AWS SecurityHub

2020/11/23 - AWS SecurityHub - 5 new api methods

Changes  Updated the account management API to support the integration with AWS Organizations. Added new methods to allow users to view and manage the delegated administrator account for Security Hub.

EnableOrganizationAdminAccount (new) Link ¶

Designates the Security Hub administrator account for an organization. Can only be called by the organization management account.

See also: AWS API Documentation

Request Syntax

client.enable_organization_admin_account(
    AdminAccountId='string'
)
type AdminAccountId

string

param AdminAccountId

[REQUIRED]

The AWS account identifier of the account to designate as the Security Hub administrator account.

rtype

dict

returns

Response Syntax

{}

Response Structure

  • (dict) --

ListOrganizationAdminAccounts (new) Link ¶

Lists the Security Hub administrator accounts. Can only be called by the organization management account.

See also: AWS API Documentation

Request Syntax

client.list_organization_admin_accounts(
    MaxResults=123,
    NextToken='string'
)
type MaxResults

integer

param MaxResults

The maximum number of items to return in the response.

type NextToken

string

param NextToken

The token that is required for pagination. On your first call to the ListOrganizationAdminAccounts operation, set the value of this parameter to NULL . For subsequent calls to the operation, to continue listing data, set the value of this parameter to the value returned from the previous response.

rtype

dict

returns

Response Syntax

{
    'AdminAccounts': [
        {
            'AccountId': 'string',
            'Status': 'ENABLED'|'DISABLE_IN_PROGRESS'
        },
    ],
    'NextToken': 'string'
}

Response Structure

  • (dict) --

    • AdminAccounts (list) --

      The list of Security Hub administrator accounts.

      • (dict) --

        Represents a Security Hub administrator account designated by an organization management account.

        • AccountId (string) --

          The AWS account identifier of the Security Hub administrator account.

        • Status (string) --

          The current status of the Security Hub administrator account. Indicates whether the account is currently enabled as a Security Hub administrator.

    • NextToken (string) --

      The pagination token to use to request the next page of results.

DisableOrganizationAdminAccount (new) Link ¶

Disables a Security Hub administrator account. Can only be called by the organization management account.

See also: AWS API Documentation

Request Syntax

client.disable_organization_admin_account(
    AdminAccountId='string'
)
type AdminAccountId

string

param AdminAccountId

[REQUIRED]

The AWS account identifier of the Security Hub administrator account.

rtype

dict

returns

Response Syntax

{}

Response Structure

  • (dict) --

UpdateOrganizationConfiguration (new) Link ¶

Used to update the configuration related to Organizations. Can only be called from a Security Hub administrator account.

See also: AWS API Documentation

Request Syntax

client.update_organization_configuration(
    AutoEnable=True|False
)
type AutoEnable

boolean

param AutoEnable

[REQUIRED]

Whether to automatically enable Security Hub for new accounts in the organization.

By default, this is false , and new accounts are not added automatically.

To automatically enable Security Hub for new accounts, set this to true .

rtype

dict

returns

Response Syntax

{}

Response Structure

  • (dict) --

DescribeOrganizationConfiguration (new) Link ¶

Returns information about the Organizations configuration for Security Hub. Can only be called from a Security Hub administrator account.

See also: AWS API Documentation

Request Syntax

client.describe_organization_configuration()
rtype

dict

returns

Response Syntax

{
    'AutoEnable': True|False,
    'MemberAccountLimitReached': True|False
}

Response Structure

  • (dict) --

    • AutoEnable (boolean) --

      Whether to automatically enable Security Hub for new accounts in the organization.

      If set to true , then Security Hub is enabled for new accounts. If set to false, then new accounts are not added automatically.

    • MemberAccountLimitReached (boolean) --

      Whether the maximum number of allowed member accounts are already associated with the Security Hub administrator account.