:doc:`SecurityHub <../../securityhub>` / Client / batch_get_configuration_policy_associations

*******************************************
batch_get_configuration_policy_associations
*******************************************



.. py:method:: SecurityHub.Client.batch_get_configuration_policy_associations(**kwargs)

  

  Returns associations between an Security Hub configuration and a batch of target accounts, organizational units, or the root. Only the Security Hub delegated administrator can invoke this operation from the home Region. A configuration can refer to a configuration policy or to a self-managed configuration.

  

  See also: `AWS API Documentation <https://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/BatchGetConfigurationPolicyAssociations>`_  


  **Request Syntax**
  ::

    response = client.batch_get_configuration_policy_associations(
        ConfigurationPolicyAssociationIdentifiers=[
            {
                'Target': {
                    'AccountId': 'string',
                    'OrganizationalUnitId': 'string',
                    'RootId': 'string'
                }
            },
        ]
    )
    
  :type ConfigurationPolicyAssociationIdentifiers: list
  :param ConfigurationPolicyAssociationIdentifiers: **[REQUIRED]** 

    Specifies one or more target account IDs, organizational unit (OU) IDs, or the root ID to retrieve associations for.

    

  
    - *(dict) --* 

      Provides details about the association between an Security Hub configuration and a target account, organizational unit, or the root. An association can exist between a target and a configuration policy, or between a target and self-managed behavior.

      

    
      - **Target** *(dict) --* 

        The target account, organizational unit, or the root.

        .. note::    This is a Tagged Union structure. Only one of the     following top level keys can be set: ``AccountId``, ``OrganizationalUnitId``, ``RootId``. 

      
        - **AccountId** *(string) --* 

          The Amazon Web Services account ID of the target account.

          

        
        - **OrganizationalUnitId** *(string) --* 

          The organizational unit ID of the target organizational unit.

          

        
        - **RootId** *(string) --* 

          The ID of the organization root.

          

        
      
    

  
  :rtype: dict
  :returns: 
    
    **Response Syntax**

    
    ::

      {
          'ConfigurationPolicyAssociations': [
              {
                  'ConfigurationPolicyId': 'string',
                  'TargetId': 'string',
                  'TargetType': 'ACCOUNT'|'ORGANIZATIONAL_UNIT'|'ROOT',
                  'AssociationType': 'INHERITED'|'APPLIED',
                  'UpdatedAt': datetime(2015, 1, 1),
                  'AssociationStatus': 'PENDING'|'SUCCESS'|'FAILED',
                  'AssociationStatusMessage': 'string'
              },
          ],
          'UnprocessedConfigurationPolicyAssociations': [
              {
                  'ConfigurationPolicyAssociationIdentifiers': {
                      'Target': {
                          'AccountId': 'string',
                          'OrganizationalUnitId': 'string',
                          'RootId': 'string'
                      }
                  },
                  'ErrorCode': 'string',
                  'ErrorReason': 'string'
              },
          ]
      }
      
    **Response Structure**

    

    - *(dict) --* 
      

      - **ConfigurationPolicyAssociations** *(list) --* 

        Describes associations for the target accounts, OUs, or the root.

        
        

        - *(dict) --* 

          An object that contains the details of a configuration policy association that’s returned in a ``ListConfigurationPolicyAssociations`` request.

          
          

          - **ConfigurationPolicyId** *(string) --* 

            The universally unique identifier (UUID) of the configuration policy.

            
          

          - **TargetId** *(string) --* 

            The identifier of the target account, organizational unit, or the root.

            
          

          - **TargetType** *(string) --* 

            Specifies whether the target is an Amazon Web Services account, organizational unit, or the root.

            
          

          - **AssociationType** *(string) --* 

            Indicates whether the association between the specified target and the configuration was directly applied by the Security Hub delegated administrator or inherited from a parent.

            
          

          - **UpdatedAt** *(datetime) --* 

            The date and time, in UTC and ISO 8601 format, that the configuration policy association was last updated.

            
          

          - **AssociationStatus** *(string) --* 

            The current status of the association between the specified target and the configuration.

            
          

          - **AssociationStatusMessage** *(string) --* 

            The explanation for a ``FAILED`` value for ``AssociationStatus``.

            
      
    
      

      - **UnprocessedConfigurationPolicyAssociations** *(list) --* 

        An array of configuration policy associations, one for each configuration policy association identifier, that was specified in the request but couldn’t be processed due to an error.

        
        

        - *(dict) --* 

          An array of configuration policy associations, one for each configuration policy association identifier, that was specified in a ``BatchGetConfigurationPolicyAssociations`` request but couldn’t be processed due to an error.

          
          

          - **ConfigurationPolicyAssociationIdentifiers** *(dict) --* 

            Configuration policy association identifiers that were specified in a ``BatchGetConfigurationPolicyAssociations`` request but couldn’t be processed due to an error.

            
            

            - **Target** *(dict) --* 

              The target account, organizational unit, or the root.

              .. note::    This is a Tagged Union structure. Only one of the     following top level keys will be set: ``AccountId``, ``OrganizationalUnitId``, ``RootId``.     If a client receives an unknown member it will     set ``SDK_UNKNOWN_MEMBER`` as the top level key,     which maps to the name or tag of the unknown     member. The structure of ``SDK_UNKNOWN_MEMBER`` is     as follows::

                            'SDK_UNKNOWN_MEMBER': {'name': 'UnknownMemberName'}


            
              

              - **AccountId** *(string) --* 

                The Amazon Web Services account ID of the target account.

                
              

              - **OrganizationalUnitId** *(string) --* 

                The organizational unit ID of the target organizational unit.

                
              

              - **RootId** *(string) --* 

                The ID of the organization root.

                
          
        
          

          - **ErrorCode** *(string) --* 

            An HTTP status code that identifies why the configuration policy association failed.

            
          

          - **ErrorReason** *(string) --* 

            A string that identifies why the configuration policy association failed.

            
      
    
  
  **Exceptions**
  
  *   :py:class:`SecurityHub.Client.exceptions.InternalException`

  
  *   :py:class:`SecurityHub.Client.exceptions.InvalidAccessException`

  
  *   :py:class:`SecurityHub.Client.exceptions.InvalidInputException`

  
  *   :py:class:`SecurityHub.Client.exceptions.LimitExceededException`

  
  *   :py:class:`SecurityHub.Client.exceptions.ResourceNotFoundException`

  
  *   :py:class:`SecurityHub.Client.exceptions.AccessDeniedException`

  