SecurityHub / Client / start_configuration_policy_disassociation

start_configuration_policy_disassociation#

SecurityHub.Client.start_configuration_policy_disassociation(**kwargs)#

Disassociates a target account, organizational unit, or the root from a specified configuration. When you disassociate a configuration from its target, the target inherits the configuration of the closest parent. If there’s no configuration to inherit, the target retains its settings but becomes a self-managed account. A target can be disassociated from a configuration policy or self-managed behavior. Only the Security Hub delegated administrator can invoke this operation from the home Region.

See also: AWS API Documentation

Request Syntax

response = client.start_configuration_policy_disassociation(
    Target={
        'AccountId': 'string',
        'OrganizationalUnitId': 'string',
        'RootId': 'string'
    },
    ConfigurationPolicyIdentifier='string'
)
Parameters:
  • Target (dict) –

    The identifier of the target account, organizational unit, or the root to disassociate from the specified configuration.

    Note

    This is a Tagged Union structure. Only one of the following top level keys can be set: AccountId, OrganizationalUnitId, RootId.

    • AccountId (string) –

      The Amazon Web Services account ID of the target account.

    • OrganizationalUnitId (string) –

      The organizational unit ID of the target organizational unit.

    • RootId (string) –

      The ID of the organization root.

  • ConfigurationPolicyIdentifier (string) –

    [REQUIRED]

    The Amazon Resource Name (ARN) of a configuration policy, the universally unique identifier (UUID) of a configuration policy, or a value of SELF_MANAGED_SECURITY_HUB for a self-managed configuration.

Return type:

dict

Returns:

Response Syntax

{}

Response Structure

  • (dict) –

Exceptions