SecurityHub / Client / batch_get_configuration_policy_associations
batch_get_configuration_policy_associations#
- SecurityHub.Client.batch_get_configuration_policy_associations(**kwargs)#
Returns associations between an Security Hub configuration and a batch of target accounts, organizational units, or the root. Only the Security Hub delegated administrator can invoke this operation from the home Region. A configuration can refer to a configuration policy or to a self-managed configuration.
See also: AWS API Documentation
Request Syntax
response = client.batch_get_configuration_policy_associations( ConfigurationPolicyAssociationIdentifiers=[ { 'Target': { 'AccountId': 'string', 'OrganizationalUnitId': 'string', 'RootId': 'string' } }, ] )
- Parameters:
ConfigurationPolicyAssociationIdentifiers (list) –
[REQUIRED]
Specifies one or more target account IDs, organizational unit (OU) IDs, or the root ID to retrieve associations for.
(dict) –
Provides details about the association between an Security Hub configuration and a target account, organizational unit, or the root. An association can exist between a target and a configuration policy, or between a target and self-managed behavior.
Target (dict) –
The target account, organizational unit, or the root.
Note
This is a Tagged Union structure. Only one of the following top level keys can be set:
AccountId
,OrganizationalUnitId
,RootId
.AccountId (string) –
The Amazon Web Services account ID of the target account.
OrganizationalUnitId (string) –
The organizational unit ID of the target organizational unit.
RootId (string) –
The ID of the organization root.
- Return type:
dict
- Returns:
Response Syntax
{ 'ConfigurationPolicyAssociations': [ { 'ConfigurationPolicyId': 'string', 'TargetId': 'string', 'TargetType': 'ACCOUNT'|'ORGANIZATIONAL_UNIT'|'ROOT', 'AssociationType': 'INHERITED'|'APPLIED', 'UpdatedAt': datetime(2015, 1, 1), 'AssociationStatus': 'PENDING'|'SUCCESS'|'FAILED', 'AssociationStatusMessage': 'string' }, ], 'UnprocessedConfigurationPolicyAssociations': [ { 'ConfigurationPolicyAssociationIdentifiers': { 'Target': { 'AccountId': 'string', 'OrganizationalUnitId': 'string', 'RootId': 'string' } }, 'ErrorCode': 'string', 'ErrorReason': 'string' }, ] }
Response Structure
(dict) –
ConfigurationPolicyAssociations (list) –
Describes associations for the target accounts, OUs, or the root.
(dict) –
An object that contains the details of a configuration policy association that’s returned in a
ListConfigurationPolicyAssociations
request.ConfigurationPolicyId (string) –
The universally unique identifier (UUID) of the configuration policy.
TargetId (string) –
The identifier of the target account, organizational unit, or the root.
TargetType (string) –
Specifies whether the target is an Amazon Web Services account, organizational unit, or the root.
AssociationType (string) –
Indicates whether the association between the specified target and the configuration was directly applied by the Security Hub delegated administrator or inherited from a parent.
UpdatedAt (datetime) –
The date and time, in UTC and ISO 8601 format, that the configuration policy association was last updated.
AssociationStatus (string) –
The current status of the association between the specified target and the configuration.
AssociationStatusMessage (string) –
The explanation for a
FAILED
value forAssociationStatus
.
UnprocessedConfigurationPolicyAssociations (list) –
An array of configuration policy associations, one for each configuration policy association identifier, that was specified in the request but couldn’t be processed due to an error.
(dict) –
An array of configuration policy associations, one for each configuration policy association identifier, that was specified in a
BatchGetConfigurationPolicyAssociations
request but couldn’t be processed due to an error.ConfigurationPolicyAssociationIdentifiers (dict) –
Configuration policy association identifiers that were specified in a
BatchGetConfigurationPolicyAssociations
request but couldn’t be processed due to an error.Target (dict) –
The target account, organizational unit, or the root.
Note
This is a Tagged Union structure. Only one of the following top level keys will be set:
AccountId
,OrganizationalUnitId
,RootId
. If a client receives an unknown member it will setSDK_UNKNOWN_MEMBER
as the top level key, which maps to the name or tag of the unknown member. The structure ofSDK_UNKNOWN_MEMBER
is as follows:'SDK_UNKNOWN_MEMBER': {'name': 'UnknownMemberName'}
AccountId (string) –
The Amazon Web Services account ID of the target account.
OrganizationalUnitId (string) –
The organizational unit ID of the target organizational unit.
RootId (string) –
The ID of the organization root.
ErrorCode (string) –
An HTTP status code that identifies why the configuration policy association failed.
ErrorReason (string) –
A string that identifies why the configuration policy association failed.
Exceptions
SecurityHub.Client.exceptions.InternalException
SecurityHub.Client.exceptions.InvalidAccessException
SecurityHub.Client.exceptions.InvalidInputException
SecurityHub.Client.exceptions.LimitExceededException
SecurityHub.Client.exceptions.ResourceNotFoundException
SecurityHub.Client.exceptions.AccessDeniedException