:doc:`CloudWatchObservabilityAdminService <../../observabilityadmin>` / Client / get_centralization_rule_for_organization

****************************************
get_centralization_rule_for_organization
****************************************



.. py:method:: CloudWatchObservabilityAdminService.Client.get_centralization_rule_for_organization(**kwargs)

  

  Retrieves the details of a specific organization centralization rule. This operation can only be called by the organization's management account or a delegated administrator account.

  

  See also: `AWS API Documentation <https://docs.aws.amazon.com/goto/WebAPI/observabilityadmin-2018-05-10/GetCentralizationRuleForOrganization>`_  


  **Request Syntax**
  ::

    response = client.get_centralization_rule_for_organization(
        RuleIdentifier='string'
    )
    
  :type RuleIdentifier: string
  :param RuleIdentifier: **[REQUIRED]** 

    The identifier (name or ARN) of the organization centralization rule to retrieve.

    

  
  
  :rtype: dict
  :returns: 
    
    **Response Syntax**

    
    ::

      {
          'RuleName': 'string',
          'RuleArn': 'string',
          'CreatorAccountId': 'string',
          'CreatedTimeStamp': 123,
          'CreatedRegion': 'string',
          'LastUpdateTimeStamp': 123,
          'RuleHealth': 'Healthy'|'Unhealthy'|'Provisioning',
          'FailureReason': 'TRUSTED_ACCESS_NOT_ENABLED'|'DESTINATION_ACCOUNT_NOT_IN_ORGANIZATION'|'INTERNAL_SERVER_ERROR',
          'CentralizationRule': {
              'Source': {
                  'Regions': [
                      'string',
                  ],
                  'Scope': 'string',
                  'SourceLogsConfiguration': {
                      'LogGroupSelectionCriteria': 'string',
                      'EncryptedLogGroupStrategy': 'ALLOW'|'SKIP'
                  }
              },
              'Destination': {
                  'Region': 'string',
                  'Account': 'string',
                  'DestinationLogsConfiguration': {
                      'LogsEncryptionConfiguration': {
                          'EncryptionStrategy': 'CUSTOMER_MANAGED'|'AWS_OWNED',
                          'KmsKeyArn': 'string',
                          'EncryptionConflictResolutionStrategy': 'ALLOW'|'SKIP'
                      },
                      'BackupConfiguration': {
                          'Region': 'string',
                          'KmsKeyArn': 'string'
                      }
                  }
              }
          }
      }
      
    **Response Structure**

    

    - *(dict) --* 
      

      - **RuleName** *(string) --* 

        The name of the organization centralization rule.

        
      

      - **RuleArn** *(string) --* 

        The Amazon Resource Name (ARN) of the organization centralization rule.

        
      

      - **CreatorAccountId** *(string) --* 

        The Amazon Web Services Account that created the organization centralization rule.

        
      

      - **CreatedTimeStamp** *(integer) --* 

        The timestamp when the organization centralization rule was created.

        
      

      - **CreatedRegion** *(string) --* 

        The Amazon Web Services region where the organization centralization rule was created.

        
      

      - **LastUpdateTimeStamp** *(integer) --* 

        The timestamp when the organization centralization rule was last updated.

        
      

      - **RuleHealth** *(string) --* 

        The health status of the organization centralization rule.

        
      

      - **FailureReason** *(string) --* 

        The reason why an organization centralization rule is marked UNHEALTHY.

        
      

      - **CentralizationRule** *(dict) --* 

        The configuration details for the organization centralization rule.

        
        

        - **Source** *(dict) --* 

          Configuration determining the source of the telemetry data to be centralized.

          
          

          - **Regions** *(list) --* 

            The list of source regions from which telemetry data should be centralized.

            
            

            - *(string) --* 
        
          

          - **Scope** *(string) --* 

            The organizational scope from which telemetry data should be centralized, specified using organization id, accounts or organizational unit ids.

            
          

          - **SourceLogsConfiguration** *(dict) --* 

            Log specific configuration for centralization source log groups.

            
            

            - **LogGroupSelectionCriteria** *(string) --* 

              The selection criteria that specifies which source log groups to centralize. The selection criteria uses the same format as OAM link filters.

              
            

            - **EncryptedLogGroupStrategy** *(string) --* 

              A strategy determining whether to centralize source log groups that are encrypted with customer managed KMS keys (CMK). ALLOW will consider CMK encrypted source log groups for centralization while SKIP will skip CMK encrypted source log groups from centralization.

              
        
      
        

        - **Destination** *(dict) --* 

          Configuration determining where the telemetry data should be centralized, backed up, as well as encryption configuration for the primary and backup destinations.

          
          

          - **Region** *(string) --* 

            The primary destination region to which telemetry data should be centralized.

            
          

          - **Account** *(string) --* 

            The destination account (within the organization) to which the telemetry data should be centralized.

            
          

          - **DestinationLogsConfiguration** *(dict) --* 

            Log specific configuration for centralization destination log groups.

            
            

            - **LogsEncryptionConfiguration** *(dict) --* 

              The encryption configuration for centralization destination log groups.

              
              

              - **EncryptionStrategy** *(string) --* 

                Configuration that determines the encryption strategy of the destination log groups. CUSTOMER_MANAGED uses the configured KmsKeyArn to encrypt newly created destination log groups.

                
              

              - **KmsKeyArn** *(string) --* 

                KMS Key ARN belonging to the primary destination account and region, to encrypt newly created central log groups in the primary destination.

                
              

              - **EncryptionConflictResolutionStrategy** *(string) --* 

                Conflict resolution strategy for centralization if the encryption strategy is set to CUSTOMER_MANAGED and the destination log group is encrypted with an AWS_OWNED KMS Key. ALLOW lets centralization go through while SKIP prevents centralization into the destination log group.

                
          
            

            - **BackupConfiguration** *(dict) --* 

              Configuration defining the backup region and an optional KMS key for the backup destination.

              
              

              - **Region** *(string) --* 

                Logs specific backup destination region within the primary destination account to which log data should be centralized.

                
              

              - **KmsKeyArn** *(string) --* 

                KMS Key ARN belonging to the primary destination account and backup region, to encrypt newly created central log groups in the backup destination.

                
          
        
      
    
  
  **Exceptions**
  
  *   :py:class:`CloudWatchObservabilityAdminService.Client.exceptions.ResourceNotFoundException`

  
  *   :py:class:`CloudWatchObservabilityAdminService.Client.exceptions.AccessDeniedException`

  
  *   :py:class:`CloudWatchObservabilityAdminService.Client.exceptions.InternalServerException`

  
  *   :py:class:`CloudWatchObservabilityAdminService.Client.exceptions.ValidationException`

  
  *   :py:class:`CloudWatchObservabilityAdminService.Client.exceptions.TooManyRequestsException`

  