SecurityHub / Client / batch_get_configuration_policy_associations

batch_get_configuration_policy_associations#

SecurityHub.Client.batch_get_configuration_policy_associations(**kwargs)#

Returns associations between an Security Hub configuration and a batch of target accounts, organizational units, or the root. Only the Security Hub delegated administrator can invoke this operation from the home Region. A configuration can refer to a configuration policy or to a self-managed configuration.

See also: AWS API Documentation

Request Syntax

response = client.batch_get_configuration_policy_associations(
    ConfigurationPolicyAssociationIdentifiers=[
        {
            'Target': {
                'AccountId': 'string',
                'OrganizationalUnitId': 'string',
                'RootId': 'string'
            }
        },
    ]
)
Parameters:

ConfigurationPolicyAssociationIdentifiers (list) –

[REQUIRED]

Specifies one or more target account IDs, organizational unit (OU) IDs, or the root ID to retrieve associations for.

  • (dict) –

    Provides details about the association between an Security Hub configuration and a target account, organizational unit, or the root. An association can exist between a target and a configuration policy, or between a target and self-managed behavior.

    • Target (dict) –

      The target account, organizational unit, or the root.

      Note

      This is a Tagged Union structure. Only one of the following top level keys can be set: AccountId, OrganizationalUnitId, RootId.

      • AccountId (string) –

        The Amazon Web Services account ID of the target account.

      • OrganizationalUnitId (string) –

        The organizational unit ID of the target organizational unit.

      • RootId (string) –

        The ID of the organization root.

Return type:

dict

Returns:

Response Syntax

{
    'ConfigurationPolicyAssociations': [
        {
            'ConfigurationPolicyId': 'string',
            'TargetId': 'string',
            'TargetType': 'ACCOUNT'|'ORGANIZATIONAL_UNIT'|'ROOT',
            'AssociationType': 'INHERITED'|'APPLIED',
            'UpdatedAt': datetime(2015, 1, 1),
            'AssociationStatus': 'PENDING'|'SUCCESS'|'FAILED',
            'AssociationStatusMessage': 'string'
        },
    ],
    'UnprocessedConfigurationPolicyAssociations': [
        {
            'ConfigurationPolicyAssociationIdentifiers': {
                'Target': {
                    'AccountId': 'string',
                    'OrganizationalUnitId': 'string',
                    'RootId': 'string'
                }
            },
            'ErrorCode': 'string',
            'ErrorReason': 'string'
        },
    ]
}

Response Structure

  • (dict) –

    • ConfigurationPolicyAssociations (list) –

      Describes associations for the target accounts, OUs, or the root.

      • (dict) –

        An object that contains the details of a configuration policy association that’s returned in a ListConfigurationPolicyAssociations request.

        • ConfigurationPolicyId (string) –

          The universally unique identifier (UUID) of the configuration policy.

        • TargetId (string) –

          The identifier of the target account, organizational unit, or the root.

        • TargetType (string) –

          Specifies whether the target is an Amazon Web Services account, organizational unit, or the root.

        • AssociationType (string) –

          Indicates whether the association between the specified target and the configuration was directly applied by the Security Hub delegated administrator or inherited from a parent.

        • UpdatedAt (datetime) –

          The date and time, in UTC and ISO 8601 format, that the configuration policy association was last updated.

        • AssociationStatus (string) –

          The current status of the association between the specified target and the configuration.

        • AssociationStatusMessage (string) –

          The explanation for a FAILED value for AssociationStatus.

    • UnprocessedConfigurationPolicyAssociations (list) –

      An array of configuration policy associations, one for each configuration policy association identifier, that was specified in the request but couldn’t be processed due to an error.

      • (dict) –

        An array of configuration policy associations, one for each configuration policy association identifier, that was specified in a BatchGetConfigurationPolicyAssociations request but couldn’t be processed due to an error.

        • ConfigurationPolicyAssociationIdentifiers (dict) –

          Configuration policy association identifiers that were specified in a BatchGetConfigurationPolicyAssociations request but couldn’t be processed due to an error.

          • Target (dict) –

            The target account, organizational unit, or the root.

            Note

            This is a Tagged Union structure. Only one of the following top level keys will be set: AccountId, OrganizationalUnitId, RootId. If a client receives an unknown member it will set SDK_UNKNOWN_MEMBER as the top level key, which maps to the name or tag of the unknown member. The structure of SDK_UNKNOWN_MEMBER is as follows:

            'SDK_UNKNOWN_MEMBER': {'name': 'UnknownMemberName'}
            
            • AccountId (string) –

              The Amazon Web Services account ID of the target account.

            • OrganizationalUnitId (string) –

              The organizational unit ID of the target organizational unit.

            • RootId (string) –

              The ID of the organization root.

        • ErrorCode (string) –

          An HTTP status code that identifies why the configuration policy association failed.

        • ErrorReason (string) –

          A string that identifies why the configuration policy association failed.

Exceptions

  • SecurityHub.Client.exceptions.InternalException

  • SecurityHub.Client.exceptions.InvalidAccessException

  • SecurityHub.Client.exceptions.InvalidInputException

  • SecurityHub.Client.exceptions.LimitExceededException

  • SecurityHub.Client.exceptions.ResourceNotFoundException

  • SecurityHub.Client.exceptions.AccessDeniedException