:doc:`SecurityHub <../../securityhub>` / Client / get_configuration_policy_association

************************************
get_configuration_policy_association
************************************



.. py:method:: SecurityHub.Client.get_configuration_policy_association(**kwargs)

  

  Returns the association between a configuration and a target account, organizational unit, or the root. The configuration can be a configuration policy or self-managed behavior. Only the Security Hub delegated administrator can invoke this operation from the home Region.

  

  See also: `AWS API Documentation <https://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/GetConfigurationPolicyAssociation>`_  


  **Request Syntax**
  ::

    response = client.get_configuration_policy_association(
        Target={
            'AccountId': 'string',
            'OrganizationalUnitId': 'string',
            'RootId': 'string'
        }
    )
    
  :type Target: dict
  :param Target: **[REQUIRED]** 

    The target account ID, organizational unit ID, or the root ID to retrieve the association for.

    .. note::    This is a Tagged Union structure. Only one of the     following top level keys can be set: ``AccountId``, ``OrganizationalUnitId``, ``RootId``. 

  
    - **AccountId** *(string) --* 

      The Amazon Web Services account ID of the target account.

      

    
    - **OrganizationalUnitId** *(string) --* 

      The organizational unit ID of the target organizational unit.

      

    
    - **RootId** *(string) --* 

      The ID of the organization root.

      

    
  
  
  :rtype: dict
  :returns: 
    
    **Response Syntax**

    
    ::

      {
          'ConfigurationPolicyId': 'string',
          'TargetId': 'string',
          'TargetType': 'ACCOUNT'|'ORGANIZATIONAL_UNIT'|'ROOT',
          'AssociationType': 'INHERITED'|'APPLIED',
          'UpdatedAt': datetime(2015, 1, 1),
          'AssociationStatus': 'PENDING'|'SUCCESS'|'FAILED',
          'AssociationStatusMessage': 'string'
      }
      
    **Response Structure**

    

    - *(dict) --* 
      

      - **ConfigurationPolicyId** *(string) --* 

        The universally unique identifier (UUID) of a configuration policy. For self-managed behavior, the value is ``SELF_MANAGED_SECURITY_HUB``.

        
      

      - **TargetId** *(string) --* 

        The target account ID, organizational unit ID, or the root ID for which the association is retrieved.

        
      

      - **TargetType** *(string) --* 

        Specifies whether the target is an Amazon Web Services account, organizational unit, or the organization root.

        
      

      - **AssociationType** *(string) --* 

        Indicates whether the association between the specified target and the configuration was directly applied by the Security Hub delegated administrator or inherited from a parent.

        
      

      - **UpdatedAt** *(datetime) --* 

        The date and time, in UTC and ISO 8601 format, that the configuration policy association was last updated.

        
      

      - **AssociationStatus** *(string) --* 

        The current status of the association between the specified target and the configuration.

        
      

      - **AssociationStatusMessage** *(string) --* 

        The explanation for a ``FAILED`` value for ``AssociationStatus``.

        
  
  **Exceptions**
  
  *   :py:class:`SecurityHub.Client.exceptions.InternalException`

  
  *   :py:class:`SecurityHub.Client.exceptions.InvalidAccessException`

  
  *   :py:class:`SecurityHub.Client.exceptions.InvalidInputException`

  
  *   :py:class:`SecurityHub.Client.exceptions.LimitExceededException`

  
  *   :py:class:`SecurityHub.Client.exceptions.ResourceNotFoundException`

  
  *   :py:class:`SecurityHub.Client.exceptions.AccessDeniedException`

  