:doc:`WorkMail <../../workmail>` / Client / create_impersonation_role

*************************
create_impersonation_role
*************************



.. py:method:: WorkMail.Client.create_impersonation_role(**kwargs)

  

  Creates an impersonation role for the given WorkMail organization.

   

  *Idempotency* ensures that an API request completes no more than one time. With an idempotent request, if the original request completes successfully, any subsequent retries also complete successfully without performing any further actions.

  

  See also: `AWS API Documentation <https://docs.aws.amazon.com/goto/WebAPI/workmail-2017-10-01/CreateImpersonationRole>`_  


  **Request Syntax**
  ::

    response = client.create_impersonation_role(
        ClientToken='string',
        OrganizationId='string',
        Name='string',
        Type='FULL_ACCESS'|'READ_ONLY',
        Description='string',
        Rules=[
            {
                'ImpersonationRuleId': 'string',
                'Name': 'string',
                'Description': 'string',
                'Effect': 'ALLOW'|'DENY',
                'TargetUsers': [
                    'string',
                ],
                'NotTargetUsers': [
                    'string',
                ]
            },
        ]
    )
    
  :type ClientToken: string
  :param ClientToken: 

    The idempotency token for the client request.

    This field is autopopulated if not provided.

  
  :type OrganizationId: string
  :param OrganizationId: **[REQUIRED]** 

    The WorkMail organization to create the new impersonation role within.

    

  
  :type Name: string
  :param Name: **[REQUIRED]** 

    The name of the new impersonation role.

    

  
  :type Type: string
  :param Type: **[REQUIRED]** 

    The impersonation role's type. The available impersonation role types are ``READ_ONLY`` or ``FULL_ACCESS``.

    

  
  :type Description: string
  :param Description: 

    The description of the new impersonation role.

    

  
  :type Rules: list
  :param Rules: **[REQUIRED]** 

    The list of rules for the impersonation role.

    

  
    - *(dict) --* 

      The rules for the given impersonation role.

      

    
      - **ImpersonationRuleId** *(string) --* **[REQUIRED]** 

        The identifier of the rule.

        

      
      - **Name** *(string) --* 

        The rule name.

        

      
      - **Description** *(string) --* 

        The rule description.

        

      
      - **Effect** *(string) --* **[REQUIRED]** 

        The effect of the rule when it matches the input. Allowed effect values are ``ALLOW`` or ``DENY``.

        

      
      - **TargetUsers** *(list) --* 

        A list of user IDs that match the rule.

        

      
        - *(string) --* 

        
    
      - **NotTargetUsers** *(list) --* 

        A list of user IDs that don't match the rule.

        

      
        - *(string) --* 

        
    
    

  
  :rtype: dict
  :returns: 
    
    **Response Syntax**

    
    ::

      {
          'ImpersonationRoleId': 'string'
      }
      
    **Response Structure**

    

    - *(dict) --* 
      

      - **ImpersonationRoleId** *(string) --* 

        The new impersonation role ID.

        
  
  **Exceptions**
  
  *   :py:class:`WorkMail.Client.exceptions.InvalidParameterException`

  
  *   :py:class:`WorkMail.Client.exceptions.OrganizationNotFoundException`

  
  *   :py:class:`WorkMail.Client.exceptions.OrganizationStateException`

  
  *   :py:class:`WorkMail.Client.exceptions.EntityNotFoundException`

  
  *   :py:class:`WorkMail.Client.exceptions.EntityStateException`

  
  *   :py:class:`WorkMail.Client.exceptions.LimitExceededException`

  