GetImpersonationRoleEffect - Amazon WorkMail
Request SyntaxRequest ParametersResponse SyntaxResponse ElementsErrorsSee Also

GetImpersonationRoleEffect

Tests whether the given impersonation role can impersonate a target user.

Request Syntax

{
   "ImpersonationRoleId": "string",
   "OrganizationId": "string",
   "TargetUser": "string"
}

Request Parameters

For information about the parameters that are common to all actions, see Common Parameters.

The request accepts the following data in JSON format.

ImpersonationRoleId

The impersonation role ID to test.

Type: String

Length Constraints: Minimum length of 1. Maximum length of 64.

Pattern: [a-zA-Z0-9_-]+

Required: Yes

OrganizationId

The WorkMail organization where the impersonation role is defined.

Type: String

Length Constraints: Fixed length of 34.

Pattern: ^m-[0-9a-f]{32}$

Required: Yes

TargetUser

The WorkMail organization user chosen to test the impersonation role. The following identity formats are available:

  • User ID: 12345678-1234-1234-1234-123456789012 or S-1-1-12-1234567890-123456789-123456789-1234

  • Email address: user@domain.tld

  • User name: user

Type: String

Length Constraints: Minimum length of 1. Maximum length of 256.

Pattern: [a-zA-Z0-9._%+@-]+

Required: Yes

Response Syntax

{
   "Effect": "string",
   "MatchedRules": [ 
      { 
         "ImpersonationRuleId": "string",
         "Name": "string"
      }
   ],
   "Type": "string"
}

Response Elements

If the action is successful, the service sends back an HTTP 200 response.

The following data is returned in JSON format by the service.

Effect

Effect of the impersonation role on the target user based on its rules. Available effects are ALLOW or DENY.

Type: String

Valid Values: ALLOW | DENY

MatchedRules

A list of the rules that match the input and produce the configured effect.

Type: Array of ImpersonationMatchedRule objects

Array Members: Minimum number of 0 items. Maximum number of 10 items.

Type

The impersonation role type.

Type: String

Valid Values: FULL_ACCESS | READ_ONLY

Errors

For information about the errors that are common to all actions, see Common Errors.

EntityNotFoundException

The identifier supplied for the user, group, or resource does not exist in your organization.

HTTP Status Code: 400

EntityStateException

You are performing an operation on a user, group, or resource that isn't in the expected state, such as trying to delete an active user.

HTTP Status Code: 400

InvalidParameterException

One or more of the input parameters don't match the service's restrictions.

HTTP Status Code: 400

OrganizationNotFoundException

An operation received a valid organization identifier that either doesn't belong or exist in the system.

HTTP Status Code: 400

OrganizationStateException

The organization must have a valid state to perform certain operations on the organization or its members.

HTTP Status Code: 400

ResourceNotFoundException

The resource cannot be found.

HTTP Status Code: 400

See Also

For more information about using this API in one of the language-specific AWS SDKs, see the following: