ECS / Client / put_account_setting_default
put_account_setting_default#
- ECS.Client.put_account_setting_default(**kwargs)#
Modifies an account setting for all users on an account for whom no individual account setting has been specified. Account settings are set on a per-Region basis.
See also: AWS API Documentation
Request Syntax
response = client.put_account_setting_default( name='serviceLongArnFormat'|'taskLongArnFormat'|'containerInstanceLongArnFormat'|'awsvpcTrunking'|'containerInsights'|'fargateFIPSMode'|'tagResourceAuthorization'|'fargateTaskRetirementWaitPeriod'|'guardDutyActivate', value='string' )
- Parameters:
name (string) –
[REQUIRED]
The resource name for which to modify the account setting. If you specify
serviceLongArnFormat
, the ARN for your Amazon ECS services is affected. If you specifytaskLongArnFormat
, the ARN and resource ID for your Amazon ECS tasks is affected. If you specifycontainerInstanceLongArnFormat
, the ARN and resource ID for your Amazon ECS container instances is affected. If you specifyawsvpcTrunking
, the ENI limit for your Amazon ECS container instances is affected. If you specifycontainerInsights
, the default setting for Amazon Web Services CloudWatch Container Insights for your clusters is affected. If you specifytagResourceAuthorization
, the opt-in option for tagging resources on creation is affected. For information about the opt-in timeline, see Tagging authorization timeline in the Amazon ECS Developer Guide. If you specifyfargateTaskRetirementWaitPeriod
, the default wait time to retire a Fargate task due to required maintenance is affected.When you specify
fargateFIPSMode
for thename
andenabled
for thevalue
, Fargate uses FIPS-140 compliant cryptographic algorithms on your tasks. For more information about FIPS-140 compliance with Fargate, see Amazon Web Services Fargate Federal Information Processing Standard (FIPS) 140-2 compliance in the Amazon Elastic Container Service Developer Guide.When Amazon Web Services determines that a security or infrastructure update is needed for an Amazon ECS task hosted on Fargate, the tasks need to be stopped and new tasks launched to replace them. Use
fargateTaskRetirementWaitPeriod
to set the wait time to retire a Fargate task to the default. For information about the Fargate tasks maintenance, see Amazon Web Services Fargate task maintenance in the Amazon ECS Developer Guide.The
guardDutyActivate
parameter is read-only in Amazon ECS and indicates whether Amazon ECS Runtime Monitoring is enabled or disabled by your security administrator in your Amazon ECS account. Amazon GuardDuty controls this account setting on your behalf. For more information, see Protecting Amazon ECS workloads with Amazon ECS Runtime Monitoring.value (string) –
[REQUIRED]
The account setting value for the specified principal ARN. Accepted values are
enabled
,disabled
,on
, andoff
.When you specify
fargateTaskRetirementWaitPeriod
for thename
, the following are the valid values:0
- Amazon Web Services sends the notification, and immediately retires the affected tasks.7
- Amazon Web Services sends the notification, and waits 7 calendar days to retire the tasks.14
- Amazon Web Services sends the notification, and waits 14 calendar days to retire the tasks.
- Return type:
dict
- Returns:
Response Syntax
{ 'setting': { 'name': 'serviceLongArnFormat'|'taskLongArnFormat'|'containerInstanceLongArnFormat'|'awsvpcTrunking'|'containerInsights'|'fargateFIPSMode'|'tagResourceAuthorization'|'fargateTaskRetirementWaitPeriod'|'guardDutyActivate', 'value': 'string', 'principalArn': 'string', 'type': 'user'|'aws_managed' } }
Response Structure
(dict) –
setting (dict) –
The current setting for a resource.
name (string) –
The Amazon ECS resource name.
value (string) –
Determines whether the account setting is on or off for the specified resource.
principalArn (string) –
The ARN of the principal. It can be a user, role, or the root user. If this field is omitted, the authenticated user is assumed.
type (string) –
Indicates whether Amazon Web Services manages the account setting, or if the user manages it.
aws_managed
account settings are read-only, as Amazon Web Services manages such on the customer’s behalf. Currently, theguardDutyActivate
account setting is the only one Amazon Web Services manages.
Exceptions
ECS.Client.exceptions.ServerException
ECS.Client.exceptions.ClientException
ECS.Client.exceptions.InvalidParameterException
Examples
This example modifies the default account setting for the specified resource for all IAM users or roles on an account. These changes apply to the entire AWS account, unless an IAM user or role explicitly overrides these settings for themselves.
response = client.put_account_setting_default( name='serviceLongArnFormat', value='enabled', ) print(response)
Expected Output:
{ 'setting': { 'name': 'serviceLongArnFormat', 'value': 'enabled', 'principalArn': 'arn:aws:iam::<aws_account_id>:root', }, 'ResponseMetadata': { '...': '...', }, }