SDK for PHP 3.x

Client: Aws\WorkMail\WorkMailClient
Service ID: workmail
Version: 2017-10-01

This page describes the parameters and results for the operations of the Amazon WorkMail (2017-10-01), and shows how to use the Aws\WorkMail\WorkMailClient object to call the described operations. This documentation is specific to the 2017-10-01 API version of the service.

Operation Summary

Each of the following operations can be created from a client using $client->getCommand('CommandName'), where "CommandName" is the name of one of the following operations. Note: a command is a value that encapsulates an operation and the parameters used to create an HTTP request.

You can also create and send a command immediately using the magic methods available on a client object: $client->commandName(/* parameters */). You can send the command asynchronously (returning a promise) by appending the word "Async" to the operation name: $client->commandNameAsync(/* parameters */).

AssociateDelegateToResource ( array $params = [] )
Adds a member (user or group) to the resource's set of delegates.
AssociateMemberToGroup ( array $params = [] )
Adds a member (user or group) to the group's set.
AssumeImpersonationRole ( array $params = [] )
Assumes an impersonation role for the given WorkMail organization.
CancelMailboxExportJob ( array $params = [] )
Cancels a mailbox export job.
CreateAlias ( array $params = [] )
Adds an alias to the set of a given member (user or group) of WorkMail.
CreateAvailabilityConfiguration ( array $params = [] )
Creates an AvailabilityConfiguration for the given WorkMail organization and domain.
CreateGroup ( array $params = [] )
Creates a group that can be used in WorkMail by calling the RegisterToWorkMail operation.
CreateImpersonationRole ( array $params = [] )
Creates an impersonation role for the given WorkMail organization.
CreateMobileDeviceAccessRule ( array $params = [] )
Creates a new mobile device access rule for the specified WorkMail organization.
CreateOrganization ( array $params = [] )
Creates a new WorkMail organization.
CreateResource ( array $params = [] )
Creates a new WorkMail resource.
CreateUser ( array $params = [] )
Creates a user who can be used in WorkMail by calling the RegisterToWorkMail operation.
DeleteAccessControlRule ( array $params = [] )
Deletes an access control rule for the specified WorkMail organization.
DeleteAlias ( array $params = [] )
Remove one or more specified aliases from a set of aliases for a given user.
DeleteAvailabilityConfiguration ( array $params = [] )
Deletes the AvailabilityConfiguration for the given WorkMail organization and domain.
DeleteEmailMonitoringConfiguration ( array $params = [] )
Deletes the email monitoring configuration for a specified organization.
DeleteGroup ( array $params = [] )
Deletes a group from WorkMail.
DeleteImpersonationRole ( array $params = [] )
Deletes an impersonation role for the given WorkMail organization.
DeleteMailboxPermissions ( array $params = [] )
Deletes permissions granted to a member (user or group).
DeleteMobileDeviceAccessOverride ( array $params = [] )
Deletes the mobile device access override for the given WorkMail organization, user, and device.
DeleteMobileDeviceAccessRule ( array $params = [] )
Deletes a mobile device access rule for the specified WorkMail organization.
DeleteOrganization ( array $params = [] )
Deletes an WorkMail organization and all underlying AWS resources managed by WorkMail as part of the organization.
DeleteResource ( array $params = [] )
Deletes the specified resource.
DeleteRetentionPolicy ( array $params = [] )
Deletes the specified retention policy from the specified organization.
DeleteUser ( array $params = [] )
Deletes a user from WorkMail and all subsequent systems.
DeregisterFromWorkMail ( array $params = [] )
Mark a user, group, or resource as no longer used in WorkMail.
DeregisterMailDomain ( array $params = [] )
Removes a domain from WorkMail, stops email routing to WorkMail, and removes the authorization allowing WorkMail use.
DescribeEmailMonitoringConfiguration ( array $params = [] )
Describes the current email monitoring configuration for a specified organization.
DescribeEntity ( array $params = [] )
Returns basic details about an entity in WorkMail.
DescribeGroup ( array $params = [] )
Returns the data available for the group.
DescribeInboundDmarcSettings ( array $params = [] )
Lists the settings in a DMARC policy for a specified organization.
DescribeMailboxExportJob ( array $params = [] )
Describes the current status of a mailbox export job.
DescribeOrganization ( array $params = [] )
Provides more information regarding a given organization based on its identifier.
DescribeResource ( array $params = [] )
Returns the data available for the resource.
DescribeUser ( array $params = [] )
Provides information regarding the user.
DisassociateDelegateFromResource ( array $params = [] )
Removes a member from the resource's set of delegates.
DisassociateMemberFromGroup ( array $params = [] )
Removes a member from a group.
GetAccessControlEffect ( array $params = [] )
Gets the effects of an organization's access control rules as they apply to a specified IPv4 address, access protocol action, and user ID or impersonation role ID.
GetDefaultRetentionPolicy ( array $params = [] )
Gets the default retention policy details for the specified organization.
GetImpersonationRole ( array $params = [] )
Gets the impersonation role details for the given WorkMail organization.
GetImpersonationRoleEffect ( array $params = [] )
Tests whether the given impersonation role can impersonate a target user.
GetMailDomain ( array $params = [] )
Gets details for a mail domain, including domain records required to configure your domain with recommended security.
GetMailboxDetails ( array $params = [] )
Requests a user's mailbox details for a specified organization and user.
GetMobileDeviceAccessEffect ( array $params = [] )
Simulates the effect of the mobile device access rules for the given attributes of a sample access event.
GetMobileDeviceAccessOverride ( array $params = [] )
Gets the mobile device access override for the given WorkMail organization, user, and device.
ListAccessControlRules ( array $params = [] )
Lists the access control rules for the specified organization.
ListAliases ( array $params = [] )
Creates a paginated call to list the aliases associated with a given entity.
ListAvailabilityConfigurations ( array $params = [] )
List all the AvailabilityConfiguration's for the given WorkMail organization.
ListGroupMembers ( array $params = [] )
Returns an overview of the members of a group.
ListGroups ( array $params = [] )
Returns summaries of the organization's groups.
ListGroupsForEntity ( array $params = [] )
Returns all the groups to which an entity belongs.
ListImpersonationRoles ( array $params = [] )
Lists all the impersonation roles for the given WorkMail organization.
ListMailDomains ( array $params = [] )
Lists the mail domains in a given WorkMail organization.
ListMailboxExportJobs ( array $params = [] )
Lists the mailbox export jobs started for the specified organization within the last seven days.
ListMailboxPermissions ( array $params = [] )
Lists the mailbox permissions associated with a user, group, or resource mailbox.
ListMobileDeviceAccessOverrides ( array $params = [] )
Lists all the mobile device access overrides for any given combination of WorkMail organization, user, or device.
ListMobileDeviceAccessRules ( array $params = [] )
Lists the mobile device access rules for the specified WorkMail organization.
ListOrganizations ( array $params = [] )
Returns summaries of the customer's organizations.
ListResourceDelegates ( array $params = [] )
Lists the delegates associated with a resource.
ListResources ( array $params = [] )
Returns summaries of the organization's resources.
ListTagsForResource ( array $params = [] )
Lists the tags applied to an WorkMail organization resource.
ListUsers ( array $params = [] )
Returns summaries of the organization's users.
PutAccessControlRule ( array $params = [] )
Adds a new access control rule for the specified organization.
PutEmailMonitoringConfiguration ( array $params = [] )
Creates or updates the email monitoring configuration for a specified organization.
PutInboundDmarcSettings ( array $params = [] )
Enables or disables a DMARC policy for a given organization.
PutMailboxPermissions ( array $params = [] )
Sets permissions for a user, group, or resource.
PutMobileDeviceAccessOverride ( array $params = [] )
Creates or updates a mobile device access override for the given WorkMail organization, user, and device.
PutRetentionPolicy ( array $params = [] )
Puts a retention policy to the specified organization.
RegisterMailDomain ( array $params = [] )
Registers a new domain in WorkMail and SES, and configures it for use by WorkMail.
RegisterToWorkMail ( array $params = [] )
Registers an existing and disabled user, group, or resource for WorkMail use by associating a mailbox and calendaring capabilities.
ResetPassword ( array $params = [] )
Allows the administrator to reset the password for a user.
StartMailboxExportJob ( array $params = [] )
Starts a mailbox export job to export MIME-format email messages and calendar items from the specified mailbox to the specified Amazon Simple Storage Service (Amazon S3) bucket.
TagResource ( array $params = [] )
Applies the specified tags to the specified WorkMailorganization resource.
TestAvailabilityConfiguration ( array $params = [] )
Performs a test on an availability provider to ensure that access is allowed.
UntagResource ( array $params = [] )
Untags the specified tags from the specified WorkMail organization resource.
UpdateAvailabilityConfiguration ( array $params = [] )
Updates an existing AvailabilityConfiguration for the given WorkMail organization and domain.
UpdateDefaultMailDomain ( array $params = [] )
Updates the default mail domain for an organization.
UpdateGroup ( array $params = [] )
Updates attibutes in a group.
UpdateImpersonationRole ( array $params = [] )
Updates an impersonation role for the given WorkMail organization.
UpdateMailboxQuota ( array $params = [] )
Updates a user's current mailbox quota for a specified organization and user.
UpdateMobileDeviceAccessRule ( array $params = [] )
Updates a mobile device access rule for the specified WorkMail organization.
UpdatePrimaryEmailAddress ( array $params = [] )
Updates the primary email for a user, group, or resource.
UpdateResource ( array $params = [] )
Updates data for the resource.
UpdateUser ( array $params = [] )
Updates data for the user.

Paginators

Paginators handle automatically iterating over paginated API results. Paginators are associated with specific API operations, and they accept the parameters that the corresponding API operation accepts. You can get a paginator from a client class using getPaginator($paginatorName, $operationParameters). This client supports the following paginators:

ListAliases
ListAvailabilityConfigurations
ListGroupMembers
ListGroups
ListGroupsForEntity
ListImpersonationRoles
ListMailDomains
ListMailboxExportJobs
ListMailboxPermissions
ListMobileDeviceAccessOverrides
ListOrganizations
ListResourceDelegates
ListResources
ListUsers

Operations

AssociateDelegateToResource

$result = $client->associateDelegateToResource([/* ... */]);
$promise = $client->associateDelegateToResourceAsync([/* ... */]);

Adds a member (user or group) to the resource's set of delegates.

Parameter Syntax

$result = $client->associateDelegateToResource([
    'EntityId' => '<string>', // REQUIRED
    'OrganizationId' => '<string>', // REQUIRED
    'ResourceId' => '<string>', // REQUIRED
]);

Parameter Details

Members
EntityId
Required: Yes
Type: string

The member (user or group) to associate to the resource.

The entity ID can accept UserId or GroupID, Username or Groupname, or email.

  • Entity: 12345678-1234-1234-1234-123456789012 or S-1-1-12-1234567890-123456789-123456789-1234

  • Email address: entity@domain.tld

  • Entity: entity

OrganizationId
Required: Yes
Type: string

The organization under which the resource exists.

ResourceId
Required: Yes
Type: string

The resource for which members (users or groups) are associated.

The identifier can accept ResourceId, Resourcename, or email. The following identity formats are available:

  • Resource ID: r-0123456789a0123456789b0123456789

  • Email address: resource@domain.tld

  • Resource name: resource

Result Syntax

[]

Result Details

The results for this operation are always empty.

Errors

EntityNotFoundException:

The identifier supplied for the user, group, or resource does not exist in your organization.

EntityStateException:

You are performing an operation on a user, group, or resource that isn't in the expected state, such as trying to delete an active user.

InvalidParameterException:

One or more of the input parameters don't match the service's restrictions.

OrganizationNotFoundException:

An operation received a valid organization identifier that either doesn't belong or exist in the system.

OrganizationStateException:

The organization must have a valid state to perform certain operations on the organization or its members.

UnsupportedOperationException:

You can't perform a write operation against a read-only directory.

AssociateMemberToGroup

$result = $client->associateMemberToGroup([/* ... */]);
$promise = $client->associateMemberToGroupAsync([/* ... */]);

Adds a member (user or group) to the group's set.

Parameter Syntax

$result = $client->associateMemberToGroup([
    'GroupId' => '<string>', // REQUIRED
    'MemberId' => '<string>', // REQUIRED
    'OrganizationId' => '<string>', // REQUIRED
]);

Parameter Details

Members
GroupId
Required: Yes
Type: string

The group to which the member (user or group) is associated.

The identifier can accept GroupId, Groupname, or email. The following identity formats are available:

  • Group ID: 12345678-1234-1234-1234-123456789012 or S-1-1-12-1234567890-123456789-123456789-1234

  • Email address: group@domain.tld

  • Group name: group

MemberId
Required: Yes
Type: string

The member (user or group) to associate to the group.

The member ID can accept UserID or GroupId, Username or Groupname, or email.

  • Member: 12345678-1234-1234-1234-123456789012 or S-1-1-12-1234567890-123456789-123456789-1234

  • Email address: member@domain.tld

  • Member name: member

OrganizationId
Required: Yes
Type: string

The organization under which the group exists.

Result Syntax

[]

Result Details

The results for this operation are always empty.

Errors

DirectoryServiceAuthenticationFailedException:

The directory service doesn't recognize the credentials supplied by WorkMail.

DirectoryUnavailableException:

The directory is unavailable. It might be located in another Region or deleted.

EntityNotFoundException:

The identifier supplied for the user, group, or resource does not exist in your organization.

EntityStateException:

You are performing an operation on a user, group, or resource that isn't in the expected state, such as trying to delete an active user.

InvalidParameterException:

One or more of the input parameters don't match the service's restrictions.

OrganizationNotFoundException:

An operation received a valid organization identifier that either doesn't belong or exist in the system.

OrganizationStateException:

The organization must have a valid state to perform certain operations on the organization or its members.

UnsupportedOperationException:

You can't perform a write operation against a read-only directory.

AssumeImpersonationRole

$result = $client->assumeImpersonationRole([/* ... */]);
$promise = $client->assumeImpersonationRoleAsync([/* ... */]);

Assumes an impersonation role for the given WorkMail organization. This method returns an authentication token you can use to make impersonated calls.

Parameter Syntax

$result = $client->assumeImpersonationRole([
    'ImpersonationRoleId' => '<string>', // REQUIRED
    'OrganizationId' => '<string>', // REQUIRED
]);

Parameter Details

Members
ImpersonationRoleId
Required: Yes
Type: string

The impersonation role ID to assume.

OrganizationId
Required: Yes
Type: string

The WorkMail organization under which the impersonation role will be assumed.

Result Syntax

[
    'ExpiresIn' => <integer>,
    'Token' => '<string>',
]

Result Details

Members
ExpiresIn
Type: long (int|float)

The authentication token's validity, in seconds.

Token
Type: string

The authentication token for the impersonation role.

Errors

InvalidParameterException:

One or more of the input parameters don't match the service's restrictions.

OrganizationNotFoundException:

An operation received a valid organization identifier that either doesn't belong or exist in the system.

OrganizationStateException:

The organization must have a valid state to perform certain operations on the organization or its members.

ResourceNotFoundException:

The resource cannot be found.

CancelMailboxExportJob

$result = $client->cancelMailboxExportJob([/* ... */]);
$promise = $client->cancelMailboxExportJobAsync([/* ... */]);

Cancels a mailbox export job.

If the mailbox export job is near completion, it might not be possible to cancel it.

Parameter Syntax

$result = $client->cancelMailboxExportJob([
    'ClientToken' => '<string>', // REQUIRED
    'JobId' => '<string>', // REQUIRED
    'OrganizationId' => '<string>', // REQUIRED
]);

Parameter Details

Members
ClientToken
Required: Yes
Type: string

The idempotency token for the client request.

JobId
Required: Yes
Type: string

The job ID.

OrganizationId
Required: Yes
Type: string

The organization ID.

Result Syntax

[]

Result Details

The results for this operation are always empty.

Errors

InvalidParameterException:

One or more of the input parameters don't match the service's restrictions.

OrganizationNotFoundException:

An operation received a valid organization identifier that either doesn't belong or exist in the system.

OrganizationStateException:

The organization must have a valid state to perform certain operations on the organization or its members.

EntityNotFoundException:

The identifier supplied for the user, group, or resource does not exist in your organization.

CreateAlias

$result = $client->createAlias([/* ... */]);
$promise = $client->createAliasAsync([/* ... */]);

Adds an alias to the set of a given member (user or group) of WorkMail.

Parameter Syntax

$result = $client->createAlias([
    'Alias' => '<string>', // REQUIRED
    'EntityId' => '<string>', // REQUIRED
    'OrganizationId' => '<string>', // REQUIRED
]);

Parameter Details

Members
Alias
Required: Yes
Type: string

The alias to add to the member set.

EntityId
Required: Yes
Type: string

The member (user or group) to which this alias is added.

OrganizationId
Required: Yes
Type: string

The organization under which the member (user or group) exists.

Result Syntax

[]

Result Details

The results for this operation are always empty.

Errors

EmailAddressInUseException:

The email address that you're trying to assign is already created for a different user, group, or resource.

EntityNotFoundException:

The identifier supplied for the user, group, or resource does not exist in your organization.

EntityStateException:

You are performing an operation on a user, group, or resource that isn't in the expected state, such as trying to delete an active user.

InvalidParameterException:

One or more of the input parameters don't match the service's restrictions.

MailDomainNotFoundException:

The domain specified is not found in your organization.

MailDomainStateException:

After a domain has been added to the organization, it must be verified. The domain is not yet verified.

OrganizationNotFoundException:

An operation received a valid organization identifier that either doesn't belong or exist in the system.

OrganizationStateException:

The organization must have a valid state to perform certain operations on the organization or its members.

LimitExceededException:

The request exceeds the limit of the resource.

CreateAvailabilityConfiguration

$result = $client->createAvailabilityConfiguration([/* ... */]);
$promise = $client->createAvailabilityConfigurationAsync([/* ... */]);

Creates an AvailabilityConfiguration for the given WorkMail organization and domain.

Parameter Syntax

$result = $client->createAvailabilityConfiguration([
    'ClientToken' => '<string>',
    'DomainName' => '<string>', // REQUIRED
    'EwsProvider' => [
        'EwsEndpoint' => '<string>', // REQUIRED
        'EwsPassword' => '<string>', // REQUIRED
        'EwsUsername' => '<string>', // REQUIRED
    ],
    'LambdaProvider' => [
        'LambdaArn' => '<string>', // REQUIRED
    ],
    'OrganizationId' => '<string>', // REQUIRED
]);

Parameter Details

Members
ClientToken
Type: string

An idempotent token that ensures that an API request is executed only once.

DomainName
Required: Yes
Type: string

The domain to which the provider applies.

EwsProvider
Type: EwsAvailabilityProvider structure

Exchange Web Services (EWS) availability provider definition. The request must contain exactly one provider definition, either EwsProvider or LambdaProvider.

LambdaProvider
Type: LambdaAvailabilityProvider structure

Lambda availability provider definition. The request must contain exactly one provider definition, either EwsProvider or LambdaProvider.

OrganizationId
Required: Yes
Type: string

The WorkMail organization for which the AvailabilityConfiguration will be created.

Result Syntax

[]

Result Details

The results for this operation are always empty.

Errors

OrganizationNotFoundException:

An operation received a valid organization identifier that either doesn't belong or exist in the system.

OrganizationStateException:

The organization must have a valid state to perform certain operations on the organization or its members.

NameAvailabilityException:

The user, group, or resource name isn't unique in WorkMail.

InvalidParameterException:

One or more of the input parameters don't match the service's restrictions.

LimitExceededException:

The request exceeds the limit of the resource.

CreateGroup

$result = $client->createGroup([/* ... */]);
$promise = $client->createGroupAsync([/* ... */]);

Creates a group that can be used in WorkMail by calling the RegisterToWorkMail operation.

Parameter Syntax

$result = $client->createGroup([
    'HiddenFromGlobalAddressList' => true || false,
    'Name' => '<string>', // REQUIRED
    'OrganizationId' => '<string>', // REQUIRED
]);

Parameter Details

Members
HiddenFromGlobalAddressList
Type: boolean

If this parameter is enabled, the group will be hidden from the address book.

Name
Required: Yes
Type: string

The name of the group.

OrganizationId
Required: Yes
Type: string

The organization under which the group is to be created.

Result Syntax

[
    'GroupId' => '<string>',
]

Result Details

Members
GroupId
Type: string

The identifier of the group.

Errors

DirectoryServiceAuthenticationFailedException:

The directory service doesn't recognize the credentials supplied by WorkMail.

DirectoryUnavailableException:

The directory is unavailable. It might be located in another Region or deleted.

InvalidParameterException:

One or more of the input parameters don't match the service's restrictions.

NameAvailabilityException:

The user, group, or resource name isn't unique in WorkMail.

OrganizationNotFoundException:

An operation received a valid organization identifier that either doesn't belong or exist in the system.

OrganizationStateException:

The organization must have a valid state to perform certain operations on the organization or its members.

ReservedNameException:

This user, group, or resource name is not allowed in WorkMail.

UnsupportedOperationException:

You can't perform a write operation against a read-only directory.

CreateImpersonationRole

$result = $client->createImpersonationRole([/* ... */]);
$promise = $client->createImpersonationRoleAsync([/* ... */]);

Creates an impersonation role for the given WorkMail organization.

Idempotency ensures that an API request completes no more than one time. With an idempotent request, if the original request completes successfully, any subsequent retries also complete successfully without performing any further actions.

Parameter Syntax

$result = $client->createImpersonationRole([
    'ClientToken' => '<string>',
    'Description' => '<string>',
    'Name' => '<string>', // REQUIRED
    'OrganizationId' => '<string>', // REQUIRED
    'Rules' => [ // REQUIRED
        [
            'Description' => '<string>',
            'Effect' => 'ALLOW|DENY', // REQUIRED
            'ImpersonationRuleId' => '<string>', // REQUIRED
            'Name' => '<string>',
            'NotTargetUsers' => ['<string>', ...],
            'TargetUsers' => ['<string>', ...],
        ],
        // ...
    ],
    'Type' => 'FULL_ACCESS|READ_ONLY', // REQUIRED
]);

Parameter Details

Members
ClientToken
Type: string

The idempotency token for the client request.

Description
Type: string

The description of the new impersonation role.

Name
Required: Yes
Type: string

The name of the new impersonation role.

OrganizationId
Required: Yes
Type: string

The WorkMail organization to create the new impersonation role within.

Rules
Required: Yes
Type: Array of ImpersonationRule structures

The list of rules for the impersonation role.

Type
Required: Yes
Type: string

The impersonation role's type. The available impersonation role types are READ_ONLY or FULL_ACCESS.

Result Syntax

[
    'ImpersonationRoleId' => '<string>',
]

Result Details

Members
ImpersonationRoleId
Type: string

The new impersonation role ID.

Errors

InvalidParameterException:

One or more of the input parameters don't match the service's restrictions.

OrganizationNotFoundException:

An operation received a valid organization identifier that either doesn't belong or exist in the system.

OrganizationStateException:

The organization must have a valid state to perform certain operations on the organization or its members.

EntityNotFoundException:

The identifier supplied for the user, group, or resource does not exist in your organization.

EntityStateException:

You are performing an operation on a user, group, or resource that isn't in the expected state, such as trying to delete an active user.

LimitExceededException:

The request exceeds the limit of the resource.

CreateMobileDeviceAccessRule

$result = $client->createMobileDeviceAccessRule([/* ... */]);
$promise = $client->createMobileDeviceAccessRuleAsync([/* ... */]);

Creates a new mobile device access rule for the specified WorkMail organization.

Parameter Syntax

$result = $client->createMobileDeviceAccessRule([
    'ClientToken' => '<string>',
    'Description' => '<string>',
    'DeviceModels' => ['<string>', ...],
    'DeviceOperatingSystems' => ['<string>', ...],
    'DeviceTypes' => ['<string>', ...],
    'DeviceUserAgents' => ['<string>', ...],
    'Effect' => 'ALLOW|DENY', // REQUIRED
    'Name' => '<string>', // REQUIRED
    'NotDeviceModels' => ['<string>', ...],
    'NotDeviceOperatingSystems' => ['<string>', ...],
    'NotDeviceTypes' => ['<string>', ...],
    'NotDeviceUserAgents' => ['<string>', ...],
    'OrganizationId' => '<string>', // REQUIRED
]);

Parameter Details

Members
ClientToken
Type: string

The idempotency token for the client request.

Description
Type: string

The rule description.

DeviceModels
Type: Array of strings

Device models that the rule will match.

DeviceOperatingSystems
Type: Array of strings

Device operating systems that the rule will match.

DeviceTypes
Type: Array of strings

Device types that the rule will match.

DeviceUserAgents
Type: Array of strings

Device user agents that the rule will match.

Effect
Required: Yes
Type: string

The effect of the rule when it matches. Allowed values are ALLOW or DENY.

Name
Required: Yes
Type: string

The rule name.

NotDeviceModels
Type: Array of strings

Device models that the rule will not match. All other device models will match.

NotDeviceOperatingSystems
Type: Array of strings

Device operating systems that the rule will not match. All other device operating systems will match.

NotDeviceTypes
Type: Array of strings

Device types that the rule will not match. All other device types will match.

NotDeviceUserAgents
Type: Array of strings

Device user agents that the rule will not match. All other device user agents will match.

OrganizationId
Required: Yes
Type: string

The WorkMail organization under which the rule will be created.

Result Syntax

[
    'MobileDeviceAccessRuleId' => '<string>',
]

Result Details

Members
MobileDeviceAccessRuleId
Type: string

The identifier for the newly created mobile device access rule.

Errors

InvalidParameterException:

One or more of the input parameters don't match the service's restrictions.

LimitExceededException:

The request exceeds the limit of the resource.

OrganizationNotFoundException:

An operation received a valid organization identifier that either doesn't belong or exist in the system.

OrganizationStateException:

The organization must have a valid state to perform certain operations on the organization or its members.

CreateOrganization

$result = $client->createOrganization([/* ... */]);
$promise = $client->createOrganizationAsync([/* ... */]);

Creates a new WorkMail organization. Optionally, you can choose to associate an existing AWS Directory Service directory with your organization. If an AWS Directory Service directory ID is specified, the organization alias must match the directory alias. If you choose not to associate an existing directory with your organization, then we create a new WorkMail directory for you. For more information, see Adding an organization in the WorkMail Administrator Guide.

You can associate multiple email domains with an organization, then choose your default email domain from the WorkMail console. You can also associate a domain that is managed in an Amazon Route 53 public hosted zone. For more information, see Adding a domain and Choosing the default domain in the WorkMail Administrator Guide.

Optionally, you can use a customer managed key from AWS Key Management Service (AWS KMS) to encrypt email for your organization. If you don't associate an AWS KMS key, WorkMail creates a default, AWS managed key for you.

Parameter Syntax

$result = $client->createOrganization([
    'Alias' => '<string>', // REQUIRED
    'ClientToken' => '<string>',
    'DirectoryId' => '<string>',
    'Domains' => [
        [
            'DomainName' => '<string>', // REQUIRED
            'HostedZoneId' => '<string>',
        ],
        // ...
    ],
    'EnableInteroperability' => true || false,
    'KmsKeyArn' => '<string>',
]);

Parameter Details

Members
Alias
Required: Yes
Type: string

The organization alias.

ClientToken
Type: string

The idempotency token associated with the request.

DirectoryId
Type: string

The AWS Directory Service directory ID.

Domains
Type: Array of Domain structures

The email domains to associate with the organization.

EnableInteroperability
Type: boolean

When true, allows organization interoperability between WorkMail and Microsoft Exchange. If true, you must include a AD Connector directory ID in the request.

KmsKeyArn
Type: string

The Amazon Resource Name (ARN) of a customer managed key from AWS KMS.

Result Syntax

[
    'OrganizationId' => '<string>',
]

Result Details

Members
OrganizationId
Type: string

The organization ID.

Errors

InvalidParameterException:

One or more of the input parameters don't match the service's restrictions.

DirectoryInUseException:

The directory is already in use by another WorkMail organization in the same account and Region.

DirectoryUnavailableException:

The directory is unavailable. It might be located in another Region or deleted.

LimitExceededException:

The request exceeds the limit of the resource.

NameAvailabilityException:

The user, group, or resource name isn't unique in WorkMail.

CreateResource

$result = $client->createResource([/* ... */]);
$promise = $client->createResourceAsync([/* ... */]);

Creates a new WorkMail resource.

Parameter Syntax

$result = $client->createResource([
    'Description' => '<string>',
    'HiddenFromGlobalAddressList' => true || false,
    'Name' => '<string>', // REQUIRED
    'OrganizationId' => '<string>', // REQUIRED
    'Type' => 'ROOM|EQUIPMENT', // REQUIRED
]);

Parameter Details

Members
Description
Type: string

Resource description.

HiddenFromGlobalAddressList
Type: boolean

If this parameter is enabled, the resource will be hidden from the address book.

Name
Required: Yes
Type: string

The name of the new resource.

OrganizationId
Required: Yes
Type: string

The identifier associated with the organization for which the resource is created.

Type
Required: Yes
Type: string

The type of the new resource. The available types are equipment and room.

Result Syntax

[
    'ResourceId' => '<string>',
]

Result Details

Members
ResourceId
Type: string

The identifier of the new resource.

Errors

DirectoryServiceAuthenticationFailedException:

The directory service doesn't recognize the credentials supplied by WorkMail.

DirectoryUnavailableException:

The directory is unavailable. It might be located in another Region or deleted.

InvalidParameterException:

One or more of the input parameters don't match the service's restrictions.

NameAvailabilityException:

The user, group, or resource name isn't unique in WorkMail.

OrganizationNotFoundException:

An operation received a valid organization identifier that either doesn't belong or exist in the system.

OrganizationStateException:

The organization must have a valid state to perform certain operations on the organization or its members.

ReservedNameException:

This user, group, or resource name is not allowed in WorkMail.

UnsupportedOperationException:

You can't perform a write operation against a read-only directory.

CreateUser

$result = $client->createUser([/* ... */]);
$promise = $client->createUserAsync([/* ... */]);

Creates a user who can be used in WorkMail by calling the RegisterToWorkMail operation.

Parameter Syntax

$result = $client->createUser([
    'DisplayName' => '<string>', // REQUIRED
    'FirstName' => '<string>',
    'HiddenFromGlobalAddressList' => true || false,
    'LastName' => '<string>',
    'Name' => '<string>', // REQUIRED
    'OrganizationId' => '<string>', // REQUIRED
    'Password' => '<string>',
    'Role' => 'USER|RESOURCE|SYSTEM_USER|REMOTE_USER',
]);

Parameter Details

Members
DisplayName
Required: Yes
Type: string

The display name for the new user.

FirstName
Type: string

The first name of the new user.

HiddenFromGlobalAddressList
Type: boolean

If this parameter is enabled, the user will be hidden from the address book.

LastName
Type: string

The last name of the new user.

Name
Required: Yes
Type: string

The name for the new user. WorkMail directory user names have a maximum length of 64. All others have a maximum length of 20.

OrganizationId
Required: Yes
Type: string

The identifier of the organization for which the user is created.

Password
Type: string

The password for the new user.

Role
Type: string

The role of the new user.

You cannot pass SYSTEM_USER or RESOURCE role in a single request. When a user role is not selected, the default role of USER is selected.

Result Syntax

[
    'UserId' => '<string>',
]

Result Details

Members
UserId
Type: string

The identifier for the new user.

Errors

DirectoryServiceAuthenticationFailedException:

The directory service doesn't recognize the credentials supplied by WorkMail.

DirectoryUnavailableException:

The directory is unavailable. It might be located in another Region or deleted.

InvalidParameterException:

One or more of the input parameters don't match the service's restrictions.

InvalidPasswordException:

The supplied password doesn't match the minimum security constraints, such as length or use of special characters.

NameAvailabilityException:

The user, group, or resource name isn't unique in WorkMail.

OrganizationNotFoundException:

An operation received a valid organization identifier that either doesn't belong or exist in the system.

OrganizationStateException:

The organization must have a valid state to perform certain operations on the organization or its members.

ReservedNameException:

This user, group, or resource name is not allowed in WorkMail.

UnsupportedOperationException:

You can't perform a write operation against a read-only directory.

DeleteAccessControlRule

$result = $client->deleteAccessControlRule([/* ... */]);
$promise = $client->deleteAccessControlRuleAsync([/* ... */]);

Deletes an access control rule for the specified WorkMail organization.

Deleting already deleted and non-existing rules does not produce an error. In those cases, the service sends back an HTTP 200 response with an empty HTTP body.

Parameter Syntax

$result = $client->deleteAccessControlRule([
    'Name' => '<string>', // REQUIRED
    'OrganizationId' => '<string>', // REQUIRED
]);

Parameter Details

Members
Name
Required: Yes
Type: string

The name of the access control rule.

OrganizationId
Required: Yes
Type: string

The identifier for the organization.

Result Syntax

[]

Result Details

The results for this operation are always empty.

Errors

OrganizationNotFoundException:

An operation received a valid organization identifier that either doesn't belong or exist in the system.

OrganizationStateException:

The organization must have a valid state to perform certain operations on the organization or its members.

DeleteAlias

$result = $client->deleteAlias([/* ... */]);
$promise = $client->deleteAliasAsync([/* ... */]);

Remove one or more specified aliases from a set of aliases for a given user.

Parameter Syntax

$result = $client->deleteAlias([
    'Alias' => '<string>', // REQUIRED
    'EntityId' => '<string>', // REQUIRED
    'OrganizationId' => '<string>', // REQUIRED
]);

Parameter Details

Members
Alias
Required: Yes
Type: string

The aliases to be removed from the user's set of aliases. Duplicate entries in the list are collapsed into single entries (the list is transformed into a set).

EntityId
Required: Yes
Type: string

The identifier for the member (user or group) from which to have the aliases removed.

OrganizationId
Required: Yes
Type: string

The identifier for the organization under which the user exists.

Result Syntax

[]

Result Details

The results for this operation are always empty.

Errors

EntityNotFoundException:

The identifier supplied for the user, group, or resource does not exist in your organization.

EntityStateException:

You are performing an operation on a user, group, or resource that isn't in the expected state, such as trying to delete an active user.

InvalidParameterException:

One or more of the input parameters don't match the service's restrictions.

OrganizationNotFoundException:

An operation received a valid organization identifier that either doesn't belong or exist in the system.

OrganizationStateException:

The organization must have a valid state to perform certain operations on the organization or its members.

DeleteAvailabilityConfiguration

$result = $client->deleteAvailabilityConfiguration([/* ... */]);
$promise = $client->deleteAvailabilityConfigurationAsync([/* ... */]);

Deletes the AvailabilityConfiguration for the given WorkMail organization and domain.

Parameter Syntax

$result = $client->deleteAvailabilityConfiguration([
    'DomainName' => '<string>', // REQUIRED
    'OrganizationId' => '<string>', // REQUIRED
]);

Parameter Details

Members
DomainName
Required: Yes
Type: string

The domain for which the AvailabilityConfiguration will be deleted.

OrganizationId
Required: Yes
Type: string

The WorkMail organization for which the AvailabilityConfiguration will be deleted.

Result Syntax

[]

Result Details

The results for this operation are always empty.

Errors

OrganizationNotFoundException:

An operation received a valid organization identifier that either doesn't belong or exist in the system.

OrganizationStateException:

The organization must have a valid state to perform certain operations on the organization or its members.

DeleteEmailMonitoringConfiguration

$result = $client->deleteEmailMonitoringConfiguration([/* ... */]);
$promise = $client->deleteEmailMonitoringConfigurationAsync([/* ... */]);

Deletes the email monitoring configuration for a specified organization.

Parameter Syntax

$result = $client->deleteEmailMonitoringConfiguration([
    'OrganizationId' => '<string>', // REQUIRED
]);

Parameter Details

Members
OrganizationId
Required: Yes
Type: string

The ID of the organization from which the email monitoring configuration is deleted.

Result Syntax

[]

Result Details

The results for this operation are always empty.

Errors

InvalidParameterException:

One or more of the input parameters don't match the service's restrictions.

OrganizationNotFoundException:

An operation received a valid organization identifier that either doesn't belong or exist in the system.

OrganizationStateException:

The organization must have a valid state to perform certain operations on the organization or its members.

DeleteGroup

$result = $client->deleteGroup([/* ... */]);
$promise = $client->deleteGroupAsync([/* ... */]);

Deletes a group from WorkMail.

Parameter Syntax

$result = $client->deleteGroup([
    'GroupId' => '<string>', // REQUIRED
    'OrganizationId' => '<string>', // REQUIRED
]);

Parameter Details

Members
GroupId
Required: Yes
Type: string

The identifier of the group to be deleted.

The identifier can be the GroupId, or Groupname. The following identity formats are available:

  • Group ID: 12345678-1234-1234-1234-123456789012 or S-1-1-12-1234567890-123456789-123456789-1234

  • Group name: group

OrganizationId
Required: Yes
Type: string

The organization that contains the group.

Result Syntax

[]

Result Details

The results for this operation are always empty.

Errors

DirectoryServiceAuthenticationFailedException:

The directory service doesn't recognize the credentials supplied by WorkMail.

DirectoryUnavailableException:

The directory is unavailable. It might be located in another Region or deleted.

EntityStateException:

You are performing an operation on a user, group, or resource that isn't in the expected state, such as trying to delete an active user.

InvalidParameterException:

One or more of the input parameters don't match the service's restrictions.

OrganizationNotFoundException:

An operation received a valid organization identifier that either doesn't belong or exist in the system.

OrganizationStateException:

The organization must have a valid state to perform certain operations on the organization or its members.

UnsupportedOperationException:

You can't perform a write operation against a read-only directory.

DeleteImpersonationRole

$result = $client->deleteImpersonationRole([/* ... */]);
$promise = $client->deleteImpersonationRoleAsync([/* ... */]);

Deletes an impersonation role for the given WorkMail organization.

Parameter Syntax

$result = $client->deleteImpersonationRole([
    'ImpersonationRoleId' => '<string>', // REQUIRED
    'OrganizationId' => '<string>', // REQUIRED
]);

Parameter Details

Members
ImpersonationRoleId
Required: Yes
Type: string

The ID of the impersonation role to delete.

OrganizationId
Required: Yes
Type: string

The WorkMail organization from which to delete the impersonation role.

Result Syntax

[]

Result Details

The results for this operation are always empty.

Errors

InvalidParameterException:

One or more of the input parameters don't match the service's restrictions.

OrganizationNotFoundException:

An operation received a valid organization identifier that either doesn't belong or exist in the system.

OrganizationStateException:

The organization must have a valid state to perform certain operations on the organization or its members.

DeleteMailboxPermissions

$result = $client->deleteMailboxPermissions([/* ... */]);
$promise = $client->deleteMailboxPermissionsAsync([/* ... */]);

Deletes permissions granted to a member (user or group).

Parameter Syntax

$result = $client->deleteMailboxPermissions([
    'EntityId' => '<string>', // REQUIRED
    'GranteeId' => '<string>', // REQUIRED
    'OrganizationId' => '<string>', // REQUIRED
]);

Parameter Details

Members
EntityId
Required: Yes
Type: string

The identifier of the entity that owns the mailbox.

The identifier can be UserId or Group Id, Username or Groupname, or email.

  • Entity ID: 12345678-1234-1234-1234-123456789012, r-0123456789a0123456789b0123456789, or S-1-1-12-1234567890-123456789-123456789-1234

  • Email address: entity@domain.tld

  • Entity name: entity

GranteeId
Required: Yes
Type: string

The identifier of the entity for which to delete granted permissions.

The identifier can be UserId, ResourceID, or Group Id, Username or Groupname, or email.

  • Grantee ID: 12345678-1234-1234-1234-123456789012,r-0123456789a0123456789b0123456789, or S-1-1-12-1234567890-123456789-123456789-1234

  • Email address: grantee@domain.tld

  • Grantee name: grantee

OrganizationId
Required: Yes
Type: string

The identifier of the organization under which the member (user or group) exists.

Result Syntax

[]

Result Details

The results for this operation are always empty.

Errors

EntityNotFoundException:

The identifier supplied for the user, group, or resource does not exist in your organization.

EntityStateException:

You are performing an operation on a user, group, or resource that isn't in the expected state, such as trying to delete an active user.

InvalidParameterException:

One or more of the input parameters don't match the service's restrictions.

OrganizationNotFoundException:

An operation received a valid organization identifier that either doesn't belong or exist in the system.

OrganizationStateException:

The organization must have a valid state to perform certain operations on the organization or its members.

DeleteMobileDeviceAccessOverride

$result = $client->deleteMobileDeviceAccessOverride([/* ... */]);
$promise = $client->deleteMobileDeviceAccessOverrideAsync([/* ... */]);

Deletes the mobile device access override for the given WorkMail organization, user, and device.

Deleting already deleted and non-existing overrides does not produce an error. In those cases, the service sends back an HTTP 200 response with an empty HTTP body.

Parameter Syntax

$result = $client->deleteMobileDeviceAccessOverride([
    'DeviceId' => '<string>', // REQUIRED
    'OrganizationId' => '<string>', // REQUIRED
    'UserId' => '<string>', // REQUIRED
]);

Parameter Details

Members
DeviceId
Required: Yes
Type: string

The mobile device for which you delete the override. DeviceId is case insensitive.

OrganizationId
Required: Yes
Type: string

The WorkMail organization for which the access override will be deleted.

UserId
Required: Yes
Type: string

The WorkMail user for which you want to delete the override. Accepts the following types of user identities:

  • User ID: 12345678-1234-1234-1234-123456789012 or S-1-1-12-1234567890-123456789-123456789-1234

  • Email address: user@domain.tld

  • User name: user

Result Syntax

[]

Result Details

The results for this operation are always empty.

Errors

InvalidParameterException:

One or more of the input parameters don't match the service's restrictions.

OrganizationNotFoundException:

An operation received a valid organization identifier that either doesn't belong or exist in the system.

OrganizationStateException:

The organization must have a valid state to perform certain operations on the organization or its members.

EntityNotFoundException:

The identifier supplied for the user, group, or resource does not exist in your organization.

DeleteMobileDeviceAccessRule

$result = $client->deleteMobileDeviceAccessRule([/* ... */]);
$promise = $client->deleteMobileDeviceAccessRuleAsync([/* ... */]);

Deletes a mobile device access rule for the specified WorkMail organization.

Deleting already deleted and non-existing rules does not produce an error. In those cases, the service sends back an HTTP 200 response with an empty HTTP body.

Parameter Syntax

$result = $client->deleteMobileDeviceAccessRule([
    'MobileDeviceAccessRuleId' => '<string>', // REQUIRED
    'OrganizationId' => '<string>', // REQUIRED
]);

Parameter Details

Members
MobileDeviceAccessRuleId
Required: Yes
Type: string

The identifier of the rule to be deleted.

OrganizationId
Required: Yes
Type: string

The WorkMail organization under which the rule will be deleted.

Result Syntax

[]

Result Details

The results for this operation are always empty.

Errors

InvalidParameterException:

One or more of the input parameters don't match the service's restrictions.

OrganizationNotFoundException:

An operation received a valid organization identifier that either doesn't belong or exist in the system.

OrganizationStateException:

The organization must have a valid state to perform certain operations on the organization or its members.

DeleteOrganization

$result = $client->deleteOrganization([/* ... */]);
$promise = $client->deleteOrganizationAsync([/* ... */]);

Deletes an WorkMail organization and all underlying AWS resources managed by WorkMail as part of the organization. You can choose whether to delete the associated directory. For more information, see Removing an organization in the WorkMail Administrator Guide.

Parameter Syntax

$result = $client->deleteOrganization([
    'ClientToken' => '<string>',
    'DeleteDirectory' => true || false, // REQUIRED
    'ForceDelete' => true || false,
    'OrganizationId' => '<string>', // REQUIRED
]);

Parameter Details

Members
ClientToken
Type: string

The idempotency token associated with the request.

DeleteDirectory
Required: Yes
Type: boolean

If true, deletes the AWS Directory Service directory associated with the organization.

ForceDelete
Type: boolean

Deletes a WorkMail organization even if the organization has enabled users.

OrganizationId
Required: Yes
Type: string

The organization ID.

Result Syntax

[
    'OrganizationId' => '<string>',
    'State' => '<string>',
]

Result Details

Members
OrganizationId
Type: string

The organization ID.

State
Type: string

The state of the organization.

Errors

InvalidParameterException:

One or more of the input parameters don't match the service's restrictions.

OrganizationNotFoundException:

An operation received a valid organization identifier that either doesn't belong or exist in the system.

OrganizationStateException:

The organization must have a valid state to perform certain operations on the organization or its members.

DeleteResource

$result = $client->deleteResource([/* ... */]);
$promise = $client->deleteResourceAsync([/* ... */]);

Deletes the specified resource.

Parameter Syntax

$result = $client->deleteResource([
    'OrganizationId' => '<string>', // REQUIRED
    'ResourceId' => '<string>', // REQUIRED
]);

Parameter Details

Members
OrganizationId
Required: Yes
Type: string

The identifier associated with the organization from which the resource is deleted.

ResourceId
Required: Yes
Type: string

The identifier of the resource to be deleted.

The identifier can accept ResourceId, or Resourcename. The following identity formats are available:

  • Resource ID: r-0123456789a0123456789b0123456789

  • Resource name: resource

Result Syntax

[]

Result Details

The results for this operation are always empty.

Errors

EntityStateException:

You are performing an operation on a user, group, or resource that isn't in the expected state, such as trying to delete an active user.

InvalidParameterException:

One or more of the input parameters don't match the service's restrictions.

OrganizationNotFoundException:

An operation received a valid organization identifier that either doesn't belong or exist in the system.

OrganizationStateException:

The organization must have a valid state to perform certain operations on the organization or its members.

UnsupportedOperationException:

You can't perform a write operation against a read-only directory.

DeleteRetentionPolicy

$result = $client->deleteRetentionPolicy([/* ... */]);
$promise = $client->deleteRetentionPolicyAsync([/* ... */]);

Deletes the specified retention policy from the specified organization.

Parameter Syntax

$result = $client->deleteRetentionPolicy([
    'Id' => '<string>', // REQUIRED
    'OrganizationId' => '<string>', // REQUIRED
]);

Parameter Details

Members
Id
Required: Yes
Type: string

The retention policy ID.

OrganizationId
Required: Yes
Type: string

The organization ID.

Result Syntax

[]

Result Details

The results for this operation are always empty.

Errors

InvalidParameterException:

One or more of the input parameters don't match the service's restrictions.

OrganizationNotFoundException:

An operation received a valid organization identifier that either doesn't belong or exist in the system.

OrganizationStateException:

The organization must have a valid state to perform certain operations on the organization or its members.

DeleteUser

$result = $client->deleteUser([/* ... */]);
$promise = $client->deleteUserAsync([/* ... */]);

Deletes a user from WorkMail and all subsequent systems. Before you can delete a user, the user state must be DISABLED. Use the DescribeUser action to confirm the user state.

Deleting a user is permanent and cannot be undone. WorkMail archives user mailboxes for 30 days before they are permanently removed.

Parameter Syntax

$result = $client->deleteUser([
    'OrganizationId' => '<string>', // REQUIRED
    'UserId' => '<string>', // REQUIRED
]);

Parameter Details

Members
OrganizationId
Required: Yes
Type: string

The organization that contains the user to be deleted.

UserId
Required: Yes
Type: string

The identifier of the user to be deleted.

The identifier can be the UserId or Username. The following identity formats are available:

  • User ID: 12345678-1234-1234-1234-123456789012 or S-1-1-12-1234567890-123456789-123456789-1234

  • User name: user

Result Syntax

[]

Result Details

The results for this operation are always empty.

Errors

DirectoryServiceAuthenticationFailedException:

The directory service doesn't recognize the credentials supplied by WorkMail.

DirectoryUnavailableException:

The directory is unavailable. It might be located in another Region or deleted.

EntityStateException:

You are performing an operation on a user, group, or resource that isn't in the expected state, such as trying to delete an active user.

InvalidParameterException:

One or more of the input parameters don't match the service's restrictions.

OrganizationNotFoundException:

An operation received a valid organization identifier that either doesn't belong or exist in the system.

OrganizationStateException:

The organization must have a valid state to perform certain operations on the organization or its members.

UnsupportedOperationException:

You can't perform a write operation against a read-only directory.

DeregisterFromWorkMail

$result = $client->deregisterFromWorkMail([/* ... */]);
$promise = $client->deregisterFromWorkMailAsync([/* ... */]);

Mark a user, group, or resource as no longer used in WorkMail. This action disassociates the mailbox and schedules it for clean-up. WorkMail keeps mailboxes for 30 days before they are permanently removed. The functionality in the console is Disable.

Parameter Syntax

$result = $client->deregisterFromWorkMail([
    'EntityId' => '<string>', // REQUIRED
    'OrganizationId' => '<string>', // REQUIRED
]);

Parameter Details

Members
EntityId
Required: Yes
Type: string

The identifier for the member to be updated.

The identifier can be UserId, ResourceId, or Group Id, Username, Resourcename, or Groupname, or email.

  • Entity ID: 12345678-1234-1234-1234-123456789012, r-0123456789a0123456789b0123456789, or S-1-1-12-1234567890-123456789-123456789-1234

  • Email address: entity@domain.tld

  • Entity name: entity

OrganizationId
Required: Yes
Type: string

The identifier for the organization under which the WorkMail entity exists.

Result Syntax

[]

Result Details

The results for this operation are always empty.

Errors

EntityNotFoundException:

The identifier supplied for the user, group, or resource does not exist in your organization.

EntityStateException:

You are performing an operation on a user, group, or resource that isn't in the expected state, such as trying to delete an active user.

InvalidParameterException:

One or more of the input parameters don't match the service's restrictions.

OrganizationNotFoundException:

An operation received a valid organization identifier that either doesn't belong or exist in the system.

OrganizationStateException:

The organization must have a valid state to perform certain operations on the organization or its members.

DeregisterMailDomain

$result = $client->deregisterMailDomain([/* ... */]);
$promise = $client->deregisterMailDomainAsync([/* ... */]);

Removes a domain from WorkMail, stops email routing to WorkMail, and removes the authorization allowing WorkMail use. SES keeps the domain because other applications may use it. You must first remove any email address used by WorkMail entities before you remove the domain.

Parameter Syntax

$result = $client->deregisterMailDomain([
    'DomainName' => '<string>', // REQUIRED
    'OrganizationId' => '<string>', // REQUIRED
]);

Parameter Details

Members
DomainName
Required: Yes
Type: string

The domain to deregister in WorkMail and SES.

OrganizationId
Required: Yes
Type: string

The WorkMail organization for which the domain will be deregistered.

Result Syntax

[]

Result Details

The results for this operation are always empty.

Errors

MailDomainInUseException:

The domain you're trying to change is in use by another user or organization in your account. See the error message for details.

OrganizationNotFoundException:

An operation received a valid organization identifier that either doesn't belong or exist in the system.

OrganizationStateException:

The organization must have a valid state to perform certain operations on the organization or its members.

InvalidParameterException:

One or more of the input parameters don't match the service's restrictions.

InvalidCustomSesConfigurationException:

You SES configuration has customizations that WorkMail cannot save. The error message lists the invalid setting. For examples of invalid settings, refer to CreateReceiptRule.

DescribeEmailMonitoringConfiguration

$result = $client->describeEmailMonitoringConfiguration([/* ... */]);
$promise = $client->describeEmailMonitoringConfigurationAsync([/* ... */]);

Describes the current email monitoring configuration for a specified organization.

Parameter Syntax

$result = $client->describeEmailMonitoringConfiguration([
    'OrganizationId' => '<string>', // REQUIRED
]);

Parameter Details

Members
OrganizationId
Required: Yes
Type: string

The ID of the organization for which the email monitoring configuration is described.

Result Syntax

[
    'LogGroupArn' => '<string>',
    'RoleArn' => '<string>',
]

Result Details

Members
LogGroupArn
Type: string

The Amazon Resource Name (ARN) of the CloudWatch Log group associated with the email monitoring configuration.

RoleArn
Type: string

The Amazon Resource Name (ARN) of the IAM Role associated with the email monitoring configuration.

Errors

ResourceNotFoundException:

The resource cannot be found.

InvalidParameterException:

One or more of the input parameters don't match the service's restrictions.

OrganizationNotFoundException:

An operation received a valid organization identifier that either doesn't belong or exist in the system.

OrganizationStateException:

The organization must have a valid state to perform certain operations on the organization or its members.

DescribeEntity

$result = $client->describeEntity([/* ... */]);
$promise = $client->describeEntityAsync([/* ... */]);

Returns basic details about an entity in WorkMail.

Parameter Syntax

$result = $client->describeEntity([
    'Email' => '<string>', // REQUIRED
    'OrganizationId' => '<string>', // REQUIRED
]);

Parameter Details

Members
Email
Required: Yes
Type: string

The email under which the entity exists.

OrganizationId
Required: Yes
Type: string

The identifier for the organization under which the entity exists.

Result Syntax

[
    'EntityId' => '<string>',
    'Name' => '<string>',
    'Type' => 'GROUP|USER|RESOURCE',
]

Result Details

Members
EntityId
Type: string

The entity ID under which the entity exists.

Name
Type: string

Username, GroupName, or ResourceName based on entity type.

Type
Type: string

Entity type.

Errors

EntityNotFoundException:

The identifier supplied for the user, group, or resource does not exist in your organization.

InvalidParameterException:

One or more of the input parameters don't match the service's restrictions.

OrganizationNotFoundException:

An operation received a valid organization identifier that either doesn't belong or exist in the system.

OrganizationStateException:

The organization must have a valid state to perform certain operations on the organization or its members.

DescribeGroup

$result = $client->describeGroup([/* ... */]);
$promise = $client->describeGroupAsync([/* ... */]);

Returns the data available for the group.

Parameter Syntax

$result = $client->describeGroup([
    'GroupId' => '<string>', // REQUIRED
    'OrganizationId' => '<string>', // REQUIRED
]);

Parameter Details

Members
GroupId
Required: Yes
Type: string

The identifier for the group to be described.

The identifier can accept GroupId, Groupname, or email. The following identity formats are available:

  • Group ID: 12345678-1234-1234-1234-123456789012 or S-1-1-12-1234567890-123456789-123456789-1234

  • Email address: group@domain.tld

  • Group name: group

OrganizationId
Required: Yes
Type: string

The identifier for the organization under which the group exists.

Result Syntax

[
    'DisabledDate' => <DateTime>,
    'Email' => '<string>',
    'EnabledDate' => <DateTime>,
    'GroupId' => '<string>',
    'HiddenFromGlobalAddressList' => true || false,
    'Name' => '<string>',
    'State' => 'ENABLED|DISABLED|DELETED',
]

Result Details

Members
DisabledDate
Type: timestamp (string|DateTime or anything parsable by strtotime)

The date and time when a user was deregistered from WorkMail, in UNIX epoch time format.

Email
Type: string

The email of the described group.

EnabledDate
Type: timestamp (string|DateTime or anything parsable by strtotime)

The date and time when a user was registered to WorkMail, in UNIX epoch time format.

GroupId
Type: string

The identifier of the described group.

HiddenFromGlobalAddressList
Type: boolean

If the value is set to true, the group is hidden from the address book.

Name
Type: string

The name of the described group.

State
Type: string

The state of the user: enabled (registered to WorkMail) or disabled (deregistered or never registered to WorkMail).

Errors

EntityNotFoundException:

The identifier supplied for the user, group, or resource does not exist in your organization.

InvalidParameterException:

One or more of the input parameters don't match the service's restrictions.

OrganizationNotFoundException:

An operation received a valid organization identifier that either doesn't belong or exist in the system.

OrganizationStateException:

The organization must have a valid state to perform certain operations on the organization or its members.

DescribeInboundDmarcSettings

$result = $client->describeInboundDmarcSettings([/* ... */]);
$promise = $client->describeInboundDmarcSettingsAsync([/* ... */]);

Lists the settings in a DMARC policy for a specified organization.

Parameter Syntax

$result = $client->describeInboundDmarcSettings([
    'OrganizationId' => '<string>', // REQUIRED
]);

Parameter Details

Members
OrganizationId
Required: Yes
Type: string

Lists the ID of the given organization.

Result Syntax

[
    'Enforced' => true || false,
]

Result Details

Members
Enforced
Type: boolean

Lists the enforcement setting of the applied policy.

Errors

OrganizationNotFoundException:

An operation received a valid organization identifier that either doesn't belong or exist in the system.

OrganizationStateException:

The organization must have a valid state to perform certain operations on the organization or its members.

DescribeMailboxExportJob

$result = $client->describeMailboxExportJob([/* ... */]);
$promise = $client->describeMailboxExportJobAsync([/* ... */]);

Describes the current status of a mailbox export job.

Parameter Syntax

$result = $client->describeMailboxExportJob([
    'JobId' => '<string>', // REQUIRED
    'OrganizationId' => '<string>', // REQUIRED
]);

Parameter Details

Members
JobId
Required: Yes
Type: string

The mailbox export job ID.

OrganizationId
Required: Yes
Type: string

The organization ID.

Result Syntax

[
    'Description' => '<string>',
    'EndTime' => <DateTime>,
    'EntityId' => '<string>',
    'ErrorInfo' => '<string>',
    'EstimatedProgress' => <integer>,
    'KmsKeyArn' => '<string>',
    'RoleArn' => '<string>',
    'S3BucketName' => '<string>',
    'S3Path' => '<string>',
    'S3Prefix' => '<string>',
    'StartTime' => <DateTime>,
    'State' => 'RUNNING|COMPLETED|FAILED|CANCELLED',
]

Result Details

Members
Description
Type: string

The mailbox export job description.

EndTime
Type: timestamp (string|DateTime or anything parsable by strtotime)

The mailbox export job end timestamp.

EntityId
Type: string

The identifier of the user or resource associated with the mailbox.

ErrorInfo
Type: string

Error information for failed mailbox export jobs.

EstimatedProgress
Type: int

The estimated progress of the mailbox export job, in percentage points.

KmsKeyArn
Type: string

The Amazon Resource Name (ARN) of the symmetric AWS Key Management Service (AWS KMS) key that encrypts the exported mailbox content.

RoleArn
Type: string

The ARN of the AWS Identity and Access Management (IAM) role that grants write permission to the Amazon Simple Storage Service (Amazon S3) bucket.

S3BucketName
Type: string

The name of the S3 bucket.

S3Path
Type: string

The path to the S3 bucket and file that the mailbox export job is exporting to.

S3Prefix
Type: string

The S3 bucket prefix.

StartTime
Type: timestamp (string|DateTime or anything parsable by strtotime)

The mailbox export job start timestamp.

State
Type: string

The state of the mailbox export job.

Errors

InvalidParameterException:

One or more of the input parameters don't match the service's restrictions.

OrganizationNotFoundException:

An operation received a valid organization identifier that either doesn't belong or exist in the system.

OrganizationStateException:

The organization must have a valid state to perform certain operations on the organization or its members.

EntityNotFoundException:

The identifier supplied for the user, group, or resource does not exist in your organization.

DescribeOrganization

$result = $client->describeOrganization([/* ... */]);
$promise = $client->describeOrganizationAsync([/* ... */]);

Provides more information regarding a given organization based on its identifier.

Parameter Syntax

$result = $client->describeOrganization([
    'OrganizationId' => '<string>', // REQUIRED
]);

Parameter Details

Members
OrganizationId
Required: Yes
Type: string

The identifier for the organization to be described.

Result Syntax

[
    'ARN' => '<string>',
    'Alias' => '<string>',
    'CompletedDate' => <DateTime>,
    'DefaultMailDomain' => '<string>',
    'DirectoryId' => '<string>',
    'DirectoryType' => '<string>',
    'ErrorMessage' => '<string>',
    'InteroperabilityEnabled' => true || false,
    'MigrationAdmin' => '<string>',
    'OrganizationId' => '<string>',
    'State' => '<string>',
]

Result Details

Members
ARN
Type: string

The Amazon Resource Name (ARN) of the organization.

Alias
Type: string

The alias for an organization.

CompletedDate
Type: timestamp (string|DateTime or anything parsable by strtotime)

The date at which the organization became usable in the WorkMail context, in UNIX epoch time format.

DefaultMailDomain
Type: string

The default mail domain associated with the organization.

DirectoryId
Type: string

The identifier for the directory associated with an WorkMail organization.

DirectoryType
Type: string

The type of directory associated with the WorkMail organization.

ErrorMessage
Type: string

(Optional) The error message indicating if unexpected behavior was encountered with regards to the organization.

InteroperabilityEnabled
Type: boolean

Indicates if interoperability is enabled for this organization.

MigrationAdmin
Type: string

The user ID of the migration admin if migration is enabled for the organization.

OrganizationId
Type: string

The identifier of an organization.

State
Type: string

The state of an organization.

Errors

InvalidParameterException:

One or more of the input parameters don't match the service's restrictions.

OrganizationNotFoundException:

An operation received a valid organization identifier that either doesn't belong or exist in the system.

DescribeResource

$result = $client->describeResource([/* ... */]);
$promise = $client->describeResourceAsync([/* ... */]);

Returns the data available for the resource.

Parameter Syntax

$result = $client->describeResource([
    'OrganizationId' => '<string>', // REQUIRED
    'ResourceId' => '<string>', // REQUIRED
]);

Parameter Details

Members
OrganizationId
Required: Yes
Type: string

The identifier associated with the organization for which the resource is described.

ResourceId
Required: Yes
Type: string

The identifier of the resource to be described.

The identifier can accept ResourceId, Resourcename, or email. The following identity formats are available:

  • Resource ID: r-0123456789a0123456789b0123456789

  • Email address: resource@domain.tld

  • Resource name: resource

Result Syntax

[
    'BookingOptions' => [
        'AutoAcceptRequests' => true || false,
        'AutoDeclineConflictingRequests' => true || false,
        'AutoDeclineRecurringRequests' => true || false,
    ],
    'Description' => '<string>',
    'DisabledDate' => <DateTime>,
    'Email' => '<string>',
    'EnabledDate' => <DateTime>,
    'HiddenFromGlobalAddressList' => true || false,
    'Name' => '<string>',
    'ResourceId' => '<string>',
    'State' => 'ENABLED|DISABLED|DELETED',
    'Type' => 'ROOM|EQUIPMENT',
]

Result Details

Members
BookingOptions
Type: BookingOptions structure

The booking options for the described resource.

Description
Type: string

Description of the resource.

DisabledDate
Type: timestamp (string|DateTime or anything parsable by strtotime)

The date and time when a resource was disabled from WorkMail, in UNIX epoch time format.

Email
Type: string

The email of the described resource.

EnabledDate
Type: timestamp (string|DateTime or anything parsable by strtotime)

The date and time when a resource was enabled for WorkMail, in UNIX epoch time format.

HiddenFromGlobalAddressList
Type: boolean

If enabled, the resource is hidden from the global address list.

Name
Type: string

The name of the described resource.

ResourceId
Type: string

The identifier of the described resource.

State
Type: string

The state of the resource: enabled (registered to WorkMail), disabled (deregistered or never registered to WorkMail), or deleted.

Type
Type: string

The type of the described resource.

Errors

EntityNotFoundException:

The identifier supplied for the user, group, or resource does not exist in your organization.

InvalidParameterException:

One or more of the input parameters don't match the service's restrictions.

OrganizationNotFoundException:

An operation received a valid organization identifier that either doesn't belong or exist in the system.

OrganizationStateException:

The organization must have a valid state to perform certain operations on the organization or its members.

UnsupportedOperationException:

You can't perform a write operation against a read-only directory.

DescribeUser

$result = $client->describeUser([/* ... */]);
$promise = $client->describeUserAsync([/* ... */]);

Provides information regarding the user.

Parameter Syntax

$result = $client->describeUser([
    'OrganizationId' => '<string>', // REQUIRED
    'UserId' => '<string>', // REQUIRED
]);

Parameter Details

Members
OrganizationId
Required: Yes
Type: string

The identifier for the organization under which the user exists.

UserId
Required: Yes
Type: string

The identifier for the user to be described.

The identifier can be the UserId, Username, or email. The following identity formats are available:

  • User ID: 12345678-1234-1234-1234-123456789012 or S-1-1-12-1234567890-123456789-123456789-1234

  • Email address: user@domain.tld

  • User name: user

Result Syntax

[
    'City' => '<string>',
    'Company' => '<string>',
    'Country' => '<string>',
    'Department' => '<string>',
    'DisabledDate' => <DateTime>,
    'DisplayName' => '<string>',
    'Email' => '<string>',
    'EnabledDate' => <DateTime>,
    'FirstName' => '<string>',
    'HiddenFromGlobalAddressList' => true || false,
    'Initials' => '<string>',
    'JobTitle' => '<string>',
    'LastName' => '<string>',
    'MailboxDeprovisionedDate' => <DateTime>,
    'MailboxProvisionedDate' => <DateTime>,
    'Name' => '<string>',
    'Office' => '<string>',
    'State' => 'ENABLED|DISABLED|DELETED',
    'Street' => '<string>',
    'Telephone' => '<string>',
    'UserId' => '<string>',
    'UserRole' => 'USER|RESOURCE|SYSTEM_USER|REMOTE_USER',
    'ZipCode' => '<string>',
]

Result Details

Members
City
Type: string

City where the user is located.

Company
Type: string

Company of the user.

Country
Type: string

Country where the user is located.

Department
Type: string

Department of the user.

DisabledDate
Type: timestamp (string|DateTime or anything parsable by strtotime)

The date and time at which the user was disabled for WorkMail usage, in UNIX epoch time format.

DisplayName
Type: string

The display name of the user.

Email
Type: string

The email of the user.

EnabledDate
Type: timestamp (string|DateTime or anything parsable by strtotime)

The date and time at which the user was enabled for WorkMailusage, in UNIX epoch time format.

FirstName
Type: string

First name of the user.

HiddenFromGlobalAddressList
Type: boolean

If enabled, the user is hidden from the global address list.

Initials
Type: string

Initials of the user.

JobTitle
Type: string

Job title of the user.

LastName
Type: string

Last name of the user.

MailboxDeprovisionedDate
Type: timestamp (string|DateTime or anything parsable by strtotime)

The date when the mailbox was removed for the user.

MailboxProvisionedDate
Type: timestamp (string|DateTime or anything parsable by strtotime)

The date when the mailbox was created for the user.

Name
Type: string

The name for the user.

Office
Type: string

Office where the user is located.

State
Type: string

The state of a user: enabled (registered to WorkMail) or disabled (deregistered or never registered to WorkMail).

Street
Type: string

Street where the user is located.

Telephone
Type: string

User's contact number.

UserId
Type: string

The identifier for the described user.

UserRole
Type: string

In certain cases, other entities are modeled as users. If interoperability is enabled, resources are imported into WorkMail as users. Because different WorkMail organizations rely on different directory types, administrators can distinguish between an unregistered user (account is disabled and has a user role) and the directory administrators. The values are USER, RESOURCE, SYSTEM_USER, and REMOTE_USER.

ZipCode
Type: string

Zip code of the user.

Errors

EntityNotFoundException:

The identifier supplied for the user, group, or resource does not exist in your organization.

InvalidParameterException:

One or more of the input parameters don't match the service's restrictions.

OrganizationNotFoundException:

An operation received a valid organization identifier that either doesn't belong or exist in the system.

OrganizationStateException:

The organization must have a valid state to perform certain operations on the organization or its members.

DisassociateDelegateFromResource

$result = $client->disassociateDelegateFromResource([/* ... */]);
$promise = $client->disassociateDelegateFromResourceAsync([/* ... */]);

Removes a member from the resource's set of delegates.

Parameter Syntax

$result = $client->disassociateDelegateFromResource([
    'EntityId' => '<string>', // REQUIRED
    'OrganizationId' => '<string>', // REQUIRED
    'ResourceId' => '<string>', // REQUIRED
]);

Parameter Details

Members
EntityId
Required: Yes
Type: string

The identifier for the member (user, group) to be removed from the resource's delegates.

The entity ID can accept UserId or GroupID, Username or Groupname, or email.

  • Entity: 12345678-1234-1234-1234-123456789012 or S-1-1-12-1234567890-123456789-123456789-1234

  • Email address: entity@domain.tld

  • Entity: entity

OrganizationId
Required: Yes
Type: string

The identifier for the organization under which the resource exists.

ResourceId
Required: Yes
Type: string

The identifier of the resource from which delegates' set members are removed.

The identifier can accept ResourceId, Resourcename, or email. The following identity formats are available:

  • Resource ID: r-0123456789a0123456789b0123456789

  • Email address: resource@domain.tld

  • Resource name: resource

Result Syntax

[]

Result Details

The results for this operation are always empty.

Errors

EntityNotFoundException:

The identifier supplied for the user, group, or resource does not exist in your organization.

EntityStateException:

You are performing an operation on a user, group, or resource that isn't in the expected state, such as trying to delete an active user.

InvalidParameterException:

One or more of the input parameters don't match the service's restrictions.

OrganizationNotFoundException:

An operation received a valid organization identifier that either doesn't belong or exist in the system.

OrganizationStateException:

The organization must have a valid state to perform certain operations on the organization or its members.

UnsupportedOperationException:

You can't perform a write operation against a read-only directory.

DisassociateMemberFromGroup

$result = $client->disassociateMemberFromGroup([/* ... */]);
$promise = $client->disassociateMemberFromGroupAsync([/* ... */]);

Removes a member from a group.

Parameter Syntax

$result = $client->disassociateMemberFromGroup([
    'GroupId' => '<string>', // REQUIRED
    'MemberId' => '<string>', // REQUIRED
    'OrganizationId' => '<string>', // REQUIRED
]);

Parameter Details

Members
GroupId
Required: Yes
Type: string

The identifier for the group from which members are removed.

The identifier can accept GroupId, Groupname, or email. The following identity formats are available:

  • Group ID: 12345678-1234-1234-1234-123456789012 or S-1-1-12-1234567890-123456789-123456789-1234

  • Email address: group@domain.tld

  • Group name: group

MemberId
Required: Yes
Type: string

The identifier for the member to be removed from the group.

The member ID can accept UserID or GroupId, Username or Groupname, or email.

  • Member ID: 12345678-1234-1234-1234-123456789012 or S-1-1-12-1234567890-123456789-123456789-1234

  • Email address: member@domain.tld

  • Member name: member

OrganizationId
Required: Yes
Type: string

The identifier for the organization under which the group exists.

Result Syntax

[]

Result Details

The results for this operation are always empty.

Errors

DirectoryServiceAuthenticationFailedException:

The directory service doesn't recognize the credentials supplied by WorkMail.

DirectoryUnavailableException:

The directory is unavailable. It might be located in another Region or deleted.

EntityNotFoundException:

The identifier supplied for the user, group, or resource does not exist in your organization.

EntityStateException:

You are performing an operation on a user, group, or resource that isn't in the expected state, such as trying to delete an active user.

InvalidParameterException:

One or more of the input parameters don't match the service's restrictions.

OrganizationNotFoundException:

An operation received a valid organization identifier that either doesn't belong or exist in the system.

OrganizationStateException:

The organization must have a valid state to perform certain operations on the organization or its members.

UnsupportedOperationException:

You can't perform a write operation against a read-only directory.

GetAccessControlEffect

$result = $client->getAccessControlEffect([/* ... */]);
$promise = $client->getAccessControlEffectAsync([/* ... */]);

Gets the effects of an organization's access control rules as they apply to a specified IPv4 address, access protocol action, and user ID or impersonation role ID. You must provide either the user ID or impersonation role ID. Impersonation role ID can only be used with Action EWS.

Parameter Syntax

$result = $client->getAccessControlEffect([
    'Action' => '<string>', // REQUIRED
    'ImpersonationRoleId' => '<string>',
    'IpAddress' => '<string>', // REQUIRED
    'OrganizationId' => '<string>', // REQUIRED
    'UserId' => '<string>',
]);

Parameter Details

Members
Action
Required: Yes
Type: string

The access protocol action. Valid values include ActiveSync, AutoDiscover, EWS, IMAP, SMTP, WindowsOutlook, and WebMail.

ImpersonationRoleId
Type: string

The impersonation role ID.

IpAddress
Required: Yes
Type: string

The IPv4 address.

OrganizationId
Required: Yes
Type: string

The identifier for the organization.

UserId
Type: string

The user ID.

Result Syntax

[
    'Effect' => 'ALLOW|DENY',
    'MatchedRules' => ['<string>', ...],
]

Result Details

Members
Effect
Type: string

The rule effect.

MatchedRules
Type: Array of strings

The rules that match the given parameters, resulting in an effect.

Errors

EntityNotFoundException:

The identifier supplied for the user, group, or resource does not exist in your organization.

ResourceNotFoundException:

The resource cannot be found.

InvalidParameterException:

One or more of the input parameters don't match the service's restrictions.

OrganizationNotFoundException:

An operation received a valid organization identifier that either doesn't belong or exist in the system.

OrganizationStateException:

The organization must have a valid state to perform certain operations on the organization or its members.

GetDefaultRetentionPolicy

$result = $client->getDefaultRetentionPolicy([/* ... */]);
$promise = $client->getDefaultRetentionPolicyAsync([/* ... */]);

Gets the default retention policy details for the specified organization.

Parameter Syntax

$result = $client->getDefaultRetentionPolicy([
    'OrganizationId' => '<string>', // REQUIRED
]);

Parameter Details

Members
OrganizationId
Required: Yes
Type: string

The organization ID.

Result Syntax

[
    'Description' => '<string>',
    'FolderConfigurations' => [
        [
            'Action' => 'NONE|DELETE|PERMANENTLY_DELETE',
            'Name' => 'INBOX|DELETED_ITEMS|SENT_ITEMS|DRAFTS|JUNK_EMAIL',
            'Period' => <integer>,
        ],
        // ...
    ],
    'Id' => '<string>',
    'Name' => '<string>',
]

Result Details

Members
Description
Type: string

The retention policy description.

FolderConfigurations
Type: Array of FolderConfiguration structures

The retention policy folder configurations.

Id
Type: string

The retention policy ID.

Name
Type: string

The retention policy name.

Errors

InvalidParameterException:

One or more of the input parameters don't match the service's restrictions.

OrganizationNotFoundException:

An operation received a valid organization identifier that either doesn't belong or exist in the system.

OrganizationStateException:

The organization must have a valid state to perform certain operations on the organization or its members.

EntityNotFoundException:

The identifier supplied for the user, group, or resource does not exist in your organization.

GetImpersonationRole

$result = $client->getImpersonationRole([/* ... */]);
$promise = $client->getImpersonationRoleAsync([/* ... */]);

Gets the impersonation role details for the given WorkMail organization.

Parameter Syntax

$result = $client->getImpersonationRole([
    'ImpersonationRoleId' => '<string>', // REQUIRED
    'OrganizationId' => '<string>', // REQUIRED
]);

Parameter Details

Members
ImpersonationRoleId
Required: Yes
Type: string

The impersonation role ID to retrieve.

OrganizationId
Required: Yes
Type: string

The WorkMail organization from which to retrieve the impersonation role.

Result Syntax

[
    'DateCreated' => <DateTime>,
    'DateModified' => <DateTime>,
    'Description' => '<string>',
    'ImpersonationRoleId' => '<string>',
    'Name' => '<string>',
    'Rules' => [
        [
            'Description' => '<string>',
            'Effect' => 'ALLOW|DENY',
            'ImpersonationRuleId' => '<string>',
            'Name' => '<string>',
            'NotTargetUsers' => ['<string>', ...],
            'TargetUsers' => ['<string>', ...],
        ],
        // ...
    ],
    'Type' => 'FULL_ACCESS|READ_ONLY',
]

Result Details

Members
DateCreated
Type: timestamp (string|DateTime or anything parsable by strtotime)

The date when the impersonation role was created.

DateModified
Type: timestamp (string|DateTime or anything parsable by strtotime)

The date when the impersonation role was last modified.

Description
Type: string

The impersonation role description.

ImpersonationRoleId
Type: string

The impersonation role ID.

Name
Type: string

The impersonation role name.

Rules
Type: Array of ImpersonationRule structures

The list of rules for the given impersonation role.

Type
Type: string

The impersonation role type.

Errors

InvalidParameterException:

One or more of the input parameters don't match the service's restrictions.

OrganizationNotFoundException:

An operation received a valid organization identifier that either doesn't belong or exist in the system.

OrganizationStateException:

The organization must have a valid state to perform certain operations on the organization or its members.

ResourceNotFoundException:

The resource cannot be found.

GetImpersonationRoleEffect

$result = $client->getImpersonationRoleEffect([/* ... */]);
$promise = $client->getImpersonationRoleEffectAsync([/* ... */]);

Tests whether the given impersonation role can impersonate a target user.

Parameter Syntax

$result = $client->getImpersonationRoleEffect([
    'ImpersonationRoleId' => '<string>', // REQUIRED
    'OrganizationId' => '<string>', // REQUIRED
    'TargetUser' => '<string>', // REQUIRED
]);

Parameter Details

Members
ImpersonationRoleId
Required: Yes
Type: string

The impersonation role ID to test.

OrganizationId
Required: Yes
Type: string

The WorkMail organization where the impersonation role is defined.

TargetUser
Required: Yes
Type: string

The WorkMail organization user chosen to test the impersonation role. The following identity formats are available:

  • User ID: 12345678-1234-1234-1234-123456789012 or S-1-1-12-1234567890-123456789-123456789-1234

  • Email address: user@domain.tld

  • User name: user

Result Syntax

[
    'Effect' => 'ALLOW|DENY',
    'MatchedRules' => [
        [
            'ImpersonationRuleId' => '<string>',
            'Name' => '<string>',
        ],
        // ...
    ],
    'Type' => 'FULL_ACCESS|READ_ONLY',
]

Result Details

Members
Effect
Type: string

Effect of the impersonation role on the target user based on its rules. Available effects are ALLOW or DENY.

MatchedRules
Type: Array of ImpersonationMatchedRule structures

A list of the rules that match the input and produce the configured effect.

Type
Type: string

The impersonation role type.

Errors

InvalidParameterException:

One or more of the input parameters don't match the service's restrictions.

OrganizationNotFoundException:

An operation received a valid organization identifier that either doesn't belong or exist in the system.

OrganizationStateException:

The organization must have a valid state to perform certain operations on the organization or its members.

ResourceNotFoundException:

The resource cannot be found.

EntityNotFoundException:

The identifier supplied for the user, group, or resource does not exist in your organization.

EntityStateException:

You are performing an operation on a user, group, or resource that isn't in the expected state, such as trying to delete an active user.

GetMailDomain

$result = $client->getMailDomain([/* ... */]);
$promise = $client->getMailDomainAsync([/* ... */]);

Gets details for a mail domain, including domain records required to configure your domain with recommended security.

Parameter Syntax

$result = $client->getMailDomain([
    'DomainName' => '<string>', // REQUIRED
    'OrganizationId' => '<string>', // REQUIRED
]);

Parameter Details

Members
DomainName
Required: Yes
Type: string

The domain from which you want to retrieve details.

OrganizationId
Required: Yes
Type: string

The WorkMail organization for which the domain is retrieved.

Result Syntax

[
    'DkimVerificationStatus' => 'PENDING|VERIFIED|FAILED',
    'IsDefault' => true || false,
    'IsTestDomain' => true || false,
    'OwnershipVerificationStatus' => 'PENDING|VERIFIED|FAILED',
    'Records' => [
        [
            'Hostname' => '<string>',
            'Type' => '<string>',
            'Value' => '<string>',
        ],
        // ...
    ],
]

Result Details

Members
DkimVerificationStatus
Type: string

Indicates the status of a DKIM verification.

IsDefault
Type: boolean

Specifies whether the domain is the default domain for your organization.

IsTestDomain
Type: boolean

Specifies whether the domain is a test domain provided by WorkMail, or a custom domain.

OwnershipVerificationStatus
Type: string

Indicates the status of the domain ownership verification.

Records
Type: Array of DnsRecord structures

A list of the DNS records that WorkMail recommends adding in your DNS provider for the best user experience. The records configure your domain with DMARC, SPF, DKIM, and direct incoming email traffic to SES. See admin guide for more details.

Errors

MailDomainNotFoundException:

The domain specified is not found in your organization.

OrganizationNotFoundException:

An operation received a valid organization identifier that either doesn't belong or exist in the system.

OrganizationStateException:

The organization must have a valid state to perform certain operations on the organization or its members.

InvalidParameterException:

One or more of the input parameters don't match the service's restrictions.

GetMailboxDetails

$result = $client->getMailboxDetails([/* ... */]);
$promise = $client->getMailboxDetailsAsync([/* ... */]);

Requests a user's mailbox details for a specified organization and user.

Parameter Syntax

$result = $client->getMailboxDetails([
    'OrganizationId' => '<string>', // REQUIRED
    'UserId' => '<string>', // REQUIRED
]);

Parameter Details

Members
OrganizationId
Required: Yes
Type: string

The identifier for the organization that contains the user whose mailbox details are being requested.

UserId
Required: Yes
Type: string

The identifier for the user whose mailbox details are being requested.

The identifier can be the UserId, Username, or email. The following identity formats are available:

  • User ID: 12345678-1234-1234-1234-123456789012 or S-1-1-12-1234567890-123456789-123456789-1234

  • Email address: user@domain.tld

  • User name: user

Result Syntax

[
    'MailboxQuota' => <integer>,
    'MailboxSize' => <float>,
]

Result Details

Members
MailboxQuota
Type: int

The maximum allowed mailbox size, in MB, for the specified user.

MailboxSize
Type: double

The current mailbox size, in MB, for the specified user.

Errors

InvalidParameterException:

One or more of the input parameters don't match the service's restrictions.

OrganizationNotFoundException:

An operation received a valid organization identifier that either doesn't belong or exist in the system.

OrganizationStateException:

The organization must have a valid state to perform certain operations on the organization or its members.

EntityNotFoundException:

The identifier supplied for the user, group, or resource does not exist in your organization.

GetMobileDeviceAccessEffect

$result = $client->getMobileDeviceAccessEffect([/* ... */]);
$promise = $client->getMobileDeviceAccessEffectAsync([/* ... */]);

Simulates the effect of the mobile device access rules for the given attributes of a sample access event. Use this method to test the effects of the current set of mobile device access rules for the WorkMail organization for a particular user's attributes.

Parameter Syntax

$result = $client->getMobileDeviceAccessEffect([
    'DeviceModel' => '<string>',
    'DeviceOperatingSystem' => '<string>',
    'DeviceType' => '<string>',
    'DeviceUserAgent' => '<string>',
    'OrganizationId' => '<string>', // REQUIRED
]);

Parameter Details

Members
DeviceModel
Type: string

Device model the simulated user will report.

DeviceOperatingSystem
Type: string

Device operating system the simulated user will report.

DeviceType
Type: string

Device type the simulated user will report.

DeviceUserAgent
Type: string

Device user agent the simulated user will report.

OrganizationId
Required: Yes
Type: string

The WorkMail organization to simulate the access effect for.

Result Syntax

[
    'Effect' => 'ALLOW|DENY',
    'MatchedRules' => [
        [
            'MobileDeviceAccessRuleId' => '<string>',
            'Name' => '<string>',
        ],
        // ...
    ],
]

Result Details

Members
Effect
Type: string

The effect of the simulated access, ALLOW or DENY, after evaluating mobile device access rules in the WorkMail organization for the simulated user parameters.

MatchedRules
Type: Array of MobileDeviceAccessMatchedRule structures

A list of the rules which matched the simulated user input and produced the effect.

Errors

InvalidParameterException:

One or more of the input parameters don't match the service's restrictions.

OrganizationNotFoundException:

An operation received a valid organization identifier that either doesn't belong or exist in the system.

OrganizationStateException:

The organization must have a valid state to perform certain operations on the organization or its members.

GetMobileDeviceAccessOverride

$result = $client->getMobileDeviceAccessOverride([/* ... */]);
$promise = $client->getMobileDeviceAccessOverrideAsync([/* ... */]);

Gets the mobile device access override for the given WorkMail organization, user, and device.

Parameter Syntax

$result = $client->getMobileDeviceAccessOverride([
    'DeviceId' => '<string>', // REQUIRED
    'OrganizationId' => '<string>', // REQUIRED
    'UserId' => '<string>', // REQUIRED
]);

Parameter Details

Members
DeviceId
Required: Yes
Type: string

The mobile device to which the override applies. DeviceId is case insensitive.

OrganizationId
Required: Yes
Type: string

The WorkMail organization to which you want to apply the override.

UserId
Required: Yes
Type: string

Identifies the WorkMail user for the override. Accepts the following types of user identities:

  • User ID: 12345678-1234-1234-1234-123456789012 or S-1-1-12-1234567890-123456789-123456789-1234

  • Email address: user@domain.tld

  • User name: user

Result Syntax

[
    'DateCreated' => <DateTime>,
    'DateModified' => <DateTime>,
    'Description' => '<string>',
    'DeviceId' => '<string>',
    'Effect' => 'ALLOW|DENY',
    'UserId' => '<string>',
]

Result Details

Members
DateCreated
Type: timestamp (string|DateTime or anything parsable by strtotime)

The date the override was first created.

DateModified
Type: timestamp (string|DateTime or anything parsable by strtotime)

The date the description was last modified.

Description
Type: string

A description of the override.

DeviceId
Type: string

The device to which the access override applies.

Effect
Type: string

The effect of the override, ALLOW or DENY.

UserId
Type: string

The WorkMail user to which the access override applies.

Errors

InvalidParameterException:

One or more of the input parameters don't match the service's restrictions.

OrganizationNotFoundException:

An operation received a valid organization identifier that either doesn't belong or exist in the system.

OrganizationStateException:

The organization must have a valid state to perform certain operations on the organization or its members.

EntityNotFoundException:

The identifier supplied for the user, group, or resource does not exist in your organization.

ResourceNotFoundException:

The resource cannot be found.

ListAccessControlRules

$result = $client->listAccessControlRules([/* ... */]);
$promise = $client->listAccessControlRulesAsync([/* ... */]);

Lists the access control rules for the specified organization.

Parameter Syntax

$result = $client->listAccessControlRules([
    'OrganizationId' => '<string>', // REQUIRED
]);

Parameter Details

Members
OrganizationId
Required: Yes
Type: string

The identifier for the organization.

Result Syntax

[
    'Rules' => [
        [
            'Actions' => ['<string>', ...],
            'DateCreated' => <DateTime>,
            'DateModified' => <DateTime>,
            'Description' => '<string>',
            'Effect' => 'ALLOW|DENY',
            'ImpersonationRoleIds' => ['<string>', ...],
            'IpRanges' => ['<string>', ...],
            'Name' => '<string>',
            'NotActions' => ['<string>', ...],
            'NotImpersonationRoleIds' => ['<string>', ...],
            'NotIpRanges' => ['<string>', ...],
            'NotUserIds' => ['<string>', ...],
            'UserIds' => ['<string>', ...],
        ],
        // ...
    ],
]

Result Details

Members
Rules
Type: Array of AccessControlRule structures

The access control rules.

Errors

OrganizationNotFoundException:

An operation received a valid organization identifier that either doesn't belong or exist in the system.

OrganizationStateException:

The organization must have a valid state to perform certain operations on the organization or its members.

ListAliases

$result = $client->listAliases([/* ... */]);
$promise = $client->listAliasesAsync([/* ... */]);

Creates a paginated call to list the aliases associated with a given entity.

Parameter Syntax

$result = $client->listAliases([
    'EntityId' => '<string>', // REQUIRED
    'MaxResults' => <integer>,
    'NextToken' => '<string>',
    'OrganizationId' => '<string>', // REQUIRED
]);

Parameter Details

Members
EntityId
Required: Yes
Type: string

The identifier for the entity for which to list the aliases.

MaxResults
Type: int

The maximum number of results to return in a single call.

NextToken
Type: string

The token to use to retrieve the next page of results. The first call does not contain any tokens.

OrganizationId
Required: Yes
Type: string

The identifier for the organization under which the entity exists.

Result Syntax

[
    'Aliases' => ['<string>', ...],
    'NextToken' => '<string>',
]

Result Details

Members
Aliases
Type: Array of strings

The entity's paginated aliases.

NextToken
Type: string

The token to use to retrieve the next page of results. The value is "null" when there are no more results to return.

Errors

EntityNotFoundException:

The identifier supplied for the user, group, or resource does not exist in your organization.

EntityStateException:

You are performing an operation on a user, group, or resource that isn't in the expected state, such as trying to delete an active user.

InvalidParameterException:

One or more of the input parameters don't match the service's restrictions.

OrganizationNotFoundException:

An operation received a valid organization identifier that either doesn't belong or exist in the system.

OrganizationStateException:

The organization must have a valid state to perform certain operations on the organization or its members.

ListAvailabilityConfigurations

$result = $client->listAvailabilityConfigurations([/* ... */]);
$promise = $client->listAvailabilityConfigurationsAsync([/* ... */]);

List all the AvailabilityConfiguration's for the given WorkMail organization.

Parameter Syntax

$result = $client->listAvailabilityConfigurations([
    'MaxResults' => <integer>,
    'NextToken' => '<string>',
    'OrganizationId' => '<string>', // REQUIRED
]);

Parameter Details

Members
MaxResults
Type: int

The maximum number of results to return in a single call.

NextToken
Type: string

The token to use to retrieve the next page of results. The first call does not require a token.

OrganizationId
Required: Yes
Type: string

The WorkMail organization for which the AvailabilityConfiguration's will be listed.

Result Syntax

[
    'AvailabilityConfigurations' => [
        [
            'DateCreated' => <DateTime>,
            'DateModified' => <DateTime>,
            'DomainName' => '<string>',
            'EwsProvider' => [
                'EwsEndpoint' => '<string>',
                'EwsUsername' => '<string>',
            ],
            'LambdaProvider' => [
                'LambdaArn' => '<string>',
            ],
            'ProviderType' => 'EWS|LAMBDA',
        ],
        // ...
    ],
    'NextToken' => '<string>',
]

Result Details

Members
AvailabilityConfigurations
Type: Array of AvailabilityConfiguration structures

The list of AvailabilityConfiguration's that exist for the specified WorkMail organization.

NextToken
Type: string

The token to use to retrieve the next page of results. The value is null when there are no further results to return.

Errors

OrganizationNotFoundException:

An operation received a valid organization identifier that either doesn't belong or exist in the system.

OrganizationStateException:

The organization must have a valid state to perform certain operations on the organization or its members.

ListGroupMembers

$result = $client->listGroupMembers([/* ... */]);
$promise = $client->listGroupMembersAsync([/* ... */]);

Returns an overview of the members of a group. Users and groups can be members of a group.

Parameter Syntax

$result = $client->listGroupMembers([
    'GroupId' => '<string>', // REQUIRED
    'MaxResults' => <integer>,
    'NextToken' => '<string>',
    'OrganizationId' => '<string>', // REQUIRED
]);

Parameter Details

Members
GroupId
Required: Yes
Type: string

The identifier for the group to which the members (users or groups) are associated.

The identifier can accept GroupId, Groupname, or email. The following identity formats are available:

  • Group ID: 12345678-1234-1234-1234-123456789012 or S-1-1-12-1234567890-123456789-123456789-1234

  • Email address: group@domain.tld

  • Group name: group

MaxResults
Type: int

The maximum number of results to return in a single call.

NextToken
Type: string

The token to use to retrieve the next page of results. The first call does not contain any tokens.

OrganizationId
Required: Yes
Type: string

The identifier for the organization under which the group exists.

Result Syntax

[
    'Members' => [
        [
            'DisabledDate' => <DateTime>,
            'EnabledDate' => <DateTime>,
            'Id' => '<string>',
            'Name' => '<string>',
            'State' => 'ENABLED|DISABLED|DELETED',
            'Type' => 'GROUP|USER',
        ],
        // ...
    ],
    'NextToken' => '<string>',
]

Result Details

Members
Members
Type: Array of Member structures

The members associated to the group.

NextToken
Type: string

The token to use to retrieve the next page of results. The first call does not contain any tokens.

Errors

EntityNotFoundException:

The identifier supplied for the user, group, or resource does not exist in your organization.

EntityStateException:

You are performing an operation on a user, group, or resource that isn't in the expected state, such as trying to delete an active user.

InvalidParameterException:

One or more of the input parameters don't match the service's restrictions.

OrganizationNotFoundException:

An operation received a valid organization identifier that either doesn't belong or exist in the system.

OrganizationStateException:

The organization must have a valid state to perform certain operations on the organization or its members.

ListGroups

$result = $client->listGroups([/* ... */]);
$promise = $client->listGroupsAsync([/* ... */]);

Returns summaries of the organization's groups.

Parameter Syntax

$result = $client->listGroups([
    'Filters' => [
        'NamePrefix' => '<string>',
        'PrimaryEmailPrefix' => '<string>',
        'State' => 'ENABLED|DISABLED|DELETED',
    ],
    'MaxResults' => <integer>,
    'NextToken' => '<string>',
    'OrganizationId' => '<string>', // REQUIRED
]);

Parameter Details

Members
Filters
Type: ListGroupsFilters structure

Limit the search results based on the filter criteria. Only one filter per request is supported.

MaxResults
Type: int

The maximum number of results to return in a single call.

NextToken
Type: string

The token to use to retrieve the next page of results. The first call does not contain any tokens.

OrganizationId
Required: Yes
Type: string

The identifier for the organization under which the groups exist.

Result Syntax

[
    'Groups' => [
        [
            'DisabledDate' => <DateTime>,
            'Email' => '<string>',
            'EnabledDate' => <DateTime>,
            'Id' => '<string>',
            'Name' => '<string>',
            'State' => 'ENABLED|DISABLED|DELETED',
        ],
        // ...
    ],
    'NextToken' => '<string>',
]

Result Details

Members
Groups
Type: Array of Group structures

The overview of groups for an organization.

NextToken
Type: string

The token to use to retrieve the next page of results. The value is "null" when there are no more results to return.

Errors

EntityNotFoundException:

The identifier supplied for the user, group, or resource does not exist in your organization.

InvalidParameterException:

One or more of the input parameters don't match the service's restrictions.

OrganizationNotFoundException:

An operation received a valid organization identifier that either doesn't belong or exist in the system.

OrganizationStateException:

The organization must have a valid state to perform certain operations on the organization or its members.

ListGroupsForEntity

$result = $client->listGroupsForEntity([/* ... */]);
$promise = $client->listGroupsForEntityAsync([/* ... */]);

Returns all the groups to which an entity belongs.

Parameter Syntax

$result = $client->listGroupsForEntity([
    'EntityId' => '<string>', // REQUIRED
    'Filters' => [
        'GroupNamePrefix' => '<string>',
    ],
    'MaxResults' => <integer>,
    'NextToken' => '<string>',
    'OrganizationId' => '<string>', // REQUIRED
]);

Parameter Details

Members
EntityId
Required: Yes
Type: string

The identifier for the entity.

The entity ID can accept UserId or GroupID, Username or Groupname, or email.

  • Entity ID: 12345678-1234-1234-1234-123456789012 or S-1-1-12-1234567890-123456789-123456789-1234

  • Email address: entity@domain.tld

  • Entity name: entity

Filters
Type: ListGroupsForEntityFilters structure

Limit the search results based on the filter criteria.

MaxResults
Type: int

The maximum number of results to return in a single call.

NextToken
Type: string

The token to use to retrieve the next page of results. The first call does not contain any tokens.

OrganizationId
Required: Yes
Type: string

The identifier for the organization under which the entity exists.

Result Syntax

[
    'Groups' => [
        [
            'GroupId' => '<string>',
            'GroupName' => '<string>',
        ],
        // ...
    ],
    'NextToken' => '<string>',
]

Result Details

Members
Groups
Type: Array of GroupIdentifier structures

The overview of groups in an organization.

NextToken
Type: string

The token to use to retrieve the next page of results. This value is `null` when there are no more results to return.

Errors

EntityNotFoundException:

The identifier supplied for the user, group, or resource does not exist in your organization.

EntityStateException:

You are performing an operation on a user, group, or resource that isn't in the expected state, such as trying to delete an active user.

OrganizationNotFoundException:

An operation received a valid organization identifier that either doesn't belong or exist in the system.

OrganizationStateException:

The organization must have a valid state to perform certain operations on the organization or its members.

InvalidParameterException:

One or more of the input parameters don't match the service's restrictions.

ListImpersonationRoles

$result = $client->listImpersonationRoles([/* ... */]);
$promise = $client->listImpersonationRolesAsync([/* ... */]);

Lists all the impersonation roles for the given WorkMail organization.

Parameter Syntax

$result = $client->listImpersonationRoles([
    'MaxResults' => <integer>,
    'NextToken' => '<string>',
    'OrganizationId' => '<string>', // REQUIRED
]);

Parameter Details

Members
MaxResults
Type: int

The maximum number of results returned in a single call.

NextToken
Type: string

The token used to retrieve the next page of results. The first call doesn't require a token.

OrganizationId
Required: Yes
Type: string

The WorkMail organization to which the listed impersonation roles belong.

Result Syntax

[
    'NextToken' => '<string>',
    'Roles' => [
        [
            'DateCreated' => <DateTime>,
            'DateModified' => <DateTime>,
            'ImpersonationRoleId' => '<string>',
            'Name' => '<string>',
            'Type' => 'FULL_ACCESS|READ_ONLY',
        ],
        // ...
    ],
]

Result Details

Members
NextToken
Type: string

The token to retrieve the next page of results. The value is null when there are no results to return.

Roles
Type: Array of ImpersonationRole structures

The list of impersonation roles under the given WorkMail organization.

Errors

InvalidParameterException:

One or more of the input parameters don't match the service's restrictions.

OrganizationNotFoundException:

An operation received a valid organization identifier that either doesn't belong or exist in the system.

OrganizationStateException:

The organization must have a valid state to perform certain operations on the organization or its members.

ListMailDomains

$result = $client->listMailDomains([/* ... */]);
$promise = $client->listMailDomainsAsync([/* ... */]);

Lists the mail domains in a given WorkMail organization.

Parameter Syntax

$result = $client->listMailDomains([
    'MaxResults' => <integer>,
    'NextToken' => '<string>',
    'OrganizationId' => '<string>', // REQUIRED
]);

Parameter Details

Members
MaxResults
Type: int

The maximum number of results to return in a single call.

NextToken
Type: string

The token to use to retrieve the next page of results. The first call does not require a token.

OrganizationId
Required: Yes
Type: string

The WorkMail organization for which to list domains.

Result Syntax

[
    'MailDomains' => [
        [
            'DefaultDomain' => true || false,
            'DomainName' => '<string>',
        ],
        // ...
    ],
    'NextToken' => '<string>',
]

Result Details

Members
MailDomains
Type: Array of MailDomainSummary structures

The list of mail domain summaries, specifying domains that exist in the specified WorkMail organization, along with the information about whether the domain is or isn't the default.

NextToken
Type: string

The token to use to retrieve the next page of results. The value becomes null when there are no more results to return.

Errors

InvalidParameterException:

One or more of the input parameters don't match the service's restrictions.

OrganizationNotFoundException:

An operation received a valid organization identifier that either doesn't belong or exist in the system.

OrganizationStateException:

The organization must have a valid state to perform certain operations on the organization or its members.

ListMailboxExportJobs

$result = $client->listMailboxExportJobs([/* ... */]);
$promise = $client->listMailboxExportJobsAsync([/* ... */]);

Lists the mailbox export jobs started for the specified organization within the last seven days.

Parameter Syntax

$result = $client->listMailboxExportJobs([
    'MaxResults' => <integer>,
    'NextToken' => '<string>',
    'OrganizationId' => '<string>', // REQUIRED
]);

Parameter Details

Members
MaxResults
Type: int

The maximum number of results to return in a single call.

NextToken
Type: string

The token to use to retrieve the next page of results.

OrganizationId
Required: Yes
Type: string

The organization ID.

Result Syntax

[
    'Jobs' => [
        [
            'Description' => '<string>',
            'EndTime' => <DateTime>,
            'EntityId' => '<string>',
            'EstimatedProgress' => <integer>,
            'JobId' => '<string>',
            'S3BucketName' => '<string>',
            'S3Path' => '<string>',
            'StartTime' => <DateTime>,
            'State' => 'RUNNING|COMPLETED|FAILED|CANCELLED',
        ],
        // ...
    ],
    'NextToken' => '<string>',
]

Result Details

Members
Jobs
Type: Array of MailboxExportJob structures

The mailbox export job details.

NextToken
Type: string

The token to use to retrieve the next page of results.

Errors

InvalidParameterException:

One or more of the input parameters don't match the service's restrictions.

OrganizationNotFoundException:

An operation received a valid organization identifier that either doesn't belong or exist in the system.

OrganizationStateException:

The organization must have a valid state to perform certain operations on the organization or its members.

ListMailboxPermissions

$result = $client->listMailboxPermissions([/* ... */]);
$promise = $client->listMailboxPermissionsAsync([/* ... */]);

Lists the mailbox permissions associated with a user, group, or resource mailbox.

Parameter Syntax

$result = $client->listMailboxPermissions([
    'EntityId' => '<string>', // REQUIRED
    'MaxResults' => <integer>,
    'NextToken' => '<string>',
    'OrganizationId' => '<string>', // REQUIRED
]);

Parameter Details

Members
EntityId
Required: Yes
Type: string

The identifier of the user, or resource for which to list mailbox permissions.

The entity ID can accept UserId or ResourceId, Username or Resourcename, or email.

  • Entity ID: 12345678-1234-1234-1234-123456789012, or r-0123456789a0123456789b0123456789

  • Email address: entity@domain.tld

  • Entity name: entity

MaxResults
Type: int

The maximum number of results to return in a single call.

NextToken
Type: string

The token to use to retrieve the next page of results. The first call does not contain any tokens.

OrganizationId
Required: Yes
Type: string

The identifier of the organization under which the user, group, or resource exists.

Result Syntax

[
    'NextToken' => '<string>',
    'Permissions' => [
        [
            'GranteeId' => '<string>',
            'GranteeType' => 'GROUP|USER',
            'PermissionValues' => ['<string>', ...],
        ],
        // ...
    ],
]

Result Details

Members
NextToken
Type: string

The token to use to retrieve the next page of results. The value is "null" when there are no more results to return.

Permissions
Type: Array of Permission structures

One page of the user, group, or resource mailbox permissions.

Errors

EntityNotFoundException:

The identifier supplied for the user, group, or resource does not exist in your organization.

InvalidParameterException:

One or more of the input parameters don't match the service's restrictions.

OrganizationNotFoundException:

An operation received a valid organization identifier that either doesn't belong or exist in the system.

OrganizationStateException:

The organization must have a valid state to perform certain operations on the organization or its members.

ListMobileDeviceAccessOverrides

$result = $client->listMobileDeviceAccessOverrides([/* ... */]);
$promise = $client->listMobileDeviceAccessOverridesAsync([/* ... */]);

Lists all the mobile device access overrides for any given combination of WorkMail organization, user, or device.

Parameter Syntax

$result = $client->listMobileDeviceAccessOverrides([
    'DeviceId' => '<string>',
    'MaxResults' => <integer>,
    'NextToken' => '<string>',
    'OrganizationId' => '<string>', // REQUIRED
    'UserId' => '<string>',
]);

Parameter Details

Members
DeviceId
Type: string

The mobile device to which the access override applies.

MaxResults
Type: int

The maximum number of results to return in a single call.

NextToken
Type: string

The token to use to retrieve the next page of results. The first call does not require a token.

OrganizationId
Required: Yes
Type: string

The WorkMail organization under which to list mobile device access overrides.

UserId
Type: string

The WorkMail user under which you list the mobile device access overrides. Accepts the following types of user identities:

  • User ID: 12345678-1234-1234-1234-123456789012 or S-1-1-12-1234567890-123456789-123456789-1234

  • Email address: user@domain.tld

  • User name: user

Result Syntax

[
    'NextToken' => '<string>',
    'Overrides' => [
        [
            'DateCreated' => <DateTime>,
            'DateModified' => <DateTime>,
            'Description' => '<string>',
            'DeviceId' => '<string>',
            'Effect' => 'ALLOW|DENY',
            'UserId' => '<string>',
        ],
        // ...
    ],
]

Result Details

Members
NextToken
Type: string

The token to use to retrieve the next page of results. The value is “null” when there are no more results to return.

Overrides
Type: Array of MobileDeviceAccessOverride structures

The list of mobile device access overrides that exist for the specified WorkMail organization and user.

Errors

InvalidParameterException:

One or more of the input parameters don't match the service's restrictions.

OrganizationNotFoundException:

An operation received a valid organization identifier that either doesn't belong or exist in the system.

OrganizationStateException:

The organization must have a valid state to perform certain operations on the organization or its members.

EntityNotFoundException:

The identifier supplied for the user, group, or resource does not exist in your organization.

ListMobileDeviceAccessRules

$result = $client->listMobileDeviceAccessRules([/* ... */]);
$promise = $client->listMobileDeviceAccessRulesAsync([/* ... */]);

Lists the mobile device access rules for the specified WorkMail organization.

Parameter Syntax

$result = $client->listMobileDeviceAccessRules([
    'OrganizationId' => '<string>', // REQUIRED
]);

Parameter Details

Members
OrganizationId
Required: Yes
Type: string

The WorkMail organization for which to list the rules.

Result Syntax

[
    'Rules' => [
        [
            'DateCreated' => <DateTime>,
            'DateModified' => <DateTime>,
            'Description' => '<string>',
            'DeviceModels' => ['<string>', ...],
            'DeviceOperatingSystems' => ['<string>', ...],
            'DeviceTypes' => ['<string>', ...],
            'DeviceUserAgents' => ['<string>', ...],
            'Effect' => 'ALLOW|DENY',
            'MobileDeviceAccessRuleId' => '<string>',
            'Name' => '<string>',
            'NotDeviceModels' => ['<string>', ...],
            'NotDeviceOperatingSystems' => ['<string>', ...],
            'NotDeviceTypes' => ['<string>', ...],
            'NotDeviceUserAgents' => ['<string>', ...],
        ],
        // ...
    ],
]

Result Details

Members
Rules
Type: Array of MobileDeviceAccessRule structures

The list of mobile device access rules that exist under the specified WorkMail organization.

Errors

InvalidParameterException:

One or more of the input parameters don't match the service's restrictions.

OrganizationNotFoundException:

An operation received a valid organization identifier that either doesn't belong or exist in the system.

OrganizationStateException:

The organization must have a valid state to perform certain operations on the organization or its members.

ListOrganizations

$result = $client->listOrganizations([/* ... */]);
$promise = $client->listOrganizationsAsync([/* ... */]);

Returns summaries of the customer's organizations.

Parameter Syntax

$result = $client->listOrganizations([
    'MaxResults' => <integer>,
    'NextToken' => '<string>',
]);

Parameter Details

Members
MaxResults
Type: int

The maximum number of results to return in a single call.

NextToken
Type: string

The token to use to retrieve the next page of results. The first call does not contain any tokens.

Result Syntax

[
    'NextToken' => '<string>',
    'OrganizationSummaries' => [
        [
            'Alias' => '<string>',
            'DefaultMailDomain' => '<string>',
            'ErrorMessage' => '<string>',
            'OrganizationId' => '<string>',
            'State' => '<string>',
        ],
        // ...
    ],
]

Result Details

Members
NextToken
Type: string

The token to use to retrieve the next page of results. The value is "null" when there are no more results to return.

OrganizationSummaries
Type: Array of OrganizationSummary structures

The overview of owned organizations presented as a list of organization summaries.

Errors

InvalidParameterException:

One or more of the input parameters don't match the service's restrictions.

ListResourceDelegates

$result = $client->listResourceDelegates([/* ... */]);
$promise = $client->listResourceDelegatesAsync([/* ... */]);

Lists the delegates associated with a resource. Users and groups can be resource delegates and answer requests on behalf of the resource.

Parameter Syntax

$result = $client->listResourceDelegates([
    'MaxResults' => <integer>,
    'NextToken' => '<string>',
    'OrganizationId' => '<string>', // REQUIRED
    'ResourceId' => '<string>', // REQUIRED
]);

Parameter Details

Members
MaxResults
Type: int

The number of maximum results in a page.

NextToken
Type: string

The token used to paginate through the delegates associated with a resource.

OrganizationId
Required: Yes
Type: string

The identifier for the organization that contains the resource for which delegates are listed.

ResourceId
Required: Yes
Type: string

The identifier for the resource whose delegates are listed.

The identifier can accept ResourceId, Resourcename, or email. The following identity formats are available:

  • Resource ID: r-0123456789a0123456789b0123456789

  • Email address: resource@domain.tld

  • Resource name: resource

Result Syntax

[
    'Delegates' => [
        [
            'Id' => '<string>',
            'Type' => 'GROUP|USER',
        ],
        // ...
    ],
    'NextToken' => '<string>',
]

Result Details

Members
Delegates
Type: Array of Delegate structures

One page of the resource's delegates.

NextToken
Type: string

The token used to paginate through the delegates associated with a resource. While results are still available, it has an associated value. When the last page is reached, the token is empty.

Errors

EntityNotFoundException:

The identifier supplied for the user, group, or resource does not exist in your organization.

EntityStateException:

You are performing an operation on a user, group, or resource that isn't in the expected state, such as trying to delete an active user.

InvalidParameterException:

One or more of the input parameters don't match the service's restrictions.

OrganizationNotFoundException:

An operation received a valid organization identifier that either doesn't belong or exist in the system.

OrganizationStateException:

The organization must have a valid state to perform certain operations on the organization or its members.

UnsupportedOperationException:

You can't perform a write operation against a read-only directory.

ListResources

$result = $client->listResources([/* ... */]);
$promise = $client->listResourcesAsync([/* ... */]);

Returns summaries of the organization's resources.

Parameter Syntax

$result = $client->listResources([
    'Filters' => [
        'NamePrefix' => '<string>',
        'PrimaryEmailPrefix' => '<string>',
        'State' => 'ENABLED|DISABLED|DELETED',
    ],
    'MaxResults' => <integer>,
    'NextToken' => '<string>',
    'OrganizationId' => '<string>', // REQUIRED
]);

Parameter Details

Members
Filters
Type: ListResourcesFilters structure

Limit the resource search results based on the filter criteria. You can only use one filter per request.

MaxResults
Type: int

The maximum number of results to return in a single call.

NextToken
Type: string

The token to use to retrieve the next page of results. The first call does not contain any tokens.

OrganizationId
Required: Yes
Type: string

The identifier for the organization under which the resources exist.

Result Syntax

[
    'NextToken' => '<string>',
    'Resources' => [
        [
            'Description' => '<string>',
            'DisabledDate' => <DateTime>,
            'Email' => '<string>',
            'EnabledDate' => <DateTime>,
            'Id' => '<string>',
            'Name' => '<string>',
            'State' => 'ENABLED|DISABLED|DELETED',
            'Type' => 'ROOM|EQUIPMENT',
        ],
        // ...
    ],
]

Result Details

Members
NextToken
Type: string

The token used to paginate through all the organization's resources. While results are still available, it has an associated value. When the last page is reached, the token is empty.

Resources
Type: Array of Resource structures

One page of the organization's resource representation.

Errors

InvalidParameterException:

One or more of the input parameters don't match the service's restrictions.

OrganizationNotFoundException:

An operation received a valid organization identifier that either doesn't belong or exist in the system.

OrganizationStateException:

The organization must have a valid state to perform certain operations on the organization or its members.

UnsupportedOperationException:

You can't perform a write operation against a read-only directory.

ListTagsForResource

$result = $client->listTagsForResource([/* ... */]);
$promise = $client->listTagsForResourceAsync([/* ... */]);

Lists the tags applied to an WorkMail organization resource.

Parameter Syntax

$result = $client->listTagsForResource([
    'ResourceARN' => '<string>', // REQUIRED
]);

Parameter Details

Members
ResourceARN
Required: Yes
Type: string

The resource ARN.

Result Syntax

[
    'Tags' => [
        [
            'Key' => '<string>',
            'Value' => '<string>',
        ],
        // ...
    ],
]

Result Details

Members
Tags
Type: Array of Tag structures

A list of tag key-value pairs.

Errors

ResourceNotFoundException:

The resource cannot be found.

ListUsers

$result = $client->listUsers([/* ... */]);
$promise = $client->listUsersAsync([/* ... */]);

Returns summaries of the organization's users.

Parameter Syntax

$result = $client->listUsers([
    'Filters' => [
        'DisplayNamePrefix' => '<string>',
        'PrimaryEmailPrefix' => '<string>',
        'State' => 'ENABLED|DISABLED|DELETED',
        'UsernamePrefix' => '<string>',
    ],
    'MaxResults' => <integer>,
    'NextToken' => '<string>',
    'OrganizationId' => '<string>', // REQUIRED
]);

Parameter Details

Members
Filters
Type: ListUsersFilters structure

Limit the user search results based on the filter criteria. You can only use one filter per request.

MaxResults
Type: int

The maximum number of results to return in a single call.

NextToken
Type: string

The token to use to retrieve the next page of results. The first call does not contain any tokens.

OrganizationId
Required: Yes
Type: string

The identifier for the organization under which the users exist.

Result Syntax

[
    'NextToken' => '<string>',
    'Users' => [
        [
            'DisabledDate' => <DateTime>,
            'DisplayName' => '<string>',
            'Email' => '<string>',
            'EnabledDate' => <DateTime>,
            'Id' => '<string>',
            'Name' => '<string>',
            'State' => 'ENABLED|DISABLED|DELETED',
            'UserRole' => 'USER|RESOURCE|SYSTEM_USER|REMOTE_USER',
        ],
        // ...
    ],
]

Result Details

Members
NextToken
Type: string

The token to use to retrieve the next page of results. This value is `null` when there are no more results to return.

Users
Type: Array of User structures

The overview of users for an organization.

Errors

InvalidParameterException:

One or more of the input parameters don't match the service's restrictions.

OrganizationNotFoundException:

An operation received a valid organization identifier that either doesn't belong or exist in the system.

OrganizationStateException:

The organization must have a valid state to perform certain operations on the organization or its members.

PutAccessControlRule

$result = $client->putAccessControlRule([/* ... */]);
$promise = $client->putAccessControlRuleAsync([/* ... */]);

Adds a new access control rule for the specified organization. The rule allows or denies access to the organization for the specified IPv4 addresses, access protocol actions, user IDs and impersonation IDs. Adding a new rule with the same name as an existing rule replaces the older rule.

Parameter Syntax

$result = $client->putAccessControlRule([
    'Actions' => ['<string>', ...],
    'Description' => '<string>', // REQUIRED
    'Effect' => 'ALLOW|DENY', // REQUIRED
    'ImpersonationRoleIds' => ['<string>', ...],
    'IpRanges' => ['<string>', ...],
    'Name' => '<string>', // REQUIRED
    'NotActions' => ['<string>', ...],
    'NotImpersonationRoleIds' => ['<string>', ...],
    'NotIpRanges' => ['<string>', ...],
    'NotUserIds' => ['<string>', ...],
    'OrganizationId' => '<string>', // REQUIRED
    'UserIds' => ['<string>', ...],
]);

Parameter Details

Members
Actions
Type: Array of strings

Access protocol actions to include in the rule. Valid values include ActiveSync, AutoDiscover, EWS, IMAP, SMTP, WindowsOutlook, and WebMail.

Description
Required: Yes
Type: string

The rule description.

Effect
Required: Yes
Type: string

The rule effect.

ImpersonationRoleIds
Type: Array of strings

Impersonation role IDs to include in the rule.

IpRanges
Type: Array of strings

IPv4 CIDR ranges to include in the rule.

Name
Required: Yes
Type: string

The rule name.

NotActions
Type: Array of strings

Access protocol actions to exclude from the rule. Valid values include ActiveSync, AutoDiscover, EWS, IMAP, SMTP, WindowsOutlook, and WebMail.

NotImpersonationRoleIds
Type: Array of strings

Impersonation role IDs to exclude from the rule.

NotIpRanges
Type: Array of strings

IPv4 CIDR ranges to exclude from the rule.

NotUserIds
Type: Array of strings

User IDs to exclude from the rule.

OrganizationId
Required: Yes
Type: string

The identifier of the organization.

UserIds
Type: Array of strings

User IDs to include in the rule.

Result Syntax

[]

Result Details

The results for this operation are always empty.

Errors

LimitExceededException:

The request exceeds the limit of the resource.

InvalidParameterException:

One or more of the input parameters don't match the service's restrictions.

EntityNotFoundException:

The identifier supplied for the user, group, or resource does not exist in your organization.

ResourceNotFoundException:

The resource cannot be found.

OrganizationNotFoundException:

An operation received a valid organization identifier that either doesn't belong or exist in the system.

OrganizationStateException:

The organization must have a valid state to perform certain operations on the organization or its members.

PutEmailMonitoringConfiguration

$result = $client->putEmailMonitoringConfiguration([/* ... */]);
$promise = $client->putEmailMonitoringConfigurationAsync([/* ... */]);

Creates or updates the email monitoring configuration for a specified organization.

Parameter Syntax

$result = $client->putEmailMonitoringConfiguration([
    'LogGroupArn' => '<string>', // REQUIRED
    'OrganizationId' => '<string>', // REQUIRED
    'RoleArn' => '<string>', // REQUIRED
]);

Parameter Details

Members
LogGroupArn
Required: Yes
Type: string

The Amazon Resource Name (ARN) of the CloudWatch Log group associated with the email monitoring configuration.

OrganizationId
Required: Yes
Type: string

The ID of the organization for which the email monitoring configuration is set.

RoleArn
Required: Yes
Type: string

The Amazon Resource Name (ARN) of the IAM Role associated with the email monitoring configuration.

Result Syntax

[]

Result Details

The results for this operation are always empty.

Errors

ResourceNotFoundException:

The resource cannot be found.

InvalidParameterException:

One or more of the input parameters don't match the service's restrictions.

OrganizationNotFoundException:

An operation received a valid organization identifier that either doesn't belong or exist in the system.

OrganizationStateException:

The organization must have a valid state to perform certain operations on the organization or its members.

PutInboundDmarcSettings

$result = $client->putInboundDmarcSettings([/* ... */]);
$promise = $client->putInboundDmarcSettingsAsync([/* ... */]);

Enables or disables a DMARC policy for a given organization.

Parameter Syntax

$result = $client->putInboundDmarcSettings([
    'Enforced' => true || false, // REQUIRED
    'OrganizationId' => '<string>', // REQUIRED
]);

Parameter Details

Members
Enforced
Required: Yes
Type: boolean

Enforces or suspends a policy after it's applied.

OrganizationId
Required: Yes
Type: string

The ID of the organization that you are applying the DMARC policy to.

Result Syntax

[]

Result Details

The results for this operation are always empty.

Errors

OrganizationNotFoundException:

An operation received a valid organization identifier that either doesn't belong or exist in the system.

OrganizationStateException:

The organization must have a valid state to perform certain operations on the organization or its members.

PutMailboxPermissions

$result = $client->putMailboxPermissions([/* ... */]);
$promise = $client->putMailboxPermissionsAsync([/* ... */]);

Sets permissions for a user, group, or resource. This replaces any pre-existing permissions.

Parameter Syntax

$result = $client->putMailboxPermissions([
    'EntityId' => '<string>', // REQUIRED
    'GranteeId' => '<string>', // REQUIRED
    'OrganizationId' => '<string>', // REQUIRED
    'PermissionValues' => ['<string>', ...], // REQUIRED
]);

Parameter Details

Members
EntityId
Required: Yes
Type: string

The identifier of the user or resource for which to update mailbox permissions.

The identifier can be UserId, ResourceID, or Group Id, Username, Resourcename, or Groupname, or email.

  • Entity ID: 12345678-1234-1234-1234-123456789012, r-0123456789a0123456789b0123456789, or S-1-1-12-1234567890-123456789-123456789-1234

  • Email address: entity@domain.tld

  • Entity name: entity

GranteeId
Required: Yes
Type: string

The identifier of the user, group, or resource to which to grant the permissions.

The identifier can be UserId, ResourceID, or Group Id, Username, Resourcename, or Groupname, or email.

  • Grantee ID: 12345678-1234-1234-1234-123456789012, r-0123456789a0123456789b0123456789, or S-1-1-12-1234567890-123456789-123456789-1234

  • Email address: grantee@domain.tld

  • Grantee name: grantee

OrganizationId
Required: Yes
Type: string

The identifier of the organization under which the user, group, or resource exists.

PermissionValues
Required: Yes
Type: Array of strings

The permissions granted to the grantee. SEND_AS allows the grantee to send email as the owner of the mailbox (the grantee is not mentioned on these emails). SEND_ON_BEHALF allows the grantee to send email on behalf of the owner of the mailbox (the grantee is not mentioned as the physical sender of these emails). FULL_ACCESS allows the grantee full access to the mailbox, irrespective of other folder-level permissions set on the mailbox.

Result Syntax

[]

Result Details

The results for this operation are always empty.

Errors

EntityNotFoundException:

The identifier supplied for the user, group, or resource does not exist in your organization.

EntityStateException:

You are performing an operation on a user, group, or resource that isn't in the expected state, such as trying to delete an active user.

InvalidParameterException:

One or more of the input parameters don't match the service's restrictions.

OrganizationNotFoundException:

An operation received a valid organization identifier that either doesn't belong or exist in the system.

OrganizationStateException:

The organization must have a valid state to perform certain operations on the organization or its members.

PutMobileDeviceAccessOverride

$result = $client->putMobileDeviceAccessOverride([/* ... */]);
$promise = $client->putMobileDeviceAccessOverrideAsync([/* ... */]);

Creates or updates a mobile device access override for the given WorkMail organization, user, and device.

Parameter Syntax

$result = $client->putMobileDeviceAccessOverride([
    'Description' => '<string>',
    'DeviceId' => '<string>', // REQUIRED
    'Effect' => 'ALLOW|DENY', // REQUIRED
    'OrganizationId' => '<string>', // REQUIRED
    'UserId' => '<string>', // REQUIRED
]);

Parameter Details

Members
Description
Type: string

A description of the override.

DeviceId
Required: Yes
Type: string

The mobile device for which you create the override. DeviceId is case insensitive.

Effect
Required: Yes
Type: string

The effect of the override, ALLOW or DENY.

OrganizationId
Required: Yes
Type: string

Identifies the WorkMail organization for which you create the override.

UserId
Required: Yes
Type: string

The WorkMail user for which you create the override. Accepts the following types of user identities:

  • User ID: 12345678-1234-1234-1234-123456789012 or S-1-1-12-1234567890-123456789-123456789-1234

  • Email address: user@domain.tld

  • User name: user

Result Syntax

[]

Result Details

The results for this operation are always empty.

Errors

InvalidParameterException:

One or more of the input parameters don't match the service's restrictions.

OrganizationNotFoundException:

An operation received a valid organization identifier that either doesn't belong or exist in the system.

OrganizationStateException:

The organization must have a valid state to perform certain operations on the organization or its members.

EntityNotFoundException:

The identifier supplied for the user, group, or resource does not exist in your organization.

EntityStateException:

You are performing an operation on a user, group, or resource that isn't in the expected state, such as trying to delete an active user.

PutRetentionPolicy

$result = $client->putRetentionPolicy([/* ... */]);
$promise = $client->putRetentionPolicyAsync([/* ... */]);

Puts a retention policy to the specified organization.

Parameter Syntax

$result = $client->putRetentionPolicy([
    'Description' => '<string>',
    'FolderConfigurations' => [ // REQUIRED
        [
            'Action' => 'NONE|DELETE|PERMANENTLY_DELETE', // REQUIRED
            'Name' => 'INBOX|DELETED_ITEMS|SENT_ITEMS|DRAFTS|JUNK_EMAIL', // REQUIRED
            'Period' => <integer>,
        ],
        // ...
    ],
    'Id' => '<string>',
    'Name' => '<string>', // REQUIRED
    'OrganizationId' => '<string>', // REQUIRED
]);

Parameter Details

Members
Description
Type: string

The retention policy description.

FolderConfigurations
Required: Yes
Type: Array of FolderConfiguration structures

The retention policy folder configurations.

Id
Type: string

The retention policy ID.

Name
Required: Yes
Type: string

The retention policy name.

OrganizationId
Required: Yes
Type: string

The organization ID.

Result Syntax

[]

Result Details

The results for this operation are always empty.

Errors

InvalidParameterException:

One or more of the input parameters don't match the service's restrictions.

OrganizationNotFoundException:

An operation received a valid organization identifier that either doesn't belong or exist in the system.

OrganizationStateException:

The organization must have a valid state to perform certain operations on the organization or its members.

LimitExceededException:

The request exceeds the limit of the resource.

RegisterMailDomain

$result = $client->registerMailDomain([/* ... */]);
$promise = $client->registerMailDomainAsync([/* ... */]);

Registers a new domain in WorkMail and SES, and configures it for use by WorkMail. Emails received by SES for this domain are routed to the specified WorkMail organization, and WorkMail has permanent permission to use the specified domain for sending your users' emails.

Parameter Syntax

$result = $client->registerMailDomain([
    'ClientToken' => '<string>',
    'DomainName' => '<string>', // REQUIRED
    'OrganizationId' => '<string>', // REQUIRED
]);

Parameter Details

Members
ClientToken
Type: string

Idempotency token used when retrying requests.

DomainName
Required: Yes
Type: string

The name of the mail domain to create in WorkMail and SES.

OrganizationId
Required: Yes
Type: string

The WorkMail organization under which you're creating the domain.

Result Syntax

[]

Result Details

The results for this operation are always empty.

Errors

MailDomainInUseException:

The domain you're trying to change is in use by another user or organization in your account. See the error message for details.

OrganizationNotFoundException:

An operation received a valid organization identifier that either doesn't belong or exist in the system.

OrganizationStateException:

The organization must have a valid state to perform certain operations on the organization or its members.

LimitExceededException:

The request exceeds the limit of the resource.

InvalidParameterException:

One or more of the input parameters don't match the service's restrictions.

RegisterToWorkMail

$result = $client->registerToWorkMail([/* ... */]);
$promise = $client->registerToWorkMailAsync([/* ... */]);

Registers an existing and disabled user, group, or resource for WorkMail use by associating a mailbox and calendaring capabilities. It performs no change if the user, group, or resource is enabled and fails if the user, group, or resource is deleted. This operation results in the accumulation of costs. For more information, see Pricing. The equivalent console functionality for this operation is Enable.

Users can either be created by calling the CreateUser API operation or they can be synchronized from your directory. For more information, see DeregisterFromWorkMail.

Parameter Syntax

$result = $client->registerToWorkMail([
    'Email' => '<string>', // REQUIRED
    'EntityId' => '<string>', // REQUIRED
    'OrganizationId' => '<string>', // REQUIRED
]);

Parameter Details

Members
Email
Required: Yes
Type: string

The email for the user, group, or resource to be updated.

EntityId
Required: Yes
Type: string

The identifier for the user, group, or resource to be updated.

The identifier can accept UserId, ResourceId, or GroupId, or Username, Resourcename, or Groupname. The following identity formats are available:

  • Entity ID: 12345678-1234-1234-1234-123456789012, r-0123456789a0123456789b0123456789, or S-1-1-12-1234567890-123456789-123456789-1234

  • Entity name: entity

OrganizationId
Required: Yes
Type: string

The identifier for the organization under which the user, group, or resource exists.

Result Syntax

[]

Result Details

The results for this operation are always empty.

Errors

DirectoryServiceAuthenticationFailedException:

The directory service doesn't recognize the credentials supplied by WorkMail.

DirectoryUnavailableException:

The directory is unavailable. It might be located in another Region or deleted.

EmailAddressInUseException:

The email address that you're trying to assign is already created for a different user, group, or resource.

EntityNotFoundException:

The identifier supplied for the user, group, or resource does not exist in your organization.

EntityStateException:

You are performing an operation on a user, group, or resource that isn't in the expected state, such as trying to delete an active user.

EntityAlreadyRegisteredException:

The user, group, or resource that you're trying to register is already registered.

InvalidParameterException:

One or more of the input parameters don't match the service's restrictions.

MailDomainNotFoundException:

The domain specified is not found in your organization.

MailDomainStateException:

After a domain has been added to the organization, it must be verified. The domain is not yet verified.

OrganizationNotFoundException:

An operation received a valid organization identifier that either doesn't belong or exist in the system.

OrganizationStateException:

The organization must have a valid state to perform certain operations on the organization or its members.

ResetPassword

$result = $client->resetPassword([/* ... */]);
$promise = $client->resetPasswordAsync([/* ... */]);

Allows the administrator to reset the password for a user.

Parameter Syntax

$result = $client->resetPassword([
    'OrganizationId' => '<string>', // REQUIRED
    'Password' => '<string>', // REQUIRED
    'UserId' => '<string>', // REQUIRED
]);

Parameter Details

Members
OrganizationId
Required: Yes
Type: string

The identifier of the organization that contains the user for which the password is reset.

Password
Required: Yes
Type: string

The new password for the user.

UserId
Required: Yes
Type: string

The identifier of the user for whom the password is reset.

Result Syntax

[]

Result Details

The results for this operation are always empty.

Errors

DirectoryServiceAuthenticationFailedException:

The directory service doesn't recognize the credentials supplied by WorkMail.

DirectoryUnavailableException:

The directory is unavailable. It might be located in another Region or deleted.

EntityNotFoundException:

The identifier supplied for the user, group, or resource does not exist in your organization.

EntityStateException:

You are performing an operation on a user, group, or resource that isn't in the expected state, such as trying to delete an active user.

InvalidParameterException:

One or more of the input parameters don't match the service's restrictions.

InvalidPasswordException:

The supplied password doesn't match the minimum security constraints, such as length or use of special characters.

OrganizationNotFoundException:

An operation received a valid organization identifier that either doesn't belong or exist in the system.

OrganizationStateException:

The organization must have a valid state to perform certain operations on the organization or its members.

UnsupportedOperationException:

You can't perform a write operation against a read-only directory.

StartMailboxExportJob

$result = $client->startMailboxExportJob([/* ... */]);
$promise = $client->startMailboxExportJobAsync([/* ... */]);

Starts a mailbox export job to export MIME-format email messages and calendar items from the specified mailbox to the specified Amazon Simple Storage Service (Amazon S3) bucket. For more information, see Exporting mailbox content in the WorkMail Administrator Guide.

Parameter Syntax

$result = $client->startMailboxExportJob([
    'ClientToken' => '<string>', // REQUIRED
    'Description' => '<string>',
    'EntityId' => '<string>', // REQUIRED
    'KmsKeyArn' => '<string>', // REQUIRED
    'OrganizationId' => '<string>', // REQUIRED
    'RoleArn' => '<string>', // REQUIRED
    'S3BucketName' => '<string>', // REQUIRED
    'S3Prefix' => '<string>', // REQUIRED
]);

Parameter Details

Members
ClientToken
Required: Yes
Type: string

The idempotency token for the client request.

Description
Type: string

The mailbox export job description.

EntityId
Required: Yes
Type: string

The identifier of the user or resource associated with the mailbox.

The identifier can accept UserId or ResourceId, Username or Resourcename, or email. The following identity formats are available:

  • Entity ID: 12345678-1234-1234-1234-123456789012, r-0123456789a0123456789b0123456789 , or S-1-1-12-1234567890-123456789-123456789-1234

  • Email address: entity@domain.tld

  • Entity name: entity

KmsKeyArn
Required: Yes
Type: string

The Amazon Resource Name (ARN) of the symmetric AWS Key Management Service (AWS KMS) key that encrypts the exported mailbox content.

OrganizationId
Required: Yes
Type: string

The identifier associated with the organization.

RoleArn
Required: Yes
Type: string

The ARN of the AWS Identity and Access Management (IAM) role that grants write permission to the S3 bucket.

S3BucketName
Required: Yes
Type: string

The name of the S3 bucket.

S3Prefix
Required: Yes
Type: string

The S3 bucket prefix.

Result Syntax

[
    'JobId' => '<string>',
]

Result Details

Members
JobId
Type: string

The job ID.

Errors

InvalidParameterException:

One or more of the input parameters don't match the service's restrictions.

OrganizationNotFoundException:

An operation received a valid organization identifier that either doesn't belong or exist in the system.

OrganizationStateException:

The organization must have a valid state to perform certain operations on the organization or its members.

EntityNotFoundException:

The identifier supplied for the user, group, or resource does not exist in your organization.

LimitExceededException:

The request exceeds the limit of the resource.

TagResource

$result = $client->tagResource([/* ... */]);
$promise = $client->tagResourceAsync([/* ... */]);

Applies the specified tags to the specified WorkMailorganization resource.

Parameter Syntax

$result = $client->tagResource([
    'ResourceARN' => '<string>', // REQUIRED
    'Tags' => [ // REQUIRED
        [
            'Key' => '<string>', // REQUIRED
            'Value' => '<string>', // REQUIRED
        ],
        // ...
    ],
]);

Parameter Details

Members
ResourceARN
Required: Yes
Type: string

The resource ARN.

Tags
Required: Yes
Type: Array of Tag structures

The tag key-value pairs.

Result Syntax

[]

Result Details

The results for this operation are always empty.

Errors

InvalidParameterException:

One or more of the input parameters don't match the service's restrictions.

ResourceNotFoundException:

The resource cannot be found.

TooManyTagsException:

The resource can have up to 50 user-applied tags.

OrganizationStateException:

The organization must have a valid state to perform certain operations on the organization or its members.

TestAvailabilityConfiguration

$result = $client->testAvailabilityConfiguration([/* ... */]);
$promise = $client->testAvailabilityConfigurationAsync([/* ... */]);

Performs a test on an availability provider to ensure that access is allowed. For EWS, it verifies the provided credentials can be used to successfully log in. For Lambda, it verifies that the Lambda function can be invoked and that the resource access policy was configured to deny anonymous access. An anonymous invocation is one done without providing either a SourceArn or SourceAccount header.

The request must contain either one provider definition (EwsProvider or LambdaProvider) or the DomainName parameter. If the DomainName parameter is provided, the configuration stored under the DomainName will be tested.

Parameter Syntax

$result = $client->testAvailabilityConfiguration([
    'DomainName' => '<string>',
    'EwsProvider' => [
        'EwsEndpoint' => '<string>', // REQUIRED
        'EwsPassword' => '<string>', // REQUIRED
        'EwsUsername' => '<string>', // REQUIRED
    ],
    'LambdaProvider' => [
        'LambdaArn' => '<string>', // REQUIRED
    ],
    'OrganizationId' => '<string>', // REQUIRED
]);

Parameter Details

Members
DomainName
Type: string

The domain to which the provider applies. If this field is provided, a stored availability provider associated to this domain name will be tested.

EwsProvider
Type: EwsAvailabilityProvider structure

Describes an EWS based availability provider. This is only used as input to the service.

LambdaProvider
Type: LambdaAvailabilityProvider structure

Describes a Lambda based availability provider.

OrganizationId
Required: Yes
Type: string

The WorkMail organization where the availability provider will be tested.

Result Syntax

[
    'FailureReason' => '<string>',
    'TestPassed' => true || false,
]

Result Details

Members
FailureReason
Type: string

String containing the reason for a failed test if TestPassed is false.

TestPassed
Type: boolean

Boolean indicating whether the test passed or failed.

Errors

OrganizationNotFoundException:

An operation received a valid organization identifier that either doesn't belong or exist in the system.

OrganizationStateException:

The organization must have a valid state to perform certain operations on the organization or its members.

ResourceNotFoundException:

The resource cannot be found.

InvalidParameterException:

One or more of the input parameters don't match the service's restrictions.

UntagResource

$result = $client->untagResource([/* ... */]);
$promise = $client->untagResourceAsync([/* ... */]);

Untags the specified tags from the specified WorkMail organization resource.

Parameter Syntax

$result = $client->untagResource([
    'ResourceARN' => '<string>', // REQUIRED
    'TagKeys' => ['<string>', ...], // REQUIRED
]);

Parameter Details

Members
ResourceARN
Required: Yes
Type: string

The resource ARN.

TagKeys
Required: Yes
Type: Array of strings

The tag keys.

Result Syntax

[]

Result Details

The results for this operation are always empty.

Errors

ResourceNotFoundException:

The resource cannot be found.

UpdateAvailabilityConfiguration

$result = $client->updateAvailabilityConfiguration([/* ... */]);
$promise = $client->updateAvailabilityConfigurationAsync([/* ... */]);

Updates an existing AvailabilityConfiguration for the given WorkMail organization and domain.

Parameter Syntax

$result = $client->updateAvailabilityConfiguration([
    'DomainName' => '<string>', // REQUIRED
    'EwsProvider' => [
        'EwsEndpoint' => '<string>', // REQUIRED
        'EwsPassword' => '<string>', // REQUIRED
        'EwsUsername' => '<string>', // REQUIRED
    ],
    'LambdaProvider' => [
        'LambdaArn' => '<string>', // REQUIRED
    ],
    'OrganizationId' => '<string>', // REQUIRED
]);

Parameter Details

Members
DomainName
Required: Yes
Type: string

The domain to which the provider applies the availability configuration.

EwsProvider
Type: EwsAvailabilityProvider structure

The EWS availability provider definition. The request must contain exactly one provider definition, either EwsProvider or LambdaProvider. The previously stored provider will be overridden by the one provided.

LambdaProvider
Type: LambdaAvailabilityProvider structure

The Lambda availability provider definition. The request must contain exactly one provider definition, either EwsProvider or LambdaProvider. The previously stored provider will be overridden by the one provided.

OrganizationId
Required: Yes
Type: string

The WorkMail organization for which the AvailabilityConfiguration will be updated.

Result Syntax

[]

Result Details

The results for this operation are always empty.

Errors

OrganizationNotFoundException:

An operation received a valid organization identifier that either doesn't belong or exist in the system.

OrganizationStateException:

The organization must have a valid state to perform certain operations on the organization or its members.

ResourceNotFoundException:

The resource cannot be found.

InvalidParameterException:

One or more of the input parameters don't match the service's restrictions.

UpdateDefaultMailDomain

$result = $client->updateDefaultMailDomain([/* ... */]);
$promise = $client->updateDefaultMailDomainAsync([/* ... */]);

Updates the default mail domain for an organization. The default mail domain is used by the WorkMail AWS Console to suggest an email address when enabling a mail user. You can only have one default domain.

Parameter Syntax

$result = $client->updateDefaultMailDomain([
    'DomainName' => '<string>', // REQUIRED
    'OrganizationId' => '<string>', // REQUIRED
]);

Parameter Details

Members
DomainName
Required: Yes
Type: string

The domain name that will become the default domain.

OrganizationId
Required: Yes
Type: string

The WorkMail organization for which to list domains.

Result Syntax

[]

Result Details

The results for this operation are always empty.

Errors

MailDomainNotFoundException:

The domain specified is not found in your organization.

MailDomainStateException:

After a domain has been added to the organization, it must be verified. The domain is not yet verified.

OrganizationNotFoundException:

An operation received a valid organization identifier that either doesn't belong or exist in the system.

OrganizationStateException:

The organization must have a valid state to perform certain operations on the organization or its members.

InvalidParameterException:

One or more of the input parameters don't match the service's restrictions.

UpdateGroup

$result = $client->updateGroup([/* ... */]);
$promise = $client->updateGroupAsync([/* ... */]);

Updates attibutes in a group.

Parameter Syntax

$result = $client->updateGroup([
    'GroupId' => '<string>', // REQUIRED
    'HiddenFromGlobalAddressList' => true || false,
    'OrganizationId' => '<string>', // REQUIRED
]);

Parameter Details

Members
GroupId
Required: Yes
Type: string

The identifier for the group to be updated.

The identifier can accept GroupId, Groupname, or email. The following identity formats are available:

  • Group ID: 12345678-1234-1234-1234-123456789012 or S-1-1-12-1234567890-123456789-123456789-1234

  • Email address: group@domain.tld

  • Group name: group

HiddenFromGlobalAddressList
Type: boolean

If enabled, the group is hidden from the global address list.

OrganizationId
Required: Yes
Type: string

The identifier for the organization under which the group exists.

Result Syntax

[]

Result Details

The results for this operation are always empty.

Errors

EntityNotFoundException:

The identifier supplied for the user, group, or resource does not exist in your organization.

EntityStateException:

You are performing an operation on a user, group, or resource that isn't in the expected state, such as trying to delete an active user.

OrganizationNotFoundException:

An operation received a valid organization identifier that either doesn't belong or exist in the system.

OrganizationStateException:

The organization must have a valid state to perform certain operations on the organization or its members.

UnsupportedOperationException:

You can't perform a write operation against a read-only directory.

InvalidParameterException:

One or more of the input parameters don't match the service's restrictions.

UpdateImpersonationRole

$result = $client->updateImpersonationRole([/* ... */]);
$promise = $client->updateImpersonationRoleAsync([/* ... */]);

Updates an impersonation role for the given WorkMail organization.

Parameter Syntax

$result = $client->updateImpersonationRole([
    'Description' => '<string>',
    'ImpersonationRoleId' => '<string>', // REQUIRED
    'Name' => '<string>', // REQUIRED
    'OrganizationId' => '<string>', // REQUIRED
    'Rules' => [ // REQUIRED
        [
            'Description' => '<string>',
            'Effect' => 'ALLOW|DENY', // REQUIRED
            'ImpersonationRuleId' => '<string>', // REQUIRED
            'Name' => '<string>',
            'NotTargetUsers' => ['<string>', ...],
            'TargetUsers' => ['<string>', ...],
        ],
        // ...
    ],
    'Type' => 'FULL_ACCESS|READ_ONLY', // REQUIRED
]);

Parameter Details

Members
Description
Type: string

The updated impersonation role description.

ImpersonationRoleId
Required: Yes
Type: string

The ID of the impersonation role to update.

Name
Required: Yes
Type: string

The updated impersonation role name.

OrganizationId
Required: Yes
Type: string

The WorkMail organization that contains the impersonation role to update.

Rules
Required: Yes
Type: Array of ImpersonationRule structures

The updated list of rules.

Type
Required: Yes
Type: string

The updated impersonation role type.

Result Syntax

[]

Result Details

The results for this operation are always empty.

Errors

InvalidParameterException:

One or more of the input parameters don't match the service's restrictions.

OrganizationNotFoundException:

An operation received a valid organization identifier that either doesn't belong or exist in the system.

OrganizationStateException:

The organization must have a valid state to perform certain operations on the organization or its members.

ResourceNotFoundException:

The resource cannot be found.

EntityNotFoundException:

The identifier supplied for the user, group, or resource does not exist in your organization.

EntityStateException:

You are performing an operation on a user, group, or resource that isn't in the expected state, such as trying to delete an active user.

LimitExceededException:

The request exceeds the limit of the resource.

UpdateMailboxQuota

$result = $client->updateMailboxQuota([/* ... */]);
$promise = $client->updateMailboxQuotaAsync([/* ... */]);

Updates a user's current mailbox quota for a specified organization and user.

Parameter Syntax

$result = $client->updateMailboxQuota([
    'MailboxQuota' => <integer>, // REQUIRED
    'OrganizationId' => '<string>', // REQUIRED
    'UserId' => '<string>', // REQUIRED
]);

Parameter Details

Members
MailboxQuota
Required: Yes
Type: int

The updated mailbox quota, in MB, for the specified user.

OrganizationId
Required: Yes
Type: string

The identifier for the organization that contains the user for whom to update the mailbox quota.

UserId
Required: Yes
Type: string

The identifer for the user for whom to update the mailbox quota.

The identifier can be the UserId, Username, or email. The following identity formats are available:

  • User ID: 12345678-1234-1234-1234-123456789012 or S-1-1-12-1234567890-123456789-123456789-1234

  • Email address: user@domain.tld

  • User name: user

Result Syntax

[]

Result Details

The results for this operation are always empty.

Errors

InvalidParameterException:

One or more of the input parameters don't match the service's restrictions.

OrganizationNotFoundException:

An operation received a valid organization identifier that either doesn't belong or exist in the system.

OrganizationStateException:

The organization must have a valid state to perform certain operations on the organization or its members.

EntityNotFoundException:

The identifier supplied for the user, group, or resource does not exist in your organization.

EntityStateException:

You are performing an operation on a user, group, or resource that isn't in the expected state, such as trying to delete an active user.

UpdateMobileDeviceAccessRule

$result = $client->updateMobileDeviceAccessRule([/* ... */]);
$promise = $client->updateMobileDeviceAccessRuleAsync([/* ... */]);

Updates a mobile device access rule for the specified WorkMail organization.

Parameter Syntax

$result = $client->updateMobileDeviceAccessRule([
    'Description' => '<string>',
    'DeviceModels' => ['<string>', ...],
    'DeviceOperatingSystems' => ['<string>', ...],
    'DeviceTypes' => ['<string>', ...],
    'DeviceUserAgents' => ['<string>', ...],
    'Effect' => 'ALLOW|DENY', // REQUIRED
    'MobileDeviceAccessRuleId' => '<string>', // REQUIRED
    'Name' => '<string>', // REQUIRED
    'NotDeviceModels' => ['<string>', ...],
    'NotDeviceOperatingSystems' => ['<string>', ...],
    'NotDeviceTypes' => ['<string>', ...],
    'NotDeviceUserAgents' => ['<string>', ...],
    'OrganizationId' => '<string>', // REQUIRED
]);

Parameter Details

Members
Description
Type: string

The updated rule description.

DeviceModels
Type: Array of strings

Device models that the updated rule will match.

DeviceOperatingSystems
Type: Array of strings

Device operating systems that the updated rule will match.

DeviceTypes
Type: Array of strings

Device types that the updated rule will match.

DeviceUserAgents
Type: Array of strings

User agents that the updated rule will match.

Effect
Required: Yes
Type: string

The effect of the rule when it matches. Allowed values are ALLOW or DENY.

MobileDeviceAccessRuleId
Required: Yes
Type: string

The identifier of the rule to be updated.

Name
Required: Yes
Type: string

The updated rule name.

NotDeviceModels
Type: Array of strings

Device models that the updated rule will not match. All other device models will match.

NotDeviceOperatingSystems
Type: Array of strings

Device operating systems that the updated rule will not match. All other device operating systems will match.

NotDeviceTypes
Type: Array of strings

Device types that the updated rule will not match. All other device types will match.

NotDeviceUserAgents
Type: Array of strings

User agents that the updated rule will not match. All other user agents will match.

OrganizationId
Required: Yes
Type: string

The WorkMail organization under which the rule will be updated.

Result Syntax

[]

Result Details

The results for this operation are always empty.

Errors

InvalidParameterException:

One or more of the input parameters don't match the service's restrictions.

EntityNotFoundException:

The identifier supplied for the user, group, or resource does not exist in your organization.

OrganizationNotFoundException:

An operation received a valid organization identifier that either doesn't belong or exist in the system.

OrganizationStateException:

The organization must have a valid state to perform certain operations on the organization or its members.

UpdatePrimaryEmailAddress

$result = $client->updatePrimaryEmailAddress([/* ... */]);
$promise = $client->updatePrimaryEmailAddressAsync([/* ... */]);

Updates the primary email for a user, group, or resource. The current email is moved into the list of aliases (or swapped between an existing alias and the current primary email), and the email provided in the input is promoted as the primary.

Parameter Syntax

$result = $client->updatePrimaryEmailAddress([
    'Email' => '<string>', // REQUIRED
    'EntityId' => '<string>', // REQUIRED
    'OrganizationId' => '<string>', // REQUIRED
]);

Parameter Details

Members
Email
Required: Yes
Type: string

The value of the email to be updated as primary.

EntityId
Required: Yes
Type: string

The user, group, or resource to update.

The identifier can accept UseriD, ResourceId, or GroupId, Username, Resourcename, or Groupname, or email. The following identity formats are available:

  • Entity ID: 12345678-1234-1234-1234-123456789012, r-0123456789a0123456789b0123456789, or S-1-1-12-1234567890-123456789-123456789-1234

  • Email address: entity@domain.tld

  • Entity name: entity

OrganizationId
Required: Yes
Type: string

The organization that contains the user, group, or resource to update.

Result Syntax

[]

Result Details

The results for this operation are always empty.

Errors

DirectoryServiceAuthenticationFailedException:

The directory service doesn't recognize the credentials supplied by WorkMail.

DirectoryUnavailableException:

The directory is unavailable. It might be located in another Region or deleted.

EmailAddressInUseException:

The email address that you're trying to assign is already created for a different user, group, or resource.

EntityNotFoundException:

The identifier supplied for the user, group, or resource does not exist in your organization.

EntityStateException:

You are performing an operation on a user, group, or resource that isn't in the expected state, such as trying to delete an active user.

InvalidParameterException:

One or more of the input parameters don't match the service's restrictions.

MailDomainNotFoundException:

The domain specified is not found in your organization.

MailDomainStateException:

After a domain has been added to the organization, it must be verified. The domain is not yet verified.

InvalidParameterException:

One or more of the input parameters don't match the service's restrictions.

OrganizationNotFoundException:

An operation received a valid organization identifier that either doesn't belong or exist in the system.

OrganizationStateException:

The organization must have a valid state to perform certain operations on the organization or its members.

UnsupportedOperationException:

You can't perform a write operation against a read-only directory.

UpdateResource

$result = $client->updateResource([/* ... */]);
$promise = $client->updateResourceAsync([/* ... */]);

Updates data for the resource. To have the latest information, it must be preceded by a DescribeResource call. The dataset in the request should be the one expected when performing another DescribeResource call.

Parameter Syntax

$result = $client->updateResource([
    'BookingOptions' => [
        'AutoAcceptRequests' => true || false,
        'AutoDeclineConflictingRequests' => true || false,
        'AutoDeclineRecurringRequests' => true || false,
    ],
    'Description' => '<string>',
    'HiddenFromGlobalAddressList' => true || false,
    'Name' => '<string>',
    'OrganizationId' => '<string>', // REQUIRED
    'ResourceId' => '<string>', // REQUIRED
    'Type' => 'ROOM|EQUIPMENT',
]);

Parameter Details

Members
BookingOptions
Type: BookingOptions structure

The resource's booking options to be updated.

Description
Type: string

Updates the resource description.

HiddenFromGlobalAddressList
Type: boolean

If enabled, the resource is hidden from the global address list.

Name
Type: string

The name of the resource to be updated.

OrganizationId
Required: Yes
Type: string

The identifier associated with the organization for which the resource is updated.

ResourceId
Required: Yes
Type: string

The identifier of the resource to be updated.

The identifier can accept ResourceId, Resourcename, or email. The following identity formats are available:

  • Resource ID: r-0123456789a0123456789b0123456789

  • Email address: resource@domain.tld

  • Resource name: resource

Type
Type: string

Updates the resource type.

Result Syntax

[]

Result Details

The results for this operation are always empty.

Errors

DirectoryUnavailableException:

The directory is unavailable. It might be located in another Region or deleted.

EntityNotFoundException:

The identifier supplied for the user, group, or resource does not exist in your organization.

EntityStateException:

You are performing an operation on a user, group, or resource that isn't in the expected state, such as trying to delete an active user.

InvalidConfigurationException:

The configuration for a resource isn't valid. A resource must either be able to auto-respond to requests or have at least one delegate associated that can do so on its behalf.

EmailAddressInUseException:

The email address that you're trying to assign is already created for a different user, group, or resource.

MailDomainNotFoundException:

The domain specified is not found in your organization.

MailDomainStateException:

After a domain has been added to the organization, it must be verified. The domain is not yet verified.

NameAvailabilityException:

The user, group, or resource name isn't unique in WorkMail.

OrganizationNotFoundException:

An operation received a valid organization identifier that either doesn't belong or exist in the system.

OrganizationStateException:

The organization must have a valid state to perform certain operations on the organization or its members.

UnsupportedOperationException:

You can't perform a write operation against a read-only directory.

InvalidParameterException:

One or more of the input parameters don't match the service's restrictions.

UpdateUser

$result = $client->updateUser([/* ... */]);
$promise = $client->updateUserAsync([/* ... */]);

Updates data for the user. To have the latest information, it must be preceded by a DescribeUser call. The dataset in the request should be the one expected when performing another DescribeUser call.

Parameter Syntax

$result = $client->updateUser([
    'City' => '<string>',
    'Company' => '<string>',
    'Country' => '<string>',
    'Department' => '<string>',
    'DisplayName' => '<string>',
    'FirstName' => '<string>',
    'HiddenFromGlobalAddressList' => true || false,
    'Initials' => '<string>',
    'JobTitle' => '<string>',
    'LastName' => '<string>',
    'Office' => '<string>',
    'OrganizationId' => '<string>', // REQUIRED
    'Role' => 'USER|RESOURCE|SYSTEM_USER|REMOTE_USER',
    'Street' => '<string>',
    'Telephone' => '<string>',
    'UserId' => '<string>', // REQUIRED
    'ZipCode' => '<string>',
]);

Parameter Details

Members
City
Type: string

Updates the user's city.

Company
Type: string

Updates the user's company.

Country
Type: string

Updates the user's country.

Department
Type: string

Updates the user's department.

DisplayName
Type: string

Updates the display name of the user.

FirstName
Type: string

Updates the user's first name.

HiddenFromGlobalAddressList
Type: boolean

If enabled, the user is hidden from the global address list.

Initials
Type: string

Updates the user's initials.

JobTitle
Type: string

Updates the user's job title.

LastName
Type: string

Updates the user's last name.

Office
Type: string

Updates the user's office.

OrganizationId
Required: Yes
Type: string

The identifier for the organization under which the user exists.

Role
Type: string

Updates the user role.

You cannot pass SYSTEM_USER or RESOURCE.

Street
Type: string

Updates the user's street address.

Telephone
Type: string

Updates the user's contact details.

UserId
Required: Yes
Type: string

The identifier for the user to be updated.

The identifier can be the UserId, Username, or email. The following identity formats are available:

  • User ID: 12345678-1234-1234-1234-123456789012 or S-1-1-12-1234567890-123456789-123456789-1234

  • Email address: user@domain.tld

  • User name: user

ZipCode
Type: string

Updates the user's zipcode.

Result Syntax

[]

Result Details

The results for this operation are always empty.

Errors

DirectoryServiceAuthenticationFailedException:

The directory service doesn't recognize the credentials supplied by WorkMail.

DirectoryUnavailableException:

The directory is unavailable. It might be located in another Region or deleted.

EntityNotFoundException:

The identifier supplied for the user, group, or resource does not exist in your organization.

InvalidParameterException:

One or more of the input parameters don't match the service's restrictions.

OrganizationNotFoundException:

An operation received a valid organization identifier that either doesn't belong or exist in the system.

OrganizationStateException:

The organization must have a valid state to perform certain operations on the organization or its members.

UnsupportedOperationException:

You can't perform a write operation against a read-only directory.

EntityStateException:

You are performing an operation on a user, group, or resource that isn't in the expected state, such as trying to delete an active user.

Shapes

AccessControlRule

Description

A rule that controls access to an WorkMail organization.

Members
Actions
Type: Array of strings

Access protocol actions to include in the rule. Valid values include ActiveSync, AutoDiscover, EWS, IMAP, SMTP, WindowsOutlook, and WebMail.

DateCreated
Type: timestamp (string|DateTime or anything parsable by strtotime)

The date that the rule was created.

DateModified
Type: timestamp (string|DateTime or anything parsable by strtotime)

The date that the rule was modified.

Description
Type: string

The rule description.

Effect
Type: string

The rule effect.

ImpersonationRoleIds
Type: Array of strings

Impersonation role IDs to include in the rule.

IpRanges
Type: Array of strings

IPv4 CIDR ranges to include in the rule.

Name
Type: string

The rule name.

NotActions
Type: Array of strings

Access protocol actions to exclude from the rule. Valid values include ActiveSync, AutoDiscover, EWS, IMAP, SMTP, WindowsOutlook, and WebMail.

NotImpersonationRoleIds
Type: Array of strings

Impersonation role IDs to exclude from the rule.

NotIpRanges
Type: Array of strings

IPv4 CIDR ranges to exclude from the rule.

NotUserIds
Type: Array of strings

User IDs to exclude from the rule.

UserIds
Type: Array of strings

User IDs to include in the rule.

AvailabilityConfiguration

Description

List all the AvailabilityConfiguration's for the given WorkMail organization.

Members
DateCreated
Type: timestamp (string|DateTime or anything parsable by strtotime)

The date and time at which the availability configuration was created.

DateModified
Type: timestamp (string|DateTime or anything parsable by strtotime)

The date and time at which the availability configuration was last modified.

DomainName
Type: string

Displays the domain to which the provider applies.

EwsProvider

If ProviderType is EWS, then this field contains RedactedEwsAvailabilityProvider. Otherwise, it is not required.

LambdaProvider
Type: LambdaAvailabilityProvider structure

If ProviderType is LAMBDA then this field contains LambdaAvailabilityProvider. Otherwise, it is not required.

ProviderType
Type: string

Displays the provider type that applies to this domain.

BookingOptions

Description

At least one delegate must be associated to the resource to disable automatic replies from the resource.

Members
AutoAcceptRequests
Type: boolean

The resource's ability to automatically reply to requests. If disabled, delegates must be associated to the resource.

AutoDeclineConflictingRequests
Type: boolean

The resource's ability to automatically decline any conflicting requests.

AutoDeclineRecurringRequests
Type: boolean

The resource's ability to automatically decline any recurring requests.

Delegate

Description

The name of the attribute, which is one of the values defined in the UserAttribute enumeration.

Members
Id
Required: Yes
Type: string

The identifier for the user or group associated as the resource's delegate.

Type
Required: Yes
Type: string

The type of the delegate: user or group.

DirectoryInUseException

Description

The directory is already in use by another WorkMail organization in the same account and Region.

Members
Message
Type: string

DirectoryServiceAuthenticationFailedException

Description

The directory service doesn't recognize the credentials supplied by WorkMail.

Members
Message
Type: string

DirectoryUnavailableException

Description

The directory is unavailable. It might be located in another Region or deleted.

Members
Message
Type: string

DnsRecord

Description

A DNS record uploaded to your DNS provider.

Members
Hostname
Type: string

The DNS hostname.- For example, domain.example.com.

Type
Type: string

The RFC 1035 record type. Possible values: CNAME, A, MX.

Value
Type: string

The value returned by the DNS for a query to that hostname and record type.

Domain

Description

The domain to associate with an WorkMail organization.

When you configure a domain hosted in Amazon Route 53 (Route 53), all recommended DNS records are added to the organization when you create it. For more information, see Adding a domain in the WorkMail Administrator Guide.

Members
DomainName
Required: Yes
Type: string

The fully qualified domain name.

HostedZoneId
Type: string

The hosted zone ID for a domain hosted in Route 53. Required when configuring a domain hosted in Route 53.

EmailAddressInUseException

Description

The email address that you're trying to assign is already created for a different user, group, or resource.

Members
Message
Type: string

EntityAlreadyRegisteredException

Description

The user, group, or resource that you're trying to register is already registered.

Members
Message
Type: string

EntityNotFoundException

Description

The identifier supplied for the user, group, or resource does not exist in your organization.

Members
Message
Type: string

EntityStateException

Description

You are performing an operation on a user, group, or resource that isn't in the expected state, such as trying to delete an active user.

Members
Message
Type: string

EwsAvailabilityProvider

Description

Describes an EWS based availability provider. This is only used as input to the service.

Members
EwsEndpoint
Required: Yes
Type: string

The endpoint of the remote EWS server.

EwsPassword
Required: Yes
Type: string

The password used to authenticate the remote EWS server.

EwsUsername
Required: Yes
Type: string

The username used to authenticate the remote EWS server.

FolderConfiguration

Description

The configuration applied to an organization's folders by its retention policy.

Members
Action
Required: Yes
Type: string

The action to take on the folder contents at the end of the folder configuration period.

Name
Required: Yes
Type: string

The folder name.

Period
Type: int

The number of days for which the folder-configuration action applies.

Group

Description

The representation of an WorkMail group.

Members
DisabledDate
Type: timestamp (string|DateTime or anything parsable by strtotime)

The date indicating when the group was disabled from WorkMail use.

Email
Type: string

The email of the group.

EnabledDate
Type: timestamp (string|DateTime or anything parsable by strtotime)

The date indicating when the group was enabled for WorkMail use.

Id
Type: string

The identifier of the group.

Name
Type: string

The name of the group.

State
Type: string

The state of the group, which can be ENABLED, DISABLED, or DELETED.

GroupIdentifier

Description

The identifier that contains the Group ID and name of a group.

Members
GroupId
Type: string

Group ID that matched the group.

GroupName
Type: string

Group name that matched the group.

ImpersonationMatchedRule

Description

The impersonation rule that matched the input.

Members
ImpersonationRuleId
Type: string

The ID of the rule that matched the input

Name
Type: string

The name of the rule that matched the input.

ImpersonationRole

Description

An impersonation role for the given WorkMail organization.

Members
DateCreated
Type: timestamp (string|DateTime or anything parsable by strtotime)

The date when the impersonation role was created.

DateModified
Type: timestamp (string|DateTime or anything parsable by strtotime)

The date when the impersonation role was last modified.

ImpersonationRoleId
Type: string

The identifier of the impersonation role.

Name
Type: string

The impersonation role name.

Type
Type: string

The impersonation role type.

ImpersonationRule

Description

The rules for the given impersonation role.

Members
Description
Type: string

The rule description.

Effect
Required: Yes
Type: string

The effect of the rule when it matches the input. Allowed effect values are ALLOW or DENY.

ImpersonationRuleId
Required: Yes
Type: string

The identifier of the rule.

Name
Type: string

The rule name.

NotTargetUsers
Type: Array of strings

A list of user IDs that don't match the rule.

TargetUsers
Type: Array of strings

A list of user IDs that match the rule.

InvalidConfigurationException

Description

The configuration for a resource isn't valid. A resource must either be able to auto-respond to requests or have at least one delegate associated that can do so on its behalf.

Members
Message
Type: string

InvalidCustomSesConfigurationException

Description

You SES configuration has customizations that WorkMail cannot save. The error message lists the invalid setting. For examples of invalid settings, refer to CreateReceiptRule.

Members
Message
Type: string

InvalidParameterException

Description

One or more of the input parameters don't match the service's restrictions.

Members
Message
Type: string

InvalidPasswordException

Description

The supplied password doesn't match the minimum security constraints, such as length or use of special characters.

Members
Message
Type: string

LambdaAvailabilityProvider

Description

Describes a Lambda based availability provider.

Members
LambdaArn
Required: Yes
Type: string

The Amazon Resource Name (ARN) of the Lambda that acts as the availability provider.

LimitExceededException

Description

The request exceeds the limit of the resource.

Members
Message
Type: string

ListGroupsFilters

Description

Filtering options for ListGroups operation. This is only used as input to Operation.

Members
NamePrefix
Type: string

Filters only groups with the provided name prefix.

PrimaryEmailPrefix
Type: string

Filters only groups with the provided primary email prefix.

State
Type: string

Filters only groups with the provided state.

ListGroupsForEntityFilters

Description

Filtering options for ListGroupsForEntity operation. This is only used as input to Operation.

Members
GroupNamePrefix
Type: string

Filters only group names that start with the provided name prefix.

ListResourcesFilters

Description

Filtering options for ListResources operation. This is only used as input to Operation.

Members
NamePrefix
Type: string

Filters only resource that start with the entered name prefix .

PrimaryEmailPrefix
Type: string

Filters only resource with the provided primary email prefix.

State
Type: string

Filters only resource with the provided state.

ListUsersFilters

Description

Filtering options for ListUsers operation. This is only used as input to Operation.

Members
DisplayNamePrefix
Type: string

Filters only users with the provided display name prefix.

PrimaryEmailPrefix
Type: string

Filters only users with the provided email prefix.

State
Type: string

Filters only users with the provided state.

UsernamePrefix
Type: string

Filters only users with the provided username prefix.

MailDomainInUseException

Description

The domain you're trying to change is in use by another user or organization in your account. See the error message for details.

Members
Message
Type: string

MailDomainNotFoundException

Description

The domain specified is not found in your organization.

Members
Message
Type: string

MailDomainStateException

Description

After a domain has been added to the organization, it must be verified. The domain is not yet verified.

Members
Message
Type: string

MailDomainSummary

Description

The data for a given domain.

Members
DefaultDomain
Type: boolean

Whether the domain is default or not.

DomainName
Type: string

The domain name.

MailboxExportJob

Description

The details of a mailbox export job, including the user or resource ID associated with the mailbox and the S3 bucket that the mailbox contents are exported to.

Members
Description
Type: string

The mailbox export job description.

EndTime
Type: timestamp (string|DateTime or anything parsable by strtotime)

The mailbox export job end timestamp.

EntityId
Type: string

The identifier of the user or resource associated with the mailbox.

EstimatedProgress
Type: int

The estimated progress of the mailbox export job, in percentage points.

JobId
Type: string

The identifier of the mailbox export job.

S3BucketName
Type: string

The name of the S3 bucket.

S3Path
Type: string

The path to the S3 bucket and file that the mailbox export job exports to.

StartTime
Type: timestamp (string|DateTime or anything parsable by strtotime)

The mailbox export job start timestamp.

State
Type: string

The state of the mailbox export job.

Member

Description

The representation of a user or group.

Members
DisabledDate
Type: timestamp (string|DateTime or anything parsable by strtotime)

The date indicating when the member was disabled from WorkMail use.

EnabledDate
Type: timestamp (string|DateTime or anything parsable by strtotime)

The date indicating when the member was enabled for WorkMail use.

Id
Type: string

The identifier of the member.

Name
Type: string

The name of the member.

State
Type: string

The state of the member, which can be ENABLED, DISABLED, or DELETED.

Type
Type: string

A member can be a user or group.

MobileDeviceAccessMatchedRule

Description

The rule that a simulated user matches.

Members
MobileDeviceAccessRuleId
Type: string

Identifier of the rule that a simulated user matches.

Name
Type: string

Name of a rule that a simulated user matches.

MobileDeviceAccessOverride

Description

The override object.

Members
DateCreated
Type: timestamp (string|DateTime or anything parsable by strtotime)

The date the override was first created.

DateModified
Type: timestamp (string|DateTime or anything parsable by strtotime)

The date the override was last modified.

Description
Type: string

A description of the override.

DeviceId
Type: string

The device to which the override applies.

Effect
Type: string

The effect of the override, ALLOW or DENY.

UserId
Type: string

The WorkMail user to which the access override applies.

MobileDeviceAccessRule

Description

A rule that controls access to mobile devices for an WorkMail group.

Members
DateCreated
Type: timestamp (string|DateTime or anything parsable by strtotime)

The date and time at which an access rule was created.

DateModified
Type: timestamp (string|DateTime or anything parsable by strtotime)

The date and time at which an access rule was modified.

Description
Type: string

The description of a mobile access rule.

DeviceModels
Type: Array of strings

Device models that a rule will match.

DeviceOperatingSystems
Type: Array of strings

Device operating systems that a rule will match.

DeviceTypes
Type: Array of strings

Device types that a rule will match.

DeviceUserAgents
Type: Array of strings

Device user agents that a rule will match.

Effect
Type: string

The effect of the rule when it matches. Allowed values are ALLOW or DENY.

MobileDeviceAccessRuleId
Type: string

The ID assigned to a mobile access rule.

Name
Type: string

The name of a mobile access rule.

NotDeviceModels
Type: Array of strings

Device models that a rule will not match. All other device models will match.

NotDeviceOperatingSystems
Type: Array of strings

Device operating systems that a rule will not match. All other device types will match.

NotDeviceTypes
Type: Array of strings

Device types that a rule will not match. All other device types will match.

NotDeviceUserAgents
Type: Array of strings

Device user agents that a rule will not match. All other device user agents will match.

NameAvailabilityException

Description

The user, group, or resource name isn't unique in WorkMail.

Members
Message
Type: string

OrganizationNotFoundException

Description

An operation received a valid organization identifier that either doesn't belong or exist in the system.

Members
Message
Type: string

OrganizationStateException

Description

The organization must have a valid state to perform certain operations on the organization or its members.

Members
Message
Type: string

OrganizationSummary

Description

The representation of an organization.

Members
Alias
Type: string

The alias associated with the organization.

DefaultMailDomain
Type: string

The default email domain associated with the organization.

ErrorMessage
Type: string

The error message associated with the organization. It is only present if unexpected behavior has occurred with regards to the organization. It provides insight or solutions regarding unexpected behavior.

OrganizationId
Type: string

The identifier associated with the organization.

State
Type: string

The state associated with the organization.

Permission

Description

Permission granted to a user, group, or resource to access a certain aspect of another user, group, or resource mailbox.

Members
GranteeId
Required: Yes
Type: string

The identifier of the user, group, or resource to which the permissions are granted.

GranteeType
Required: Yes
Type: string

The type of user, group, or resource referred to in GranteeId.

PermissionValues
Required: Yes
Type: Array of strings

The permissions granted to the grantee. SEND_AS allows the grantee to send email as the owner of the mailbox (the grantee is not mentioned on these emails). SEND_ON_BEHALF allows the grantee to send email on behalf of the owner of the mailbox (the grantee is not mentioned as the physical sender of these emails). FULL_ACCESS allows the grantee full access to the mailbox, irrespective of other folder-level permissions set on the mailbox.

RedactedEwsAvailabilityProvider

Description

Describes an EWS based availability provider when returned from the service. It does not contain the password of the endpoint.

Members
EwsEndpoint
Type: string

The endpoint of the remote EWS server.

EwsUsername
Type: string

The username used to authenticate the remote EWS server.

ReservedNameException

Description

This user, group, or resource name is not allowed in WorkMail.

Members
Message
Type: string

Resource

Description

The representation of a resource.

Members
Description
Type: string

Resource description.

DisabledDate
Type: timestamp (string|DateTime or anything parsable by strtotime)

The date indicating when the resource was disabled from WorkMail use.

Email
Type: string

The email of the resource.

EnabledDate
Type: timestamp (string|DateTime or anything parsable by strtotime)

The date indicating when the resource was enabled for WorkMail use.

Id
Type: string

The identifier of the resource.

Name
Type: string

The name of the resource.

State
Type: string

The state of the resource, which can be ENABLED, DISABLED, or DELETED.

Type
Type: string

The type of the resource: equipment or room.

ResourceNotFoundException

Description

The resource cannot be found.

Members
Message
Type: string

Tag

Description

Describes a tag applied to a resource.

Members
Key
Required: Yes
Type: string

The key of the tag.

Value
Required: Yes
Type: string

The value of the tag.

TooManyTagsException

Description

The resource can have up to 50 user-applied tags.

Members
Message
Type: string

UnsupportedOperationException

Description

You can't perform a write operation against a read-only directory.

Members
Message
Type: string

User

Description

The representation of an WorkMail user.

Members
DisabledDate
Type: timestamp (string|DateTime or anything parsable by strtotime)

The date indicating when the user was disabled from WorkMail use.

DisplayName
Type: string

The display name of the user.

Email
Type: string

The email of the user.

EnabledDate
Type: timestamp (string|DateTime or anything parsable by strtotime)

The date indicating when the user was enabled for WorkMail use.

Id
Type: string

The identifier of the user.

Name
Type: string

The name of the user.

State
Type: string

The state of the user, which can be ENABLED, DISABLED, or DELETED.

UserRole
Type: string

The role of the user.