, and delete users, groups, and resources. This allows developers to perform the scenarios listed above, as well as give users the ability to grant access on a selective basis using the IAM model
Subcommands
| Name | Description |
|---|---|
associate-delegate-to-resource | Adds a member (user or group) to the resource's set of delegates |
associate-member-to-group | Adds a member (user or group) to the group's set |
cancel-mailbox-export-job | Cancels a mailbox export job. If the mailbox export job is near completion, it might not be possible to cancel it |
create-alias | Adds an alias to the set of a given member (user or group) of Amazon WorkMail |
create-group | Creates a group that can be used in Amazon WorkMail by calling the RegisterToWorkMail operation |
create-mobile-device-access-rule | Creates a new mobile device access rule for the specified Amazon WorkMail organization |
create-organization | Creates a new Amazon WorkMail organization. Optionally, you can choose to associate an existing AWS Directory Service directory with your organization. If an AWS Directory Service directory ID is specified, the organization alias must match the directory alias. If you choose not to associate an existing directory with your organization, then we create a new Amazon WorkMail directory for you. For more information, see Adding an organization in the Amazon WorkMail Administrator Guide. You can associate multiple email domains with an organization, then set your default email domain from the Amazon WorkMail console. You can also associate a domain that is managed in an Amazon Route 53 public hosted zone. For more information, see Adding a domain and Choosing the default domain in the Amazon WorkMail Administrator Guide. Optionally, you can use a customer managed master key from AWS Key Management Service (AWS KMS) to encrypt email for your organization. If you don't associate an AWS KMS key, Amazon WorkMail creates a default AWS managed master key for you |
create-resource | Creates a new Amazon WorkMail resource |
create-user | Creates a user who can be used in Amazon WorkMail by calling the RegisterToWorkMail operation |
delete-access-control-rule | Deletes an access control rule for the specified WorkMail organization |
delete-alias | Remove one or more specified aliases from a set of aliases for a given user |
delete-group | Deletes a group from Amazon WorkMail |
delete-mailbox-permissions | Deletes permissions granted to a member (user or group) |
delete-mobile-device-access-rule | Deletes a mobile device access rule for the specified Amazon WorkMail organization |
delete-organization | Deletes an Amazon WorkMail organization and all underlying AWS resources managed by Amazon WorkMail as part of the organization. You can choose whether to delete the associated directory. For more information, see Removing an organization in the Amazon WorkMail Administrator Guide |
delete-resource | Deletes the specified resource |
delete-retention-policy | Deletes the specified retention policy from the specified organization |
delete-user | Deletes a user from Amazon WorkMail and all subsequent systems. Before you can delete a user, the user state must be DISABLED. Use the DescribeUser action to confirm the user state. Deleting a user is permanent and cannot be undone. WorkMail archives user mailboxes for 30 days before they are permanently removed |
deregister-from-work-mail | Mark a user, group, or resource as no longer used in Amazon WorkMail. This action disassociates the mailbox and schedules it for clean-up. WorkMail keeps mailboxes for 30 days before they are permanently removed. The functionality in the console is Disable |
describe-group | Returns the data available for the group |
describe-mailbox-export-job | Describes the current status of a mailbox export job |
describe-organization | Provides more information regarding a given organization based on its identifier |
describe-resource | Returns the data available for the resource |
describe-user | Provides information regarding the user |
disassociate-delegate-from-resource | Removes a member from the resource's set of delegates |
disassociate-member-from-group | Removes a member from a group |
get-access-control-effect | Gets the effects of an organization's access control rules as they apply to a specified IPv4 address, access protocol action, or user ID |
get-default-retention-policy | Gets the default retention policy details for the specified organization |
get-mailbox-details | Requests a user's mailbox details for a specified organization and user |
get-mobile-device-access-effect | Simulates the effect of the mobile device access rules for the given attributes of a sample access event. Use this method to test the effects of the current set of mobile device access rules for the Amazon WorkMail organization for a particular user's attributes |
list-access-control-rules | Lists the access control rules for the specified organization |
list-aliases | Creates a paginated call to list the aliases associated with a given entity |
list-group-members | Returns an overview of the members of a group. Users and groups can be members of a group |
list-groups | Returns summaries of the organization's groups |
list-mailbox-export-jobs | Lists the mailbox export jobs started for the specified organization within the last seven days |
list-mailbox-permissions | Lists the mailbox permissions associated with a user, group, or resource mailbox |
list-mobile-device-access-rules | Lists the mobile device access rules for the specified Amazon WorkMail organization |
list-organizations | Returns summaries of the customer's organizations |
list-resource-delegates | Lists the delegates associated with a resource. Users and groups can be resource delegates and answer requests on behalf of the resource |
list-resources | Returns summaries of the organization's resources |
list-tags-for-resource | Lists the tags applied to an Amazon WorkMail organization resource |
list-users | Returns summaries of the organization's users |
put-access-control-rule | Adds a new access control rule for the specified organization. The rule allows or denies access to the organization for the specified IPv4 addresses, access protocol actions, and user IDs. Adding a new rule with the same name as an existing rule replaces the older rule |
put-mailbox-permissions | Sets permissions for a user, group, or resource. This replaces any pre-existing permissions |
put-retention-policy | Puts a retention policy to the specified organization |
register-to-work-mail | Registers an existing and disabled user, group, or resource for Amazon WorkMail use by associating a mailbox and calendaring capabilities. It performs no change if the user, group, or resource is enabled and fails if the user, group, or resource is deleted. This operation results in the accumulation of costs. For more information, see Pricing. The equivalent console functionality for this operation is Enable. Users can either be created by calling the CreateUser API operation or they can be synchronized from your directory. For more information, see DeregisterFromWorkMail |
reset-password | Allows the administrator to reset the password for a user |
start-mailbox-export-job | Starts a mailbox export job to export MIME-format email messages and calendar items from the specified mailbox to the specified Amazon Simple Storage Service (Amazon S3) bucket. For more information, see Exporting mailbox content in the Amazon WorkMail Administrator Guide |
tag-resource | Applies the specified tags to the specified Amazon WorkMail organization resource |
untag-resource | Untags the specified tags from the specified Amazon WorkMail organization resource |
update-mailbox-quota | Updates a user's current mailbox quota for a specified organization and user |
update-mobile-device-access-rule | Updates a mobile device access rule for the specified Amazon WorkMail organization |
update-primary-email-address | Updates the primary email for a user, group, or resource. The current email is moved into the list of aliases (or swapped between an existing alias and the current primary email), and the email provided in the input is promoted as the primary |
update-resource | Updates data for the resource. To have the latest information, it must be preceded by a DescribeResource call. The dataset in the request should be the one expected when performing another DescribeResource call |