SecurityHub / Client / start_configuration_policy_association

start_configuration_policy_association#

SecurityHub.Client.start_configuration_policy_association(**kwargs)#

Associates a target account, organizational unit, or the root with a specified configuration. The target can be associated with a configuration policy or self-managed behavior. Only the Security Hub delegated administrator can invoke this operation from the home Region.

See also: AWS API Documentation

Request Syntax

response = client.start_configuration_policy_association(
    ConfigurationPolicyIdentifier='string',
    Target={
        'AccountId': 'string',
        'OrganizationalUnitId': 'string',
        'RootId': 'string'
    }
)
Parameters:
  • ConfigurationPolicyIdentifier (string) –

    [REQUIRED]

    The Amazon Resource Name (ARN) of a configuration policy, the universally unique identifier (UUID) of a configuration policy, or a value of SELF_MANAGED_SECURITY_HUB for a self-managed configuration.

  • Target (dict) –

    [REQUIRED]

    The identifier of the target account, organizational unit, or the root to associate with the specified configuration.

    Note

    This is a Tagged Union structure. Only one of the following top level keys can be set: AccountId, OrganizationalUnitId, RootId.

    • AccountId (string) –

      The Amazon Web Services account ID of the target account.

    • OrganizationalUnitId (string) –

      The organizational unit ID of the target organizational unit.

    • RootId (string) –

      The ID of the organization root.

Return type:

dict

Returns:

Response Syntax

{
    'ConfigurationPolicyId': 'string',
    'TargetId': 'string',
    'TargetType': 'ACCOUNT'|'ORGANIZATIONAL_UNIT'|'ROOT',
    'AssociationType': 'INHERITED'|'APPLIED',
    'UpdatedAt': datetime(2015, 1, 1),
    'AssociationStatus': 'PENDING'|'SUCCESS'|'FAILED',
    'AssociationStatusMessage': 'string'
}

Response Structure

  • (dict) –

    • ConfigurationPolicyId (string) –

      The UUID of the configuration policy.

    • TargetId (string) –

      The identifier of the target account, organizational unit, or the organization root with which the configuration is associated.

    • TargetType (string) –

      Indicates whether the target is an Amazon Web Services account, organizational unit, or the organization root.

    • AssociationType (string) –

      Indicates whether the association between the specified target and the configuration was directly applied by the Security Hub delegated administrator or inherited from a parent.

    • UpdatedAt (datetime) –

      The date and time, in UTC and ISO 8601 format, that the configuration policy association was last updated.

    • AssociationStatus (string) –

      The current status of the association between the specified target and the configuration.

    • AssociationStatusMessage (string) –

      An explanation for a FAILED value for AssociationStatus.

Exceptions

  • SecurityHub.Client.exceptions.InternalException

  • SecurityHub.Client.exceptions.InvalidAccessException

  • SecurityHub.Client.exceptions.InvalidInputException

  • SecurityHub.Client.exceptions.LimitExceededException

  • SecurityHub.Client.exceptions.ResourceNotFoundException

  • SecurityHub.Client.exceptions.AccessDeniedException