SecurityHub / Client / update_configuration_policy
update_configuration_policy#
- SecurityHub.Client.update_configuration_policy(**kwargs)#
- Updates a configuration policy. Only the Security Hub delegated administrator can invoke this operation from the home Region. - See also: AWS API Documentation - Request Syntax- response = client.update_configuration_policy( Identifier='string', Name='string', Description='string', UpdatedReason='string', ConfigurationPolicy={ 'SecurityHub': { 'ServiceEnabled': True|False, 'EnabledStandardIdentifiers': [ 'string', ], 'SecurityControlsConfiguration': { 'EnabledSecurityControlIdentifiers': [ 'string', ], 'DisabledSecurityControlIdentifiers': [ 'string', ], 'SecurityControlCustomParameters': [ { 'SecurityControlId': 'string', 'Parameters': { 'string': { 'ValueType': 'DEFAULT'|'CUSTOM', 'Value': { 'Integer': 123, 'IntegerList': [ 123, ], 'Double': 123.0, 'String': 'string', 'StringList': [ 'string', ], 'Boolean': True|False, 'Enum': 'string', 'EnumList': [ 'string', ] } } } }, ] } } } ) - Parameters:
- Identifier (string) – - [REQUIRED] - The Amazon Resource Name (ARN) or universally unique identifier (UUID) of the configuration policy. 
- Name (string) – The name of the configuration policy. Alphanumeric characters and the following ASCII characters are permitted: - -, ., !, *, /.
- Description (string) – The description of the configuration policy. 
- UpdatedReason (string) – The reason for updating the configuration policy. 
- ConfigurationPolicy (dict) – - An object that defines how Security Hub is configured. It includes whether Security Hub is enabled or disabled, a list of enabled security standards, a list of enabled or disabled security controls, and a list of custom parameter values for specified controls. If you provide a list of security controls that are enabled in the configuration policy, Security Hub disables all other controls (including newly released controls). If you provide a list of security controls that are disabled in the configuration policy, Security Hub enables all other controls (including newly released controls). - When updating a configuration policy, provide a complete list of standards that you want to enable and a complete list of controls that you want to enable or disable. The updated configuration replaces the current configuration. - Note- This is a Tagged Union structure. Only one of the following top level keys can be set: - SecurityHub.- SecurityHub (dict) – - The Amazon Web Services service that the configuration policy applies to. - ServiceEnabled (boolean) – - Indicates whether Security Hub is enabled in the policy. 
- EnabledStandardIdentifiers (list) – - A list that defines which security standards are enabled in the configuration policy. - (string) – 
 
- SecurityControlsConfiguration (dict) – - An object that defines which security controls are enabled in the configuration policy. The enablement status of a control is aligned across all of the enabled standards in an account. - EnabledSecurityControlIdentifiers (list) – - A list of security controls that are enabled in the configuration policy. Security Hub disables all other controls (including newly released controls) other than the listed controls. - (string) – 
 
- DisabledSecurityControlIdentifiers (list) – - A list of security controls that are disabled in the configuration policy. Security Hub enables all other controls (including newly released controls) other than the listed controls. - (string) – 
 
- SecurityControlCustomParameters (list) – - A list of security controls and control parameter values that are included in a configuration policy. - (dict) – - A list of security controls and control parameter values that are included in a configuration policy. - SecurityControlId (string) – - The ID of the security control. 
- Parameters (dict) – - An object that specifies parameter values for a control in a configuration policy. - (string) – - (dict) – - An object that provides the current value of a security control parameter and identifies whether it has been customized. - ValueType (string) – [REQUIRED] - Identifies whether a control parameter uses a custom user-defined value or subscribes to the default Security Hub behavior. - When - ValueTypeis set equal to- DEFAULT, the default behavior can be a specific Security Hub default value, or the default behavior can be to ignore a specific parameter. When- ValueTypeis set equal to- DEFAULT, Security Hub ignores user-provided input for the- Valuefield.- When - ValueTypeis set equal to- CUSTOM, the- Valuefield can’t be empty.
- Value (dict) – - The current value of a control parameter. - Note- This is a Tagged Union structure. Only one of the following top level keys can be set: - Integer,- IntegerList,- Double,- String,- StringList,- Boolean,- Enum,- EnumList.- Integer (integer) – - A control parameter that is an integer. 
- IntegerList (list) – - A control parameter that is a list of integers. - (integer) – 
 
- Double (float) – - A control parameter that is a double. 
- String (string) – - A control parameter that is a string. 
- StringList (list) – - A control parameter that is a list of strings. - (string) – 
 
- Boolean (boolean) – - A control parameter that is a boolean. 
- Enum (string) – - A control parameter that is an enum. 
- EnumList (list) – - A control parameter that is a list of enums. - (string) – 
 
 
 
 
 
 
 
 
 
 
 
- Return type:
- dict 
- Returns:
- Response Syntax- { 'Arn': 'string', 'Id': 'string', 'Name': 'string', 'Description': 'string', 'UpdatedAt': datetime(2015, 1, 1), 'CreatedAt': datetime(2015, 1, 1), 'ConfigurationPolicy': { 'SecurityHub': { 'ServiceEnabled': True|False, 'EnabledStandardIdentifiers': [ 'string', ], 'SecurityControlsConfiguration': { 'EnabledSecurityControlIdentifiers': [ 'string', ], 'DisabledSecurityControlIdentifiers': [ 'string', ], 'SecurityControlCustomParameters': [ { 'SecurityControlId': 'string', 'Parameters': { 'string': { 'ValueType': 'DEFAULT'|'CUSTOM', 'Value': { 'Integer': 123, 'IntegerList': [ 123, ], 'Double': 123.0, 'String': 'string', 'StringList': [ 'string', ], 'Boolean': True|False, 'Enum': 'string', 'EnumList': [ 'string', ] } } } }, ] } } } } - Response Structure- (dict) – - Arn (string) – - The ARN of the configuration policy. 
- Id (string) – - The UUID of the configuration policy. 
- Name (string) – - The name of the configuration policy. 
- Description (string) – - The description of the configuration policy. 
- UpdatedAt (datetime) – - The date and time, in UTC and ISO 8601 format, that the configuration policy was last updated. 
- CreatedAt (datetime) – - The date and time, in UTC and ISO 8601 format, that the configuration policy was created. 
- ConfigurationPolicy (dict) – - An object that defines how Security Hub is configured. It includes whether Security Hub is enabled or disabled, a list of enabled security standards, a list of enabled or disabled security controls, and a list of custom parameter values for specified controls. If the request included a list of security controls that are enabled in the configuration policy, Security Hub disables all other controls (including newly released controls). If the request included a list of security controls that are disabled in the configuration policy, Security Hub enables all other controls (including newly released controls). - Note- This is a Tagged Union structure. Only one of the following top level keys will be set: - SecurityHub. If a client receives an unknown member it will set- SDK_UNKNOWN_MEMBERas the top level key, which maps to the name or tag of the unknown member. The structure of- SDK_UNKNOWN_MEMBERis as follows:- 'SDK_UNKNOWN_MEMBER': {'name': 'UnknownMemberName'} - SecurityHub (dict) – - The Amazon Web Services service that the configuration policy applies to. - ServiceEnabled (boolean) – - Indicates whether Security Hub is enabled in the policy. 
- EnabledStandardIdentifiers (list) – - A list that defines which security standards are enabled in the configuration policy. - (string) – 
 
- SecurityControlsConfiguration (dict) – - An object that defines which security controls are enabled in the configuration policy. The enablement status of a control is aligned across all of the enabled standards in an account. - EnabledSecurityControlIdentifiers (list) – - A list of security controls that are enabled in the configuration policy. Security Hub disables all other controls (including newly released controls) other than the listed controls. - (string) – 
 
- DisabledSecurityControlIdentifiers (list) – - A list of security controls that are disabled in the configuration policy. Security Hub enables all other controls (including newly released controls) other than the listed controls. - (string) – 
 
- SecurityControlCustomParameters (list) – - A list of security controls and control parameter values that are included in a configuration policy. - (dict) – - A list of security controls and control parameter values that are included in a configuration policy. - SecurityControlId (string) – - The ID of the security control. 
- Parameters (dict) – - An object that specifies parameter values for a control in a configuration policy. - (string) – - (dict) – - An object that provides the current value of a security control parameter and identifies whether it has been customized. - ValueType (string) – - Identifies whether a control parameter uses a custom user-defined value or subscribes to the default Security Hub behavior. - When - ValueTypeis set equal to- DEFAULT, the default behavior can be a specific Security Hub default value, or the default behavior can be to ignore a specific parameter. When- ValueTypeis set equal to- DEFAULT, Security Hub ignores user-provided input for the- Valuefield.- When - ValueTypeis set equal to- CUSTOM, the- Valuefield can’t be empty.
- Value (dict) – - The current value of a control parameter. - Note- This is a Tagged Union structure. Only one of the following top level keys will be set: - Integer,- IntegerList,- Double,- String,- StringList,- Boolean,- Enum,- EnumList. If a client receives an unknown member it will set- SDK_UNKNOWN_MEMBERas the top level key, which maps to the name or tag of the unknown member. The structure of- SDK_UNKNOWN_MEMBERis as follows:- 'SDK_UNKNOWN_MEMBER': {'name': 'UnknownMemberName'} - Integer (integer) – - A control parameter that is an integer. 
- IntegerList (list) – - A control parameter that is a list of integers. - (integer) – 
 
- Double (float) – - A control parameter that is a double. 
- String (string) – - A control parameter that is a string. 
- StringList (list) – - A control parameter that is a list of strings. - (string) – 
 
- Boolean (boolean) – - A control parameter that is a boolean. 
- Enum (string) – - A control parameter that is an enum. 
- EnumList (list) – - A control parameter that is a list of enums. - (string) – 
 
 
 
 
 
 
 
 
 
 
 
 
 - Exceptions- SecurityHub.Client.exceptions.InternalException
- SecurityHub.Client.exceptions.InvalidAccessException
- SecurityHub.Client.exceptions.InvalidInputException
- SecurityHub.Client.exceptions.LimitExceededException
- SecurityHub.Client.exceptions.ResourceNotFoundException
- SecurityHub.Client.exceptions.AccessDeniedException
- SecurityHub.Client.exceptions.ResourceConflictException