终止支持通知:2027 年 3 月 31 日, AWS 将终止对亚马逊 WorkMail的支持。2027 年 3 月 31 日之后,您将无法再访问亚马逊 WorkMail 控制台或亚马逊 WorkMail 资源。有关更多信息,请参阅 [Amazon WorkMail 终止支持](https://docs.aws.amazon.com/workmail/latest/adminguide/workmail-end-of-support.html)。 本文属于机器翻译版本。若本译文内容与英语原文存在差异,则一律以英文原文为准。 # 使用模拟角色 要访问邮箱数据,请使用 Amazon WorkMail API 操作 `AssumeImpersonationRole`。有关 Amazon WorkMail API 的更多详细信息,请参阅 [API 参考](https://docs.aws.amazon.com/workmail/latest/APIReference/Welcome.html)。 `AssumeImpersonationRole` 会返回一个 `Token`。此 `Token` 必须在 15 分钟内通过 HTTP 标头 `Authorization` 传递到 EWS 协议。 以下示例演示如何将模拟角色与 EWS 协议结合使用。示例中使用的常量指定了您的组织和账户所特有的以下详细信息: + `{{WORKMAIL_ORGANIZATION_ID}}` – Amazon WorkMail 组织 ID + `{{IMPERSONATION_ROLE_ID}}` – 模拟角色 ID + `{{WORKMAIL_EWS_URL}}` – [Amazon WorkMail 端点和配额](https://docs.aws.amazon.com/general/latest/gr/workmail.html)中提供的 EWS 端点 + `{{EMAIL_ADDRESS}}` – 用户邮箱的电子邮件地址 **Example Java – [EWS Java API](https://github.com/OfficeDev/ews-java-api)** ``` import software.amazon.awssdk.services.workmail.WorkMailClient; import software.amazon.awssdk.services.workmail.model.AssumeImpersonationRoleRequest; import software.amazon.awssdk.services.workmail.model.AssumeImpersonationRoleResponse; import microsoft.exchange.webservices.data.core.ExchangeService; import microsoft.exchange.webservices.data.core.enumeration.misc.ExchangeVersion; import microsoft.exchange.webservices.data.misc.ImpersonatedUserId; import microsoft.exchange.webservices.data.core.enumeration.misc.ConnectingIdType; // ... AssumeImpersonationRoleResponse response = workMailClient.assumeImpersonationRole( AssumeImpersonationRoleRequest.builder() .organizationId({{WORKMAIL_ORGANIZATION_ID}}) .impersonationRoleId({{IMPERSONATION_ROLE_ID}}) .build()); ExchangeService exchangeService = new ExchangeService(ExchangeVersion.Exchange2010_SP2); exchangeService.setUrl(URI.create({{WORKMAIL_EWS_URL}})); exchangeService.getHttpHeaders().put("Authorization", "Bearer " + response.token()); exchangeService.setImpersonatedUserId(new ImpersonatedUserId(ConnectingIdType.SmtpAddress, {{EMAIL_ADDRESS}})); ``` **Example .Net – [EWS Managed API](https://github.com/OfficeDev/ews-managed-api)** ``` using Amazon.WorkMail; using Amazon.WorkMail.Model; using Microsoft.Exchange.WebServices.Data; // ... AssumeImpersonationRoleRequest request = new AssumeImpersonationRoleRequest(); request.OrganizationId = {{WORKMAIL_ORGANIZATION_ID}}; request.ImpersonationRoleId = {{IMPERSONATION_ROLE_ID}}; AssumeImpersonationRoleResponse response = workMailClient.AssumeImpersonationRole(request); ExchangeService service = new ExchangeService(ExchangeVersion.Exchange2010_SP2); service.Url = new Uri({{WORKMAIL_EWS_URL}}); service.HttpHeaders.Add("Authorization", "Bearer " + response.Token); service.ImpersonatedUserId = new ImpersonatedUserId(ConnectingIdType.SmtpAddress, {{EMAIL_ADDRESS}}); ``` **Example Python – [Exchangelib](https://pypi.org/project/exchangelib/)** ``` import boto3 from requests.auth import AuthBase from exchangelib.transport import AUTH_TYPE_MAP from exchangelib import Configuration, Account, Version, IMPERSONATION from exchangelib.version import EXCHANGE_2010_SP2 work_mail_client = boto3.client("workmail") class ImpersonationRoleAuth(AuthBase): def __init__(self): self.token = work_mail_client.assume_impersonation_role( OrganizationId={{WORKMAIL_ORGANIZATION_ID}}, ImpersonationRoleId={{IMPERSONATION_ROLE_ID}} )["Token"] def __call__(self, r): r.headers["Authorization"] = "Bearer " + self.token return r AUTH_TYPE_MAP["ImpersonationRoleAuth"] = ImpersonationRoleAuth ews_config = Configuration( service_endpoint={{WORKMAIL_EWS_URL}}, version=Version(build=EXCHANGE_2010_SP2), auth_type="ImpersonationRoleAuth" ) ews_account = Account( config=ews_config, primary_smtp_address={{EMAIL_ADDRESS}}, access_type=IMPERSONATION ) ```