Creating profiles using the AWS CLI (all platforms)

This section describes the procedures and options for creating and managing signing profiles using the AWS CLI. A signing profile is a template that defines the following settings for associated signing jobs:

The signing platform that designates the file type to be signed. The following platforms are available in the AWS CLI.

API name	Display name
`AWSIoTDeviceManagement-SHA256-ECDSA`	AWS IoT Device Management SHA256-ECDSA
`AmazonFreeRTOS-Default`	Amazon FreeRTOS SHA256-ECDSA
`AmazonFreeRTOS-TI-CC3220SF`	Amazon FreeRTOS SHA1-RSA CC3220SF-Format
`AWSLambda-SHA384-ECDSA`	AWS Lambda
`Notation-OCI-SHA384-ECDSA`	Notation for container registries

For more information about the configurations and parameters that are contained in signing platforms, see SigningPlatform in the AWS Signer API Reference.

The signature format.
The signature algorithms.
The validity period of signatures. By default, signature validity is set to 135 months (11 years and 3 months), which is the maximum validity supported. The signature validity period is only applicable for AWSLambda-SHA384-ECDSA and Notation-OCI-SHA384-ECDSA signing platforms.

After you create the signing profile, you can delegate control of it using AWS Identity and Access Management (IAM). For more information about managing user permissions in AWS Signer, see Accessing Signer resources with security policies.

Signing profiles can be created, inspected, listed, and canceled as shown in the following examples.

put-signing-profile

This command creates and saves an AWS Signer signing profile.

Signatures generated using this platform will expire after the time specified by --signature-validity-period. This value may be specified using DAYS, MONTHS, or YEARS. If no validity period is specified, the default value is 135 months.

In this example, the specified signing platform is AWSLambda-SHA384-ECDSA.
```
$ aws signer put-signing-profile \
     --profile-name my_lambda_signing_profile \
     --platform-id AWSLambda-SHA384-ECDSA \
     --signature-validity-period value=10, type='MONTHS' 
```

get-signing-profile

This command retrieves a signing profile for inspection.


$ aws signer get-signing-profile --profile-name my_lambda_signing_profile

list-signing-profiles

This command lists the signing profiles that you own or control.
```
$ aws signer list-signing-profiles
```

cancel-signing-profile

This command deletes a signing profile.


$ aws signer cancel-signing-profile \
     --profile-name my_lambda_signing_profile \
     --profile-version profile_version \
     --reason "e2e notation testing" \
     --effective-time 1111111111

Warning Javascript is disabled or is unavailable in your browser.

To use the Amazon Web Services Documentation, Javascript must be enabled. Please refer to your browser's Help pages for instructions.

Document Conventions

Creating signing profiles (console)

Creating signing profiles (API)