CodeSigningConfigProps

class aws_cdk.aws_lambda.CodeSigningConfigProps(*, signing_profiles, description=None, untrusted_artifact_on_deployment=None)

Bases: object

Construction properties for a Code Signing Config object.

Parameters:

  • signing_profiles (Sequence[ISigningProfile]) – List of signing profiles that defines a trusted user who can sign a code package.

  • description (Optional[str]) – Code signing configuration description. Default: - No description.

  • untrusted_artifact_on_deployment (Optional[UntrustedArtifactOnDeployment]) – Code signing configuration policy for deployment validation failure. If you set the policy to Enforce, Lambda blocks the deployment request if signature validation checks fail. If you set the policy to Warn, Lambda allows the deployment and creates a CloudWatch log. Default: UntrustedArtifactOnDeployment.WARN

ExampleMetadata:

infused

Example:

import aws_cdk.aws_signer as signer


signing_profile = signer.SigningProfile(self, "SigningProfile",
    platform=signer.Platform.AWS_LAMBDA_SHA384_ECDSA
)

code_signing_config = lambda_.CodeSigningConfig(self, "CodeSigningConfig",
    signing_profiles=[signing_profile]
)

lambda_.Function(self, "Function",
    code_signing_config=code_signing_config,
    runtime=lambda_.Runtime.NODEJS_18_X,
    handler="index.handler",
    code=lambda_.Code.from_asset(path.join(__dirname, "lambda-handler"))
)

Attributes

description

Code signing configuration description.

Default:

  • No description.

signing_profiles

List of signing profiles that defines a trusted user who can sign a code package.

untrusted_artifact_on_deployment

Code signing configuration policy for deployment validation failure.

If you set the policy to Enforce, Lambda blocks the deployment request if signature validation checks fail. If you set the policy to Warn, Lambda allows the deployment and creates a CloudWatch log.

Default:

UntrustedArtifactOnDeployment.WARN