- Navigation GuideYou are on a Command (operation) page with structural examples. Use the navigation breadcrumb if you would like to return to the Client landing page.
StartConfigurationPolicyDisassociationCommand
Disassociates a target account, organizational unit, or the root from a specified configuration. When you disassociate a configuration from its target, the target inherits the configuration of the closest parent. If there’s no configuration to inherit, the target retains its settings but becomes a self-managed account. A target can be disassociated from a configuration policy or self-managed behavior. Only the Security Hub delegated administrator can invoke this operation from the home Region.
Example Syntax
Use a bare-bones client and the command you need to make an API call.
import { SecurityHubClient, StartConfigurationPolicyDisassociationCommand } from "@aws-sdk/client-securityhub"; // ES Modules import
// const { SecurityHubClient, StartConfigurationPolicyDisassociationCommand } = require("@aws-sdk/client-securityhub"); // CommonJS import
const client = new SecurityHubClient(config);
const input = { // StartConfigurationPolicyDisassociationRequest
Target: { // Target Union: only one key present
AccountId: "STRING_VALUE",
OrganizationalUnitId: "STRING_VALUE",
RootId: "STRING_VALUE",
},
ConfigurationPolicyIdentifier: "STRING_VALUE", // required
};
const command = new StartConfigurationPolicyDisassociationCommand(input);
const response = await client.send(command);
// {};
Example Usage
StartConfigurationPolicyDisassociationCommand Input
Parameter | Type | Description |
|---|
Parameter | Type | Description |
|---|---|---|
ConfigurationPolicyIdentifierRequired | string | undefined | The Amazon Resource Name (ARN) of a configuration policy, the universally unique identifier (UUID) of a configuration policy, or a value of |
Target | Target | undefined | The identifier of the target account, organizational unit, or the root to disassociate from the specified configuration. |
StartConfigurationPolicyDisassociationCommand Output
Parameter | Type | Description |
|---|
Parameter | Type | Description |
|---|---|---|
$metadataRequired | ResponseMetadata | Metadata pertaining to this request. |
Throws
Name | Fault | Details |
|---|
Name | Fault | Details |
|---|---|---|
| AccessDeniedException | client | You don't have permission to perform the action specified in the request. |
| InternalException | server | Internal server error. |
| InvalidAccessException | client | The account doesn't have permission to perform this action. |
| InvalidInputException | client | The request was rejected because you supplied an invalid or out-of-range value for an input parameter. |
| LimitExceededException | client | The request was rejected because it attempted to create resources beyond the current Amazon Web Services account or throttling limits. The error code describes the limit exceeded. |
| ResourceNotFoundException | client | The request was rejected because we can't find the specified resource. |
| SecurityHubServiceException | Base exception class for all service exceptions from SecurityHub service. |