:doc:`SecurityHub <../../securityhub>` / Client / start_configuration_policy_association

**************************************
start_configuration_policy_association
**************************************



.. py:method:: SecurityHub.Client.start_configuration_policy_association(**kwargs)

  

  Associates a target account, organizational unit, or the root with a specified configuration. The target can be associated with a configuration policy or self-managed behavior. Only the Security Hub delegated administrator can invoke this operation from the home Region.

  

  See also: `AWS API Documentation <https://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/StartConfigurationPolicyAssociation>`_  


  **Request Syntax**
  ::

    response = client.start_configuration_policy_association(
        ConfigurationPolicyIdentifier='string',
        Target={
            'AccountId': 'string',
            'OrganizationalUnitId': 'string',
            'RootId': 'string'
        }
    )
    
  :type ConfigurationPolicyIdentifier: string
  :param ConfigurationPolicyIdentifier: **[REQUIRED]** 

    The Amazon Resource Name (ARN) of a configuration policy, the universally unique identifier (UUID) of a configuration policy, or a value of ``SELF_MANAGED_SECURITY_HUB`` for a self-managed configuration.

    

  
  :type Target: dict
  :param Target: **[REQUIRED]** 

    The identifier of the target account, organizational unit, or the root to associate with the specified configuration.

    .. note::    This is a Tagged Union structure. Only one of the     following top level keys can be set: ``AccountId``, ``OrganizationalUnitId``, ``RootId``. 

  
    - **AccountId** *(string) --* 

      The Amazon Web Services account ID of the target account.

      

    
    - **OrganizationalUnitId** *(string) --* 

      The organizational unit ID of the target organizational unit.

      

    
    - **RootId** *(string) --* 

      The ID of the organization root.

      

    
  
  
  :rtype: dict
  :returns: 
    
    **Response Syntax**

    
    ::

      {
          'ConfigurationPolicyId': 'string',
          'TargetId': 'string',
          'TargetType': 'ACCOUNT'|'ORGANIZATIONAL_UNIT'|'ROOT',
          'AssociationType': 'INHERITED'|'APPLIED',
          'UpdatedAt': datetime(2015, 1, 1),
          'AssociationStatus': 'PENDING'|'SUCCESS'|'FAILED',
          'AssociationStatusMessage': 'string'
      }
      
    **Response Structure**

    

    - *(dict) --* 
      

      - **ConfigurationPolicyId** *(string) --* 

        The UUID of the configuration policy.

        
      

      - **TargetId** *(string) --* 

        The identifier of the target account, organizational unit, or the organization root with which the configuration is associated.

        
      

      - **TargetType** *(string) --* 

        Indicates whether the target is an Amazon Web Services account, organizational unit, or the organization root.

        
      

      - **AssociationType** *(string) --* 

        Indicates whether the association between the specified target and the configuration was directly applied by the Security Hub delegated administrator or inherited from a parent.

        
      

      - **UpdatedAt** *(datetime) --* 

        The date and time, in UTC and ISO 8601 format, that the configuration policy association was last updated.

        
      

      - **AssociationStatus** *(string) --* 

        The current status of the association between the specified target and the configuration.

        
      

      - **AssociationStatusMessage** *(string) --* 

        An explanation for a ``FAILED`` value for ``AssociationStatus``.

        
  
  **Exceptions**
  
  *   :py:class:`SecurityHub.Client.exceptions.InternalException`

  
  *   :py:class:`SecurityHub.Client.exceptions.InvalidAccessException`

  
  *   :py:class:`SecurityHub.Client.exceptions.InvalidInputException`

  
  *   :py:class:`SecurityHub.Client.exceptions.LimitExceededException`

  
  *   :py:class:`SecurityHub.Client.exceptions.ResourceNotFoundException`

  
  *   :py:class:`SecurityHub.Client.exceptions.AccessDeniedException`

  