aws workmail

Amazon WorkMail is a secure, managed business email and calendaring service with support for existing desktop and mobile email clients. You can access your email, contacts, and calendars using Microsoft Outlook, your browser, or other native iOS and Android email applications. You can integrate WorkMail with your existing corporate directory and control both the keys that encrypt your data and the location in which your data is stored. The WorkMail API is designed for the following scenarios: Listing and describing organizations Managing users Managing groups Managing resources All WorkMail API operations are Amazon-authenticated and certificate-signed. They not only require the use of the AWS SDK, but also allow for the exclusive use of AWS Identity and Access Management users and roles to help facilitate access, trust, and permission policies. By creating a role and allowing an IAM user to access the WorkMail site, the IAM user gains full administrative visibility into the entire WorkMail organization (or as set in the IAM policy). This includes, but is not limited to, the ability to create, update, and delete users, groups, and resources. This allows developers to perform the scenarios listed above, as well as give users the ability to grant access on a selective basis using the IAM model

Subcommands

NameDescription
associate-delegate-to-resourceAdds a member (user or group) to the resource's set of delegates
associate-member-to-groupAdds a member (user or group) to the group's set
cancel-mailbox-export-jobCancels a mailbox export job. If the mailbox export job is near completion, it might not be possible to cancel it
create-aliasAdds an alias to the set of a given member (user or group) of Amazon WorkMail
create-groupCreates a group that can be used in Amazon WorkMail by calling the RegisterToWorkMail operation
create-mobile-device-access-ruleCreates a new mobile device access rule for the specified Amazon WorkMail organization
create-organizationCreates a new Amazon WorkMail organization. Optionally, you can choose to associate an existing AWS Directory Service directory with your organization. If an AWS Directory Service directory ID is specified, the organization alias must match the directory alias. If you choose not to associate an existing directory with your organization, then we create a new Amazon WorkMail directory for you. For more information, see Adding an organization in the Amazon WorkMail Administrator Guide. You can associate multiple email domains with an organization, then set your default email domain from the Amazon WorkMail console. You can also associate a domain that is managed in an Amazon Route 53 public hosted zone. For more information, see Adding a domain and Choosing the default domain in the Amazon WorkMail Administrator Guide. Optionally, you can use a customer managed master key from AWS Key Management Service (AWS KMS) to encrypt email for your organization. If you don't associate an AWS KMS key, Amazon WorkMail creates a default AWS managed master key for you
create-resourceCreates a new Amazon WorkMail resource
create-userCreates a user who can be used in Amazon WorkMail by calling the RegisterToWorkMail operation
delete-access-control-ruleDeletes an access control rule for the specified WorkMail organization
delete-aliasRemove one or more specified aliases from a set of aliases for a given user
delete-groupDeletes a group from Amazon WorkMail
delete-mailbox-permissionsDeletes permissions granted to a member (user or group)
delete-mobile-device-access-ruleDeletes a mobile device access rule for the specified Amazon WorkMail organization
delete-organizationDeletes an Amazon WorkMail organization and all underlying AWS resources managed by Amazon WorkMail as part of the organization. You can choose whether to delete the associated directory. For more information, see Removing an organization in the Amazon WorkMail Administrator Guide
delete-resourceDeletes the specified resource
delete-retention-policyDeletes the specified retention policy from the specified organization
delete-userDeletes a user from Amazon WorkMail and all subsequent systems. Before you can delete a user, the user state must be DISABLED. Use the DescribeUser action to confirm the user state. Deleting a user is permanent and cannot be undone. WorkMail archives user mailboxes for 30 days before they are permanently removed
deregister-from-work-mailMark a user, group, or resource as no longer used in Amazon WorkMail. This action disassociates the mailbox and schedules it for clean-up. WorkMail keeps mailboxes for 30 days before they are permanently removed. The functionality in the console is Disable
describe-groupReturns the data available for the group
describe-mailbox-export-jobDescribes the current status of a mailbox export job
describe-organizationProvides more information regarding a given organization based on its identifier
describe-resourceReturns the data available for the resource
describe-userProvides information regarding the user
disassociate-delegate-from-resourceRemoves a member from the resource's set of delegates
disassociate-member-from-groupRemoves a member from a group
get-access-control-effectGets the effects of an organization's access control rules as they apply to a specified IPv4 address, access protocol action, or user ID
get-default-retention-policyGets the default retention policy details for the specified organization
get-mailbox-detailsRequests a user's mailbox details for a specified organization and user
get-mobile-device-access-effectSimulates the effect of the mobile device access rules for the given attributes of a sample access event. Use this method to test the effects of the current set of mobile device access rules for the Amazon WorkMail organization for a particular user's attributes
list-access-control-rulesLists the access control rules for the specified organization
list-aliasesCreates a paginated call to list the aliases associated with a given entity
list-group-membersReturns an overview of the members of a group. Users and groups can be members of a group
list-groupsReturns summaries of the organization's groups
list-mailbox-export-jobsLists the mailbox export jobs started for the specified organization within the last seven days
list-mailbox-permissionsLists the mailbox permissions associated with a user, group, or resource mailbox
list-mobile-device-access-rulesLists the mobile device access rules for the specified Amazon WorkMail organization
list-organizationsReturns summaries of the customer's organizations
list-resource-delegatesLists the delegates associated with a resource. Users and groups can be resource delegates and answer requests on behalf of the resource
list-resourcesReturns summaries of the organization's resources
list-tags-for-resourceLists the tags applied to an Amazon WorkMail organization resource
list-usersReturns summaries of the organization's users
put-access-control-ruleAdds a new access control rule for the specified organization. The rule allows or denies access to the organization for the specified IPv4 addresses, access protocol actions, and user IDs. Adding a new rule with the same name as an existing rule replaces the older rule
put-mailbox-permissionsSets permissions for a user, group, or resource. This replaces any pre-existing permissions
put-retention-policyPuts a retention policy to the specified organization
register-to-work-mailRegisters an existing and disabled user, group, or resource for Amazon WorkMail use by associating a mailbox and calendaring capabilities. It performs no change if the user, group, or resource is enabled and fails if the user, group, or resource is deleted. This operation results in the accumulation of costs. For more information, see Pricing. The equivalent console functionality for this operation is Enable. Users can either be created by calling the CreateUser API operation or they can be synchronized from your directory. For more information, see DeregisterFromWorkMail
reset-passwordAllows the administrator to reset the password for a user
start-mailbox-export-jobStarts a mailbox export job to export MIME-format email messages and calendar items from the specified mailbox to the specified Amazon Simple Storage Service (Amazon S3) bucket. For more information, see Exporting mailbox content in the Amazon WorkMail Administrator Guide
tag-resourceApplies the specified tags to the specified Amazon WorkMail organization resource
untag-resourceUntags the specified tags from the specified Amazon WorkMail organization resource
update-mailbox-quotaUpdates a user's current mailbox quota for a specified organization and user
update-mobile-device-access-ruleUpdates a mobile device access rule for the specified Amazon WorkMail organization
update-primary-email-addressUpdates the primary email for a user, group, or resource. The current email is moved into the list of aliases (or swapped between an existing alias and the current primary email), and the email provided in the input is promoted as the primary
update-resourceUpdates data for the resource. To have the latest information, it must be preceded by a DescribeResource call. The dataset in the request should be the one expected when performing another DescribeResource call