create_impersonation_role

create_impersonation_role(**kwargs)

Creates an impersonation role for the given WorkMail organization.

Idempotency ensures that an API request completes no more than one time. With an idempotent request, if the original request completes successfully, any subsequent retries also complete successfully without performing any further actions.

See also: AWS API Documentation

Request Syntax

response = client.create_impersonation_role(
    ClientToken='string',
    OrganizationId='string',
    Name='string',
    Type='FULL_ACCESS'|'READ_ONLY',
    Description='string',
    Rules=[
        {
            'ImpersonationRuleId': 'string',
            'Name': 'string',
            'Description': 'string',
            'Effect': 'ALLOW'|'DENY',
            'TargetUsers': [
                'string',
            ],
            'NotTargetUsers': [
                'string',
            ]
        },
    ]
)
Parameters
  • ClientToken (string) --

    The idempotency token for the client request.

    This field is autopopulated if not provided.

  • OrganizationId (string) --

    [REQUIRED]

    The WorkMail organization to create the new impersonation role within.

  • Name (string) --

    [REQUIRED]

    The name of the new impersonation role.

  • Type (string) --

    [REQUIRED]

    The impersonation role's type. The available impersonation role types are READ_ONLY or FULL_ACCESS .

  • Description (string) -- The description of the new impersonation role.
  • Rules (list) --

    [REQUIRED]

    The list of rules for the impersonation role.

    • (dict) --

      The rules for the given impersonation role.

      • ImpersonationRuleId (string) -- [REQUIRED]

        The identifier of the rule.

      • Name (string) --

        The rule name.

      • Description (string) --

        The rule description.

      • Effect (string) -- [REQUIRED]

        The effect of the rule when it matches the input. Allowed effect values are ALLOW or DENY .

      • TargetUsers (list) --

        A list of user IDs that match the rule.

        • (string) --
      • NotTargetUsers (list) --

        A list of user IDs that don't match the rule.

        • (string) --
Return type

dict

Returns

Response Syntax

{
    'ImpersonationRoleId': 'string'
}

Response Structure

  • (dict) --

    • ImpersonationRoleId (string) --

      The new impersonation role ID.

Exceptions

  • WorkMail.Client.exceptions.InvalidParameterException
  • WorkMail.Client.exceptions.OrganizationNotFoundException
  • WorkMail.Client.exceptions.OrganizationStateException
  • WorkMail.Client.exceptions.EntityNotFoundException
  • WorkMail.Client.exceptions.EntityStateException
  • WorkMail.Client.exceptions.LimitExceededException