Guides

WORKMAIL

docs.aws.amazon.com
AWS documentation

AssociateDelegateToResource

valid {
    input.Body.OrganizationId == STRING
    input.Body.ResourceId == STRING
    input.Body.EntityId == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

AssociateMemberToGroup

valid {
    input.Body.OrganizationId == STRING
    input.Body.GroupId == STRING
    input.Body.MemberId == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

AssumeImpersonationRole

valid {
    input.Body.OrganizationId == STRING
    input.Body.ImpersonationRoleId == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

CancelMailboxExportJob

valid {
    input.Body.ClientToken == STRING
    input.Body.JobId == STRING
    input.Body.OrganizationId == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

CreateAlias

valid {
    input.Body.OrganizationId == STRING
    input.Body.EntityId == STRING
    input.Body.Alias == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

CreateAvailabilityConfiguration

valid {
    input.Body.ClientToken == STRING
    input.Body.OrganizationId == STRING
    input.Body.DomainName == STRING
    input.Body.EwsProvider.EwsEndpoint == STRING
    input.Body.EwsProvider.EwsUsername == STRING
    input.Body.EwsProvider.EwsPassword == STRING
    input.Body.LambdaProvider.LambdaArn == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

CreateGroup

valid {
    input.Body.OrganizationId == STRING
    input.Body.Name == STRING
    input.Body.HiddenFromGlobalAddressList == BOOLEAN
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

CreateIdentityCenterApplication

valid {
    input.Body.Name == STRING
    input.Body.InstanceArn == STRING
    input.Body.ClientToken == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

CreateImpersonationRole

enum_AccessEffect := [ "ALLOW", "DENY" ]
enum_ImpersonationRoleType := [ "FULL_ACCESS", "READ_ONLY" ]

valid {
    input.Body.ClientToken == STRING
    input.Body.OrganizationId == STRING
    input.Body.Name == STRING
    input.Body.Type == enum_ImpersonationRoleType[_]
    input.Body.Description == STRING
    input.Body.Rules[_].ImpersonationRuleId == STRING
    input.Body.Rules[_].Name == STRING
    input.Body.Rules[_].Description == STRING
    input.Body.Rules[_].Effect == enum_AccessEffect[_]
    input.Body.Rules[_].TargetUsers[_] == STRING
    input.Body.Rules[_].NotTargetUsers[_] == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

CreateMobileDeviceAccessRule

enum_MobileDeviceAccessRuleEffect := [ "ALLOW", "DENY" ]

valid {
    input.Body.OrganizationId == STRING
    input.Body.ClientToken == STRING
    input.Body.Name == STRING
    input.Body.Description == STRING
    input.Body.Effect == enum_MobileDeviceAccessRuleEffect[_]
    input.Body.DeviceTypes[_] == STRING
    input.Body.NotDeviceTypes[_] == STRING
    input.Body.DeviceModels[_] == STRING
    input.Body.NotDeviceModels[_] == STRING
    input.Body.DeviceOperatingSystems[_] == STRING
    input.Body.NotDeviceOperatingSystems[_] == STRING
    input.Body.DeviceUserAgents[_] == STRING
    input.Body.NotDeviceUserAgents[_] == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

CreateOrganization

valid {
    input.Body.DirectoryId == STRING
    input.Body.Alias == STRING
    input.Body.ClientToken == STRING
    input.Body.Domains[_].DomainName == STRING
    input.Body.Domains[_].HostedZoneId == STRING
    input.Body.KmsKeyArn == STRING
    input.Body.EnableInteroperability == BOOLEAN
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

CreateResource

enum_ResourceType := [ "ROOM", "EQUIPMENT" ]

valid {
    input.Body.OrganizationId == STRING
    input.Body.Name == STRING
    input.Body.Type == enum_ResourceType[_]
    input.Body.Description == STRING
    input.Body.HiddenFromGlobalAddressList == BOOLEAN
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

CreateUser

enum_UserRole := [ "USER", "RESOURCE", "SYSTEM_USER", "REMOTE_USER" ]

valid {
    input.Body.OrganizationId == STRING
    input.Body.Name == STRING
    input.Body.DisplayName == STRING
    input.Body.Password == STRING
    input.Body.Role == enum_UserRole[_]
    input.Body.FirstName == STRING
    input.Body.LastName == STRING
    input.Body.HiddenFromGlobalAddressList == BOOLEAN
    input.Body.IdentityProviderUserId == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

DeleteAccessControlRule

valid {
    input.Body.OrganizationId == STRING
    input.Body.Name == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

DeleteAlias

valid {
    input.Body.OrganizationId == STRING
    input.Body.EntityId == STRING
    input.Body.Alias == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

DeleteAvailabilityConfiguration

valid {
    input.Body.OrganizationId == STRING
    input.Body.DomainName == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

DeleteEmailMonitoringConfiguration

valid {
    input.Body.OrganizationId == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

DeleteGroup

valid {
    input.Body.OrganizationId == STRING
    input.Body.GroupId == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

DeleteIdentityCenterApplication

valid {
    input.Body.ApplicationArn == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

DeleteIdentityProviderConfiguration

valid {
    input.Body.OrganizationId == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

DeleteImpersonationRole

valid {
    input.Body.OrganizationId == STRING
    input.Body.ImpersonationRoleId == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

DeleteMailboxPermissions

valid {
    input.Body.OrganizationId == STRING
    input.Body.EntityId == STRING
    input.Body.GranteeId == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

DeleteMobileDeviceAccessOverride

valid {
    input.Body.OrganizationId == STRING
    input.Body.UserId == STRING
    input.Body.DeviceId == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

DeleteMobileDeviceAccessRule

valid {
    input.Body.OrganizationId == STRING
    input.Body.MobileDeviceAccessRuleId == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

DeleteOrganization

valid {
    input.Body.ClientToken == STRING
    input.Body.OrganizationId == STRING
    input.Body.DeleteDirectory == BOOLEAN
    input.Body.ForceDelete == BOOLEAN
    input.Body.DeleteIdentityCenterApplication == BOOLEAN
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

DeletePersonalAccessToken

valid {
    input.Body.OrganizationId == STRING
    input.Body.PersonalAccessTokenId == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

DeleteResource

valid {
    input.Body.OrganizationId == STRING
    input.Body.ResourceId == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

DeleteRetentionPolicy

valid {
    input.Body.OrganizationId == STRING
    input.Body.Id == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

DeleteUser

valid {
    input.Body.OrganizationId == STRING
    input.Body.UserId == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

DeregisterFromWorkMail

valid {
    input.Body.OrganizationId == STRING
    input.Body.EntityId == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

DeregisterMailDomain

valid {
    input.Body.OrganizationId == STRING
    input.Body.DomainName == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

DescribeEmailMonitoringConfiguration

valid {
    input.Body.OrganizationId == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

DescribeEntity

valid {
    input.Body.OrganizationId == STRING
    input.Body.Email == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

DescribeGroup

valid {
    input.Body.OrganizationId == STRING
    input.Body.GroupId == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

DescribeIdentityProviderConfiguration

valid {
    input.Body.OrganizationId == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

DescribeInboundDmarcSettings

valid {
    input.Body.OrganizationId == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

DescribeMailboxExportJob

valid {
    input.Body.JobId == STRING
    input.Body.OrganizationId == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

DescribeOrganization

valid {
    input.Body.OrganizationId == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

DescribeResource

valid {
    input.Body.OrganizationId == STRING
    input.Body.ResourceId == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

DescribeUser

valid {
    input.Body.OrganizationId == STRING
    input.Body.UserId == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

DisassociateDelegateFromResource

valid {
    input.Body.OrganizationId == STRING
    input.Body.ResourceId == STRING
    input.Body.EntityId == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

DisassociateMemberFromGroup

valid {
    input.Body.OrganizationId == STRING
    input.Body.GroupId == STRING
    input.Body.MemberId == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

GetAccessControlEffect

valid {
    input.Body.OrganizationId == STRING
    input.Body.IpAddress == STRING
    input.Body.Action == STRING
    input.Body.UserId == STRING
    input.Body.ImpersonationRoleId == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

GetDefaultRetentionPolicy

valid {
    input.Body.OrganizationId == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

GetImpersonationRole

valid {
    input.Body.OrganizationId == STRING
    input.Body.ImpersonationRoleId == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

GetImpersonationRoleEffect

valid {
    input.Body.OrganizationId == STRING
    input.Body.ImpersonationRoleId == STRING
    input.Body.TargetUser == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

GetMailDomain

valid {
    input.Body.OrganizationId == STRING
    input.Body.DomainName == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

GetMailboxDetails

valid {
    input.Body.OrganizationId == STRING
    input.Body.UserId == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

GetMobileDeviceAccessEffect

valid {
    input.Body.OrganizationId == STRING
    input.Body.DeviceType == STRING
    input.Body.DeviceModel == STRING
    input.Body.DeviceOperatingSystem == STRING
    input.Body.DeviceUserAgent == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

GetMobileDeviceAccessOverride

valid {
    input.Body.OrganizationId == STRING
    input.Body.UserId == STRING
    input.Body.DeviceId == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

GetPersonalAccessTokenMetadata

valid {
    input.Body.OrganizationId == STRING
    input.Body.PersonalAccessTokenId == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

ListAccessControlRules

valid {
    input.Body.OrganizationId == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

ListAliases

valid {
    input.Body.OrganizationId == STRING
    input.Body.EntityId == STRING
    input.Body.NextToken == STRING
    input.Body.MaxResults == INTEGER
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

ListAvailabilityConfigurations

valid {
    input.Body.OrganizationId == STRING
    input.Body.MaxResults == INTEGER
    input.Body.NextToken == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

ListGroupMembers

valid {
    input.Body.OrganizationId == STRING
    input.Body.GroupId == STRING
    input.Body.NextToken == STRING
    input.Body.MaxResults == INTEGER
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

ListGroups

enum_EntityState := [ "ENABLED", "DISABLED", "DELETED" ]

valid {
    input.Body.OrganizationId == STRING
    input.Body.NextToken == STRING
    input.Body.MaxResults == INTEGER
    input.Body.Filters.NamePrefix == STRING
    input.Body.Filters.PrimaryEmailPrefix == STRING
    input.Body.Filters.State == enum_EntityState[_]
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

ListGroupsForEntity

valid {
    input.Body.OrganizationId == STRING
    input.Body.EntityId == STRING
    input.Body.Filters.GroupNamePrefix == STRING
    input.Body.NextToken == STRING
    input.Body.MaxResults == INTEGER
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

ListImpersonationRoles

valid {
    input.Body.OrganizationId == STRING
    input.Body.NextToken == STRING
    input.Body.MaxResults == INTEGER
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

ListMailDomains

valid {
    input.Body.OrganizationId == STRING
    input.Body.MaxResults == INTEGER
    input.Body.NextToken == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

ListMailboxExportJobs

valid {
    input.Body.OrganizationId == STRING
    input.Body.NextToken == STRING
    input.Body.MaxResults == INTEGER
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

ListMailboxPermissions

valid {
    input.Body.OrganizationId == STRING
    input.Body.EntityId == STRING
    input.Body.NextToken == STRING
    input.Body.MaxResults == INTEGER
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

ListMobileDeviceAccessOverrides

valid {
    input.Body.OrganizationId == STRING
    input.Body.UserId == STRING
    input.Body.DeviceId == STRING
    input.Body.NextToken == STRING
    input.Body.MaxResults == INTEGER
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

ListMobileDeviceAccessRules

valid {
    input.Body.OrganizationId == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

ListOrganizations

valid {
    input.Body.NextToken == STRING
    input.Body.MaxResults == INTEGER
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

ListPersonalAccessTokens

valid {
    input.Body.OrganizationId == STRING
    input.Body.UserId == STRING
    input.Body.NextToken == STRING
    input.Body.MaxResults == INTEGER
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

ListResourceDelegates

valid {
    input.Body.OrganizationId == STRING
    input.Body.ResourceId == STRING
    input.Body.NextToken == STRING
    input.Body.MaxResults == INTEGER
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

ListResources

enum_EntityState := [ "ENABLED", "DISABLED", "DELETED" ]

valid {
    input.Body.OrganizationId == STRING
    input.Body.NextToken == STRING
    input.Body.MaxResults == INTEGER
    input.Body.Filters.NamePrefix == STRING
    input.Body.Filters.PrimaryEmailPrefix == STRING
    input.Body.Filters.State == enum_EntityState[_]
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

ListTagsForResource

valid {
    input.Body.ResourceARN == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

ListUsers

enum_EntityState := [ "ENABLED", "DISABLED", "DELETED" ]

valid {
    input.Body.OrganizationId == STRING
    input.Body.NextToken == STRING
    input.Body.MaxResults == INTEGER
    input.Body.Filters.UsernamePrefix == STRING
    input.Body.Filters.DisplayNamePrefix == STRING
    input.Body.Filters.PrimaryEmailPrefix == STRING
    input.Body.Filters.State == enum_EntityState[_]
    input.Body.Filters.IdentityProviderUserIdPrefix == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

PutAccessControlRule

enum_AccessControlRuleEffect := [ "ALLOW", "DENY" ]

valid {
    input.Body.Name == STRING
    input.Body.Effect == enum_AccessControlRuleEffect[_]
    input.Body.Description == STRING
    input.Body.IpRanges[_] == STRING
    input.Body.NotIpRanges[_] == STRING
    input.Body.Actions[_] == STRING
    input.Body.NotActions[_] == STRING
    input.Body.UserIds[_] == STRING
    input.Body.NotUserIds[_] == STRING
    input.Body.OrganizationId == STRING
    input.Body.ImpersonationRoleIds[_] == STRING
    input.Body.NotImpersonationRoleIds[_] == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

PutEmailMonitoringConfiguration

valid {
    input.Body.OrganizationId == STRING
    input.Body.RoleArn == STRING
    input.Body.LogGroupArn == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

PutIdentityProviderConfiguration

enum_IdentityProviderAuthenticationMode := [ "IDENTITY_PROVIDER_ONLY", "IDENTITY_PROVIDER_AND_DIRECTORY" ]
enum_PersonalAccessTokenConfigurationStatus := [ "ACTIVE", "INACTIVE" ]

valid {
    input.Body.OrganizationId == STRING
    input.Body.AuthenticationMode == enum_IdentityProviderAuthenticationMode[_]
    input.Body.IdentityCenterConfiguration.InstanceArn == STRING
    input.Body.IdentityCenterConfiguration.ApplicationArn == STRING
    input.Body.PersonalAccessTokenConfiguration.Status == enum_PersonalAccessTokenConfigurationStatus[_]
    input.Body.PersonalAccessTokenConfiguration.LifetimeInDays == INTEGER
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

PutInboundDmarcSettings

valid {
    input.Body.OrganizationId == STRING
    input.Body.Enforced == BOOLEAN
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

PutMailboxPermissions

enum_PermissionType := [ "FULL_ACCESS", "SEND_AS", "SEND_ON_BEHALF" ]

valid {
    input.Body.OrganizationId == STRING
    input.Body.EntityId == STRING
    input.Body.GranteeId == STRING
    input.Body.PermissionValues[_] == enum_PermissionType[_]
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

PutMobileDeviceAccessOverride

enum_MobileDeviceAccessRuleEffect := [ "ALLOW", "DENY" ]

valid {
    input.Body.OrganizationId == STRING
    input.Body.UserId == STRING
    input.Body.DeviceId == STRING
    input.Body.Effect == enum_MobileDeviceAccessRuleEffect[_]
    input.Body.Description == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

PutRetentionPolicy

enum_FolderName := [ "INBOX", "DELETED_ITEMS", "SENT_ITEMS", "DRAFTS", "JUNK_EMAIL" ]
enum_RetentionAction := [ "NONE", "DELETE", "PERMANENTLY_DELETE" ]

valid {
    input.Body.OrganizationId == STRING
    input.Body.Id == STRING
    input.Body.Name == STRING
    input.Body.Description == STRING
    input.Body.FolderConfigurations[_].Name == enum_FolderName[_]
    input.Body.FolderConfigurations[_].Action == enum_RetentionAction[_]
    input.Body.FolderConfigurations[_].Period == INTEGER
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

RegisterMailDomain

valid {
    input.Body.ClientToken == STRING
    input.Body.OrganizationId == STRING
    input.Body.DomainName == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

RegisterToWorkMail

valid {
    input.Body.OrganizationId == STRING
    input.Body.EntityId == STRING
    input.Body.Email == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

ResetPassword

valid {
    input.Body.OrganizationId == STRING
    input.Body.UserId == STRING
    input.Body.Password == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

StartMailboxExportJob

valid {
    input.Body.ClientToken == STRING
    input.Body.OrganizationId == STRING
    input.Body.EntityId == STRING
    input.Body.Description == STRING
    input.Body.RoleArn == STRING
    input.Body.KmsKeyArn == STRING
    input.Body.S3BucketName == STRING
    input.Body.S3Prefix == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

TagResource

valid {
    input.Body.ResourceARN == STRING
    input.Body.Tags[_].Key == STRING
    input.Body.Tags[_].Value == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

TestAvailabilityConfiguration

valid {
    input.Body.OrganizationId == STRING
    input.Body.DomainName == STRING
    input.Body.EwsProvider.EwsEndpoint == STRING
    input.Body.EwsProvider.EwsUsername == STRING
    input.Body.EwsProvider.EwsPassword == STRING
    input.Body.LambdaProvider.LambdaArn == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

UntagResource

valid {
    input.Body.ResourceARN == STRING
    input.Body.TagKeys[_] == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

UpdateAvailabilityConfiguration

valid {
    input.Body.OrganizationId == STRING
    input.Body.DomainName == STRING
    input.Body.EwsProvider.EwsEndpoint == STRING
    input.Body.EwsProvider.EwsUsername == STRING
    input.Body.EwsProvider.EwsPassword == STRING
    input.Body.LambdaProvider.LambdaArn == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

UpdateDefaultMailDomain

valid {
    input.Body.OrganizationId == STRING
    input.Body.DomainName == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

UpdateGroup

valid {
    input.Body.OrganizationId == STRING
    input.Body.GroupId == STRING
    input.Body.HiddenFromGlobalAddressList == BOOLEAN
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

UpdateImpersonationRole

enum_AccessEffect := [ "ALLOW", "DENY" ]
enum_ImpersonationRoleType := [ "FULL_ACCESS", "READ_ONLY" ]

valid {
    input.Body.OrganizationId == STRING
    input.Body.ImpersonationRoleId == STRING
    input.Body.Name == STRING
    input.Body.Type == enum_ImpersonationRoleType[_]
    input.Body.Description == STRING
    input.Body.Rules[_].ImpersonationRuleId == STRING
    input.Body.Rules[_].Name == STRING
    input.Body.Rules[_].Description == STRING
    input.Body.Rules[_].Effect == enum_AccessEffect[_]
    input.Body.Rules[_].TargetUsers[_] == STRING
    input.Body.Rules[_].NotTargetUsers[_] == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

UpdateMailboxQuota

valid {
    input.Body.OrganizationId == STRING
    input.Body.UserId == STRING
    input.Body.MailboxQuota == INTEGER
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

UpdateMobileDeviceAccessRule

enum_MobileDeviceAccessRuleEffect := [ "ALLOW", "DENY" ]

valid {
    input.Body.OrganizationId == STRING
    input.Body.MobileDeviceAccessRuleId == STRING
    input.Body.Name == STRING
    input.Body.Description == STRING
    input.Body.Effect == enum_MobileDeviceAccessRuleEffect[_]
    input.Body.DeviceTypes[_] == STRING
    input.Body.NotDeviceTypes[_] == STRING
    input.Body.DeviceModels[_] == STRING
    input.Body.NotDeviceModels[_] == STRING
    input.Body.DeviceOperatingSystems[_] == STRING
    input.Body.NotDeviceOperatingSystems[_] == STRING
    input.Body.DeviceUserAgents[_] == STRING
    input.Body.NotDeviceUserAgents[_] == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

UpdatePrimaryEmailAddress

valid {
    input.Body.OrganizationId == STRING
    input.Body.EntityId == STRING
    input.Body.Email == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

UpdateResource

enum_ResourceType := [ "ROOM", "EQUIPMENT" ]

valid {
    input.Body.OrganizationId == STRING
    input.Body.ResourceId == STRING
    input.Body.Name == STRING
    input.Body.BookingOptions.AutoAcceptRequests == BOOLEAN
    input.Body.BookingOptions.AutoDeclineRecurringRequests == BOOLEAN
    input.Body.BookingOptions.AutoDeclineConflictingRequests == BOOLEAN
    input.Body.Description == STRING
    input.Body.Type == enum_ResourceType[_]
    input.Body.HiddenFromGlobalAddressList == BOOLEAN
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

UpdateUser

enum_UserRole := [ "USER", "RESOURCE", "SYSTEM_USER", "REMOTE_USER" ]

valid {
    input.Body.OrganizationId == STRING
    input.Body.UserId == STRING
    input.Body.Role == enum_UserRole[_]
    input.Body.DisplayName == STRING
    input.Body.FirstName == STRING
    input.Body.LastName == STRING
    input.Body.HiddenFromGlobalAddressList == BOOLEAN
    input.Body.Initials == STRING
    input.Body.Telephone == STRING
    input.Body.Street == STRING
    input.Body.JobTitle == STRING
    input.Body.City == STRING
    input.Body.Company == STRING
    input.Body.ZipCode == STRING
    input.Body.Department == STRING
    input.Body.Country == STRING
    input.Body.Office == STRING
    input.Body.IdentityProviderUserId == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}