Signing Profiles in AWS Signer (API/CLI) - AWS Signer

Signing Profiles in AWS Signer (API/CLI)

A signing profile is a code-signing template that can be used to predefine the signature specifications for a signing job. A signing profile includes a signing platform to designate the file type to be signed (a binary file for IoT or a zip file for AWS Lambda), the signature format, and the signature algorithms. Once you create the signing profile, you can delegate control of it using AWS Identity and Access Management (IAM). For more information about managing user permissions in AWS Signer, see Overview of Managing Access to Signer Resources.

For code signing for IoT, the signing profile also specifies the AWS Certificate Manager certificate ARN to generate signatures. The signing profile includes any hash or encryption algorithm overrides applied to the IoT signing platform.

For code signing for Lambda, the signing profile also specifies the validity period of signatures. By default, signature validity is set to 135 months (11 years and 3 months), which is the maximum validity allowed. The ARN of the signing profile version is used in AWS Lambda to designate a trusted source for validating signed zip files. If code signing is enabled for Lambda functions, only zip files signed by specified signing profile versions will pass signature validation checks.

In order to start a signing job with the StartSigningJob operation, you must designate a signing profile.

Use the following action or command to create a signing profile:

Use the following action or command to cancel a signing profile:

A canceled profile remains in the CANCELED state for two years, and is then automatically deleted.

To get the status of a particular signing profile, use the following action or command:

For a list of all available signing profiles, including those in the CANCELED state, use the following action or command:

For more information about the configurations and parameters related to signing profiles, see SigningPlatform in the AWS Signer API Reference Guide or the AWS Command Line Interface.