:doc:`SecurityHub <../../securityhub>` / Client / list_configuration_policy_associations

**************************************
list_configuration_policy_associations
**************************************



.. py:method:: SecurityHub.Client.list_configuration_policy_associations(**kwargs)

  

  Provides information about the associations for your configuration policies and self-managed behavior. Only the Security Hub delegated administrator can invoke this operation from the home Region.

  

  See also: `AWS API Documentation <https://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/ListConfigurationPolicyAssociations>`_  


  **Request Syntax**
  ::

    response = client.list_configuration_policy_associations(
        NextToken='string',
        MaxResults=123,
        Filters={
            'ConfigurationPolicyId': 'string',
            'AssociationType': 'INHERITED'|'APPLIED',
            'AssociationStatus': 'PENDING'|'SUCCESS'|'FAILED'
        }
    )
    
  :type NextToken: string
  :param NextToken: 

    The ``NextToken`` value that's returned from a previous paginated ``ListConfigurationPolicyAssociations`` request where ``MaxResults`` was used but the results exceeded the value of that parameter. Pagination continues from the end of the previous response that returned the ``NextToken`` value. This value is ``null`` when there are no more results to return.

    

  
  :type MaxResults: integer
  :param MaxResults: 

    The maximum number of results that's returned by ``ListConfigurationPolicies`` in each page of the response. When this parameter is used, ``ListConfigurationPolicyAssociations`` returns the specified number of results in a single page and a ``NextToken`` response element. You can see the remaining results of the initial request by sending another ``ListConfigurationPolicyAssociations`` request with the returned ``NextToken`` value. A valid range for ``MaxResults`` is between 1 and 100.

    

  
  :type Filters: dict
  :param Filters: 

    Options for filtering the ``ListConfigurationPolicyAssociations`` response. You can filter by the Amazon Resource Name (ARN) or universally unique identifier (UUID) of a configuration, ``AssociationType``, or ``AssociationStatus``.

    

  
    - **ConfigurationPolicyId** *(string) --* 

      The ARN or UUID of the configuration policy.

      

    
    - **AssociationType** *(string) --* 

      Indicates whether the association between a target and a configuration was directly applied by the Security Hub delegated administrator or inherited from a parent.

      

    
    - **AssociationStatus** *(string) --* 

      The current status of the association between a target and a configuration policy.

      

    
  
  
  :rtype: dict
  :returns: 
    
    **Response Syntax**

    
    ::

      {
          'ConfigurationPolicyAssociationSummaries': [
              {
                  'ConfigurationPolicyId': 'string',
                  'TargetId': 'string',
                  'TargetType': 'ACCOUNT'|'ORGANIZATIONAL_UNIT'|'ROOT',
                  'AssociationType': 'INHERITED'|'APPLIED',
                  'UpdatedAt': datetime(2015, 1, 1),
                  'AssociationStatus': 'PENDING'|'SUCCESS'|'FAILED',
                  'AssociationStatusMessage': 'string'
              },
          ],
          'NextToken': 'string'
      }
      
    **Response Structure**

    

    - *(dict) --* 
      

      - **ConfigurationPolicyAssociationSummaries** *(list) --* 

        An object that contains the details of each configuration policy association that’s returned in a ``ListConfigurationPolicyAssociations`` request.

        
        

        - *(dict) --* 

          An object that contains the details of a configuration policy association that’s returned in a ``ListConfigurationPolicyAssociations`` request.

          
          

          - **ConfigurationPolicyId** *(string) --* 

            The universally unique identifier (UUID) of the configuration policy.

            
          

          - **TargetId** *(string) --* 

            The identifier of the target account, organizational unit, or the root.

            
          

          - **TargetType** *(string) --* 

            Specifies whether the target is an Amazon Web Services account, organizational unit, or the root.

            
          

          - **AssociationType** *(string) --* 

            Indicates whether the association between the specified target and the configuration was directly applied by the Security Hub delegated administrator or inherited from a parent.

            
          

          - **UpdatedAt** *(datetime) --* 

            The date and time, in UTC and ISO 8601 format, that the configuration policy association was last updated.

            
          

          - **AssociationStatus** *(string) --* 

            The current status of the association between the specified target and the configuration.

            
          

          - **AssociationStatusMessage** *(string) --* 

            The explanation for a ``FAILED`` value for ``AssociationStatus``.

            
      
    
      

      - **NextToken** *(string) --* 

        The ``NextToken`` value to include in the next ``ListConfigurationPolicyAssociations`` request. When the results of a ``ListConfigurationPolicyAssociations`` request exceed ``MaxResults``, this value can be used to retrieve the next page of results. This value is ``null`` when there are no more results to return.

        
  
  **Exceptions**
  
  *   :py:class:`SecurityHub.Client.exceptions.InternalException`

  
  *   :py:class:`SecurityHub.Client.exceptions.InvalidAccessException`

  
  *   :py:class:`SecurityHub.Client.exceptions.InvalidInputException`

  
  *   :py:class:`SecurityHub.Client.exceptions.LimitExceededException`

  
  *   :py:class:`SecurityHub.Client.exceptions.AccessDeniedException`

  