SecurityHub / Client / start_configuration_policy_association
start_configuration_policy_association#
- SecurityHub.Client.start_configuration_policy_association(**kwargs)#
Associates a target account, organizational unit, or the root with a specified configuration. The target can be associated with a configuration policy or self-managed behavior. Only the Security Hub delegated administrator can invoke this operation from the home Region.
See also: AWS API Documentation
Request Syntax
response = client.start_configuration_policy_association( ConfigurationPolicyIdentifier='string', Target={ 'AccountId': 'string', 'OrganizationalUnitId': 'string', 'RootId': 'string' } )
- Parameters:
ConfigurationPolicyIdentifier (string) –
[REQUIRED]
The Amazon Resource Name (ARN) of a configuration policy, the universally unique identifier (UUID) of a configuration policy, or a value of
SELF_MANAGED_SECURITY_HUB
for a self-managed configuration.Target (dict) –
[REQUIRED]
The identifier of the target account, organizational unit, or the root to associate with the specified configuration.
Note
This is a Tagged Union structure. Only one of the following top level keys can be set:
AccountId
,OrganizationalUnitId
,RootId
.AccountId (string) –
The Amazon Web Services account ID of the target account.
OrganizationalUnitId (string) –
The organizational unit ID of the target organizational unit.
RootId (string) –
The ID of the organization root.
- Return type:
dict
- Returns:
Response Syntax
{ 'ConfigurationPolicyId': 'string', 'TargetId': 'string', 'TargetType': 'ACCOUNT'|'ORGANIZATIONAL_UNIT'|'ROOT', 'AssociationType': 'INHERITED'|'APPLIED', 'UpdatedAt': datetime(2015, 1, 1), 'AssociationStatus': 'PENDING'|'SUCCESS'|'FAILED', 'AssociationStatusMessage': 'string' }
Response Structure
(dict) –
ConfigurationPolicyId (string) –
The UUID of the configuration policy.
TargetId (string) –
The identifier of the target account, organizational unit, or the organization root with which the configuration is associated.
TargetType (string) –
Indicates whether the target is an Amazon Web Services account, organizational unit, or the organization root.
AssociationType (string) –
Indicates whether the association between the specified target and the configuration was directly applied by the Security Hub delegated administrator or inherited from a parent.
UpdatedAt (datetime) –
The date and time, in UTC and ISO 8601 format, that the configuration policy association was last updated.
AssociationStatus (string) –
The current status of the association between the specified target and the configuration.
AssociationStatusMessage (string) –
An explanation for a
FAILED
value forAssociationStatus
.
Exceptions
SecurityHub.Client.exceptions.InternalException
SecurityHub.Client.exceptions.InvalidAccessException
SecurityHub.Client.exceptions.InvalidInputException
SecurityHub.Client.exceptions.LimitExceededException
SecurityHub.Client.exceptions.ResourceNotFoundException
SecurityHub.Client.exceptions.AccessDeniedException