2024/05/29 - AWS SecurityHub - 4 updated api methods
Changes Add ROOT type for TargetType model
{'ConfigurationPolicyAssociations': {'TargetType': {'ROOT'}}}
Returns associations between an Security Hub configuration and a batch of target accounts, organizational units, or the root. Only the Security Hub delegated administrator can invoke this operation from the home Region. A configuration can refer to a configuration policy or to a self-managed configuration.
See also: AWS API Documentation
Request Syntax
client.batch_get_configuration_policy_associations(
ConfigurationPolicyAssociationIdentifiers=[
{
'Target': {
'AccountId': 'string',
'OrganizationalUnitId': 'string',
'RootId': 'string'
}
},
]
)
list
[REQUIRED]
Specifies one or more target account IDs, organizational unit (OU) IDs, or the root ID to retrieve associations for.
(dict) --
Provides details about the association between an Security Hub configuration and a target account, organizational unit, or the root. An association can exist between a target and a configuration policy, or between a target and self-managed behavior.
Target (dict) --
The target account, organizational unit, or the root.
Note
This is a Tagged Union structure. Only one of the following top level keys can be set: AccountId, OrganizationalUnitId, RootId.
AccountId (string) --
The Amazon Web Services account ID of the target account.
OrganizationalUnitId (string) --
The organizational unit ID of the target organizational unit.
RootId (string) --
The ID of the organization root.
dict
Response Syntax
{
'ConfigurationPolicyAssociations': [
{
'ConfigurationPolicyId': 'string',
'TargetId': 'string',
'TargetType': 'ACCOUNT'|'ORGANIZATIONAL_UNIT'|'ROOT',
'AssociationType': 'INHERITED'|'APPLIED',
'UpdatedAt': datetime(2015, 1, 1),
'AssociationStatus': 'PENDING'|'SUCCESS'|'FAILED',
'AssociationStatusMessage': 'string'
},
],
'UnprocessedConfigurationPolicyAssociations': [
{
'ConfigurationPolicyAssociationIdentifiers': {
'Target': {
'AccountId': 'string',
'OrganizationalUnitId': 'string',
'RootId': 'string'
}
},
'ErrorCode': 'string',
'ErrorReason': 'string'
},
]
}
Response Structure
(dict) --
ConfigurationPolicyAssociations (list) --
Describes associations for the target accounts, OUs, or the root.
(dict) --
An object that contains the details of a configuration policy association that’s returned in a ListConfigurationPolicyAssociations request.
ConfigurationPolicyId (string) --
The universally unique identifier (UUID) of the configuration policy.
TargetId (string) --
The identifier of the target account, organizational unit, or the root.
TargetType (string) --
Specifies whether the target is an Amazon Web Services account, organizational unit, or the root.
AssociationType (string) --
Indicates whether the association between the specified target and the configuration was directly applied by the Security Hub delegated administrator or inherited from a parent.
UpdatedAt (datetime) --
The date and time, in UTC and ISO 8601 format, that the configuration policy association was last updated.
AssociationStatus (string) --
The current status of the association between the specified target and the configuration.
AssociationStatusMessage (string) --
The explanation for a FAILED value for AssociationStatus .
UnprocessedConfigurationPolicyAssociations (list) --
An array of configuration policy associations, one for each configuration policy association identifier, that was specified in the request but couldn’t be processed due to an error.
(dict) --
An array of configuration policy associations, one for each configuration policy association identifier, that was specified in a BatchGetConfigurationPolicyAssociations request but couldn’t be processed due to an error.
ConfigurationPolicyAssociationIdentifiers (dict) --
Configuration policy association identifiers that were specified in a BatchGetConfigurationPolicyAssociations request but couldn’t be processed due to an error.
Target (dict) --
The target account, organizational unit, or the root.
Note
This is a Tagged Union structure. Only one of the following top level keys will be set: AccountId, OrganizationalUnitId, RootId. If a client receives an unknown member it will set SDK_UNKNOWN_MEMBER as the top level key, which maps to the name or tag of the unknown member. The structure of SDK_UNKNOWN_MEMBER is as follows:
'SDK_UNKNOWN_MEMBER': {'name': 'UnknownMemberName'}
AccountId (string) --
The Amazon Web Services account ID of the target account.
OrganizationalUnitId (string) --
The organizational unit ID of the target organizational unit.
RootId (string) --
The ID of the organization root.
ErrorCode (string) --
An HTTP status code that identifies why the configuration policy association failed.
ErrorReason (string) --
A string that identifies why the configuration policy association failed.
{'TargetType': {'ROOT'}}
Returns the association between a configuration and a target account, organizational unit, or the root. The configuration can be a configuration policy or self-managed behavior. Only the Security Hub delegated administrator can invoke this operation from the home Region.
See also: AWS API Documentation
Request Syntax
client.get_configuration_policy_association(
Target={
'AccountId': 'string',
'OrganizationalUnitId': 'string',
'RootId': 'string'
}
)
dict
[REQUIRED]
The target account ID, organizational unit ID, or the root ID to retrieve the association for.
Note
This is a Tagged Union structure. Only one of the following top level keys can be set: AccountId, OrganizationalUnitId, RootId.
AccountId (string) --
The Amazon Web Services account ID of the target account.
OrganizationalUnitId (string) --
The organizational unit ID of the target organizational unit.
RootId (string) --
The ID of the organization root.
dict
Response Syntax
{
'ConfigurationPolicyId': 'string',
'TargetId': 'string',
'TargetType': 'ACCOUNT'|'ORGANIZATIONAL_UNIT'|'ROOT',
'AssociationType': 'INHERITED'|'APPLIED',
'UpdatedAt': datetime(2015, 1, 1),
'AssociationStatus': 'PENDING'|'SUCCESS'|'FAILED',
'AssociationStatusMessage': 'string'
}
Response Structure
(dict) --
ConfigurationPolicyId (string) --
The universally unique identifier (UUID) of a configuration policy. For self-managed behavior, the value is SELF_MANAGED_SECURITY_HUB .
TargetId (string) --
The target account ID, organizational unit ID, or the root ID for which the association is retrieved.
TargetType (string) --
Specifies whether the target is an Amazon Web Services account, organizational unit, or the organization root.
AssociationType (string) --
Indicates whether the association between the specified target and the configuration was directly applied by the Security Hub delegated administrator or inherited from a parent.
UpdatedAt (datetime) --
The date and time, in UTC and ISO 8601 format, that the configuration policy association was last updated.
AssociationStatus (string) --
The current status of the association between the specified target and the configuration.
AssociationStatusMessage (string) --
The explanation for a FAILED value for AssociationStatus .
{'ConfigurationPolicyAssociationSummaries': {'TargetType': {'ROOT'}}}
Provides information about the associations for your configuration policies and self-managed behavior. Only the Security Hub delegated administrator can invoke this operation from the home Region.
See also: AWS API Documentation
Request Syntax
client.list_configuration_policy_associations(
NextToken='string',
MaxResults=123,
Filters={
'ConfigurationPolicyId': 'string',
'AssociationType': 'INHERITED'|'APPLIED',
'AssociationStatus': 'PENDING'|'SUCCESS'|'FAILED'
}
)
string
The NextToken value that's returned from a previous paginated ListConfigurationPolicyAssociations request where MaxResults was used but the results exceeded the value of that parameter. Pagination continues from the end of the previous response that returned the NextToken value. This value is null when there are no more results to return.
integer
The maximum number of results that's returned by ListConfigurationPolicies in each page of the response. When this parameter is used, ListConfigurationPolicyAssociations returns the specified number of results in a single page and a NextToken response element. You can see the remaining results of the initial request by sending another ListConfigurationPolicyAssociations request with the returned NextToken value. A valid range for MaxResults is between 1 and 100.
dict
Options for filtering the ListConfigurationPolicyAssociations response. You can filter by the Amazon Resource Name (ARN) or universally unique identifier (UUID) of a configuration, AssociationType , or AssociationStatus .
ConfigurationPolicyId (string) --
The ARN or UUID of the configuration policy.
AssociationType (string) --
Indicates whether the association between a target and a configuration was directly applied by the Security Hub delegated administrator or inherited from a parent.
AssociationStatus (string) --
The current status of the association between a target and a configuration policy.
dict
Response Syntax
{
'ConfigurationPolicyAssociationSummaries': [
{
'ConfigurationPolicyId': 'string',
'TargetId': 'string',
'TargetType': 'ACCOUNT'|'ORGANIZATIONAL_UNIT'|'ROOT',
'AssociationType': 'INHERITED'|'APPLIED',
'UpdatedAt': datetime(2015, 1, 1),
'AssociationStatus': 'PENDING'|'SUCCESS'|'FAILED',
'AssociationStatusMessage': 'string'
},
],
'NextToken': 'string'
}
Response Structure
(dict) --
ConfigurationPolicyAssociationSummaries (list) --
An object that contains the details of each configuration policy association that’s returned in a ListConfigurationPolicyAssociations request.
(dict) --
An object that contains the details of a configuration policy association that’s returned in a ListConfigurationPolicyAssociations request.
ConfigurationPolicyId (string) --
The universally unique identifier (UUID) of the configuration policy.
TargetId (string) --
The identifier of the target account, organizational unit, or the root.
TargetType (string) --
Specifies whether the target is an Amazon Web Services account, organizational unit, or the root.
AssociationType (string) --
Indicates whether the association between the specified target and the configuration was directly applied by the Security Hub delegated administrator or inherited from a parent.
UpdatedAt (datetime) --
The date and time, in UTC and ISO 8601 format, that the configuration policy association was last updated.
AssociationStatus (string) --
The current status of the association between the specified target and the configuration.
AssociationStatusMessage (string) --
The explanation for a FAILED value for AssociationStatus .
NextToken (string) --
The NextToken value to include in the next ListConfigurationPolicyAssociations request. When the results of a ListConfigurationPolicyAssociations request exceed MaxResults , this value can be used to retrieve the next page of results. This value is null when there are no more results to return.
{'TargetType': {'ROOT'}}
Associates a target account, organizational unit, or the root with a specified configuration. The target can be associated with a configuration policy or self-managed behavior. Only the Security Hub delegated administrator can invoke this operation from the home Region.
See also: AWS API Documentation
Request Syntax
client.start_configuration_policy_association(
ConfigurationPolicyIdentifier='string',
Target={
'AccountId': 'string',
'OrganizationalUnitId': 'string',
'RootId': 'string'
}
)
string
[REQUIRED]
The Amazon Resource Name (ARN) of a configuration policy, the universally unique identifier (UUID) of a configuration policy, or a value of SELF_MANAGED_SECURITY_HUB for a self-managed configuration.
dict
[REQUIRED]
The identifier of the target account, organizational unit, or the root to associate with the specified configuration.
Note
This is a Tagged Union structure. Only one of the following top level keys can be set: AccountId, OrganizationalUnitId, RootId.
AccountId (string) --
The Amazon Web Services account ID of the target account.
OrganizationalUnitId (string) --
The organizational unit ID of the target organizational unit.
RootId (string) --
The ID of the organization root.
dict
Response Syntax
{
'ConfigurationPolicyId': 'string',
'TargetId': 'string',
'TargetType': 'ACCOUNT'|'ORGANIZATIONAL_UNIT'|'ROOT',
'AssociationType': 'INHERITED'|'APPLIED',
'UpdatedAt': datetime(2015, 1, 1),
'AssociationStatus': 'PENDING'|'SUCCESS'|'FAILED',
'AssociationStatusMessage': 'string'
}
Response Structure
(dict) --
ConfigurationPolicyId (string) --
The UUID of the configuration policy.
TargetId (string) --
The identifier of the target account, organizational unit, or the organization root with which the configuration is associated.
TargetType (string) --
Indicates whether the target is an Amazon Web Services account, organizational unit, or the organization root.
AssociationType (string) --
Indicates whether the association between the specified target and the configuration was directly applied by the Security Hub delegated administrator or inherited from a parent.
UpdatedAt (datetime) --
The date and time, in UTC and ISO 8601 format, that the configuration policy association was last updated.
AssociationStatus (string) --
The current status of the association between the specified target and the configuration.
AssociationStatusMessage (string) --
An explanation for a FAILED value for AssociationStatus .