Integrated Services - AWS Signer

Integrated Services

AWS Signer is integrated with the following services.

AWS Lambda

AWS Lambda provides the ability to deploy functions across organizations, but can also provide broad privileges, including the ability to reach inside VPCs to access databases and mission critical applications. Organizations consequently need to protect themselves from unauthorized code being deployed on their networks.

AWS Signer provides a mechanism to ensure that only signed and trusted AWS Lambda functions are deployed by an organization. AWS Signer defines a trusted publisher in a signing profile. Authorized developers use the profile to generate certified code packages. AWS Lambda verifies signatures and package integrity when code is deployed. AWS Signer profiles can be managed through the Signer console, API, and CLI.

Amazon FreeRTOS

Amazon FreeRTOS is a microcontroller operating system based on the FreeRTOS kernel. It includes libraries for connectivity and security. You can build and deploy your embedded applications on top of Amazon FreeRTOS. To ensure the security of deployments to these microcontrollers, Amazon FreeRTOS uses AWS Signer for the initial manufacture of these devices and subsequent over-the-air updates. You can use AWS Signer through the Amazon FreeRTOS console to sign your code images before you deploy them to a microcontroller.

AWS IoT Device Management

With AWS IoT Device Management you can manage Internet-connected devices and establish secure, bidirectional communication between them. To do so, AWS IoT Device Management uses AWS Signer to authenticate each device in your IoT environment. You can use AWS Signer through the AWS IoT Device Management console to sign your code images before you deploy them to a microcontroller.

AWS Certificate Manager (ACM)

ACM handles the complexity of creating and managing or importing SSL/TLS certificates. You use ACM to create an ACM certificate or import a third-party certificate that you use for signing. You must have a certificate to sign code. For more information about certificates, see AWS Certificate Manager User Guide.


You can use AWS CloudTrail to record API calls made to AWS Signer. CloudTrail is an AWS service that simplifies governance, compliance, and risk auditing by providing visibility into actions made in your AWS account. For more information, see the AWS CloudTrail User Guide.

CloudWatch Events

You can use CloudWatch Events to monitor AWS Signer objects. CloudWatch Events is an AWS service that monitors the statuses of AWS resources in real time, making it easy to automate service work flows and notifications. For more information, see the Amazon CloudWatch Events User Guide.