LinuxCommandLibrary

aws-workmail

Manage Amazon WorkMail organizations, users, and groups

TLDR

List all WorkMail organizations

$ aws workmail list-organizations
copy

List all users of a specific organization
$ aws workmail list-users --organization-id [organization_id]
copy

Create a WorkMail user in a specific organization
$ aws workmail create-user --name [username] --display-name [name] --password [password] --organization-id [organization_id]
copy

Register and enable a group/user to WorkMail
$ aws workmail register-to-work-mail --entity-id [entity_id] --email [email] --organization-id [organization_id]
copy

Create a WorkMail group in a specific organization
$ aws workmail create-group --name [group_name] --organization-id [organization_id]
copy

Associate a member to a specific group
$ aws workmail associate-member-to-group --group-id [group_id] --member-id [member_id] --organization-id [organization_id]
copy

Deregister and disable a user/group from WorkMail
$ aws workmail deregister-from-work-mail --entity-id [entity_id] --organization-id [organization_id]
copy

Delete a user from an organization
$ aws workmail delete-user --user-id [user_id] --organization-id [organization_id]
copy

SYNOPSIS

aws workmail subcommand [--organization-id value] [--max-results value] [--next-token value] [global-options]

PARAMETERS

--organization-id
    ID of the WorkMail organization (required for most subcommands).

--user-id
    ID of the user entity.

--entity-id
    ID of user, group, or resource.

--max-results
    Maximum results per page (1-100).

--next-token
    Pagination token from prior response.

--region
    AWS region (e.g., us-east-1).

--output
    Output format: json|text|table.

--profile
    Named profile from credentials file.

--debug
    Enable debug logging.

--help
    Show command help.

DESCRIPTION

The aws workmail command is a subcommand of the AWS Command Line Interface (CLI) for managing Amazon WorkMail, a secure, managed business email and calendaring service. It allows programmatic control over WorkMail organizations, users, groups, resources, aliases, domains, and mobile device policies.

Administrators use it to automate tasks like creating/deleting users, listing entities, associating domains, setting permissions, and generating reports. Operations are scoped to an organization ID and support pagination with --max-results and --next-token. Outputs are in JSON, text, or table format via --output.

Requires AWS CLI installed (v1.11+ or v2), configured credentials (IAM policies like WorkMailFullAccess), and appropriate regional endpoint. Integrates with AWS services like IAM, Directory Service, and Lambda for advanced workflows. Ideal for scripting user lifecycle management, compliance audits, and migrations from on-premises email systems.

Always verify permissions to avoid errors like AccessDeniedException.

CAVEATS

Requires AWS CLI and valid credentials; regional availability varies; rate limits apply; some actions irreversible (e.g., delete-user); idempotency tokens recommended for creates.

COMMON SUBCOMMANDS

list-organizations, create-user, list-users, delete-user, create-group, associate-domain, list-mailbox-permissions, put-mailbox-permission.
Use aws workmail help for details.

EXAMPLE USAGE

aws workmail list-users --organization-id m-1234567890abcdef0 --max-results 10
Retrieves up to 10 users in the organization.

HISTORY

Added to AWS CLI v1.11.36 (2016) post-WorkMail launch; enhanced in v2 with better JSON handling and async support; regular updates track service features like hybrid deployments.

SEE ALSO

aws(1), aws-ses(1), aws-directoryservice(1)

Copied to clipboard