ECS / Client / put_account_setting_default

put_account_setting_default#

ECS.Client.put_account_setting_default(**kwargs)#

Modifies an account setting for all users on an account for whom no individual account setting has been specified. Account settings are set on a per-Region basis.

See also: AWS API Documentation

Request Syntax

response = client.put_account_setting_default(
    name='serviceLongArnFormat'|'taskLongArnFormat'|'containerInstanceLongArnFormat'|'awsvpcTrunking'|'containerInsights'|'fargateFIPSMode'|'tagResourceAuthorization'|'fargateTaskRetirementWaitPeriod'|'guardDutyActivate',
    value='string'
)
Parameters:

  • name (string) –

    [REQUIRED]

    The resource name for which to modify the account setting. If you specify serviceLongArnFormat, the ARN for your Amazon ECS services is affected. If you specify taskLongArnFormat, the ARN and resource ID for your Amazon ECS tasks is affected. If you specify containerInstanceLongArnFormat, the ARN and resource ID for your Amazon ECS container instances is affected. If you specify awsvpcTrunking, the ENI limit for your Amazon ECS container instances is affected. If you specify containerInsights, the default setting for Amazon Web Services CloudWatch Container Insights for your clusters is affected. If you specify tagResourceAuthorization, the opt-in option for tagging resources on creation is affected. For information about the opt-in timeline, see Tagging authorization timeline in the Amazon ECS Developer Guide. If you specify fargateTaskRetirementWaitPeriod, the default wait time to retire a Fargate task due to required maintenance is affected.

    When you specify fargateFIPSMode for the name and enabled for the value, Fargate uses FIPS-140 compliant cryptographic algorithms on your tasks. For more information about FIPS-140 compliance with Fargate, see Amazon Web Services Fargate Federal Information Processing Standard (FIPS) 140-2 compliance in the Amazon Elastic Container Service Developer Guide.

    When Amazon Web Services determines that a security or infrastructure update is needed for an Amazon ECS task hosted on Fargate, the tasks need to be stopped and new tasks launched to replace them. Use fargateTaskRetirementWaitPeriod to set the wait time to retire a Fargate task to the default. For information about the Fargate tasks maintenance, see Amazon Web Services Fargate task maintenance in the Amazon ECS Developer Guide.

    The guardDutyActivate parameter is read-only in Amazon ECS and indicates whether Amazon ECS Runtime Monitoring is enabled or disabled by your security administrator in your Amazon ECS account. Amazon GuardDuty controls this account setting on your behalf. For more information, see Protecting Amazon ECS workloads with Amazon ECS Runtime Monitoring.

  • value (string) –

    [REQUIRED]

    The account setting value for the specified principal ARN. Accepted values are enabled, disabled, on, and off.

    When you specify fargateTaskRetirementWaitPeriod for the name, the following are the valid values:

    • 0 - Amazon Web Services sends the notification, and immediately retires the affected tasks.

    • 7 - Amazon Web Services sends the notification, and waits 7 calendar days to retire the tasks.

    • 14 - Amazon Web Services sends the notification, and waits 14 calendar days to retire the tasks.

Return type:

dict

Returns:

Response Syntax

{
    'setting': {
        'name': 'serviceLongArnFormat'|'taskLongArnFormat'|'containerInstanceLongArnFormat'|'awsvpcTrunking'|'containerInsights'|'fargateFIPSMode'|'tagResourceAuthorization'|'fargateTaskRetirementWaitPeriod'|'guardDutyActivate',
        'value': 'string',
        'principalArn': 'string',
        'type': 'user'|'aws_managed'
    }
}

Response Structure

  • (dict) –

    • setting (dict) –

      The current setting for a resource.

      • name (string) –

        The Amazon ECS resource name.

      • value (string) –

        Determines whether the account setting is on or off for the specified resource.

      • principalArn (string) –

        The ARN of the principal. It can be a user, role, or the root user. If this field is omitted, the authenticated user is assumed.

      • type (string) –

        Indicates whether Amazon Web Services manages the account setting, or if the user manages it.

        aws_managed account settings are read-only, as Amazon Web Services manages such on the customer’s behalf. Currently, the guardDutyActivate account setting is the only one Amazon Web Services manages.

Exceptions

  • ECS.Client.exceptions.ServerException

  • ECS.Client.exceptions.ClientException

  • ECS.Client.exceptions.InvalidParameterException

Examples

This example modifies the default account setting for the specified resource for all IAM users or roles on an account. These changes apply to the entire AWS account, unless an IAM user or role explicitly overrides these settings for themselves.

response = client.put_account_setting_default(
    name='serviceLongArnFormat',
    value='enabled',
)

print(response)

Expected Output:

{
    'setting': {
        'name': 'serviceLongArnFormat',
        'value': 'enabled',
        'principalArn': 'arn:aws:iam::<aws_account_id>:root',
    },
    'ResponseMetadata': {
        '...': '...',
    },
}