# StartConfigurationPolicyAssociation
<a name="API_StartConfigurationPolicyAssociation"></a>

 Associates a target account, organizational unit, or the root with a specified configuration. The target can be associated with a configuration policy or self-managed behavior. Only the AWS Security Hub CSPM delegated administrator can invoke this operation from the home Region. 

## Request Syntax
<a name="API_StartConfigurationPolicyAssociation_RequestSyntax"></a>

```
POST /configurationPolicyAssociation/associate HTTP/1.1
Content-type: application/json

{
   "ConfigurationPolicyIdentifier": "string",
   "Target": { ... }
}
```

## URI Request Parameters
<a name="API_StartConfigurationPolicyAssociation_RequestParameters"></a>

The request does not use any URI parameters.

## Request Body
<a name="API_StartConfigurationPolicyAssociation_RequestBody"></a>

The request accepts the following data in JSON format.

 ** [ConfigurationPolicyIdentifier](#API_StartConfigurationPolicyAssociation_RequestSyntax) **   <a name="securityhub-StartConfigurationPolicyAssociation-request-ConfigurationPolicyIdentifier"></a>
 The Amazon Resource Name (ARN) of a configuration policy, the universally unique identifier (UUID) of a configuration policy, or a value of `SELF_MANAGED_SECURITY_HUB` for a self-managed configuration.   
Type: String  
Pattern: `.*\S.*`   
Required: Yes

 ** [Target](#API_StartConfigurationPolicyAssociation_RequestSyntax) **   <a name="securityhub-StartConfigurationPolicyAssociation-request-Target"></a>
 The identifier of the target account, organizational unit, or the root to associate with the specified configuration.   
Type: [Target](API_Target.md) object  
 **Note: **This object is a Union. Only one member of this object can be specified or returned.  
Required: Yes

## Response Syntax
<a name="API_StartConfigurationPolicyAssociation_ResponseSyntax"></a>

```
HTTP/1.1 200
Content-type: application/json

{
   "AssociationStatus": "string",
   "AssociationStatusMessage": "string",
   "AssociationType": "string",
   "ConfigurationPolicyId": "string",
   "TargetId": "string",
   "TargetType": "string",
   "UpdatedAt": "string"
}
```

## Response Elements
<a name="API_StartConfigurationPolicyAssociation_ResponseElements"></a>

If the action is successful, the service sends back an HTTP 200 response.

The following data is returned in JSON format by the service.

 ** [AssociationStatus](#API_StartConfigurationPolicyAssociation_ResponseSyntax) **   <a name="securityhub-StartConfigurationPolicyAssociation-response-AssociationStatus"></a>
 The current status of the association between the specified target and the configuration.   
Type: String  
Valid Values: `PENDING | SUCCESS | FAILED` 

 ** [AssociationStatusMessage](#API_StartConfigurationPolicyAssociation_ResponseSyntax) **   <a name="securityhub-StartConfigurationPolicyAssociation-response-AssociationStatusMessage"></a>
 An explanation for a `FAILED` value for `AssociationStatus`.   
Type: String  
Pattern: `.*\S.*` 

 ** [AssociationType](#API_StartConfigurationPolicyAssociation_ResponseSyntax) **   <a name="securityhub-StartConfigurationPolicyAssociation-response-AssociationType"></a>
 Indicates whether the association between the specified target and the configuration was directly applied by the Security Hub CSPM delegated administrator or inherited from a parent.   
Type: String  
Valid Values: `INHERITED | APPLIED` 

 ** [ConfigurationPolicyId](#API_StartConfigurationPolicyAssociation_ResponseSyntax) **   <a name="securityhub-StartConfigurationPolicyAssociation-response-ConfigurationPolicyId"></a>
 The UUID of the configuration policy.   
Type: String  
Pattern: `.*\S.*` 

 ** [TargetId](#API_StartConfigurationPolicyAssociation_ResponseSyntax) **   <a name="securityhub-StartConfigurationPolicyAssociation-response-TargetId"></a>
 The identifier of the target account, organizational unit, or the organization root with which the configuration is associated.   
Type: String  
Pattern: `.*\S.*` 

 ** [TargetType](#API_StartConfigurationPolicyAssociation_ResponseSyntax) **   <a name="securityhub-StartConfigurationPolicyAssociation-response-TargetType"></a>
 Indicates whether the target is an AWS account, organizational unit, or the organization root.   
Type: String  
Valid Values: `ACCOUNT | ORGANIZATIONAL_UNIT | ROOT` 

 ** [UpdatedAt](#API_StartConfigurationPolicyAssociation_ResponseSyntax) **   <a name="securityhub-StartConfigurationPolicyAssociation-response-UpdatedAt"></a>
 The date and time, in UTC and ISO 8601 format, that the configuration policy association was last updated.   
Type: Timestamp

## Errors
<a name="API_StartConfigurationPolicyAssociation_Errors"></a>

For information about the errors that are common to all actions, see [Common Error Types](CommonErrors.md).

 ** AccessDeniedException **   
You don't have permission to perform the action specified in the request.  
HTTP Status Code: 403

 ** InternalException **   
Internal server error.  
HTTP Status Code: 500

 ** InvalidAccessException **   
The account doesn't have permission to perform this action.  
HTTP Status Code: 401

 ** InvalidInputException **   
The request was rejected because you supplied an invalid or out-of-range value for an input parameter.  
HTTP Status Code: 400

 ** LimitExceededException **   
The request was rejected because it attempted to create resources beyond the current AWS account or throttling limits. The error code describes the limit exceeded.  
HTTP Status Code: 429

 ** ResourceNotFoundException **   
The request was rejected because we can't find the specified resource.  
HTTP Status Code: 404

## See Also
<a name="API_StartConfigurationPolicyAssociation_SeeAlso"></a>

For more information about using this API in one of the language-specific AWS SDKs, see the following:
+  [AWS Command Line Interface V2](https://docs.aws.amazon.com/goto/cli2/securityhub-2018-10-26/StartConfigurationPolicyAssociation) 
+  [AWS SDK for .NET V4](https://docs.aws.amazon.com/goto/DotNetSDKV4/securityhub-2018-10-26/StartConfigurationPolicyAssociation) 
+  [AWS SDK for C\$1\$1](https://docs.aws.amazon.com/goto/SdkForCpp/securityhub-2018-10-26/StartConfigurationPolicyAssociation) 
+  [AWS SDK for Go v2](https://docs.aws.amazon.com/goto/SdkForGoV2/securityhub-2018-10-26/StartConfigurationPolicyAssociation) 
+  [AWS SDK for Java V2](https://docs.aws.amazon.com/goto/SdkForJavaV2/securityhub-2018-10-26/StartConfigurationPolicyAssociation) 
+  [AWS SDK for JavaScript V3](https://docs.aws.amazon.com/goto/SdkForJavaScriptV3/securityhub-2018-10-26/StartConfigurationPolicyAssociation) 
+  [AWS SDK for Kotlin](https://docs.aws.amazon.com/goto/SdkForKotlin/securityhub-2018-10-26/StartConfigurationPolicyAssociation) 
+  [AWS SDK for PHP V3](https://docs.aws.amazon.com/goto/SdkForPHPV3/securityhub-2018-10-26/StartConfigurationPolicyAssociation) 
+  [AWS SDK for Python](https://docs.aws.amazon.com/goto/boto3/securityhub-2018-10-26/StartConfigurationPolicyAssociation) 
+  [AWS SDK for Ruby V3](https://docs.aws.amazon.com/goto/SdkForRubyV3/securityhub-2018-10-26/StartConfigurationPolicyAssociation)