Creating signing profiles in the AWS console (Lambda and containers only) - AWS Signer

Creating signing profiles in the AWS console (Lambda and containers only)

This section describes the procedures and options for creating and managing signing profiles from the AWS console.

Note

Creation of signing profiles in the console is currently unavailable for IoT workflows.

To create a signing profile (console)

  1. Log into the AWS Signer console.

  2. Choose Create signing profile.

  3. On the Create signing profile page, provide a unique Profile name for your signing profile. Valid characters include uppercase A-Z, lowercase a-z, numbers 0-9, and underscore (_).

  4. For Signing platform, choose one of the listed platforms.

    API name Display name

    AWSLambda-SHA384-ECDSA

    		 AWS Lambda

    Notation-OCI-SHA384-ECDSA

    Notation for container registries

  5. Specify the Signature validity period in months, days, or years. The default value is 135 months (11 years and 6 months).

  6. In the Tags - optional section, you can create a Tag key and a Tag value, then save it with the Add tag button. When you assign tags to your signing profile, you can use tag-based resource policies to manage access to the profile.

    You can assign up to 50 tags to a profile.

  7. Choose Create profile.

The console displays a message that you have successfully created a signing profile and displays the Signing profile details page, which contains the following information:

  • Profile name - Name of the signing profile.

  • Profile version - The version of the created profile.

  • Platform - The signing platform used.

  • Profile status - Current status of the signing platform. Possible values are: Active | Canceled | Revoked.

  • Profile ARN - The ARN associated with the profile.

  • Versioned profile ARN - The profile ARN plus the profile version.

  • Signature validity period - The length of time that AWS Signer signs code with this profile.

The following actions are also available for Lambda only on the Signing profile details page:

  • Start signing job – Start a new signing job using this profile.

  • Cancel profile – After a profile is canceled, it cannot be used again to generate new signatures. Existing signatures generated by the profile remain unaffected. A canceled profile remains visible in customer accounts until all signatures generated by that profile have expired, plus an additional six months. After that time, the profile is automatically deleted.

  • Revoke profile – You must provide a date and a reason for the revocation. After a profile is revoked, it cannot be used again to generate signatures, and signatures generated after the effective start time of revocation become invalid. As with a canceled profile, a revoked profile remains visible in customer accounts until all signatures generated by that profile have expired, plus an additional six months. After that time, the profile is automatically deleted.

  • Manage tags – Add or remove tags from the signing profile.