CodeSigningConfigProps

class aws_cdk.aws_lambda.CodeSigningConfigProps(*, signing_profiles, description=None, untrusted_artifact_on_deployment=None)

Bases: object

Construction properties for a Code Signing Config object.

Parameters
  • signing_profiles (Sequence[ISigningProfile]) – List of signing profiles that defines a trusted user who can sign a code package.

  • description (Optional[str]) – Code signing configuration description. Default: - No description.

  • untrusted_artifact_on_deployment (Optional[UntrustedArtifactOnDeployment]) – Code signing configuration policy for deployment validation failure. If you set the policy to Enforce, Lambda blocks the deployment request if signature validation checks fail. If you set the policy to Warn, Lambda allows the deployment and creates a CloudWatch log. Default: UntrustedArtifactOnDeployment.WARN

Example:

import aws_cdk.aws_signer as signer


signing_profile = signer.SigningProfile(self, "SigningProfile",
    platform=signer.Platform.AWS_LAMBDA_SHA384_ECDSA
)

code_signing_config = lambda_.CodeSigningConfig(self, "CodeSigningConfig",
    signing_profiles=[signing_profile]
)

lambda_.Function(self, "Function",
    code_signing_config=code_signing_config,
    runtime=lambda_.Runtime.NODEJS_12_X,
    handler="index.handler",
    code=lambda_.Code.from_asset(path.join(__dirname, "lambda-handler"))
)

Attributes

description

Code signing configuration description.

Default
  • No description.

Return type

Optional[str]

signing_profiles

List of signing profiles that defines a trusted user who can sign a code package.

Return type

List[ISigningProfile]

untrusted_artifact_on_deployment

Code signing configuration policy for deployment validation failure.

If you set the policy to Enforce, Lambda blocks the deployment request if signature validation checks fail. If you set the policy to Warn, Lambda allows the deployment and creates a CloudWatch log.

Default

UntrustedArtifactOnDeployment.WARN

Return type

Optional[UntrustedArtifactOnDeployment]