:doc:`SecurityHub <../../securityhub>` / Client / update_configuration_policy

***************************
update_configuration_policy
***************************



.. py:method:: SecurityHub.Client.update_configuration_policy(**kwargs)

  

  Updates a configuration policy. Only the Security Hub delegated administrator can invoke this operation from the home Region.

  

  See also: `AWS API Documentation <https://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/UpdateConfigurationPolicy>`_  


  **Request Syntax**
  ::

    response = client.update_configuration_policy(
        Identifier='string',
        Name='string',
        Description='string',
        UpdatedReason='string',
        ConfigurationPolicy={
            'SecurityHub': {
                'ServiceEnabled': True|False,
                'EnabledStandardIdentifiers': [
                    'string',
                ],
                'SecurityControlsConfiguration': {
                    'EnabledSecurityControlIdentifiers': [
                        'string',
                    ],
                    'DisabledSecurityControlIdentifiers': [
                        'string',
                    ],
                    'SecurityControlCustomParameters': [
                        {
                            'SecurityControlId': 'string',
                            'Parameters': {
                                'string': {
                                    'ValueType': 'DEFAULT'|'CUSTOM',
                                    'Value': {
                                        'Integer': 123,
                                        'IntegerList': [
                                            123,
                                        ],
                                        'Double': 123.0,
                                        'String': 'string',
                                        'StringList': [
                                            'string',
                                        ],
                                        'Boolean': True|False,
                                        'Enum': 'string',
                                        'EnumList': [
                                            'string',
                                        ]
                                    }
                                }
                            }
                        },
                    ]
                }
            }
        }
    )
    
  :type Identifier: string
  :param Identifier: **[REQUIRED]** 

    The Amazon Resource Name (ARN) or universally unique identifier (UUID) of the configuration policy.

    

  
  :type Name: string
  :param Name: 

    The name of the configuration policy. Alphanumeric characters and the following ASCII characters are permitted: ``-, ., !, *, /``.

    

  
  :type Description: string
  :param Description: 

    The description of the configuration policy.

    

  
  :type UpdatedReason: string
  :param UpdatedReason: 

    The reason for updating the configuration policy.

    

  
  :type ConfigurationPolicy: dict
  :param ConfigurationPolicy: 

    An object that defines how Security Hub is configured. It includes whether Security Hub is enabled or disabled, a list of enabled security standards, a list of enabled or disabled security controls, and a list of custom parameter values for specified controls. If you provide a list of security controls that are enabled in the configuration policy, Security Hub disables all other controls (including newly released controls). If you provide a list of security controls that are disabled in the configuration policy, Security Hub enables all other controls (including newly released controls).

     

    When updating a configuration policy, provide a complete list of standards that you want to enable and a complete list of controls that you want to enable or disable. The updated configuration replaces the current configuration.

    .. note::    This is a Tagged Union structure. Only one of the     following top level keys can be set: ``SecurityHub``. 

  
    - **SecurityHub** *(dict) --* 

      The Amazon Web Services service that the configuration policy applies to.

      

    
      - **ServiceEnabled** *(boolean) --* 

        Indicates whether Security Hub is enabled in the policy.

        

      
      - **EnabledStandardIdentifiers** *(list) --* 

        A list that defines which security standards are enabled in the configuration policy.

        

      
        - *(string) --* 

        
    
      - **SecurityControlsConfiguration** *(dict) --* 

        An object that defines which security controls are enabled in the configuration policy. The enablement status of a control is aligned across all of the enabled standards in an account.

        

      
        - **EnabledSecurityControlIdentifiers** *(list) --* 

          A list of security controls that are enabled in the configuration policy. Security Hub disables all other controls (including newly released controls) other than the listed controls.

          

        
          - *(string) --* 

          
      
        - **DisabledSecurityControlIdentifiers** *(list) --* 

          A list of security controls that are disabled in the configuration policy. Security Hub enables all other controls (including newly released controls) other than the listed controls.

          

        
          - *(string) --* 

          
      
        - **SecurityControlCustomParameters** *(list) --* 

          A list of security controls and control parameter values that are included in a configuration policy.

          

        
          - *(dict) --* 

            A list of security controls and control parameter values that are included in a configuration policy.

            

          
            - **SecurityControlId** *(string) --* 

              The ID of the security control.

              

            
            - **Parameters** *(dict) --* 

              An object that specifies parameter values for a control in a configuration policy.

              

            
              - *(string) --* 

              
                - *(dict) --* 

                  An object that provides the current value of a security control parameter and identifies whether it has been customized.

                  

                
                  - **ValueType** *(string) --* **[REQUIRED]** 

                    Identifies whether a control parameter uses a custom user-defined value or subscribes to the default Security Hub behavior.

                     

                    When ``ValueType`` is set equal to ``DEFAULT``, the default behavior can be a specific Security Hub default value, or the default behavior can be to ignore a specific parameter. When ``ValueType`` is set equal to ``DEFAULT``, Security Hub ignores user-provided input for the ``Value`` field.

                     

                    When ``ValueType`` is set equal to ``CUSTOM``, the ``Value`` field can't be empty.

                    

                  
                  - **Value** *(dict) --* 

                    The current value of a control parameter.

                    .. note::    This is a Tagged Union structure. Only one of the     following top level keys can be set: ``Integer``, ``IntegerList``, ``Double``, ``String``, ``StringList``, ``Boolean``, ``Enum``, ``EnumList``. 

                  
                    - **Integer** *(integer) --* 

                      A control parameter that is an integer.

                      

                    
                    - **IntegerList** *(list) --* 

                      A control parameter that is a list of integers.

                      

                    
                      - *(integer) --* 

                      
                  
                    - **Double** *(float) --* 

                      A control parameter that is a double.

                      

                    
                    - **String** *(string) --* 

                      A control parameter that is a string.

                      

                    
                    - **StringList** *(list) --* 

                      A control parameter that is a list of strings.

                      

                    
                      - *(string) --* 

                      
                  
                    - **Boolean** *(boolean) --* 

                      A control parameter that is a boolean.

                      

                    
                    - **Enum** *(string) --* 

                      A control parameter that is an enum.

                      

                    
                    - **EnumList** *(list) --* 

                      A control parameter that is a list of enums.

                      

                    
                      - *(string) --* 

                      
                  
                  
                
          
        
          
      
      
    
  
  
  :rtype: dict
  :returns: 
    
    **Response Syntax**

    
    ::

      {
          'Arn': 'string',
          'Id': 'string',
          'Name': 'string',
          'Description': 'string',
          'UpdatedAt': datetime(2015, 1, 1),
          'CreatedAt': datetime(2015, 1, 1),
          'ConfigurationPolicy': {
              'SecurityHub': {
                  'ServiceEnabled': True|False,
                  'EnabledStandardIdentifiers': [
                      'string',
                  ],
                  'SecurityControlsConfiguration': {
                      'EnabledSecurityControlIdentifiers': [
                          'string',
                      ],
                      'DisabledSecurityControlIdentifiers': [
                          'string',
                      ],
                      'SecurityControlCustomParameters': [
                          {
                              'SecurityControlId': 'string',
                              'Parameters': {
                                  'string': {
                                      'ValueType': 'DEFAULT'|'CUSTOM',
                                      'Value': {
                                          'Integer': 123,
                                          'IntegerList': [
                                              123,
                                          ],
                                          'Double': 123.0,
                                          'String': 'string',
                                          'StringList': [
                                              'string',
                                          ],
                                          'Boolean': True|False,
                                          'Enum': 'string',
                                          'EnumList': [
                                              'string',
                                          ]
                                      }
                                  }
                              }
                          },
                      ]
                  }
              }
          }
      }
      
    **Response Structure**

    

    - *(dict) --* 
      

      - **Arn** *(string) --* 

        The ARN of the configuration policy.

        
      

      - **Id** *(string) --* 

        The UUID of the configuration policy.

        
      

      - **Name** *(string) --* 

        The name of the configuration policy.

        
      

      - **Description** *(string) --* 

        The description of the configuration policy.

        
      

      - **UpdatedAt** *(datetime) --* 

        The date and time, in UTC and ISO 8601 format, that the configuration policy was last updated.

        
      

      - **CreatedAt** *(datetime) --* 

        The date and time, in UTC and ISO 8601 format, that the configuration policy was created.

        
      

      - **ConfigurationPolicy** *(dict) --* 

        An object that defines how Security Hub is configured. It includes whether Security Hub is enabled or disabled, a list of enabled security standards, a list of enabled or disabled security controls, and a list of custom parameter values for specified controls. If the request included a list of security controls that are enabled in the configuration policy, Security Hub disables all other controls (including newly released controls). If the request included a list of security controls that are disabled in the configuration policy, Security Hub enables all other controls (including newly released controls).

        .. note::    This is a Tagged Union structure. Only one of the     following top level keys will be set: ``SecurityHub``.     If a client receives an unknown member it will     set ``SDK_UNKNOWN_MEMBER`` as the top level key,     which maps to the name or tag of the unknown     member. The structure of ``SDK_UNKNOWN_MEMBER`` is     as follows::

                'SDK_UNKNOWN_MEMBER': {'name': 'UnknownMemberName'}


      
        

        - **SecurityHub** *(dict) --* 

          The Amazon Web Services service that the configuration policy applies to.

          
          

          - **ServiceEnabled** *(boolean) --* 

            Indicates whether Security Hub is enabled in the policy.

            
          

          - **EnabledStandardIdentifiers** *(list) --* 

            A list that defines which security standards are enabled in the configuration policy.

            
            

            - *(string) --* 
        
          

          - **SecurityControlsConfiguration** *(dict) --* 

            An object that defines which security controls are enabled in the configuration policy. The enablement status of a control is aligned across all of the enabled standards in an account.

            
            

            - **EnabledSecurityControlIdentifiers** *(list) --* 

              A list of security controls that are enabled in the configuration policy. Security Hub disables all other controls (including newly released controls) other than the listed controls.

              
              

              - *(string) --* 
          
            

            - **DisabledSecurityControlIdentifiers** *(list) --* 

              A list of security controls that are disabled in the configuration policy. Security Hub enables all other controls (including newly released controls) other than the listed controls.

              
              

              - *(string) --* 
          
            

            - **SecurityControlCustomParameters** *(list) --* 

              A list of security controls and control parameter values that are included in a configuration policy.

              
              

              - *(dict) --* 

                A list of security controls and control parameter values that are included in a configuration policy.

                
                

                - **SecurityControlId** *(string) --* 

                  The ID of the security control.

                  
                

                - **Parameters** *(dict) --* 

                  An object that specifies parameter values for a control in a configuration policy.

                  
                  

                  - *(string) --* 
                    

                    - *(dict) --* 

                      An object that provides the current value of a security control parameter and identifies whether it has been customized.

                      
                      

                      - **ValueType** *(string) --* 

                        Identifies whether a control parameter uses a custom user-defined value or subscribes to the default Security Hub behavior.

                         

                        When ``ValueType`` is set equal to ``DEFAULT``, the default behavior can be a specific Security Hub default value, or the default behavior can be to ignore a specific parameter. When ``ValueType`` is set equal to ``DEFAULT``, Security Hub ignores user-provided input for the ``Value`` field.

                         

                        When ``ValueType`` is set equal to ``CUSTOM``, the ``Value`` field can't be empty.

                        
                      

                      - **Value** *(dict) --* 

                        The current value of a control parameter.

                        .. note::    This is a Tagged Union structure. Only one of the     following top level keys will be set: ``Integer``, ``IntegerList``, ``Double``, ``String``, ``StringList``, ``Boolean``, ``Enum``, ``EnumList``.     If a client receives an unknown member it will     set ``SDK_UNKNOWN_MEMBER`` as the top level key,     which maps to the name or tag of the unknown     member. The structure of ``SDK_UNKNOWN_MEMBER`` is     as follows::

                                                'SDK_UNKNOWN_MEMBER': {'name': 'UnknownMemberName'}


                      
                        

                        - **Integer** *(integer) --* 

                          A control parameter that is an integer.

                          
                        

                        - **IntegerList** *(list) --* 

                          A control parameter that is a list of integers.

                          
                          

                          - *(integer) --* 
                      
                        

                        - **Double** *(float) --* 

                          A control parameter that is a double.

                          
                        

                        - **String** *(string) --* 

                          A control parameter that is a string.

                          
                        

                        - **StringList** *(list) --* 

                          A control parameter that is a list of strings.

                          
                          

                          - *(string) --* 
                      
                        

                        - **Boolean** *(boolean) --* 

                          A control parameter that is a boolean.

                          
                        

                        - **Enum** *(string) --* 

                          A control parameter that is an enum.

                          
                        

                        - **EnumList** *(list) --* 

                          A control parameter that is a list of enums.

                          
                          

                          - *(string) --* 
                      
                    
                  
              
            
            
          
        
      
    
  
  **Exceptions**
  
  *   :py:class:`SecurityHub.Client.exceptions.InternalException`

  
  *   :py:class:`SecurityHub.Client.exceptions.InvalidAccessException`

  
  *   :py:class:`SecurityHub.Client.exceptions.InvalidInputException`

  
  *   :py:class:`SecurityHub.Client.exceptions.LimitExceededException`

  
  *   :py:class:`SecurityHub.Client.exceptions.ResourceNotFoundException`

  
  *   :py:class:`SecurityHub.Client.exceptions.AccessDeniedException`

  
  *   :py:class:`SecurityHub.Client.exceptions.ResourceConflictException`

  