CodeSigningConfigProps
- class aws_cdk.aws_lambda.CodeSigningConfigProps(*, signing_profiles, description=None, untrusted_artifact_on_deployment=None)
Bases:
object
Construction properties for a Code Signing Config object.
- Parameters:
signing_profiles (
Sequence
[ISigningProfile
]) – List of signing profiles that defines a trusted user who can sign a code package.description (
Optional
[str
]) – Code signing configuration description. Default: - No description.untrusted_artifact_on_deployment (
Optional
[UntrustedArtifactOnDeployment
]) – Code signing configuration policy for deployment validation failure. If you set the policy to Enforce, Lambda blocks the deployment request if signature validation checks fail. If you set the policy to Warn, Lambda allows the deployment and creates a CloudWatch log. Default: UntrustedArtifactOnDeployment.WARN
- ExampleMetadata:
infused
Example:
import aws_cdk.aws_signer as signer signing_profile = signer.SigningProfile(self, "SigningProfile", platform=signer.Platform.AWS_LAMBDA_SHA384_ECDSA ) code_signing_config = lambda_.CodeSigningConfig(self, "CodeSigningConfig", signing_profiles=[signing_profile] ) lambda_.Function(self, "Function", code_signing_config=code_signing_config, runtime=lambda_.Runtime.NODEJS_16_X, handler="index.handler", code=lambda_.Code.from_asset(path.join(__dirname, "lambda-handler")) )
Attributes
- description
Code signing configuration description.
- Default:
No description.
- signing_profiles
List of signing profiles that defines a trusted user who can sign a code package.
- untrusted_artifact_on_deployment
Code signing configuration policy for deployment validation failure.
If you set the policy to Enforce, Lambda blocks the deployment request if signature validation checks fail. If you set the policy to Warn, Lambda allows the deployment and creates a CloudWatch log.
- Default:
UntrustedArtifactOnDeployment.WARN