PutAccessControlRule
Important
End of support notice: On March 31, 2027, AWS will end support for Amazon WorkMail. After March 31, 2027, you will no longer be able to access the WorkMail console or WorkMail resources. For more information, see Amazon WorkMail end of support.
Adds a new access control rule for the specified organization. The rule allows or denies access to the organization for the specified IPv4 addresses, access protocol actions, user IDs and impersonation IDs. Adding a new rule with the same name as an existing rule replaces the older rule.
Request Syntax
{
"Actions": [ "string" ],
"Description": "string",
"Effect": "string",
"ImpersonationRoleIds": [ "string" ],
"IpRanges": [ "string" ],
"Name": "string",
"NotActions": [ "string" ],
"NotImpersonationRoleIds": [ "string" ],
"NotIpRanges": [ "string" ],
"NotUserIds": [ "string" ],
"OrganizationId": "string",
"UserIds": [ "string" ]
}Request Parameters
For information about the parameters that are common to all actions, see Common Parameters.
The request accepts the following data in JSON format.
- Actions
-
Access protocol actions to include in the rule. Valid values include
ActiveSync,AutoDiscover,EWS,IMAP,SMTP,WindowsOutlook, andWebMail.Type: Array of strings
Array Members: Minimum number of 0 items. Maximum number of 10 items.
Length Constraints: Minimum length of 1. Maximum length of 64.
Pattern:
[a-zA-Z]+Required: No
- Description
-
The rule description.
Type: String
Length Constraints: Minimum length of 0. Maximum length of 255.
Pattern:
[\u0020-\u00FF]+Required: Yes
- Effect
-
The rule effect.
Type: String
Valid Values:
ALLOW | DENYRequired: Yes
- ImpersonationRoleIds
-
Impersonation role IDs to include in the rule.
Type: Array of strings
Array Members: Minimum number of 0 items. Maximum number of 10 items.
Length Constraints: Minimum length of 1. Maximum length of 64.
Pattern:
[a-zA-Z0-9_-]+Required: No
- IpRanges
-
IPv4 CIDR ranges to include in the rule.
Type: Array of strings
Array Members: Minimum number of 0 items. Maximum number of 1024 items.
Length Constraints: Minimum length of 1. Maximum length of 18.
Pattern:
^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])/([0-9]|[12][0-9]|3[0-2])$Required: No
- Name
-
The rule name.
Type: String
Length Constraints: Minimum length of 1. Maximum length of 64.
Pattern:
[a-zA-Z0-9_-]+Required: Yes
- NotActions
-
Access protocol actions to exclude from the rule. Valid values include
ActiveSync,AutoDiscover,EWS,IMAP,SMTP,WindowsOutlook, andWebMail.Type: Array of strings
Array Members: Minimum number of 0 items. Maximum number of 10 items.
Length Constraints: Minimum length of 1. Maximum length of 64.
Pattern:
[a-zA-Z]+Required: No
- NotImpersonationRoleIds
-
Impersonation role IDs to exclude from the rule.
Type: Array of strings
Array Members: Minimum number of 0 items. Maximum number of 10 items.
Length Constraints: Minimum length of 1. Maximum length of 64.
Pattern:
[a-zA-Z0-9_-]+Required: No
- NotIpRanges
-
IPv4 CIDR ranges to exclude from the rule.
Type: Array of strings
Array Members: Minimum number of 0 items. Maximum number of 1024 items.
Length Constraints: Minimum length of 1. Maximum length of 18.
Pattern:
^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])/([0-9]|[12][0-9]|3[0-2])$Required: No
- NotUserIds
-
User IDs to exclude from the rule.
Type: Array of strings
Array Members: Minimum number of 0 items. Maximum number of 10 items.
Length Constraints: Minimum length of 12. Maximum length of 256.
Required: No
- OrganizationId
-
The identifier of the organization.
Type: String
Length Constraints: Fixed length of 34.
Pattern:
^m-[0-9a-f]{32}$Required: Yes
- UserIds
-
User IDs to include in the rule.
Type: Array of strings
Array Members: Minimum number of 0 items. Maximum number of 10 items.
Length Constraints: Minimum length of 12. Maximum length of 256.
Required: No
Response Elements
If the action is successful, the service sends back an HTTP 200 response with an empty HTTP body.
Errors
For information about the errors that are common to all actions, see Common Error Types.
- EntityNotFoundException
-
Important
End of support notice: On March 31, 2027, AWS will end support for Amazon WorkMail. After March 31, 2027, you will no longer be able to access the WorkMail console or WorkMail resources. For more information, see Amazon WorkMail end of support.
The identifier supplied for the user, group, or resource does not exist in your organization.
HTTP Status Code: 400
- InvalidParameterException
-
Important
End of support notice: On March 31, 2027, AWS will end support for Amazon WorkMail. After March 31, 2027, you will no longer be able to access the WorkMail console or WorkMail resources. For more information, see Amazon WorkMail end of support.
One or more of the input parameters don't match the service's restrictions.
HTTP Status Code: 400
- LimitExceededException
-
Important
End of support notice: On March 31, 2027, AWS will end support for Amazon WorkMail. After March 31, 2027, you will no longer be able to access the WorkMail console or WorkMail resources. For more information, see Amazon WorkMail end of support.
The request exceeds the limit of the resource.
HTTP Status Code: 400
- OrganizationNotFoundException
-
Important
End of support notice: On March 31, 2027, AWS will end support for Amazon WorkMail. After March 31, 2027, you will no longer be able to access the WorkMail console or WorkMail resources. For more information, see Amazon WorkMail end of support.
An operation received a valid organization identifier that either doesn't belong or exist in the system.
HTTP Status Code: 400
- OrganizationStateException
-
Important
End of support notice: On March 31, 2027, AWS will end support for Amazon WorkMail. After March 31, 2027, you will no longer be able to access the WorkMail console or WorkMail resources. For more information, see Amazon WorkMail end of support.
The organization must have a valid state to perform certain operations on the organization or its members.
HTTP Status Code: 400
- ResourceNotFoundException
-
Important
End of support notice: On March 31, 2027, AWS will end support for Amazon WorkMail. After March 31, 2027, you will no longer be able to access the WorkMail console or WorkMail resources. For more information, see Amazon WorkMail end of support.
The resource cannot be found.
HTTP Status Code: 400
See Also
For more information about using this API in one of the language-specific AWS SDKs, see the following:
