SecurityHub / Client / start_configuration_policy_disassociation
start_configuration_policy_disassociation#
- SecurityHub.Client.start_configuration_policy_disassociation(**kwargs)#
Disassociates a target account, organizational unit, or the root from a specified configuration. When you disassociate a configuration from its target, the target inherits the configuration of the closest parent. If there’s no configuration to inherit, the target retains its settings but becomes a self-managed account. A target can be disassociated from a configuration policy or self-managed behavior. Only the Security Hub delegated administrator can invoke this operation from the home Region.
See also: AWS API Documentation
Request Syntax
response = client.start_configuration_policy_disassociation( Target={ 'AccountId': 'string', 'OrganizationalUnitId': 'string', 'RootId': 'string' }, ConfigurationPolicyIdentifier='string' )
- Parameters:
Target (dict) –
The identifier of the target account, organizational unit, or the root to disassociate from the specified configuration.
Note
This is a Tagged Union structure. Only one of the following top level keys can be set:
AccountId,OrganizationalUnitId,RootId.AccountId (string) –
The Amazon Web Services account ID of the target account.
OrganizationalUnitId (string) –
The organizational unit ID of the target organizational unit.
RootId (string) –
The ID of the organization root.
ConfigurationPolicyIdentifier (string) –
[REQUIRED]
The Amazon Resource Name (ARN) or universally unique identifier (UUID) of the configuration policy.
- Return type:
dict
- Returns:
Response Syntax
{}Response Structure
(dict) –
Exceptions
SecurityHub.Client.exceptions.InternalExceptionSecurityHub.Client.exceptions.InvalidAccessExceptionSecurityHub.Client.exceptions.InvalidInputExceptionSecurityHub.Client.exceptions.LimitExceededExceptionSecurityHub.Client.exceptions.ResourceNotFoundExceptionSecurityHub.Client.exceptions.AccessDeniedException