Smaws_Client_WorkMail.TypesYou can't perform a write operation against a read-only directory.
The organization must have a valid state to perform certain operations on the organization or its members.
An operation received a valid organization identifier that either doesn't belong or exist in the system.
One or more of the input parameters don't match the service's restrictions.
You are performing an operation on a user, group, or resource that isn't in the expected state, such as trying to delete an active user.
The identifier supplied for the user, group, or resource does not exist in your organization.
The directory is unavailable. It might be located in another Region or deleted.
The directory service doesn't recognize the credentials supplied by WorkMail.
type nonrec update_user_request = {identity_provider_user_id : identity_provider_user_id_for_update option;User ID from the IAM Identity Center. If this parameter is empty it will be updated automatically when the user logs in for the first time to the mailbox associated with WorkMail.
*)office : user_attribute option;Updates the user's office.
*)country : user_attribute option;Updates the user's country.
*)department : user_attribute option;Updates the user's department.
*)zip_code : user_attribute option;Updates the user's zip code.
*)company : user_attribute option;Updates the user's company.
*)city : user_attribute option;Updates the user's city.
*)job_title : user_attribute option;Updates the user's job title.
*)street : user_attribute option;Updates the user's street address.
*)telephone : user_attribute option;Updates the user's contact details.
*)initials : user_attribute option;Updates the user's initials.
*)last_name : user_attribute option;Updates the user's last name.
*)first_name : user_attribute option;Updates the user's first name.
*)display_name : user_attribute option;Updates the display name of the user.
*)role : user_role option;Updates the user role.
You cannot pass SYSTEM_USER or RESOURCE.
*)user_id : entity_identifier;The identifier for the user to be updated.
The identifier can be the UserId, Username, or email. The following identity formats are available:
organization_id : organization_id;The identifier for the organization under which the user exists.
*)}The user, group, or resource name isn't unique in WorkMail.
After a domain has been added to the organization, it must be verified. The domain is not yet verified.
The domain specified is not found in your organization.
The configuration for a resource isn't valid. A resource must either be able to auto-respond to requests or have at least one delegate associated that can do so on its behalf.
The email address that you're trying to assign is already created for a different user, group, or resource.
type nonrec booking_options = {auto_decline_conflicting_requests : boolean_ option;The resource's ability to automatically decline any conflicting requests.
*)auto_decline_recurring_requests : boolean_ option;The resource's ability to automatically decline any recurring requests.
*)auto_accept_requests : boolean_ option;The resource's ability to automatically reply to requests. If disabled, delegates must be associated to the resource.
*)}At least one delegate must be associated to the resource to disable automatic replies from the resource.
type nonrec update_resource_request = {type_ : resource_type option;Updates the resource type.
*)description : new_resource_description option;Updates the resource description.
*)booking_options : booking_options option;The resource's booking options to be updated.
*)name : resource_name option;The name of the resource to be updated.
*)resource_id : entity_identifier;The identifier of the resource to be updated.
The identifier can accept ResourceId, Resourcename, or email. The following identity formats are available:
organization_id : organization_id;The identifier associated with the organization for which the resource is updated.
*)}type nonrec update_primary_email_address_request = {email : email_address;The value of the email to be updated as primary.
*)entity_id : entity_identifier;The user, group, or resource to update.
The identifier can accept UseriD, ResourceId, or GroupId, Username, Resourcename, or Groupname, or email. The following identity formats are available:
organization_id : organization_id;The organization that contains the user, group, or resource to update.
*)}type nonrec device_type_list = device_type listtype nonrec device_model_list = device_model listtype nonrec device_operating_system_list = device_operating_system listtype nonrec device_user_agent_list = device_user_agent listtype nonrec update_mobile_device_access_rule_request = {not_device_user_agents : device_user_agent_list option;User agents that the updated rule will not match. All other user agents will match.
*)device_user_agents : device_user_agent_list option;User agents that the updated rule will match.
*)not_device_operating_systems : device_operating_system_list option;Device operating systems that the updated rule will not match. All other device operating systems will match.
*)device_operating_systems : device_operating_system_list option;Device operating systems that the updated rule will match.
*)not_device_models : device_model_list option;Device models that the updated rule will not match. All other device models will match.
*)device_models : device_model_list option;Device models that the updated rule will match.
*)not_device_types : device_type_list option;Device types that the updated rule will not match. All other device types will match.
*)device_types : device_type_list option;Device types that the updated rule will match.
*)effect_ : mobile_device_access_rule_effect;The effect of the rule when it matches. Allowed values are ALLOW or DENY.
description : mobile_device_access_rule_description option;The updated rule description.
*)name : mobile_device_access_rule_name;The updated rule name.
*)mobile_device_access_rule_id : mobile_device_access_rule_id;The identifier of the rule to be updated.
*)organization_id : organization_id;The WorkMail organization under which the rule will be updated.
*)}type nonrec update_mailbox_quota_request = {mailbox_quota : mailbox_quota;The updated mailbox quota, in MB, for the specified user.
*)user_id : entity_identifier;The identifer for the user for whom to update the mailbox quota.
The identifier can be the UserId, Username, or email. The following identity formats are available:
organization_id : organization_id;The identifier for the organization that contains the user for whom to update the mailbox quota.
*)}The resource cannot be found.
The request exceeds the limit of the resource.
type nonrec target_users = entity_identifier listtype nonrec impersonation_rule = {not_target_users : target_users option;A list of user IDs that don't match the rule.
*)target_users : target_users option;A list of user IDs that match the rule.
*)effect_ : access_effect;The effect of the rule when it matches the input. Allowed effect values are ALLOW or DENY.
description : impersonation_rule_description option;The rule description.
*)name : impersonation_rule_name option;The rule name.
*)impersonation_rule_id : impersonation_rule_id;The identifier of the rule.
*)}The rules for the given impersonation role.
type nonrec impersonation_rule_list = impersonation_rule listtype nonrec update_impersonation_role_request = {rules : impersonation_rule_list;The updated list of rules.
*)description : impersonation_role_description option;The updated impersonation role description.
*)type_ : impersonation_role_type;The updated impersonation role type.
*)name : impersonation_role_name;The updated impersonation role name.
*)impersonation_role_id : impersonation_role_id;The ID of the impersonation role to update.
*)organization_id : organization_id;The WorkMail organization that contains the impersonation role to update.
*)}type nonrec update_group_request = {group_id : entity_identifier;The identifier for the group to be updated.
The identifier can accept GroupId, Groupname, or email. The following identity formats are available:
organization_id : organization_id;The identifier for the organization under which the group exists.
*)}type nonrec update_default_mail_domain_request = {domain_name : work_mail_domain_name;The domain name that will become the default domain.
*)organization_id : organization_id;The WorkMail organization for which to list domains.
*)}type nonrec ews_availability_provider = {ews_password : password;The password used to authenticate the remote EWS server.
*)ews_username : external_user_name;The username used to authenticate the remote EWS server.
*)ews_endpoint : url;The endpoint of the remote EWS server.
*)}Describes an EWS based availability provider. This is only used as input to the service.
type nonrec lambda_availability_provider = {lambda_arn : lambda_arn;The Amazon Resource Name (ARN) of the Lambda that acts as the availability provider.
*)}Describes a Lambda based availability provider.
type nonrec update_availability_configuration_request = {lambda_provider : lambda_availability_provider option;The Lambda availability provider definition. The request must contain exactly one provider definition, either EwsProvider or LambdaProvider. The previously stored provider will be overridden by the one provided.
ews_provider : ews_availability_provider option;The EWS availability provider definition. The request must contain exactly one provider definition, either EwsProvider or LambdaProvider. The previously stored provider will be overridden by the one provided.
domain_name : domain_name;The domain to which the provider applies the availability configuration.
*)organization_id : organization_id;The WorkMail organization for which the AvailabilityConfiguration will be updated.
}type nonrec tag_key_list = tag_key listtype nonrec untag_resource_request = {tag_keys : tag_key_list;The tag keys.
*)resource_ar_n : amazon_resource_name;The resource ARN.
*)}type nonrec test_availability_configuration_request = {lambda_provider : lambda_availability_provider option;ews_provider : ews_availability_provider option;domain_name : domain_name option;The domain to which the provider applies. If this field is provided, a stored availability provider associated to this domain name will be tested.
*)organization_id : organization_id;The WorkMail organization where the availability provider will be tested.
*)}type nonrec tag_list = tag listtype nonrec start_mailbox_export_job_response = {job_id : mailbox_export_job_id option;The job ID.
*)}type nonrec start_mailbox_export_job_request = {s3_prefix : s3_object_key;The S3 bucket prefix.
*)s3_bucket_name : s3_bucket_name;The name of the S3 bucket.
*)kms_key_arn : kms_key_arn;The Amazon Resource Name (ARN) of the symmetric AWS Key Management Service (AWS KMS) key that encrypts the exported mailbox content.
*)role_arn : role_arn;The ARN of the AWS Identity and Access Management (IAM) role that grants write permission to the S3 bucket.
*)description : description option;The mailbox export job description.
*)entity_id : entity_identifier;The identifier of the user or resource associated with the mailbox.
The identifier can accept UserId or ResourceId, Username or Resourcename, or email. The following identity formats are available:
organization_id : organization_id;The identifier associated with the organization.
*)client_token : idempotency_client_token;The idempotency token for the client request.
*)}The supplied password doesn't match the minimum security constraints, such as length or use of special characters.
type nonrec reset_password_request = {password : password;The new password for the user.
*)user_id : work_mail_identifier;The identifier of the user for whom the password is reset.
*)organization_id : organization_id;The identifier of the organization that contains the user for which the password is reset.
*)}The user, group, or resource that you're trying to register is already registered.
type nonrec register_to_work_mail_request = {email : email_address;The email for the user, group, or resource to be updated.
*)entity_id : entity_identifier;The identifier for the user, group, or resource to be updated.
The identifier can accept UserId, ResourceId, or GroupId, or Username, Resourcename, or Groupname. The following identity formats are available:
organization_id : organization_id;The identifier for the organization under which the user, group, or resource exists.
*)}The domain you're trying to change is in use by another user or organization in your account. See the error message for details.
type nonrec register_mail_domain_request = {domain_name : work_mail_domain_name;The name of the mail domain to create in WorkMail and SES.
*)organization_id : organization_id;The WorkMail organization under which you're creating the domain.
*)client_token : idempotency_client_token option;Idempotency token used when retrying requests.
*)}type nonrec folder_configuration = {period : retention_period option;The number of days for which the folder-configuration action applies.
*)action : retention_action;The action to take on the folder contents at the end of the folder configuration period.
*)name : folder_name;The folder name.
*)}The configuration applied to an organization's folders by its retention policy.
type nonrec folder_configurations = folder_configuration listtype nonrec put_retention_policy_request = {folder_configurations : folder_configurations;The retention policy folder configurations.
*)description : policy_description option;The retention policy description.
*)name : short_string;The retention policy name.
*)id : short_string option;The retention policy ID.
*)organization_id : organization_id;The organization ID.
*)}type nonrec put_mobile_device_access_override_request = {description : mobile_device_access_rule_description option;A description of the override.
*)effect_ : mobile_device_access_rule_effect;The effect of the override, ALLOW or DENY.
device_id : device_id;The mobile device for which you create the override. DeviceId is case insensitive.
user_id : entity_identifier;The WorkMail user for which you create the override. Accepts the following types of user identities:
12345678-1234-1234-1234-123456789012 or S-1-1-12-1234567890-123456789-123456789-1234user@domain.tlduserorganization_id : organization_id;Identifies the WorkMail organization for which you create the override.
*)}type nonrec permission_values = permission_type listtype nonrec put_mailbox_permissions_request = {permission_values : permission_values;The permissions granted to the grantee. SEND_AS allows the grantee to send email as the owner of the mailbox (the grantee is not mentioned on these emails). SEND_ON_BEHALF allows the grantee to send email on behalf of the owner of the mailbox (the grantee is not mentioned as the physical sender of these emails). FULL_ACCESS allows the grantee full access to the mailbox, irrespective of other folder-level permissions set on the mailbox.
*)grantee_id : entity_identifier;The identifier of the user, group, or resource to which to grant the permissions.
The identifier can be UserId, ResourceID, or Group Id, Username, Resourcename, or Groupname, or email.
entity_id : entity_identifier;The identifier of the user or resource for which to update mailbox permissions.
The identifier can be UserId, ResourceID, or Group Id, Username, Resourcename, or Groupname, or email.
organization_id : organization_id;The identifier of the organization under which the user, group, or resource exists.
*)}type nonrec put_inbound_dmarc_settings_request = {enforced : boolean_object;Enforces or suspends a policy after it's applied.
*)organization_id : organization_id;The ID of the organization that you are applying the DMARC policy to.
*)}type nonrec identity_center_configuration = {application_arn : application_arn;The Amazon Resource Name (ARN) of IAMIdentity Center Application for WorkMail. Must be created by the WorkMail API, see CreateIdentityCenterApplication.
*)instance_arn : instance_arn;The Amazon Resource Name (ARN) of the of IAM Identity Center instance. Must be in the same AWS account and region as WorkMail organization.
*)}The IAM Identity Center configuration.
type nonrec personal_access_token_configuration = {lifetime_in_days : personal_access_token_lifetime_in_days option;The validity of the Personal Access Token status in days.
*)status : personal_access_token_configuration_status;The status of the Personal Access Token allowed for the organization.
}Displays the Personal Access Token status.
type nonrec put_identity_provider_configuration_request = {personal_access_token_configuration : personal_access_token_configuration;The details of the Personal Access Token configuration.
*)identity_center_configuration : identity_center_configuration;The details of the IAM Identity Center configuration.
*)authentication_mode : identity_provider_authentication_mode;The authentication mode used in WorkMail.
*)organization_id : organization_id;The ID of the WorkMail Organization.
*)}type nonrec put_email_monitoring_configuration_request = {log_group_arn : log_group_arn;The Amazon Resource Name (ARN) of the CloudWatch Log group associated with the email monitoring configuration.
*)role_arn : role_arn;The Amazon Resource Name (ARN) of the IAM Role associated with the email monitoring configuration.
*)organization_id : organization_id;The ID of the organization for which the email monitoring configuration is set.
*)}type nonrec ip_range_list = ip_range listtype nonrec actions_list = access_control_rule_action listtype nonrec user_id_list = work_mail_identifier listtype nonrec impersonation_role_id_list = impersonation_role_id listtype nonrec put_access_control_rule_request = {not_impersonation_role_ids : impersonation_role_id_list option;Impersonation role IDs to exclude from the rule.
*)impersonation_role_ids : impersonation_role_id_list option;Impersonation role IDs to include in the rule.
*)organization_id : organization_id;The identifier of the organization.
*)not_user_ids : user_id_list option;User IDs to exclude from the rule.
*)user_ids : user_id_list option;User IDs to include in the rule.
*)not_actions : actions_list option;Access protocol actions to exclude from the rule. Valid values include ActiveSync, AutoDiscover, EWS, IMAP, SMTP, WindowsOutlook, and WebMail.
actions : actions_list option;Access protocol actions to include in the rule. Valid values include ActiveSync, AutoDiscover, EWS, IMAP, SMTP, WindowsOutlook, and WebMail.
not_ip_ranges : ip_range_list option;IPv4 CIDR ranges to exclude from the rule.
*)ip_ranges : ip_range_list option;IPv4 CIDR ranges to include in the rule.
*)description : access_control_rule_description;The rule description.
*)effect_ : access_control_rule_effect;The rule effect.
*)name : access_control_rule_name;The rule name.
*)}type nonrec user = {identity_provider_identity_store_id : identity_provider_identity_store_id
option;Identity store ID from the IAM Identity Center. If this parameter is empty it will be updated automatically when the user logs in for the first time to the mailbox associated with WorkMail.
*)identity_provider_user_id : identity_provider_user_id option;User ID from the IAM Identity Center. If this parameter is empty it will be updated automatically when the user logs in for the first time to the mailbox associated with WorkMail.
*)disabled_date : timestamp option;The date indicating when the user was disabled from WorkMail use.
*)enabled_date : timestamp option;The date indicating when the user was enabled for WorkMail use.
*)user_role : user_role option;The role of the user.
*)state : entity_state option;The state of the user, which can be ENABLED, DISABLED, or DELETED.
*)display_name : string_ option;The display name of the user.
*)name : user_name option;The name of the user.
*)email : email_address option;The email of the user.
*)id : work_mail_identifier option;The identifier of the user.
*)}The representation of an WorkMail user.
type nonrec users = user listtype nonrec list_users_response = {next_token : next_token option;The token to use to retrieve the next page of results. This value is `null` when there are no more results to return.
*)users : users option;The overview of users for an organization.
*)}type nonrec list_users_filters = {identity_provider_user_id_prefix : identity_provider_user_id_prefix option;Filters only users with the ID from the IAM Identity Center.
*)state : entity_state option;Filters only users with the provided state.
*)primary_email_prefix : string_ option;Filters only users with the provided email prefix.
*)display_name_prefix : user_attribute option;Filters only users with the provided display name prefix.
*)username_prefix : string_ option;Filters only users with the provided username prefix.
*)}Filtering options for ListUsers operation. This is only used as input to Operation.
type nonrec list_users_request = {filters : list_users_filters option;Limit the user search results based on the filter criteria. You can only use one filter per request.
*)max_results : max_results option;The maximum number of results to return in a single call.
*)next_token : next_token option;The token to use to retrieve the next page of results. The first call does not contain any tokens.
*)organization_id : organization_id;The identifier for the organization under which the users exist.
*)}type nonrec resource = {description : resource_description option;Resource description.
*)disabled_date : timestamp option;The date indicating when the resource was disabled from WorkMail use.
*)enabled_date : timestamp option;The date indicating when the resource was enabled for WorkMail use.
*)state : entity_state option;The state of the resource, which can be ENABLED, DISABLED, or DELETED.
*)type_ : resource_type option;The type of the resource: equipment or room.
*)name : resource_name option;The name of the resource.
*)email : email_address option;The email of the resource.
*)id : work_mail_identifier option;The identifier of the resource.
*)}The representation of a resource.
type nonrec resources = resource listtype nonrec list_resources_response = {next_token : next_token option;The token used to paginate through all the organization's resources. While results are still available, it has an associated value. When the last page is reached, the token is empty.
*)resources : resources option;One page of the organization's resource representation.
*)}type nonrec list_resources_filters = {state : entity_state option;Filters only resource with the provided state.
*)primary_email_prefix : string_ option;Filters only resource with the provided primary email prefix.
*)name_prefix : string_ option;Filters only resource that start with the entered name prefix .
*)}Filtering options for ListResources operation. This is only used as input to Operation.
type nonrec list_resources_request = {filters : list_resources_filters option;Limit the resource search results based on the filter criteria. You can only use one filter per request.
*)max_results : max_results option;The maximum number of results to return in a single call.
*)next_token : next_token option;The token to use to retrieve the next page of results. The first call does not contain any tokens.
*)organization_id : organization_id;The identifier for the organization under which the resources exist.
*)}type nonrec delegate = {type_ : member_type;The type of the delegate: user or group.
*)id : string_;The identifier for the user or group associated as the resource's delegate.
*)}The name of the attribute, which is one of the values defined in the UserAttribute enumeration.
type nonrec resource_delegates = delegate listtype nonrec list_resource_delegates_response = {next_token : next_token option;The token used to paginate through the delegates associated with a resource. While results are still available, it has an associated value. When the last page is reached, the token is empty.
*)delegates : resource_delegates option;One page of the resource's delegates.
*)}type nonrec list_resource_delegates_request = {max_results : max_results option;The number of maximum results in a page.
*)next_token : next_token option;The token used to paginate through the delegates associated with a resource.
*)resource_id : entity_identifier;The identifier for the resource whose delegates are listed.
The identifier can accept ResourceId, Resourcename, or email. The following identity formats are available:
organization_id : organization_id;The identifier for the organization that contains the resource for which delegates are listed.
*)}type nonrec personal_access_token_scope_list = personal_access_token_scope listtype nonrec personal_access_token_summary = {scopes : personal_access_token_scope_list option;Lists all the Personal Access Token permissions for a mailbox.
*)expires_time : timestamp option;The date when the Personal Access Token will expire.
*)date_last_used : timestamp option;The date when the Personal Access Token was last used.
*)date_created : timestamp option;The date when the Personal Access Token was created.
*)name : personal_access_token_name option;The name of the Personal Access Token.
*)user_id : work_mail_identifier option;The user ID of the WorkMail user associated with the Personal Access Token.
*)personal_access_token_id : personal_access_token_id option;The ID of the Personal Access Token.
*)}The summary of the Personal Access Token.
type nonrec personal_access_token_summary_list =
personal_access_token_summary listtype nonrec list_personal_access_tokens_response = {personal_access_token_summaries : personal_access_token_summary_list option;Lists all the personal tokens in an organization or user, if user ID is provided.
*)next_token : next_token option;The token from the previous response to query the next page.
*)}type nonrec list_personal_access_tokens_request = {max_results : max_results option;The maximum amount of items that should be returned in a response.
*)next_token : next_token option;The token from the previous response to query the next page.
*)user_id : entity_identifier option;The WorkMail User ID.
*)organization_id : organization_id;The Organization ID.
*)}type nonrec organization_summary = {state : string_ option;The state associated with the organization.
*)error_message : string_ option;The error message associated with the organization. It is only present if unexpected behavior has occurred with regards to the organization. It provides insight or solutions regarding unexpected behavior.
*)default_mail_domain : domain_name option;The default email domain associated with the organization.
*)alias : organization_name option;The alias associated with the organization.
*)organization_id : organization_id option;The identifier associated with the organization.
*)}The representation of an organization.
type nonrec organization_summaries = organization_summary listtype nonrec list_organizations_response = {next_token : next_token option;The token to use to retrieve the next page of results. The value is "null" when there are no more results to return.
*)organization_summaries : organization_summaries option;The overview of owned organizations presented as a list of organization summaries.
*)}type nonrec list_organizations_request = {max_results : max_results option;The maximum number of results to return in a single call.
*)next_token : next_token option;The token to use to retrieve the next page of results. The first call does not contain any tokens.
*)}type nonrec mobile_device_access_rule = {date_modified : timestamp option;The date and time at which an access rule was modified.
*)date_created : timestamp option;The date and time at which an access rule was created.
*)not_device_user_agents : device_user_agent_list option;Device user agents that a rule will not match. All other device user agents will match.
*)device_user_agents : device_user_agent_list option;Device user agents that a rule will match.
*)not_device_operating_systems : device_operating_system_list option;Device operating systems that a rule will not match. All other device types will match.
*)device_operating_systems : device_operating_system_list option;Device operating systems that a rule will match.
*)not_device_models : device_model_list option;Device models that a rule will not match. All other device models will match.
*)device_models : device_model_list option;Device models that a rule will match.
*)not_device_types : device_type_list option;Device types that a rule will not match. All other device types will match.
*)device_types : device_type_list option;Device types that a rule will match.
*)effect_ : mobile_device_access_rule_effect option;The effect of the rule when it matches. Allowed values are ALLOW or DENY.
description : mobile_device_access_rule_description option;The description of a mobile access rule.
*)name : mobile_device_access_rule_name option;The name of a mobile access rule.
*)mobile_device_access_rule_id : mobile_device_access_rule_id option;The ID assigned to a mobile access rule.
*)}A rule that controls access to mobile devices for an WorkMail group.
type nonrec mobile_device_access_rules_list = mobile_device_access_rule listtype nonrec list_mobile_device_access_rules_response = {rules : mobile_device_access_rules_list option;The list of mobile device access rules that exist under the specified WorkMail organization.
*)}type nonrec list_mobile_device_access_rules_request = {organization_id : organization_id;The WorkMail organization for which to list the rules.
*)}type nonrec mobile_device_access_override = {date_modified : timestamp option;The date the override was last modified.
*)date_created : timestamp option;The date the override was first created.
*)description : mobile_device_access_rule_description option;A description of the override.
*)effect_ : mobile_device_access_rule_effect option;The effect of the override, ALLOW or DENY.
device_id : device_id option;The device to which the override applies.
*)user_id : work_mail_identifier option;The WorkMail user to which the access override applies.
*)}The override object.
type nonrec mobile_device_access_overrides_list =
mobile_device_access_override listtype nonrec list_mobile_device_access_overrides_response = {next_token : next_token option;The token to use to retrieve the next page of results. The value is “null” when there are no more results to return.
*)overrides : mobile_device_access_overrides_list option;The list of mobile device access overrides that exist for the specified WorkMail organization and user.
*)}type nonrec list_mobile_device_access_overrides_request = {max_results : max_results option;The maximum number of results to return in a single call.
*)next_token : next_token option;The token to use to retrieve the next page of results. The first call does not require a token.
*)device_id : device_id option;The mobile device to which the access override applies.
*)user_id : entity_identifier option;The WorkMail user under which you list the mobile device access overrides. Accepts the following types of user identities:
12345678-1234-1234-1234-123456789012 or S-1-1-12-1234567890-123456789-123456789-1234user@domain.tlduserorganization_id : organization_id;The WorkMail organization under which to list mobile device access overrides.
*)}type nonrec mail_domain_summary = {default_domain : boolean_ option;Whether the domain is default or not.
*)domain_name : domain_name option;The domain name.
*)}The data for a given domain.
type nonrec mail_domains = mail_domain_summary listtype nonrec list_mail_domains_response = {next_token : next_token option;The token to use to retrieve the next page of results. The value becomes null when there are no more results to return.
mail_domains : mail_domains option;The list of mail domain summaries, specifying domains that exist in the specified WorkMail organization, along with the information about whether the domain is or isn't the default.
*)}type nonrec list_mail_domains_request = {next_token : next_token option;The token to use to retrieve the next page of results. The first call does not require a token.
*)max_results : max_results option;The maximum number of results to return in a single call.
*)organization_id : organization_id;The WorkMail organization for which to list domains.
*)}type nonrec permission = {permission_values : permission_values;The permissions granted to the grantee. SEND_AS allows the grantee to send email as the owner of the mailbox (the grantee is not mentioned on these emails). SEND_ON_BEHALF allows the grantee to send email on behalf of the owner of the mailbox (the grantee is not mentioned as the physical sender of these emails). FULL_ACCESS allows the grantee full access to the mailbox, irrespective of other folder-level permissions set on the mailbox.
*)grantee_type : member_type;The type of user, group, or resource referred to in GranteeId.
*)grantee_id : work_mail_identifier;The identifier of the user, group, or resource to which the permissions are granted.
*)}Permission granted to a user, group, or resource to access a certain aspect of another user, group, or resource mailbox.
type nonrec permissions = permission listtype nonrec list_mailbox_permissions_response = {next_token : next_token option;The token to use to retrieve the next page of results. The value is "null" when there are no more results to return.
*)permissions : permissions option;One page of the user, group, or resource mailbox permissions.
*)}type nonrec list_mailbox_permissions_request = {max_results : max_results option;The maximum number of results to return in a single call.
*)next_token : next_token option;The token to use to retrieve the next page of results. The first call does not contain any tokens.
*)entity_id : entity_identifier;The identifier of the user, or resource for which to list mailbox permissions.
The entity ID can accept UserId or ResourceId, Username or Resourcename, or email.
organization_id : organization_id;The identifier of the organization under which the user, group, or resource exists.
*)}type nonrec mailbox_export_job = {end_time : timestamp option;The mailbox export job end timestamp.
*)start_time : timestamp option;The mailbox export job start timestamp.
*)state : mailbox_export_job_state option;The state of the mailbox export job.
*)estimated_progress : percentage option;The estimated progress of the mailbox export job, in percentage points.
*)s3_path : s3_object_key option;The path to the S3 bucket and file that the mailbox export job exports to.
*)s3_bucket_name : s3_bucket_name option;The name of the S3 bucket.
*)description : description option;The mailbox export job description.
*)entity_id : work_mail_identifier option;The identifier of the user or resource associated with the mailbox.
*)job_id : mailbox_export_job_id option;The identifier of the mailbox export job.
*)}The details of a mailbox export job, including the user or resource ID associated with the mailbox and the S3 bucket that the mailbox contents are exported to.
type nonrec jobs = mailbox_export_job listtype nonrec list_mailbox_export_jobs_response = {next_token : next_token option;The token to use to retrieve the next page of results.
*)jobs : jobs option;The mailbox export job details.
*)}type nonrec list_mailbox_export_jobs_request = {max_results : max_results option;The maximum number of results to return in a single call.
*)next_token : next_token option;The token to use to retrieve the next page of results.
*)organization_id : organization_id;The organization ID.
*)}type nonrec impersonation_role = {date_modified : timestamp option;The date when the impersonation role was last modified.
*)date_created : timestamp option;The date when the impersonation role was created.
*)type_ : impersonation_role_type option;The impersonation role type.
*)name : impersonation_role_name option;The impersonation role name.
*)impersonation_role_id : impersonation_role_id option;The identifier of the impersonation role.
*)}An impersonation role for the given WorkMail organization.
type nonrec impersonation_role_list = impersonation_role listtype nonrec list_impersonation_roles_response = {next_token : next_token option;The token to retrieve the next page of results. The value is null when there are no results to return.
roles : impersonation_role_list option;The list of impersonation roles under the given WorkMail organization.
*)}type nonrec list_impersonation_roles_request = {max_results : max_results option;The maximum number of results returned in a single call.
*)next_token : next_token option;The token used to retrieve the next page of results. The first call doesn't require a token.
*)organization_id : organization_id;The WorkMail organization to which the listed impersonation roles belong.
*)}type nonrec group_identifier = {group_name : group_name option;Group name that matched the group.
*)group_id : work_mail_identifier option;Group ID that matched the group.
*)}The identifier that contains the Group ID and name of a group.
type nonrec group_identifiers = group_identifier listtype nonrec list_groups_for_entity_response = {next_token : next_token option;The token to use to retrieve the next page of results. This value is `null` when there are no more results to return.
*)groups : group_identifiers option;The overview of groups in an organization.
*)}type nonrec list_groups_for_entity_filters = {group_name_prefix : string_ option;Filters only group names that start with the provided name prefix.
*)}Filtering options for ListGroupsForEntity operation. This is only used as input to Operation.
type nonrec list_groups_for_entity_request = {max_results : max_results option;The maximum number of results to return in a single call.
*)next_token : next_token option;The token to use to retrieve the next page of results. The first call does not contain any tokens.
*)filters : list_groups_for_entity_filters option;Limit the search results based on the filter criteria.
*)entity_id : entity_identifier;The identifier for the entity.
The entity ID can accept UserId or GroupID, Username or Groupname, or email.
organization_id : organization_id;The identifier for the organization under which the entity exists.
*)}type nonrec group = {disabled_date : timestamp option;The date indicating when the group was disabled from WorkMail use.
*)enabled_date : timestamp option;The date indicating when the group was enabled for WorkMail use.
*)state : entity_state option;The state of the group, which can be ENABLED, DISABLED, or DELETED.
*)name : group_name option;The name of the group.
*)email : email_address option;The email of the group.
*)id : work_mail_identifier option;The identifier of the group.
*)}The representation of an WorkMail group.
type nonrec groups = group listtype nonrec list_groups_response = {next_token : next_token option;The token to use to retrieve the next page of results. The value is "null" when there are no more results to return.
*)groups : groups option;The overview of groups for an organization.
*)}type nonrec list_groups_filters = {state : entity_state option;Filters only groups with the provided state.
*)primary_email_prefix : string_ option;Filters only groups with the provided primary email prefix.
*)name_prefix : string_ option;Filters only groups with the provided name prefix.
*)}Filtering options for ListGroups operation. This is only used as input to Operation.
type nonrec list_groups_request = {filters : list_groups_filters option;Limit the search results based on the filter criteria. Only one filter per request is supported.
*)max_results : max_results option;The maximum number of results to return in a single call.
*)next_token : next_token option;The token to use to retrieve the next page of results. The first call does not contain any tokens.
*)organization_id : organization_id;The identifier for the organization under which the groups exist.
*)}type nonrec member = {disabled_date : timestamp option;The date indicating when the member was disabled from WorkMail use.
*)enabled_date : timestamp option;The date indicating when the member was enabled for WorkMail use.
*)state : entity_state option;The state of the member, which can be ENABLED, DISABLED, or DELETED.
*)type_ : member_type option;A member can be a user or group.
*)name : string_ option;The name of the member.
*)id : string_ option;The identifier of the member.
*)}The representation of a user or group.
type nonrec members = member listtype nonrec list_group_members_response = {next_token : next_token option;The token to use to retrieve the next page of results. The first call does not contain any tokens.
*)members : members option;The members associated to the group.
*)}type nonrec list_group_members_request = {max_results : max_results option;The maximum number of results to return in a single call.
*)next_token : next_token option;The token to use to retrieve the next page of results. The first call does not contain any tokens.
*)group_id : entity_identifier;The identifier for the group to which the members (users or groups) are associated.
The identifier can accept GroupId, Groupname, or email. The following identity formats are available:
organization_id : organization_id;The identifier for the organization under which the group exists.
*)}type nonrec redacted_ews_availability_provider = {ews_username : external_user_name option;The username used to authenticate the remote EWS server.
*)ews_endpoint : url option;The endpoint of the remote EWS server.
*)}Describes an EWS based availability provider when returned from the service. It does not contain the password of the endpoint.
type nonrec availability_configuration = {date_modified : timestamp option;The date and time at which the availability configuration was last modified.
*)date_created : timestamp option;The date and time at which the availability configuration was created.
*)lambda_provider : lambda_availability_provider option;If ProviderType is LAMBDA then this field contains LambdaAvailabilityProvider. Otherwise, it is not required.
ews_provider : redacted_ews_availability_provider option;If ProviderType is EWS, then this field contains RedactedEwsAvailabilityProvider. Otherwise, it is not required.
provider_type : availability_provider_type option;Displays the provider type that applies to this domain.
*)domain_name : domain_name option;Displays the domain to which the provider applies.
*)}List all the AvailabilityConfiguration's for the given WorkMail organization.
type nonrec availability_configuration_list = availability_configuration listtype nonrec list_availability_configurations_response = {next_token : next_token option;The token to use to retrieve the next page of results. The value is null when there are no further results to return.
availability_configurations : availability_configuration_list option;The list of AvailabilityConfiguration's that exist for the specified WorkMail organization.
}type nonrec list_availability_configurations_request = {next_token : next_token option;The token to use to retrieve the next page of results. The first call does not require a token.
*)max_results : max_results option;The maximum number of results to return in a single call.
*)organization_id : organization_id;The WorkMail organization for which the AvailabilityConfiguration's will be listed.
}type nonrec aliases = email_address listtype nonrec list_aliases_response = {next_token : next_token option;The token to use to retrieve the next page of results. The value is "null" when there are no more results to return.
*)aliases : aliases option;The entity's paginated aliases.
*)}type nonrec list_aliases_request = {max_results : max_results option;The maximum number of results to return in a single call.
*)next_token : next_token option;The token to use to retrieve the next page of results. The first call does not contain any tokens.
*)entity_id : work_mail_identifier;The identifier for the entity for which to list the aliases.
*)organization_id : organization_id;The identifier for the organization under which the entity exists.
*)}type nonrec access_control_rule = {not_impersonation_role_ids : impersonation_role_id_list option;Impersonation role IDs to exclude from the rule.
*)impersonation_role_ids : impersonation_role_id_list option;Impersonation role IDs to include in the rule.
*)date_modified : timestamp option;The date that the rule was modified.
*)date_created : timestamp option;The date that the rule was created.
*)not_user_ids : user_id_list option;User IDs to exclude from the rule.
*)user_ids : user_id_list option;User IDs to include in the rule.
*)not_actions : actions_list option;Access protocol actions to exclude from the rule. Valid values include ActiveSync, AutoDiscover, EWS, IMAP, SMTP, WindowsOutlook, and WebMail.
actions : actions_list option;Access protocol actions to include in the rule. Valid values include ActiveSync, AutoDiscover, EWS, IMAP, SMTP, WindowsOutlook, and WebMail.
not_ip_ranges : ip_range_list option;IPv4 CIDR ranges to exclude from the rule.
*)ip_ranges : ip_range_list option;IPv4 CIDR ranges to include in the rule.
*)description : access_control_rule_description option;The rule description.
*)effect_ : access_control_rule_effect option;The rule effect.
*)name : access_control_rule_name option;The rule name.
*)}A rule that controls access to an WorkMail organization.
type nonrec access_control_rules_list = access_control_rule listtype nonrec list_access_control_rules_response = {rules : access_control_rules_list option;The access control rules.
*)}type nonrec list_access_control_rules_request = {organization_id : organization_id;The identifier for the organization.
*)}type nonrec get_personal_access_token_metadata_response = {scopes : personal_access_token_scope_list option;Lists all the Personal Access Token permissions for a mailbox.
*)expires_time : timestamp option;The time when the Personal Access Token ID will expire.
*)date_last_used : timestamp option;The date when the Personal Access Token ID was last used.
*)date_created : timestamp option;The date when the Personal Access Token ID was created.
*)name : personal_access_token_name option;The Personal Access Token name.
*)user_id : work_mail_identifier option;The WorkMail User ID.
*)personal_access_token_id : personal_access_token_id option;The Personal Access Token ID.
*)}type nonrec get_personal_access_token_metadata_request = {personal_access_token_id : personal_access_token_id;The Personal Access Token ID.
*)organization_id : organization_id;The Organization ID.
*)}type nonrec get_mobile_device_access_override_response = {date_modified : timestamp option;The date the description was last modified.
*)date_created : timestamp option;The date the override was first created.
*)description : mobile_device_access_rule_description option;A description of the override.
*)effect_ : mobile_device_access_rule_effect option;The effect of the override, ALLOW or DENY.
device_id : device_id option;The device to which the access override applies.
*)user_id : work_mail_identifier option;The WorkMail user to which the access override applies.
*)}type nonrec get_mobile_device_access_override_request = {device_id : device_id;The mobile device to which the override applies. DeviceId is case insensitive.
user_id : entity_identifier;Identifies the WorkMail user for the override. Accepts the following types of user identities:
12345678-1234-1234-1234-123456789012 or S-1-1-12-1234567890-123456789-123456789-1234user@domain.tlduserorganization_id : organization_id;The WorkMail organization to which you want to apply the override.
*)}type nonrec mobile_device_access_matched_rule = {name : mobile_device_access_rule_name option;Name of a rule that a simulated user matches.
*)mobile_device_access_rule_id : mobile_device_access_rule_id option;Identifier of the rule that a simulated user matches.
*)}The rule that a simulated user matches.
type nonrec mobile_device_access_matched_rule_list =
mobile_device_access_matched_rule listtype nonrec get_mobile_device_access_effect_response = {matched_rules : mobile_device_access_matched_rule_list option;A list of the rules which matched the simulated user input and produced the effect.
*)effect_ : mobile_device_access_rule_effect option;The effect of the simulated access, ALLOW or DENY, after evaluating mobile device access rules in the WorkMail organization for the simulated user parameters.
}type nonrec get_mobile_device_access_effect_request = {device_user_agent : device_user_agent option;Device user agent the simulated user will report.
*)device_operating_system : device_operating_system option;Device operating system the simulated user will report.
*)device_model : device_model option;Device model the simulated user will report.
*)device_type : device_type option;Device type the simulated user will report.
*)organization_id : organization_id;The WorkMail organization to simulate the access effect for.
*)}type nonrec dns_record = {value : string_ option;The value returned by the DNS for a query to that hostname and record type.
*)hostname : string_ option;The DNS hostname.- For example, domain.example.com.
type_ : string_ option;The RFC 1035 record type. Possible values: CNAME, A, MX.
}A DNS record uploaded to your DNS provider.
type nonrec dns_records = dns_record listtype nonrec get_mail_domain_response = {dkim_verification_status : dns_record_verification_status option;Indicates the status of a DKIM verification.
*)ownership_verification_status : dns_record_verification_status option;Indicates the status of the domain ownership verification.
*)is_default : boolean_ option;Specifies whether the domain is the default domain for your organization.
*)is_test_domain : boolean_ option;Specifies whether the domain is a test domain provided by WorkMail, or a custom domain.
*)records : dns_records option;A list of the DNS records that WorkMail recommends adding in your DNS provider for the best user experience. The records configure your domain with DMARC, SPF, DKIM, and direct incoming email traffic to SES. See admin guide for more details.
*)}type nonrec get_mail_domain_request = {domain_name : work_mail_domain_name;The domain from which you want to retrieve details.
*)organization_id : organization_id;The WorkMail organization for which the domain is retrieved.
*)}type nonrec get_mailbox_details_response = {mailbox_size : mailbox_size option;The current mailbox size, in MB, for the specified user.
*)mailbox_quota : mailbox_quota option;The maximum allowed mailbox size, in MB, for the specified user.
*)}type nonrec get_mailbox_details_request = {user_id : entity_identifier;The identifier for the user whose mailbox details are being requested.
The identifier can be the UserId, Username, or email. The following identity formats are available:
organization_id : organization_id;The identifier for the organization that contains the user whose mailbox details are being requested.
*)}type nonrec impersonation_matched_rule = {name : impersonation_rule_name option;The name of the rule that matched the input.
*)impersonation_rule_id : impersonation_rule_id option;The ID of the rule that matched the input
*)}The impersonation rule that matched the input.
type nonrec impersonation_matched_rule_list = impersonation_matched_rule listtype nonrec get_impersonation_role_effect_response = {matched_rules : impersonation_matched_rule_list option;A list of the rules that match the input and produce the configured effect.
*)effect_ : access_effect option;Effect of the impersonation role on the target user based on its rules. Available effects are ALLOW or DENY.
type_ : impersonation_role_type option;The impersonation role type.
*)}type nonrec get_impersonation_role_effect_request = {target_user : entity_identifier;The WorkMail organization user chosen to test the impersonation role. The following identity formats are available:
12345678-1234-1234-1234-123456789012 or S-1-1-12-1234567890-123456789-123456789-1234user@domain.tlduserimpersonation_role_id : impersonation_role_id;The impersonation role ID to test.
*)organization_id : organization_id;The WorkMail organization where the impersonation role is defined.
*)}type nonrec get_impersonation_role_response = {date_modified : timestamp option;The date when the impersonation role was last modified.
*)date_created : timestamp option;The date when the impersonation role was created.
*)rules : impersonation_rule_list option;The list of rules for the given impersonation role.
*)description : impersonation_role_description option;The impersonation role description.
*)type_ : impersonation_role_type option;The impersonation role type.
*)name : impersonation_role_name option;The impersonation role name.
*)impersonation_role_id : impersonation_role_id option;The impersonation role ID.
*)}type nonrec get_impersonation_role_request = {impersonation_role_id : impersonation_role_id;The impersonation role ID to retrieve.
*)organization_id : organization_id;The WorkMail organization from which to retrieve the impersonation role.
*)}type nonrec get_default_retention_policy_response = {folder_configurations : folder_configurations option;The retention policy folder configurations.
*)description : string_ option;The retention policy description.
*)name : short_string option;The retention policy name.
*)id : short_string option;The retention policy ID.
*)}type nonrec get_default_retention_policy_request = {organization_id : organization_id;The organization ID.
*)}type nonrec access_control_rule_name_list = access_control_rule_name listtype nonrec get_access_control_effect_response = {matched_rules : access_control_rule_name_list option;The rules that match the given parameters, resulting in an effect.
*)effect_ : access_control_rule_effect option;The rule effect.
*)}type nonrec get_access_control_effect_request = {impersonation_role_id : impersonation_role_id option;The impersonation role ID.
*)user_id : work_mail_identifier option;The user ID.
*)action : access_control_rule_action;The access protocol action. Valid values include ActiveSync, AutoDiscover, EWS, IMAP, SMTP, WindowsOutlook, and WebMail.
ip_address : ip_address;The IPv4 address.
*)organization_id : organization_id;The identifier for the organization.
*)}type nonrec disassociate_member_from_group_request = {member_id : entity_identifier;The identifier for the member to be removed from the group.
The member ID can accept UserID or GroupId, Username or Groupname, or email.
group_id : entity_identifier;The identifier for the group from which members are removed.
The identifier can accept GroupId, Groupname, or email. The following identity formats are available:
organization_id : organization_id;The identifier for the organization under which the group exists.
*)}type nonrec disassociate_delegate_from_resource_request = {entity_id : entity_identifier;The identifier for the member (user, group) to be removed from the resource's delegates.
The entity ID can accept UserId or GroupID, Username or Groupname, or email.
resource_id : entity_identifier;The identifier of the resource from which delegates' set members are removed.
The identifier can accept ResourceId, Resourcename, or email. The following identity formats are available:
organization_id : organization_id;The identifier for the organization under which the resource exists.
*)}type nonrec describe_user_response = {identity_provider_identity_store_id : identity_provider_identity_store_id
option;Identity Store ID from the IAM Identity Center. If this parameter is empty it will be updated automatically when the user logs in for the first time to the mailbox associated with WorkMail.
*)identity_provider_user_id : identity_provider_user_id option;User ID from the IAM Identity Center. If this parameter is empty it will be updated automatically when the user logs in for the first time to the mailbox associated with WorkMail.
*)office : user_attribute option;Office where the user is located.
*)country : user_attribute option;Country where the user is located.
*)department : user_attribute option;Department of the user.
*)zip_code : user_attribute option;Zip code of the user.
*)company : user_attribute option;Company of the user.
*)city : user_attribute option;City where the user is located.
*)job_title : user_attribute option;Job title of the user.
*)street : user_attribute option;Street where the user is located.
*)telephone : user_attribute option;User's contact number.
*)initials : user_attribute option;Initials of the user.
*)last_name : user_attribute option;Last name of the user.
*)first_name : user_attribute option;First name of the user.
*)mailbox_deprovisioned_date : timestamp option;The date when the mailbox was removed for the user.
*)mailbox_provisioned_date : timestamp option;The date when the mailbox was created for the user.
*)disabled_date : timestamp option;The date and time at which the user was disabled for WorkMail usage, in UNIX epoch time format.
*)enabled_date : timestamp option;The date and time at which the user was enabled for WorkMailusage, in UNIX epoch time format.
*)user_role : user_role option;In certain cases, other entities are modeled as users. If interoperability is enabled, resources are imported into WorkMail as users. Because different WorkMail organizations rely on different directory types, administrators can distinguish between an unregistered user (account is disabled and has a user role) and the directory administrators. The values are USER, RESOURCE, SYSTEM_USER, and REMOTE_USER.
*)state : entity_state option;The state of a user: enabled (registered to WorkMail) or disabled (deregistered or never registered to WorkMail).
*)display_name : user_attribute option;The display name of the user.
*)email : email_address option;The email of the user.
*)name : user_name option;The name for the user.
*)user_id : work_mail_identifier option;The identifier for the described user.
*)}type nonrec describe_user_request = {user_id : entity_identifier;The identifier for the user to be described.
The identifier can be the UserId, Username, or email. The following identity formats are available:
organization_id : organization_id;The identifier for the organization under which the user exists.
*)}type nonrec describe_resource_response = {description : resource_description option;Description of the resource.
*)disabled_date : timestamp option;The date and time when a resource was disabled from WorkMail, in UNIX epoch time format.
*)enabled_date : timestamp option;The date and time when a resource was enabled for WorkMail, in UNIX epoch time format.
*)state : entity_state option;The state of the resource: enabled (registered to WorkMail), disabled (deregistered or never registered to WorkMail), or deleted.
*)booking_options : booking_options option;The booking options for the described resource.
*)type_ : resource_type option;The type of the described resource.
*)name : resource_name option;The name of the described resource.
*)email : email_address option;The email of the described resource.
*)resource_id : resource_id option;The identifier of the described resource.
*)}type nonrec describe_resource_request = {resource_id : entity_identifier;The identifier of the resource to be described.
The identifier can accept ResourceId, Resourcename, or email. The following identity formats are available:
organization_id : organization_id;The identifier associated with the organization for which the resource is described.
*)}type nonrec describe_organization_response = {interoperability_enabled : boolean_ option;Indicates if interoperability is enabled for this organization.
*)migration_admin : work_mail_identifier option;The user ID of the migration admin if migration is enabled for the organization.
*)ar_n : amazon_resource_name option;The Amazon Resource Name (ARN) of the organization.
*)error_message : string_ option;(Optional) The error message indicating if unexpected behavior was encountered with regards to the organization.
*)completed_date : timestamp option;The date at which the organization became usable in the WorkMail context, in UNIX epoch time format.
*)default_mail_domain : string_ option;The default mail domain associated with the organization.
*)directory_type : string_ option;The type of directory associated with the WorkMail organization.
*)directory_id : string_ option;The identifier for the directory associated with an WorkMail organization.
*)state : string_ option;The state of an organization.
*)alias : organization_name option;The alias for an organization.
*)organization_id : organization_id option;The identifier of an organization.
*)}type nonrec describe_organization_request = {organization_id : organization_id;The identifier for the organization to be described.
*)}type nonrec describe_mailbox_export_job_response = {end_time : timestamp option;The mailbox export job end timestamp.
*)start_time : timestamp option;The mailbox export job start timestamp.
*)error_info : mailbox_export_error_info option;Error information for failed mailbox export jobs.
*)state : mailbox_export_job_state option;The state of the mailbox export job.
*)estimated_progress : percentage option;The estimated progress of the mailbox export job, in percentage points.
*)s3_path : s3_object_key option;The path to the S3 bucket and file that the mailbox export job is exporting to.
*)s3_prefix : s3_object_key option;The S3 bucket prefix.
*)s3_bucket_name : s3_bucket_name option;The name of the S3 bucket.
*)kms_key_arn : kms_key_arn option;The Amazon Resource Name (ARN) of the symmetric AWS Key Management Service (AWS KMS) key that encrypts the exported mailbox content.
*)role_arn : role_arn option;The ARN of the AWS Identity and Access Management (IAM) role that grants write permission to the Amazon Simple Storage Service (Amazon S3) bucket.
*)description : description option;The mailbox export job description.
*)entity_id : work_mail_identifier option;The identifier of the user or resource associated with the mailbox.
*)}type nonrec describe_mailbox_export_job_request = {organization_id : organization_id;The organization ID.
*)job_id : mailbox_export_job_id;The mailbox export job ID.
*)}type nonrec describe_inbound_dmarc_settings_response = {enforced : boolean_ option;Lists the enforcement setting of the applied policy.
*)}type nonrec describe_inbound_dmarc_settings_request = {organization_id : organization_id;Lists the ID of the given organization.
*)}type nonrec describe_identity_provider_configuration_response = {personal_access_token_configuration : personal_access_token_configuration
option;The details of the Personal Access Token configuration.
*)identity_center_configuration : identity_center_configuration option;The details of the IAM Identity Center configuration.
*)authentication_mode : identity_provider_authentication_mode option;The authentication mode used in WorkMail.
*)}type nonrec describe_identity_provider_configuration_request = {organization_id : organization_id;The Organization ID.
*)}type nonrec describe_group_response = {disabled_date : timestamp option;The date and time when a user was deregistered from WorkMail, in UNIX epoch time format.
*)enabled_date : timestamp option;The date and time when a user was registered to WorkMail, in UNIX epoch time format.
*)state : entity_state option;The state of the user: enabled (registered to WorkMail) or disabled (deregistered or never registered to WorkMail).
*)email : email_address option;The email of the described group.
*)name : group_name option;The name of the described group.
*)group_id : work_mail_identifier option;The identifier of the described group.
*)}type nonrec describe_group_request = {group_id : entity_identifier;The identifier for the group to be described.
The identifier can accept GroupId, Groupname, or email. The following identity formats are available:
organization_id : organization_id;The identifier for the organization under which the group exists.
*)}type nonrec describe_entity_response = {type_ : entity_type option;Entity type.
*)name : string_ option;Username, GroupName, or ResourceName based on entity type.
*)entity_id : work_mail_identifier option;The entity ID under which the entity exists.
*)}type nonrec describe_entity_request = {email : email_address;The email under which the entity exists.
*)organization_id : organization_id;The identifier for the organization under which the entity exists.
*)}type nonrec describe_email_monitoring_configuration_response = {log_group_arn : log_group_arn option;The Amazon Resource Name (ARN) of the CloudWatch Log group associated with the email monitoring configuration.
*)role_arn : role_arn option;The Amazon Resource Name (ARN) of the IAM Role associated with the email monitoring configuration.
*)}type nonrec describe_email_monitoring_configuration_request = {organization_id : organization_id;The ID of the organization for which the email monitoring configuration is described.
*)}You SES configuration has customizations that WorkMail cannot save. The error message lists the invalid setting. For examples of invalid settings, refer to CreateReceiptRule.
type nonrec deregister_mail_domain_request = {domain_name : work_mail_domain_name;The domain to deregister in WorkMail and SES.
*)organization_id : organization_id;The WorkMail organization for which the domain will be deregistered.
*)}type nonrec deregister_from_work_mail_request = {entity_id : entity_identifier;The identifier for the member to be updated.
The identifier can be UserId, ResourceId, or Group Id, Username, Resourcename, or Groupname, or email.
organization_id : organization_id;The identifier for the organization under which the WorkMail entity exists.
*)}type nonrec delete_user_request = {user_id : entity_identifier;The identifier of the user to be deleted.
The identifier can be the UserId or Username. The following identity formats are available:
organization_id : organization_id;The organization that contains the user to be deleted.
*)}type nonrec delete_retention_policy_request = {id : short_string;The retention policy ID.
*)organization_id : organization_id;The organization ID.
*)}type nonrec delete_resource_request = {resource_id : entity_identifier;The identifier of the resource to be deleted.
The identifier can accept ResourceId, or Resourcename. The following identity formats are available:
organization_id : organization_id;The identifier associated with the organization from which the resource is deleted.
*)}type nonrec delete_personal_access_token_request = {personal_access_token_id : personal_access_token_id;The Personal Access Token ID.
*)organization_id : organization_id;The Organization ID.
*)}type nonrec delete_organization_response = {state : string_ option;The state of the organization.
*)organization_id : organization_id option;The organization ID.
*)}type nonrec delete_organization_request = {delete_identity_center_application : boolean_ option;Deletes IAM Identity Center application for WorkMail. This action does not affect authentication settings for any organization.
*)force_delete : boolean_ option;Deletes a WorkMail organization even if the organization has enabled users.
*)delete_directory : boolean_;If true, deletes the AWS Directory Service directory associated with the organization.
*)organization_id : organization_id;The organization ID.
*)client_token : idempotency_client_token option;The idempotency token associated with the request.
*)}type nonrec delete_mobile_device_access_rule_request = {mobile_device_access_rule_id : mobile_device_access_rule_id;The identifier of the rule to be deleted.
*)organization_id : organization_id;The WorkMail organization under which the rule will be deleted.
*)}type nonrec delete_mobile_device_access_override_request = {device_id : device_id;The mobile device for which you delete the override. DeviceId is case insensitive.
user_id : entity_identifier;The WorkMail user for which you want to delete the override. Accepts the following types of user identities:
12345678-1234-1234-1234-123456789012 or S-1-1-12-1234567890-123456789-123456789-1234user@domain.tlduserorganization_id : organization_id;The WorkMail organization for which the access override will be deleted.
*)}type nonrec delete_mailbox_permissions_request = {grantee_id : entity_identifier;The identifier of the entity for which to delete granted permissions.
The identifier can be UserId, ResourceID, or Group Id, Username or Groupname, or email.
entity_id : entity_identifier;The identifier of the entity that owns the mailbox.
The identifier can be UserId or Group Id, Username or Groupname, or email.
organization_id : organization_id;The identifier of the organization under which the member (user or group) exists.
*)}type nonrec delete_impersonation_role_request = {impersonation_role_id : impersonation_role_id;The ID of the impersonation role to delete.
*)organization_id : organization_id;The WorkMail organization from which to delete the impersonation role.
*)}type nonrec delete_identity_provider_configuration_request = {organization_id : organization_id;The Organization ID.
*)}type nonrec delete_identity_center_application_request = {application_arn : application_arn;The Amazon Resource Name (ARN) of the application.
*)}type nonrec delete_group_request = {group_id : entity_identifier;The identifier of the group to be deleted.
The identifier can be the GroupId, or Groupname. The following identity formats are available:
organization_id : organization_id;The organization that contains the group.
*)}type nonrec delete_email_monitoring_configuration_request = {organization_id : organization_id;The ID of the organization from which the email monitoring configuration is deleted.
*)}type nonrec delete_availability_configuration_request = {domain_name : domain_name;The domain for which the AvailabilityConfiguration will be deleted.
organization_id : organization_id;The WorkMail organization for which the AvailabilityConfiguration will be deleted.
}type nonrec delete_alias_request = {alias : email_address;The aliases to be removed from the user's set of aliases. Duplicate entries in the list are collapsed into single entries (the list is transformed into a set).
*)entity_id : work_mail_identifier;The identifier for the member (user or group) from which to have the aliases removed.
*)organization_id : organization_id;The identifier for the organization under which the user exists.
*)}type nonrec delete_access_control_rule_request = {name : access_control_rule_name;The name of the access control rule.
*)organization_id : organization_id;The identifier for the organization.
*)}This user, group, or resource name is not allowed in WorkMail.
type nonrec create_user_response = {user_id : work_mail_identifier option;The identifier for the new user.
*)}type nonrec create_user_request = {identity_provider_user_id : identity_provider_user_id option;User ID from the IAM Identity Center. If this parameter is empty it will be updated automatically when the user logs in for the first time to the mailbox associated with WorkMail.
*)last_name : user_attribute option;The last name of the new user.
*)first_name : user_attribute option;The first name of the new user.
*)role : user_role option;The role of the new user.
You cannot pass SYSTEM_USER or RESOURCE role in a single request. When a user role is not selected, the default role of USER is selected.
*)password : password option;The password for the new user.
*)display_name : user_attribute;The display name for the new user.
*)name : user_name;The name for the new user. WorkMail directory user names have a maximum length of 64. All others have a maximum length of 20.
*)organization_id : organization_id;The identifier of the organization for which the user is created.
*)}type nonrec create_resource_response = {resource_id : resource_id option;The identifier of the new resource.
*)}type nonrec create_resource_request = {description : resource_description option;Resource description.
*)type_ : resource_type;The type of the new resource. The available types are equipment and room.
name : resource_name;The name of the new resource.
*)organization_id : organization_id;The identifier associated with the organization for which the resource is created.
*)}The directory is already in use by another WorkMail organization in the same account and Region.
type nonrec create_organization_response = {organization_id : organization_id option;The organization ID.
*)}type nonrec domain = {hosted_zone_id : hosted_zone_id option;The hosted zone ID for a domain hosted in Route 53. Required when configuring a domain hosted in Route 53.
*)domain_name : domain_name;The fully qualified domain name.
*)}The domain to associate with an WorkMail organization.
When you configure a domain hosted in Amazon Route 53 (Route 53), all recommended DNS records are added to the organization when you create it. For more information, see Adding a domain in the WorkMail Administrator Guide.
type nonrec domains = domain listtype nonrec create_organization_request = {enable_interoperability : boolean_ option;When true, allows organization interoperability between WorkMail and Microsoft Exchange. If true, you must include a AD Connector directory ID in the request.
kms_key_arn : kms_key_arn option;The Amazon Resource Name (ARN) of a customer managed key from AWS KMS.
*)domains : domains option;The email domains to associate with the organization.
*)client_token : idempotency_client_token option;The idempotency token associated with the request.
*)alias : organization_name;The organization alias.
*)directory_id : directory_id option;The AWS Directory Service directory ID.
*)}type nonrec create_mobile_device_access_rule_response = {mobile_device_access_rule_id : mobile_device_access_rule_id option;The identifier for the newly created mobile device access rule.
*)}type nonrec create_mobile_device_access_rule_request = {not_device_user_agents : device_user_agent_list option;Device user agents that the rule will not match. All other device user agents will match.
*)device_user_agents : device_user_agent_list option;Device user agents that the rule will match.
*)not_device_operating_systems : device_operating_system_list option;Device operating systems that the rule will not match. All other device operating systems will match.
*)device_operating_systems : device_operating_system_list option;Device operating systems that the rule will match.
*)not_device_models : device_model_list option;Device models that the rule will not match. All other device models will match.
*)device_models : device_model_list option;Device models that the rule will match.
*)not_device_types : device_type_list option;Device types that the rule will not match. All other device types will match.
*)device_types : device_type_list option;Device types that the rule will match.
*)effect_ : mobile_device_access_rule_effect;The effect of the rule when it matches. Allowed values are ALLOW or DENY.
description : mobile_device_access_rule_description option;The rule description.
*)name : mobile_device_access_rule_name;The rule name.
*)client_token : idempotency_client_token option;The idempotency token for the client request.
*)organization_id : organization_id;The WorkMail organization under which the rule will be created.
*)}type nonrec create_impersonation_role_response = {impersonation_role_id : impersonation_role_id option;The new impersonation role ID.
*)}type nonrec create_impersonation_role_request = {rules : impersonation_rule_list;The list of rules for the impersonation role.
*)description : impersonation_role_description option;The description of the new impersonation role.
*)type_ : impersonation_role_type;The impersonation role's type. The available impersonation role types are READ_ONLY or FULL_ACCESS.
name : impersonation_role_name;The name of the new impersonation role.
*)organization_id : organization_id;The WorkMail organization to create the new impersonation role within.
*)client_token : idempotency_client_token option;The idempotency token for the client request.
*)}type nonrec create_identity_center_application_response = {application_arn : application_arn option;The Amazon Resource Name (ARN) of the application.
*)}type nonrec create_identity_center_application_request = {client_token : idempotency_client_token option;The idempotency token associated with the request.
*)instance_arn : instance_arn;The Amazon Resource Name (ARN) of the instance.
*)name : identity_center_application_name;The name of the IAM Identity Center application.
*)}type nonrec create_group_response = {group_id : work_mail_identifier option;The identifier of the group.
*)}type nonrec create_group_request = {name : group_name;The name of the group.
*)organization_id : organization_id;The organization under which the group is to be created.
*)}type nonrec create_availability_configuration_request = {lambda_provider : lambda_availability_provider option;Lambda availability provider definition. The request must contain exactly one provider definition, either EwsProvider or LambdaProvider.
ews_provider : ews_availability_provider option;Exchange Web Services (EWS) availability provider definition. The request must contain exactly one provider definition, either EwsProvider or LambdaProvider.
domain_name : domain_name;The domain to which the provider applies.
*)organization_id : organization_id;The WorkMail organization for which the AvailabilityConfiguration will be created.
client_token : idempotency_client_token option;An idempotent token that ensures that an API request is executed only once.
*)}type nonrec create_alias_request = {alias : email_address;The alias to add to the member set.
*)entity_id : work_mail_identifier;The member (user or group) to which this alias is added.
*)organization_id : organization_id;The organization under which the member (user or group) exists.
*)}type nonrec cancel_mailbox_export_job_request = {organization_id : organization_id;The organization ID.
*)job_id : mailbox_export_job_id;The job ID.
*)client_token : idempotency_client_token;The idempotency token for the client request.
*)}type nonrec assume_impersonation_role_response = {expires_in : expires_in option;The authentication token's validity, in seconds.
*)token : impersonation_token option;The authentication token for the impersonation role.
*)}type nonrec assume_impersonation_role_request = {impersonation_role_id : impersonation_role_id;The impersonation role ID to assume.
*)organization_id : organization_id;The WorkMail organization under which the impersonation role will be assumed.
*)}type nonrec associate_member_to_group_request = {member_id : entity_identifier;The member (user or group) to associate to the group.
The member ID can accept UserID or GroupId, Username or Groupname, or email.
group_id : entity_identifier;The group to which the member (user or group) is associated.
The identifier can accept GroupId, Groupname, or email. The following identity formats are available:
organization_id : organization_id;The organization under which the group exists.
*)}type nonrec associate_delegate_to_resource_request = {entity_id : entity_identifier;The member (user or group) to associate to the resource.
The entity ID can accept UserId or GroupID, Username or Groupname, or email.
resource_id : entity_identifier;The resource for which members (users or groups) are associated.
The identifier can accept ResourceId, Resourcename, or email. The following identity formats are available:
organization_id : organization_id;The organization under which the resource exists.
*)}