2020/11/23 - AWS SecurityHub - 5 new api methods
Changes Updated the account management API to support the integration with AWS Organizations. Added new methods to allow users to view and manage the delegated administrator account for Security Hub.
Designates the Security Hub administrator account for an organization. Can only be called by the organization management account.
See also: AWS API Documentation
Request Syntax
client.enable_organization_admin_account( AdminAccountId='string' )
string
[REQUIRED]
The AWS account identifier of the account to designate as the Security Hub administrator account.
dict
Response Syntax
{}
Response Structure
(dict) --
Lists the Security Hub administrator accounts. Can only be called by the organization management account.
See also: AWS API Documentation
Request Syntax
client.list_organization_admin_accounts( MaxResults=123, NextToken='string' )
integer
The maximum number of items to return in the response.
string
The token that is required for pagination. On your first call to the ListOrganizationAdminAccounts operation, set the value of this parameter to NULL . For subsequent calls to the operation, to continue listing data, set the value of this parameter to the value returned from the previous response.
dict
Response Syntax
{ 'AdminAccounts': [ { 'AccountId': 'string', 'Status': 'ENABLED'|'DISABLE_IN_PROGRESS' }, ], 'NextToken': 'string' }
Response Structure
(dict) --
AdminAccounts (list) --
The list of Security Hub administrator accounts.
(dict) --
Represents a Security Hub administrator account designated by an organization management account.
AccountId (string) --
The AWS account identifier of the Security Hub administrator account.
Status (string) --
The current status of the Security Hub administrator account. Indicates whether the account is currently enabled as a Security Hub administrator.
NextToken (string) --
The pagination token to use to request the next page of results.
Disables a Security Hub administrator account. Can only be called by the organization management account.
See also: AWS API Documentation
Request Syntax
client.disable_organization_admin_account( AdminAccountId='string' )
string
[REQUIRED]
The AWS account identifier of the Security Hub administrator account.
dict
Response Syntax
{}
Response Structure
(dict) --
Used to update the configuration related to Organizations. Can only be called from a Security Hub administrator account.
See also: AWS API Documentation
Request Syntax
client.update_organization_configuration( AutoEnable=True|False )
boolean
[REQUIRED]
Whether to automatically enable Security Hub for new accounts in the organization.
By default, this is false , and new accounts are not added automatically.
To automatically enable Security Hub for new accounts, set this to true .
dict
Response Syntax
{}
Response Structure
(dict) --
Returns information about the Organizations configuration for Security Hub. Can only be called from a Security Hub administrator account.
See also: AWS API Documentation
Request Syntax
client.describe_organization_configuration()
dict
Response Syntax
{ 'AutoEnable': True|False, 'MemberAccountLimitReached': True|False }
Response Structure
(dict) --
AutoEnable (boolean) --
Whether to automatically enable Security Hub for new accounts in the organization.
If set to true , then Security Hub is enabled for new accounts. If set to false, then new accounts are not added automatically.
MemberAccountLimitReached (boolean) --
Whether the maximum number of allowed member accounts are already associated with the Security Hub administrator account.