aws-sdk-workmail 1.49.0 → 1.51.0

data/lib/aws-sdk-workmail/types.rb

@@ -10,7 +10,7 @@
 module Aws::WorkMail
   module Types
 
-    # A rule that controls access to an Amazon WorkMail organization.
+    # A rule that controls access to an WorkMail organization.
     #
     # @!attribute [rw] name
     #   The rule name.
@@ -60,6 +60,14 @@ module Aws::WorkMail
     #   The date that the rule was modified.
     #   @return [Time]
     #
+    # @!attribute [rw] impersonation_role_ids
+    #   Impersonation role IDs to include in the rule.
+    #   @return [Array<String>]
+    #
+    # @!attribute [rw] not_impersonation_role_ids
+    #   Impersonation role IDs to exclude from the rule.
+    #   @return [Array<String>]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/workmail-2017-10-01/AccessControlRule AWS API Documentation
     #
     class AccessControlRule < Struct.new(
@@ -73,7 +81,9 @@ module Aws::WorkMail
       :user_ids,
       :not_user_ids,
       :date_created,
-      :date_modified)
+      :date_modified,
+      :impersonation_role_ids,
+      :not_impersonation_role_ids)
       SENSITIVE = []
       include Aws::Structure
     end
@@ -148,6 +158,93 @@ module Aws::WorkMail
     #
     class AssociateMemberToGroupResponse < Aws::EmptyStructure; end
 
+    # @note When making an API call, you may pass AssumeImpersonationRoleRequest
+    #   data as a hash:
+    #
+    #       {
+    #         organization_id: "OrganizationId", # required
+    #         impersonation_role_id: "ImpersonationRoleId", # required
+    #       }
+    #
+    # @!attribute [rw] organization_id
+    #   The WorkMail organization under which the impersonation role will be
+    #   assumed.
+    #   @return [String]
+    #
+    # @!attribute [rw] impersonation_role_id
+    #   The impersonation role ID to assume.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/workmail-2017-10-01/AssumeImpersonationRoleRequest AWS API Documentation
+    #
+    class AssumeImpersonationRoleRequest < Struct.new(
+      :organization_id,
+      :impersonation_role_id)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # @!attribute [rw] token
+    #   The authentication token for the impersonation role.
+    #   @return [String]
+    #
+    # @!attribute [rw] expires_in
+    #   The authentication token's validity, in seconds.
+    #   @return [Integer]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/workmail-2017-10-01/AssumeImpersonationRoleResponse AWS API Documentation
+    #
+    class AssumeImpersonationRoleResponse < Struct.new(
+      :token,
+      :expires_in)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # List all the `AvailabilityConfiguration`'s for the given WorkMail
+    # organization.
+    #
+    # @!attribute [rw] domain_name
+    #   Displays the domain to which the provider applies.
+    #   @return [String]
+    #
+    # @!attribute [rw] provider_type
+    #   Displays the provider type that applies to this domain.
+    #   @return [String]
+    #
+    # @!attribute [rw] ews_provider
+    #   If `ProviderType` is `EWS`, then this field contains
+    #   `RedactedEwsAvailabilityProvider`. Otherwise, it is not required.
+    #   @return [Types::RedactedEwsAvailabilityProvider]
+    #
+    # @!attribute [rw] lambda_provider
+    #   If ProviderType is `LAMBDA` then this field contains
+    #   `LambdaAvailabilityProvider`. Otherwise, it is not required.
+    #   @return [Types::LambdaAvailabilityProvider]
+    #
+    # @!attribute [rw] date_created
+    #   The date and time at which the availability configuration was
+    #   created.
+    #   @return [Time]
+    #
+    # @!attribute [rw] date_modified
+    #   The date and time at which the availability configuration was last
+    #   modified.
+    #   @return [Time]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/workmail-2017-10-01/AvailabilityConfiguration AWS API Documentation
+    #
+    class AvailabilityConfiguration < Struct.new(
+      :domain_name,
+      :provider_type,
+      :ews_provider,
+      :lambda_provider,
+      :date_created,
+      :date_modified)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
     # At least one delegate must be associated to the resource to disable
     # automatic replies from the resource.
     #
@@ -258,6 +355,68 @@ module Aws::WorkMail
     #
     class CreateAliasResponse < Aws::EmptyStructure; end
 
+    # @note When making an API call, you may pass CreateAvailabilityConfigurationRequest
+    #   data as a hash:
+    #
+    #       {
+    #         client_token: "IdempotencyClientToken",
+    #         organization_id: "OrganizationId", # required
+    #         domain_name: "DomainName", # required
+    #         ews_provider: {
+    #           ews_endpoint: "Url", # required
+    #           ews_username: "ExternalUserName", # required
+    #           ews_password: "Password", # required
+    #         },
+    #         lambda_provider: {
+    #           lambda_arn: "LambdaArn", # required
+    #         },
+    #       }
+    #
+    # @!attribute [rw] client_token
+    #   An idempotent token that ensures that an API request is executed
+    #   only once.
+    #
+    #   **A suitable default value is auto-generated.** You should normally
+    #   not need to pass this option.
+    #   @return [String]
+    #
+    # @!attribute [rw] organization_id
+    #   The WorkMail organization for which the `AvailabilityConfiguration`
+    #   will be created.
+    #   @return [String]
+    #
+    # @!attribute [rw] domain_name
+    #   The domain to which the provider applies.
+    #   @return [String]
+    #
+    # @!attribute [rw] ews_provider
+    #   Exchange Web Services (EWS) availability provider definition. The
+    #   request must contain exactly one provider definition, either
+    #   `EwsProvider` or `LambdaProvider`.
+    #   @return [Types::EwsAvailabilityProvider]
+    #
+    # @!attribute [rw] lambda_provider
+    #   Lambda availability provider definition. The request must contain
+    #   exactly one provider definition, either `EwsProvider` or
+    #   `LambdaProvider`.
+    #   @return [Types::LambdaAvailabilityProvider]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/workmail-2017-10-01/CreateAvailabilityConfigurationRequest AWS API Documentation
+    #
+    class CreateAvailabilityConfigurationRequest < Struct.new(
+      :client_token,
+      :organization_id,
+      :domain_name,
+      :ews_provider,
+      :lambda_provider)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # @see http://docs.aws.amazon.com/goto/WebAPI/workmail-2017-10-01/CreateAvailabilityConfigurationResponse AWS API Documentation
+    #
+    class CreateAvailabilityConfigurationResponse < Aws::EmptyStructure; end
+
     # @note When making an API call, you may pass CreateGroupRequest
     #   data as a hash:
     #
@@ -295,6 +454,81 @@ module Aws::WorkMail
       include Aws::Structure
     end
 
+    # @note When making an API call, you may pass CreateImpersonationRoleRequest
+    #   data as a hash:
+    #
+    #       {
+    #         client_token: "IdempotencyClientToken",
+    #         organization_id: "OrganizationId", # required
+    #         name: "ImpersonationRoleName", # required
+    #         type: "FULL_ACCESS", # required, accepts FULL_ACCESS, READ_ONLY
+    #         description: "ImpersonationRoleDescription",
+    #         rules: [ # required
+    #           {
+    #             impersonation_rule_id: "ImpersonationRuleId", # required
+    #             name: "ImpersonationRuleName",
+    #             description: "ImpersonationRuleDescription",
+    #             effect: "ALLOW", # required, accepts ALLOW, DENY
+    #             target_users: ["EntityIdentifier"],
+    #             not_target_users: ["EntityIdentifier"],
+    #           },
+    #         ],
+    #       }
+    #
+    # @!attribute [rw] client_token
+    #   The idempotency token for the client request.
+    #
+    #   **A suitable default value is auto-generated.** You should normally
+    #   not need to pass this option.
+    #   @return [String]
+    #
+    # @!attribute [rw] organization_id
+    #   The WorkMail organization to create the new impersonation role
+    #   within.
+    #   @return [String]
+    #
+    # @!attribute [rw] name
+    #   The name of the new impersonation role.
+    #   @return [String]
+    #
+    # @!attribute [rw] type
+    #   The impersonation role's type. The available impersonation role
+    #   types are `READ_ONLY` or `FULL_ACCESS`.
+    #   @return [String]
+    #
+    # @!attribute [rw] description
+    #   The description of the new impersonation role.
+    #   @return [String]
+    #
+    # @!attribute [rw] rules
+    #   The list of rules for the impersonation role.
+    #   @return [Array<Types::ImpersonationRule>]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/workmail-2017-10-01/CreateImpersonationRoleRequest AWS API Documentation
+    #
+    class CreateImpersonationRoleRequest < Struct.new(
+      :client_token,
+      :organization_id,
+      :name,
+      :type,
+      :description,
+      :rules)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # @!attribute [rw] impersonation_role_id
+    #   The new impersonation role ID.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/workmail-2017-10-01/CreateImpersonationRoleResponse AWS API Documentation
+    #
+    class CreateImpersonationRoleResponse < Struct.new(
+      :impersonation_role_id)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
     # @note When making an API call, you may pass CreateMobileDeviceAccessRuleRequest
     #   data as a hash:
     #
@@ -315,8 +549,7 @@ module Aws::WorkMail
     #       }
     #
     # @!attribute [rw] organization_id
-    #   The Amazon WorkMail organization under which the rule will be
-    #   created.
+    #   The WorkMail organization under which the rule will be created.
     #   @return [String]
     #
     # @!attribute [rw] client_token
@@ -444,14 +677,14 @@ module Aws::WorkMail
     #   @return [Array<Types::Domain>]
     #
     # @!attribute [rw] kms_key_arn
-    #   The Amazon Resource Name (ARN) of a customer managed master key from
-    #   AWS KMS.
+    #   The Amazon Resource Name (ARN) of a customer managed key from AWS
+    #   KMS.
     #   @return [String]
     #
     # @!attribute [rw] enable_interoperability
-    #   When `true`, allows organization interoperability between Amazon
-    #   WorkMail and Microsoft Exchange. Can only be set to `true` if an AD
-    #   Connector directory ID is included in the request.
+    #   When `true`, allows organization interoperability between WorkMail
+    #   and Microsoft Exchange. If `true`, you must include a AD Connector
+    #   directory ID in the request.
     #   @return [Boolean]
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/workmail-2017-10-01/CreateOrganizationRequest AWS API Documentation
@@ -662,6 +895,37 @@ module Aws::WorkMail
     #
     class DeleteAliasResponse < Aws::EmptyStructure; end
 
+    # @note When making an API call, you may pass DeleteAvailabilityConfigurationRequest
+    #   data as a hash:
+    #
+    #       {
+    #         organization_id: "OrganizationId", # required
+    #         domain_name: "DomainName", # required
+    #       }
+    #
+    # @!attribute [rw] organization_id
+    #   The WorkMail organization for which the `AvailabilityConfiguration`
+    #   will be deleted.
+    #   @return [String]
+    #
+    # @!attribute [rw] domain_name
+    #   The domain for which the `AvailabilityConfiguration` will be
+    #   deleted.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/workmail-2017-10-01/DeleteAvailabilityConfigurationRequest AWS API Documentation
+    #
+    class DeleteAvailabilityConfigurationRequest < Struct.new(
+      :organization_id,
+      :domain_name)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # @see http://docs.aws.amazon.com/goto/WebAPI/workmail-2017-10-01/DeleteAvailabilityConfigurationResponse AWS API Documentation
+    #
+    class DeleteAvailabilityConfigurationResponse < Aws::EmptyStructure; end
+
     # @note When making an API call, you may pass DeleteEmailMonitoringConfigurationRequest
     #   data as a hash:
     #
@@ -715,6 +979,36 @@ module Aws::WorkMail
     #
     class DeleteGroupResponse < Aws::EmptyStructure; end
 
+    # @note When making an API call, you may pass DeleteImpersonationRoleRequest
+    #   data as a hash:
+    #
+    #       {
+    #         organization_id: "OrganizationId", # required
+    #         impersonation_role_id: "ImpersonationRoleId", # required
+    #       }
+    #
+    # @!attribute [rw] organization_id
+    #   The WorkMail organization from which to delete the impersonation
+    #   role.
+    #   @return [String]
+    #
+    # @!attribute [rw] impersonation_role_id
+    #   The ID of the impersonation role to delete.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/workmail-2017-10-01/DeleteImpersonationRoleRequest AWS API Documentation
+    #
+    class DeleteImpersonationRoleRequest < Struct.new(
+      :organization_id,
+      :impersonation_role_id)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # @see http://docs.aws.amazon.com/goto/WebAPI/workmail-2017-10-01/DeleteImpersonationRoleResponse AWS API Documentation
+    #
+    class DeleteImpersonationRoleResponse < Aws::EmptyStructure; end
+
     # @note When making an API call, you may pass DeleteMailboxPermissionsRequest
     #   data as a hash:
     #
@@ -762,8 +1056,8 @@ module Aws::WorkMail
     #       }
     #
     # @!attribute [rw] organization_id
-    #   The Amazon WorkMail organization for which the access override will
-    #   be deleted.
+    #   The WorkMail organization for which the access override will be
+    #   deleted.
     #   @return [String]
     #
     # @!attribute [rw] user_id
@@ -806,8 +1100,7 @@ module Aws::WorkMail
     #       }
     #
     # @!attribute [rw] organization_id
-    #   The Amazon WorkMail organization under which the rule will be
-    #   deleted.
+    #   The WorkMail organization under which the rule will be deleted.
     #   @return [String]
     #
     # @!attribute [rw] mobile_device_access_rule_id
@@ -976,8 +1269,8 @@ module Aws::WorkMail
     #       }
     #
     # @!attribute [rw] organization_id
-    #   The identifier for the organization under which the Amazon WorkMail
-    #   entity exists.
+    #   The identifier for the organization under which the WorkMail entity
+    #   exists.
     #   @return [String]
     #
     # @!attribute [rw] entity_id
@@ -1006,8 +1299,7 @@ module Aws::WorkMail
     #       }
     #
     # @!attribute [rw] organization_id
-    #   The Amazon WorkMail organization for which the domain will be
-    #   deregistered.
+    #   The WorkMail organization for which the domain will be deregistered.
     #   @return [String]
     #
     # @!attribute [rw] domain_name
@@ -1104,8 +1396,8 @@ module Aws::WorkMail
     #   @return [String]
     #
     # @!attribute [rw] state
-    #   The state of the user: enabled (registered to Amazon WorkMail) or
-    #   disabled (deregistered or never registered to WorkMail).
+    #   The state of the user: enabled (registered to WorkMail) or disabled
+    #   (deregistered or never registered to WorkMail).
     #   @return [String]
     #
     # @!attribute [rw] enabled_date
@@ -1291,7 +1583,7 @@ module Aws::WorkMail
     #   @return [String]
     #
     # @!attribute [rw] directory_id
-    #   The identifier for the directory associated with an Amazon WorkMail
+    #   The identifier for the directory associated with an WorkMail
     #   organization.
     #   @return [String]
     #
@@ -1380,7 +1672,7 @@ module Aws::WorkMail
     #   @return [Types::BookingOptions]
     #
     # @!attribute [rw] state
-    #   The state of the resource: enabled (registered to Amazon WorkMail),
+    #   The state of the resource: enabled (registered to WorkMail),
     #   disabled (deregistered or never registered to WorkMail), or deleted.
     #   @return [String]
     #
@@ -1451,28 +1743,28 @@ module Aws::WorkMail
     #   @return [String]
     #
     # @!attribute [rw] state
-    #   The state of a user: enabled (registered to Amazon WorkMail) or
-    #   disabled (deregistered or never registered to WorkMail).
+    #   The state of a user: enabled (registered to WorkMail) or disabled
+    #   (deregistered or never registered to WorkMail).
     #   @return [String]
     #
     # @!attribute [rw] user_role
     #   In certain cases, other entities are modeled as users. If
-    #   interoperability is enabled, resources are imported into Amazon
-    #   WorkMail as users. Because different WorkMail organizations rely on
-    #   different directory types, administrators can distinguish between an
+    #   interoperability is enabled, resources are imported into WorkMail as
+    #   users. Because different WorkMail organizations rely on different
+    #   directory types, administrators can distinguish between an
     #   unregistered user (account is disabled and has a user role) and the
     #   directory administrators. The values are USER, RESOURCE, and
     #   SYSTEM\_USER.
     #   @return [String]
     #
     # @!attribute [rw] enabled_date
-    #   The date and time at which the user was enabled for Amazon WorkMail
-    #   usage, in UNIX epoch time format.
+    #   The date and time at which the user was enabled for WorkMailusage,
+    #   in UNIX epoch time format.
     #   @return [Time]
     #
     # @!attribute [rw] disabled_date
-    #   The date and time at which the user was disabled for Amazon WorkMail
-    #   usage, in UNIX epoch time format.
+    #   The date and time at which the user was disabled for WorkMail usage,
+    #   in UNIX epoch time format.
     #   @return [Time]
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/workmail-2017-10-01/DescribeUserResponse AWS API Documentation
@@ -1629,12 +1921,12 @@ module Aws::WorkMail
       include Aws::Structure
     end
 
-    # The domain to associate with an Amazon WorkMail organization.
+    # The domain to associate with an WorkMail organization.
     #
     # When you configure a domain hosted in Amazon Route 53 (Route 53), all
     # recommended DNS records are added to the organization when you create
-    # it. For more information, see [Adding a domain][1] in the *Amazon
-    # WorkMail Administrator Guide*.
+    # it. For more information, see [Adding a domain][1] in the *WorkMail
+    # Administrator Guide*.
     #
     #
     #
@@ -1722,6 +2014,40 @@ module Aws::WorkMail
       include Aws::Structure
     end
 
+    # Describes an EWS based availability provider. This is only used as
+    # input to the service.
+    #
+    # @note When making an API call, you may pass EwsAvailabilityProvider
+    #   data as a hash:
+    #
+    #       {
+    #         ews_endpoint: "Url", # required
+    #         ews_username: "ExternalUserName", # required
+    #         ews_password: "Password", # required
+    #       }
+    #
+    # @!attribute [rw] ews_endpoint
+    #   The endpoint of the remote EWS server.
+    #   @return [String]
+    #
+    # @!attribute [rw] ews_username
+    #   The username used to authenticate the remote EWS server.
+    #   @return [String]
+    #
+    # @!attribute [rw] ews_password
+    #   The password used to authenticate the remote EWS server.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/workmail-2017-10-01/EwsAvailabilityProvider AWS API Documentation
+    #
+    class EwsAvailabilityProvider < Struct.new(
+      :ews_endpoint,
+      :ews_username,
+      :ews_password)
+      SENSITIVE = [:ews_password]
+      include Aws::Structure
+    end
+
     # The configuration applied to an organization's folders by its
     # retention policy.
     #
@@ -1765,7 +2091,8 @@ module Aws::WorkMail
     #         organization_id: "OrganizationId", # required
     #         ip_address: "IpAddress", # required
     #         action: "AccessControlRuleAction", # required
-    #         user_id: "WorkMailIdentifier", # required
+    #         user_id: "WorkMailIdentifier",
+    #         impersonation_role_id: "ImpersonationRoleId",
     #       }
     #
     # @!attribute [rw] organization_id
@@ -1786,13 +2113,18 @@ module Aws::WorkMail
     #   The user ID.
     #   @return [String]
     #
+    # @!attribute [rw] impersonation_role_id
+    #   The impersonation role ID.
+    #   @return [String]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/workmail-2017-10-01/GetAccessControlEffectRequest AWS API Documentation
     #
     class GetAccessControlEffectRequest < Struct.new(
       :organization_id,
       :ip_address,
       :action,
-      :user_id)
+      :user_id,
+      :impersonation_role_id)
       SENSITIVE = []
       include Aws::Structure
     end
@@ -1860,6 +2192,138 @@ module Aws::WorkMail
       include Aws::Structure
     end
 
+    # @note When making an API call, you may pass GetImpersonationRoleEffectRequest
+    #   data as a hash:
+    #
+    #       {
+    #         organization_id: "OrganizationId", # required
+    #         impersonation_role_id: "ImpersonationRoleId", # required
+    #         target_user: "EntityIdentifier", # required
+    #       }
+    #
+    # @!attribute [rw] organization_id
+    #   The WorkMail organization where the impersonation role is defined.
+    #   @return [String]
+    #
+    # @!attribute [rw] impersonation_role_id
+    #   The impersonation role ID to test.
+    #   @return [String]
+    #
+    # @!attribute [rw] target_user
+    #   The WorkMail organization user chosen to test the impersonation
+    #   role. The following identity formats are available:
+    #
+    #   * User ID: `12345678-1234-1234-1234-123456789012` or
+    #     `S-1-1-12-1234567890-123456789-123456789-1234`
+    #
+    #   * Email address: `user@domain.tld`
+    #
+    #   * User name: `user`
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/workmail-2017-10-01/GetImpersonationRoleEffectRequest AWS API Documentation
+    #
+    class GetImpersonationRoleEffectRequest < Struct.new(
+      :organization_id,
+      :impersonation_role_id,
+      :target_user)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # @!attribute [rw] type
+    #   The impersonation role type.
+    #   @return [String]
+    #
+    # @!attribute [rw] effect
+    #   `Effect of the impersonation role on the target user based on its
+    #   rules. Available effects are ALLOW or DENY.</p>
+    #   `
+    #   @return [String]
+    #
+    # @!attribute [rw] matched_rules
+    #   A list of the rules that match the input and produce the configured
+    #   effect.
+    #   @return [Array<Types::ImpersonationMatchedRule>]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/workmail-2017-10-01/GetImpersonationRoleEffectResponse AWS API Documentation
+    #
+    class GetImpersonationRoleEffectResponse < Struct.new(
+      :type,
+      :effect,
+      :matched_rules)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # @note When making an API call, you may pass GetImpersonationRoleRequest
+    #   data as a hash:
+    #
+    #       {
+    #         organization_id: "OrganizationId", # required
+    #         impersonation_role_id: "ImpersonationRoleId", # required
+    #       }
+    #
+    # @!attribute [rw] organization_id
+    #   The WorkMail organization from which to retrieve the impersonation
+    #   role.
+    #   @return [String]
+    #
+    # @!attribute [rw] impersonation_role_id
+    #   The impersonation role ID to retrieve.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/workmail-2017-10-01/GetImpersonationRoleRequest AWS API Documentation
+    #
+    class GetImpersonationRoleRequest < Struct.new(
+      :organization_id,
+      :impersonation_role_id)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # @!attribute [rw] impersonation_role_id
+    #   The impersonation role ID.
+    #   @return [String]
+    #
+    # @!attribute [rw] name
+    #   The impersonation role name.
+    #   @return [String]
+    #
+    # @!attribute [rw] type
+    #   The impersonation role type.
+    #   @return [String]
+    #
+    # @!attribute [rw] description
+    #   The impersonation role description.
+    #   @return [String]
+    #
+    # @!attribute [rw] rules
+    #   The list of rules for the given impersonation role.
+    #   @return [Array<Types::ImpersonationRule>]
+    #
+    # @!attribute [rw] date_created
+    #   The date when the impersonation role was created.
+    #   @return [Time]
+    #
+    # @!attribute [rw] date_modified
+    #   The date when the impersonation role was last modified.
+    #   @return [Time]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/workmail-2017-10-01/GetImpersonationRoleResponse AWS API Documentation
+    #
+    class GetImpersonationRoleResponse < Struct.new(
+      :impersonation_role_id,
+      :name,
+      :type,
+      :description,
+      :rules,
+      :date_created,
+      :date_modified)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
     # @note When making an API call, you may pass GetMailDomainRequest
     #   data as a hash:
     #
@@ -1869,7 +2333,7 @@ module Aws::WorkMail
     #       }
     #
     # @!attribute [rw] organization_id
-    #   The Amazon WorkMail organization for which the domain is retrieved.
+    #   The WorkMail organization for which the domain is retrieved.
     #   @return [String]
     #
     # @!attribute [rw] domain_name
@@ -1886,10 +2350,10 @@ module Aws::WorkMail
     end
 
     # @!attribute [rw] records
-    #   A list of the DNS records that Amazon WorkMail recommends adding in
-    #   your DNS provider for the best user experience. The records
-    #   configure your domain with DMARC, SPF, DKIM, and direct incoming
-    #   email traffic to SES. See admin guide for more details.
+    #   A list of the DNS records that WorkMail recommends adding in your
+    #   DNS provider for the best user experience. The records configure
+    #   your domain with DMARC, SPF, DKIM, and direct incoming email traffic
+    #   to SES. See admin guide for more details.
     #   @return [Array<Types::DnsRecord>]
     #
     # @!attribute [rw] is_test_domain
@@ -1978,7 +2442,7 @@ module Aws::WorkMail
     #       }
     #
     # @!attribute [rw] organization_id
-    #   The Amazon WorkMail organization to simulate the access effect for.
+    #   The WorkMail organization to simulate the access effect for.
     #   @return [String]
     #
     # @!attribute [rw] device_type
@@ -2011,8 +2475,8 @@ module Aws::WorkMail
 
     # @!attribute [rw] effect
     #   The effect of the simulated access, `ALLOW` or `DENY`, after
-    #   evaluating mobile device access rules in the Amazon WorkMail
-    #   organization for the simulated user parameters.
+    #   evaluating mobile device access rules in the WorkMail organization
+    #   for the simulated user parameters.
     #   @return [String]
     #
     # @!attribute [rw] matched_rules
@@ -2039,8 +2503,7 @@ module Aws::WorkMail
     #       }
     #
     # @!attribute [rw] organization_id
-    #   The Amazon WorkMail organization to which you want to apply the
-    #   override.
+    #   The WorkMail organization to which you want to apply the override.
     #   @return [String]
     #
     # @!attribute [rw] user_id
@@ -2078,72 +2541,175 @@ module Aws::WorkMail
     #   The device to which the access override applies.
     #   @return [String]
     #
-    # @!attribute [rw] effect
-    #   The effect of the override, `ALLOW` or `DENY`.
+    # @!attribute [rw] effect
+    #   The effect of the override, `ALLOW` or `DENY`.
+    #   @return [String]
+    #
+    # @!attribute [rw] description
+    #   A description of the override.
+    #   @return [String]
+    #
+    # @!attribute [rw] date_created
+    #   The date the override was first created.
+    #   @return [Time]
+    #
+    # @!attribute [rw] date_modified
+    #   The date the description was last modified.
+    #   @return [Time]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/workmail-2017-10-01/GetMobileDeviceAccessOverrideResponse AWS API Documentation
+    #
+    class GetMobileDeviceAccessOverrideResponse < Struct.new(
+      :user_id,
+      :device_id,
+      :effect,
+      :description,
+      :date_created,
+      :date_modified)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # The representation of an WorkMail group.
+    #
+    # @!attribute [rw] id
+    #   The identifier of the group.
+    #   @return [String]
+    #
+    # @!attribute [rw] email
+    #   The email of the group.
+    #   @return [String]
+    #
+    # @!attribute [rw] name
+    #   The name of the group.
+    #   @return [String]
+    #
+    # @!attribute [rw] state
+    #   The state of the group, which can be ENABLED, DISABLED, or DELETED.
+    #   @return [String]
+    #
+    # @!attribute [rw] enabled_date
+    #   The date indicating when the group was enabled for WorkMail use.
+    #   @return [Time]
+    #
+    # @!attribute [rw] disabled_date
+    #   The date indicating when the group was disabled from WorkMail use.
+    #   @return [Time]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/workmail-2017-10-01/Group AWS API Documentation
+    #
+    class Group < Struct.new(
+      :id,
+      :email,
+      :name,
+      :state,
+      :enabled_date,
+      :disabled_date)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # The impersonation rule that matched the input.
+    #
+    # @!attribute [rw] impersonation_rule_id
+    #   The ID of the rule that matched the input
+    #   @return [String]
+    #
+    # @!attribute [rw] name
+    #   The name of the rule that matched the input.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/workmail-2017-10-01/ImpersonationMatchedRule AWS API Documentation
+    #
+    class ImpersonationMatchedRule < Struct.new(
+      :impersonation_rule_id,
+      :name)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # An impersonation role for the given WorkMail organization.
+    #
+    # @!attribute [rw] impersonation_role_id
+    #   The identifier of the impersonation role.
+    #   @return [String]
+    #
+    # @!attribute [rw] name
+    #   The impersonation role name.
     #   @return [String]
     #
-    # @!attribute [rw] description
-    #   A description of the override.
+    # @!attribute [rw] type
+    #   The impersonation role type.
     #   @return [String]
     #
     # @!attribute [rw] date_created
-    #   The date the override was first created.
+    #   The date when the impersonation role was created.
     #   @return [Time]
     #
     # @!attribute [rw] date_modified
-    #   The date the description was last modified.
+    #   The date when the impersonation role was last modified.
     #   @return [Time]
     #
-    # @see http://docs.aws.amazon.com/goto/WebAPI/workmail-2017-10-01/GetMobileDeviceAccessOverrideResponse AWS API Documentation
+    # @see http://docs.aws.amazon.com/goto/WebAPI/workmail-2017-10-01/ImpersonationRole AWS API Documentation
     #
-    class GetMobileDeviceAccessOverrideResponse < Struct.new(
-      :user_id,
-      :device_id,
-      :effect,
-      :description,
+    class ImpersonationRole < Struct.new(
+      :impersonation_role_id,
+      :name,
+      :type,
       :date_created,
       :date_modified)
       SENSITIVE = []
       include Aws::Structure
     end
 
-    # The representation of an Amazon WorkMail group.
+    # The rules for the given impersonation role.
     #
-    # @!attribute [rw] id
-    #   The identifier of the group.
-    #   @return [String]
+    # @note When making an API call, you may pass ImpersonationRule
+    #   data as a hash:
     #
-    # @!attribute [rw] email
-    #   The email of the group.
+    #       {
+    #         impersonation_rule_id: "ImpersonationRuleId", # required
+    #         name: "ImpersonationRuleName",
+    #         description: "ImpersonationRuleDescription",
+    #         effect: "ALLOW", # required, accepts ALLOW, DENY
+    #         target_users: ["EntityIdentifier"],
+    #         not_target_users: ["EntityIdentifier"],
+    #       }
+    #
+    # @!attribute [rw] impersonation_rule_id
+    #   The identifier of the rule.
     #   @return [String]
     #
     # @!attribute [rw] name
-    #   The name of the group.
+    #   The rule name.
     #   @return [String]
     #
-    # @!attribute [rw] state
-    #   The state of the group, which can be ENABLED, DISABLED, or DELETED.
+    # @!attribute [rw] description
+    #   The rule description.
     #   @return [String]
     #
-    # @!attribute [rw] enabled_date
-    #   The date indicating when the group was enabled for Amazon WorkMail
-    #   use.
-    #   @return [Time]
+    # @!attribute [rw] effect
+    #   The effect of the rule when it matches the input. Allowed effect
+    #   values are `ALLOW` or `DENY`.
+    #   @return [String]
     #
-    # @!attribute [rw] disabled_date
-    #   The date indicating when the group was disabled from Amazon WorkMail
-    #   use.
-    #   @return [Time]
+    # @!attribute [rw] target_users
+    #   A list of user IDs that match the rule.
+    #   @return [Array<String>]
     #
-    # @see http://docs.aws.amazon.com/goto/WebAPI/workmail-2017-10-01/Group AWS API Documentation
+    # @!attribute [rw] not_target_users
+    #   A list of user IDs that don't match the rule.
+    #   @return [Array<String>]
     #
-    class Group < Struct.new(
-      :id,
-      :email,
+    # @see http://docs.aws.amazon.com/goto/WebAPI/workmail-2017-10-01/ImpersonationRule AWS API Documentation
+    #
+    class ImpersonationRule < Struct.new(
+      :impersonation_rule_id,
       :name,
-      :state,
-      :enabled_date,
-      :disabled_date)
+      :description,
+      :effect,
+      :target_users,
+      :not_target_users)
       SENSITIVE = []
       include Aws::Structure
     end
@@ -2163,9 +2729,9 @@ module Aws::WorkMail
       include Aws::Structure
     end
 
-    # You SES configuration has customizations that Amazon WorkMail cannot
-    # save. The error message lists the invalid setting. For examples of
-    # invalid settings, refer to [CreateReceiptRule][1].
+    # You SES configuration has customizations that WorkMail cannot save.
+    # The error message lists the invalid setting. For examples of invalid
+    # settings, refer to [CreateReceiptRule][1].
     #
     #
     #
@@ -2210,6 +2776,28 @@ module Aws::WorkMail
       include Aws::Structure
     end
 
+    # Describes a Lambda based availability provider.
+    #
+    # @note When making an API call, you may pass LambdaAvailabilityProvider
+    #   data as a hash:
+    #
+    #       {
+    #         lambda_arn: "LambdaArn", # required
+    #       }
+    #
+    # @!attribute [rw] lambda_arn
+    #   The Amazon Resource Name (ARN) of the Lambda that acts as the
+    #   availability provider.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/workmail-2017-10-01/LambdaAvailabilityProvider AWS API Documentation
+    #
+    class LambdaAvailabilityProvider < Struct.new(
+      :lambda_arn)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
     # The request exceeds the limit of the resource.
     #
     # @!attribute [rw] message
@@ -2310,6 +2898,58 @@ module Aws::WorkMail
       include Aws::Structure
     end
 
+    # @note When making an API call, you may pass ListAvailabilityConfigurationsRequest
+    #   data as a hash:
+    #
+    #       {
+    #         organization_id: "OrganizationId", # required
+    #         max_results: 1,
+    #         next_token: "NextToken",
+    #       }
+    #
+    # @!attribute [rw] organization_id
+    #   The WorkMail organization for which the
+    #   `AvailabilityConfiguration`'s will be listed.
+    #   @return [String]
+    #
+    # @!attribute [rw] max_results
+    #   The maximum number of results to return in a single call.
+    #   @return [Integer]
+    #
+    # @!attribute [rw] next_token
+    #   The token to use to retrieve the next page of results. The first
+    #   call does not require a token.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/workmail-2017-10-01/ListAvailabilityConfigurationsRequest AWS API Documentation
+    #
+    class ListAvailabilityConfigurationsRequest < Struct.new(
+      :organization_id,
+      :max_results,
+      :next_token)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # @!attribute [rw] availability_configurations
+    #   The list of `AvailabilityConfiguration`'s that exist for the
+    #   specified WorkMail organization.
+    #   @return [Array<Types::AvailabilityConfiguration>]
+    #
+    # @!attribute [rw] next_token
+    #   The token to use to retrieve the next page of results. The value is
+    #   `null` when there are no further results to return.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/workmail-2017-10-01/ListAvailabilityConfigurationsResponse AWS API Documentation
+    #
+    class ListAvailabilityConfigurationsResponse < Struct.new(
+      :availability_configurations,
+      :next_token)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
     # @note When making an API call, you may pass ListGroupMembersRequest
     #   data as a hash:
     #
@@ -2417,6 +3057,58 @@ module Aws::WorkMail
       include Aws::Structure
     end
 
+    # @note When making an API call, you may pass ListImpersonationRolesRequest
+    #   data as a hash:
+    #
+    #       {
+    #         organization_id: "OrganizationId", # required
+    #         next_token: "NextToken",
+    #         max_results: 1,
+    #       }
+    #
+    # @!attribute [rw] organization_id
+    #   The WorkMail organization to which the listed impersonation roles
+    #   belong.
+    #   @return [String]
+    #
+    # @!attribute [rw] next_token
+    #   The token used to retrieve the next page of results. The first call
+    #   doesn't require a token.
+    #   @return [String]
+    #
+    # @!attribute [rw] max_results
+    #   The maximum number of results returned in a single call.
+    #   @return [Integer]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/workmail-2017-10-01/ListImpersonationRolesRequest AWS API Documentation
+    #
+    class ListImpersonationRolesRequest < Struct.new(
+      :organization_id,
+      :next_token,
+      :max_results)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # @!attribute [rw] roles
+    #   The list of impersonation roles under the given WorkMail
+    #   organization.
+    #   @return [Array<Types::ImpersonationRole>]
+    #
+    # @!attribute [rw] next_token
+    #   The token to retrieve the next page of results. The value is `null`
+    #   when there are no results to return.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/workmail-2017-10-01/ListImpersonationRolesResponse AWS API Documentation
+    #
+    class ListImpersonationRolesResponse < Struct.new(
+      :roles,
+      :next_token)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
     # @note When making an API call, you may pass ListMailDomainsRequest
     #   data as a hash:
     #
@@ -2427,7 +3119,7 @@ module Aws::WorkMail
     #       }
     #
     # @!attribute [rw] organization_id
-    #   The Amazon WorkMail organization for which to list domains.
+    #   The WorkMail organization for which to list domains.
     #   @return [String]
     #
     # @!attribute [rw] max_results
@@ -2451,8 +3143,8 @@ module Aws::WorkMail
 
     # @!attribute [rw] mail_domains
     #   The list of mail domain summaries, specifying domains that exist in
-    #   the specified Amazon WorkMail organization, along with the
-    #   information about whether the domain is or isn't the default.
+    #   the specified WorkMail organization, along with the information
+    #   about whether the domain is or isn't the default.
     #   @return [Array<Types::MailDomainSummary>]
     #
     # @!attribute [rw] next_token
@@ -2587,8 +3279,8 @@ module Aws::WorkMail
     #       }
     #
     # @!attribute [rw] organization_id
-    #   The Amazon WorkMail organization under which to list mobile device
-    #   access overrides.
+    #   The WorkMail organization under which to list mobile device access
+    #   overrides.
     #   @return [String]
     #
     # @!attribute [rw] user_id
@@ -2630,7 +3322,7 @@ module Aws::WorkMail
 
     # @!attribute [rw] overrides
     #   The list of mobile device access overrides that exist for the
-    #   specified Amazon WorkMail organization and user.
+    #   specified WorkMail organization and user.
     #   @return [Array<Types::MobileDeviceAccessOverride>]
     #
     # @!attribute [rw] next_token
@@ -2655,7 +3347,7 @@ module Aws::WorkMail
     #       }
     #
     # @!attribute [rw] organization_id
-    #   The Amazon WorkMail organization for which to list the rules.
+    #   The WorkMail organization for which to list the rules.
     #   @return [String]
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/workmail-2017-10-01/ListMobileDeviceAccessRulesRequest AWS API Documentation
@@ -2668,7 +3360,7 @@ module Aws::WorkMail
 
     # @!attribute [rw] rules
     #   The list of mobile device access rules that exist under the
-    #   specified Amazon WorkMail organization.
+    #   specified WorkMail organization.
     #   @return [Array<Types::MobileDeviceAccessRule>]
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/workmail-2017-10-01/ListMobileDeviceAccessRulesResponse AWS API Documentation
@@ -3051,13 +3743,11 @@ module Aws::WorkMail
     #   @return [String]
     #
     # @!attribute [rw] enabled_date
-    #   The date indicating when the member was enabled for Amazon WorkMail
-    #   use.
+    #   The date indicating when the member was enabled for WorkMail use.
     #   @return [Time]
     #
     # @!attribute [rw] disabled_date
-    #   The date indicating when the member was disabled from Amazon
-    #   WorkMail use.
+    #   The date indicating when the member was disabled from WorkMail use.
     #   @return [Time]
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/workmail-2017-10-01/Member AWS API Documentation
@@ -3131,8 +3821,7 @@ module Aws::WorkMail
       include Aws::Structure
     end
 
-    # A rule that controls access to mobile devices for an Amazon WorkMail
-    # group.
+    # A rule that controls access to mobile devices for an WorkMail group.
     #
     # @!attribute [rw] mobile_device_access_rule_id
     #   The ID assigned to a mobile access rule.
@@ -3216,7 +3905,7 @@ module Aws::WorkMail
       include Aws::Structure
     end
 
-    # The user, group, or resource name isn't unique in Amazon WorkMail.
+    # The user, group, or resource name isn't unique in WorkMail.
     #
     # @!attribute [rw] message
     #   @return [String]
@@ -3340,6 +4029,8 @@ module Aws::WorkMail
     #         user_ids: ["WorkMailIdentifier"],
     #         not_user_ids: ["WorkMailIdentifier"],
     #         organization_id: "OrganizationId", # required
+    #         impersonation_role_ids: ["ImpersonationRoleId"],
+    #         not_impersonation_role_ids: ["ImpersonationRoleId"],
     #       }
     #
     # @!attribute [rw] name
@@ -3386,6 +4077,14 @@ module Aws::WorkMail
     #   The identifier of the organization.
     #   @return [String]
     #
+    # @!attribute [rw] impersonation_role_ids
+    #   Impersonation role IDs to include in the rule.
+    #   @return [Array<String>]
+    #
+    # @!attribute [rw] not_impersonation_role_ids
+    #   Impersonation role IDs to exclude from the rule.
+    #   @return [Array<String>]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/workmail-2017-10-01/PutAccessControlRuleRequest AWS API Documentation
     #
     class PutAccessControlRuleRequest < Struct.new(
@@ -3398,7 +4097,9 @@ module Aws::WorkMail
       :not_actions,
       :user_ids,
       :not_user_ids,
-      :organization_id)
+      :organization_id,
+      :impersonation_role_ids,
+      :not_impersonation_role_ids)
       SENSITIVE = []
       include Aws::Structure
     end
@@ -3537,7 +4238,7 @@ module Aws::WorkMail
     #       }
     #
     # @!attribute [rw] organization_id
-    #   Identifies the Amazon WorkMail organization for which you create the
+    #   Identifies the WorkMail organization for which you create the
     #   override.
     #   @return [String]
     #
@@ -3635,6 +4336,26 @@ module Aws::WorkMail
     #
     class PutRetentionPolicyResponse < Aws::EmptyStructure; end
 
+    # Describes an EWS based availability provider when returned from the
+    # service. It does not contain the password of the endpoint.
+    #
+    # @!attribute [rw] ews_endpoint
+    #   The endpoint of the remote EWS server.
+    #   @return [String]
+    #
+    # @!attribute [rw] ews_username
+    #   The username used to authenticate the remote EWS server.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/workmail-2017-10-01/RedactedEwsAvailabilityProvider AWS API Documentation
+    #
+    class RedactedEwsAvailabilityProvider < Struct.new(
+      :ews_endpoint,
+      :ews_username)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
     # @note When making an API call, you may pass RegisterMailDomainRequest
     #   data as a hash:
     #
@@ -3652,12 +4373,11 @@ module Aws::WorkMail
     #   @return [String]
     #
     # @!attribute [rw] organization_id
-    #   The Amazon WorkMail organization under which you're creating the
-    #   domain.
+    #   The WorkMail organization under which you're creating the domain.
     #   @return [String]
     #
     # @!attribute [rw] domain_name
-    #   The name of the mail domain to create in Amazon WorkMail and SES.
+    #   The name of the mail domain to create in WorkMail and SES.
     #   @return [String]
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/workmail-2017-10-01/RegisterMailDomainRequest AWS API Documentation
@@ -3710,7 +4430,7 @@ module Aws::WorkMail
     #
     class RegisterToWorkMailResponse < Aws::EmptyStructure; end
 
-    # This user, group, or resource name is not allowed in Amazon WorkMail.
+    # This user, group, or resource name is not allowed in WorkMail.
     #
     # @!attribute [rw] message
     #   @return [String]
@@ -3783,13 +4503,12 @@ module Aws::WorkMail
     #   @return [String]
     #
     # @!attribute [rw] enabled_date
-    #   The date indicating when the resource was enabled for Amazon
-    #   WorkMail use.
+    #   The date indicating when the resource was enabled for WorkMail use.
     #   @return [Time]
     #
     # @!attribute [rw] disabled_date
-    #   The date indicating when the resource was disabled from Amazon
-    #   WorkMail use.
+    #   The date indicating when the resource was disabled from WorkMail
+    #   use.
     #   @return [Time]
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/workmail-2017-10-01/Resource AWS API Documentation
@@ -3958,6 +4677,71 @@ module Aws::WorkMail
     #
     class TagResourceResponse < Aws::EmptyStructure; end
 
+    # @note When making an API call, you may pass TestAvailabilityConfigurationRequest
+    #   data as a hash:
+    #
+    #       {
+    #         organization_id: "OrganizationId", # required
+    #         domain_name: "DomainName",
+    #         ews_provider: {
+    #           ews_endpoint: "Url", # required
+    #           ews_username: "ExternalUserName", # required
+    #           ews_password: "Password", # required
+    #         },
+    #         lambda_provider: {
+    #           lambda_arn: "LambdaArn", # required
+    #         },
+    #       }
+    #
+    # @!attribute [rw] organization_id
+    #   The WorkMail organization where the availability provider will be
+    #   tested.
+    #   @return [String]
+    #
+    # @!attribute [rw] domain_name
+    #   The domain to which the provider applies. If this field is provided,
+    #   a stored availability provider associated to this domain name will
+    #   be tested.
+    #   @return [String]
+    #
+    # @!attribute [rw] ews_provider
+    #   Describes an EWS based availability provider. This is only used as
+    #   input to the service.
+    #   @return [Types::EwsAvailabilityProvider]
+    #
+    # @!attribute [rw] lambda_provider
+    #   Describes a Lambda based availability provider.
+    #   @return [Types::LambdaAvailabilityProvider]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/workmail-2017-10-01/TestAvailabilityConfigurationRequest AWS API Documentation
+    #
+    class TestAvailabilityConfigurationRequest < Struct.new(
+      :organization_id,
+      :domain_name,
+      :ews_provider,
+      :lambda_provider)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # @!attribute [rw] test_passed
+    #   Boolean indicating whether the test passed or failed.
+    #   @return [Boolean]
+    #
+    # @!attribute [rw] failure_reason
+    #   String containing the reason for a failed test if `TestPassed` is
+    #   false.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/workmail-2017-10-01/TestAvailabilityConfigurationResponse AWS API Documentation
+    #
+    class TestAvailabilityConfigurationResponse < Struct.new(
+      :test_passed,
+      :failure_reason)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
     # The resource can have up to 50 user-applied tags.
     #
     # @!attribute [rw] message
@@ -4013,6 +4797,61 @@ module Aws::WorkMail
     #
     class UntagResourceResponse < Aws::EmptyStructure; end
 
+    # @note When making an API call, you may pass UpdateAvailabilityConfigurationRequest
+    #   data as a hash:
+    #
+    #       {
+    #         organization_id: "OrganizationId", # required
+    #         domain_name: "DomainName", # required
+    #         ews_provider: {
+    #           ews_endpoint: "Url", # required
+    #           ews_username: "ExternalUserName", # required
+    #           ews_password: "Password", # required
+    #         },
+    #         lambda_provider: {
+    #           lambda_arn: "LambdaArn", # required
+    #         },
+    #       }
+    #
+    # @!attribute [rw] organization_id
+    #   The WorkMail organization for which the `AvailabilityConfiguration`
+    #   will be updated.
+    #   @return [String]
+    #
+    # @!attribute [rw] domain_name
+    #   The domain to which the provider applies the availability
+    #   configuration.
+    #   @return [String]
+    #
+    # @!attribute [rw] ews_provider
+    #   The EWS availability provider definition. The request must contain
+    #   exactly one provider definition, either `EwsProvider` or
+    #   `LambdaProvider`. The previously stored provider will be overridden
+    #   by the one provided.
+    #   @return [Types::EwsAvailabilityProvider]
+    #
+    # @!attribute [rw] lambda_provider
+    #   The Lambda availability provider definition. The request must
+    #   contain exactly one provider definition, either `EwsProvider` or
+    #   `LambdaProvider`. The previously stored provider will be overridden
+    #   by the one provided.
+    #   @return [Types::LambdaAvailabilityProvider]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/workmail-2017-10-01/UpdateAvailabilityConfigurationRequest AWS API Documentation
+    #
+    class UpdateAvailabilityConfigurationRequest < Struct.new(
+      :organization_id,
+      :domain_name,
+      :ews_provider,
+      :lambda_provider)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # @see http://docs.aws.amazon.com/goto/WebAPI/workmail-2017-10-01/UpdateAvailabilityConfigurationResponse AWS API Documentation
+    #
+    class UpdateAvailabilityConfigurationResponse < Aws::EmptyStructure; end
+
     # @note When making an API call, you may pass UpdateDefaultMailDomainRequest
     #   data as a hash:
     #
@@ -4022,7 +4861,7 @@ module Aws::WorkMail
     #       }
     #
     # @!attribute [rw] organization_id
-    #   The Amazon WorkMail organization for which to list domains.
+    #   The WorkMail organization for which to list domains.
     #   @return [String]
     #
     # @!attribute [rw] domain_name
@@ -4042,6 +4881,69 @@ module Aws::WorkMail
     #
     class UpdateDefaultMailDomainResponse < Aws::EmptyStructure; end
 
+    # @note When making an API call, you may pass UpdateImpersonationRoleRequest
+    #   data as a hash:
+    #
+    #       {
+    #         organization_id: "OrganizationId", # required
+    #         impersonation_role_id: "ImpersonationRoleId", # required
+    #         name: "ImpersonationRoleName", # required
+    #         type: "FULL_ACCESS", # required, accepts FULL_ACCESS, READ_ONLY
+    #         description: "ImpersonationRoleDescription",
+    #         rules: [ # required
+    #           {
+    #             impersonation_rule_id: "ImpersonationRuleId", # required
+    #             name: "ImpersonationRuleName",
+    #             description: "ImpersonationRuleDescription",
+    #             effect: "ALLOW", # required, accepts ALLOW, DENY
+    #             target_users: ["EntityIdentifier"],
+    #             not_target_users: ["EntityIdentifier"],
+    #           },
+    #         ],
+    #       }
+    #
+    # @!attribute [rw] organization_id
+    #   The WorkMail organization that contains the impersonation role to
+    #   update.
+    #   @return [String]
+    #
+    # @!attribute [rw] impersonation_role_id
+    #   The ID of the impersonation role to update.
+    #   @return [String]
+    #
+    # @!attribute [rw] name
+    #   The updated impersonation role name.
+    #   @return [String]
+    #
+    # @!attribute [rw] type
+    #   The updated impersonation role type.
+    #   @return [String]
+    #
+    # @!attribute [rw] description
+    #   The updated impersonation role description.
+    #   @return [String]
+    #
+    # @!attribute [rw] rules
+    #   The updated list of rules.
+    #   @return [Array<Types::ImpersonationRule>]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/workmail-2017-10-01/UpdateImpersonationRoleRequest AWS API Documentation
+    #
+    class UpdateImpersonationRoleRequest < Struct.new(
+      :organization_id,
+      :impersonation_role_id,
+      :name,
+      :type,
+      :description,
+      :rules)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # @see http://docs.aws.amazon.com/goto/WebAPI/workmail-2017-10-01/UpdateImpersonationRoleResponse AWS API Documentation
+    #
+    class UpdateImpersonationRoleResponse < Aws::EmptyStructure; end
+
     # @note When making an API call, you may pass UpdateMailboxQuotaRequest
     #   data as a hash:
     #
@@ -4098,8 +5000,7 @@ module Aws::WorkMail
     #       }
     #
     # @!attribute [rw] organization_id
-    #   The Amazon WorkMail organization under which the rule will be
-    #   updated.
+    #   The WorkMail organization under which the rule will be updated.
     #   @return [String]
     #
     # @!attribute [rw] mobile_device_access_rule_id
@@ -4261,7 +5162,7 @@ module Aws::WorkMail
     #
     class UpdateResourceResponse < Aws::EmptyStructure; end
 
-    # The representation of an Amazon WorkMail user.
+    # The representation of an WorkMail user.
     #
     # @!attribute [rw] id
     #   The identifier of the user.
@@ -4288,13 +5189,11 @@ module Aws::WorkMail
     #   @return [String]
     #
     # @!attribute [rw] enabled_date
-    #   The date indicating when the user was enabled for Amazon WorkMail
-    #   use.
+    #   The date indicating when the user was enabled for WorkMail use.
     #   @return [Time]
     #
     # @!attribute [rw] disabled_date
-    #   The date indicating when the user was disabled from Amazon WorkMail
-    #   use.
+    #   The date indicating when the user was disabled from WorkMail use.
     #   @return [Time]
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/workmail-2017-10-01/User AWS API Documentation