SecurityHub / Client / batch_get_configuration_policy_associations

batch_get_configuration_policy_associations

SecurityHub.Client.batch_get_configuration_policy_associations(**kwargs)

Returns associations between an Security Hub configuration and a batch of target accounts, organizational units, or the root. Only the Security Hub delegated administrator can invoke this operation from the home Region. A configuration can refer to a configuration policy or to a self-managed configuration.

See also: AWS API Documentation

Request Syntax

response = client.batch_get_configuration_policy_associations(
    ConfigurationPolicyAssociationIdentifiers=[
        {
            'Target': {
                'AccountId': 'string',
                'OrganizationalUnitId': 'string',
                'RootId': 'string'
            }
        },
    ]
)

Parameters:

ConfigurationPolicyAssociationIdentifiers (list) –

[REQUIRED]

Specifies one or more target account IDs, organizational unit (OU) IDs, or the root ID to retrieve associations for.

• (dict) –

  Provides details about the association between an Security Hub configuration and a target account, organizational unit, or the root. An association can exist between a target and a configuration policy, or between a target and self-managed behavior.

  • Target (dict) –

    The target account, organizational unit, or the root.

    Note

    This is a Tagged Union structure. Only one of the following top level keys can be set: AccountId, OrganizationalUnitId, RootId.

    • AccountId (string) –

      The Amazon Web Services account ID of the target account.

    • OrganizationalUnitId (string) –

      The organizational unit ID of the target organizational unit.

    • RootId (string) –

      The ID of the organization root.

Return type:

dict

Returns:

Response Syntax

{
    'ConfigurationPolicyAssociations': [
        {
            'ConfigurationPolicyId': 'string',
            'TargetId': 'string',
            'TargetType': 'ACCOUNT'|'ORGANIZATIONAL_UNIT',
            'AssociationType': 'INHERITED'|'APPLIED',
            'UpdatedAt': datetime(2015, 1, 1),
            'AssociationStatus': 'PENDING'|'SUCCESS'|'FAILED',
            'AssociationStatusMessage': 'string'
        },
    ],
    'UnprocessedConfigurationPolicyAssociations': [
        {
            'ConfigurationPolicyAssociationIdentifiers': {
                'Target': {
                    'AccountId': 'string',
                    'OrganizationalUnitId': 'string',
                    'RootId': 'string'
                }
            },
            'ErrorCode': 'string',
            'ErrorReason': 'string'
        },
    ]
}

Response Structure

• (dict) –

  • ConfigurationPolicyAssociations (list) –

    Describes associations for the target accounts, OUs, or the root.

    • (dict) –

      An object that contains the details of a configuration policy association that’s returned in a ListConfigurationPolicyAssociations request.

      • ConfigurationPolicyId (string) –

        The universally unique identifier (UUID) of the configuration policy.

      • TargetId (string) –

        The identifier of the target account, organizational unit, or the root.

      • TargetType (string) –

        Specifies whether the target is an Amazon Web Services account, organizational unit, or the root.

      • AssociationType (string) –

        Indicates whether the association between the specified target and the configuration was directly applied by the Security Hub delegated administrator or inherited from a parent.

      • UpdatedAt (datetime) –

        The date and time, in UTC and ISO 8601 format, that the configuration policy association was last updated.

      • AssociationStatus (string) –

        The current status of the association between the specified target and the configuration.

      • AssociationStatusMessage (string) –

        The explanation for a FAILED value for AssociationStatus.

  • UnprocessedConfigurationPolicyAssociations (list) –

    An array of configuration policy associations, one for each configuration policy association identifier, that was specified in the request but couldn’t be processed due to an error.

    • (dict) –

      An array of configuration policy associations, one for each configuration policy association identifier, that was specified in a BatchGetConfigurationPolicyAssociations request but couldn’t be processed due to an error.

      • ConfigurationPolicyAssociationIdentifiers (dict) –

        Configuration policy association identifiers that were specified in a BatchGetConfigurationPolicyAssociations request but couldn’t be processed due to an error.

        • Target (dict) –

          The target account, organizational unit, or the root.

          Note

          This is a Tagged Union structure. Only one of the following top level keys will be set: AccountId, OrganizationalUnitId, RootId. If a client receives an unknown member it will set SDK_UNKNOWN_MEMBER as the top level key, which maps to the name or tag of the unknown member. The structure of SDK_UNKNOWN_MEMBER is as follows:

          'SDK_UNKNOWN_MEMBER': {'name': 'UnknownMemberName'}
          

          • AccountId (string) –

            The Amazon Web Services account ID of the target account.

          • OrganizationalUnitId (string) –

            The organizational unit ID of the target organizational unit.

          • RootId (string) –

            The ID of the organization root.

      • ErrorCode (string) –

        An HTTP status code that identifies why the configuration policy association failed.

      • ErrorReason (string) –

        A string that identifies why the configuration policy association failed.

Exceptions

• SecurityHub.Client.exceptions.InternalException

• SecurityHub.Client.exceptions.InvalidAccessException

• SecurityHub.Client.exceptions.InvalidInputException

• SecurityHub.Client.exceptions.LimitExceededException

• SecurityHub.Client.exceptions.ResourceNotFoundException

• SecurityHub.Client.exceptions.AccessDeniedException