SignerClient

Suggest an Edit

AWS Signer is a fully managed code-signing service to help you ensure the trust and integrity of your code.

Signer supports the following applications:

With code signing for AWS Lambda, you can sign AWS Lambda  deployment packages. Integrated support is provided for Amazon S3 , Amazon CloudWatch , and AWS CloudTrail . In order to sign code, you create a signing profile and then use Signer to sign Lambda zip files in S3.

With code signing for IoT, you can sign code for any IoT device that is supported by AWS. IoT code signing is available for Amazon FreeRTOS  and AWS IoT Device Management , and is integrated with AWS Certificate Manager (ACM) . In order to sign code, you import a third-party code-signing certificate using ACM, and use that to sign updates in Amazon FreeRTOS and AWS IoT Device Management.

With Signer and the Notation CLI from the Notary Project , you can sign container images stored in a container registry such as Amazon Elastic Container Registry (ECR). The signatures are stored in the registry alongside the images, where they are available for verifying image authenticity and integrity.

For more information about Signer, see the AWS Signer Developer Guide .

Installation

NPM
npm install @aws-sdk/client-signer
Yarn
yarn add @aws-sdk/client-signer
pnpm
pnpm add @aws-sdk/client-signer

SignerClient Operations

Command
Summary
AddProfilePermissionCommand

Adds cross-account permissions to a signing profile.

CancelSigningProfileCommand

Changes the state of an ACTIVE signing profile to CANCELED. A canceled profile is still viewable with the ListSigningProfiles operation, but it cannot perform new signing jobs, and is deleted two years after cancelation.

DescribeSigningJobCommand

Returns information about a specific code signing job. You specify the job by using the jobId value that is returned by the StartSigningJob operation.

GetRevocationStatusCommand

Retrieves the revocation status of one or more of the signing profile, signing job, and signing certificate.

GetSigningPlatformCommand

Returns information on a specific signing platform.

GetSigningProfileCommand

Returns information on a specific signing profile.

ListProfilePermissionsCommand

Lists the cross-account permissions associated with a signing profile.

ListSigningJobsCommand

Lists all your signing jobs. You can use the maxResults parameter to limit the number of signing jobs that are returned in the response. If additional jobs remain to be listed, AWS Signer returns a nextToken value. Use this value in subsequent calls to ListSigningJobs to fetch the remaining values. You can continue calling ListSigningJobs with your maxResults parameter and with new values that Signer returns in the nextToken parameter until all of your signing jobs have been returned.

ListSigningPlatformsCommand

Lists all signing platforms available in AWS Signer that match the request parameters. If additional jobs remain to be listed, Signer returns a nextToken value. Use this value in subsequent calls to ListSigningJobs to fetch the remaining values. You can continue calling ListSigningJobs with your maxResults parameter and with new values that Signer returns in the nextToken parameter until all of your signing jobs have been returned.

ListSigningProfilesCommand

Lists all available signing profiles in your AWS account. Returns only profiles with an ACTIVE status unless the includeCanceled request field is set to true. If additional jobs remain to be listed, AWS Signer returns a nextToken value. Use this value in subsequent calls to ListSigningJobs to fetch the remaining values. You can continue calling ListSigningJobs with your maxResults parameter and with new values that Signer returns in the nextToken parameter until all of your signing jobs have been returned.

ListTagsForResourceCommand

Returns a list of the tags associated with a signing profile resource.

PutSigningProfileCommand

Creates a signing profile. A signing profile is a code-signing template that can be used to carry out a pre-defined signing job.

RemoveProfilePermissionCommand

Removes cross-account permissions from a signing profile.

RevokeSignatureCommand

Changes the state of a signing job to REVOKED. This indicates that the signature is no longer valid.

RevokeSigningProfileCommand

Changes the state of a signing profile to REVOKED. This indicates that signatures generated using the signing profile after an effective start date are no longer valid.

SignPayloadCommand

Signs a binary payload and returns a signature envelope.

StartSigningJobCommand

Initiates a signing job to be performed on the code provided. Signing jobs are viewable by the ListSigningJobs operation for two years after they are performed. Note the following requirements:

  • You must create an Amazon S3 source bucket. For more information, see Creating a Bucket  in the Amazon S3 Getting Started Guide.

  • Your S3 source bucket must be version enabled.

  • You must create an S3 destination bucket. AWS Signer uses your S3 destination bucket to write your signed code.

  • You specify the name of the source and destination buckets when calling the StartSigningJob operation.

  • You must ensure the S3 buckets are from the same Region as the signing profile. Cross-Region signing isn't supported.

  • You must also specify a request token that identifies your request to Signer.

You can call the DescribeSigningJob and the ListSigningJobs actions after you call StartSigningJob.

For a Java example that shows how to use this action, see StartSigningJob .

TagResourceCommand

Adds one or more tags to a signing profile. Tags are labels that you can use to identify and organize your AWS resources. Each tag consists of a key and an optional value. To specify the signing profile, use its Amazon Resource Name (ARN). To specify the tag, use a key-value pair.

UntagResourceCommand

Removes one or more tags from a signing profile. To remove the tags, specify a list of tag keys.

SignerClient Configuration

Parameter
Type
Description
defaultsMode
Optional
DefaultsMode | Provider<DefaultsMode>
The @smithy/smithy-client#DefaultsMode that will be used to determine how certain default configuration options are resolved in the SDK.
disableHostPrefix
Optional
boolean
Disable dynamically changing the endpoint of the client based on the hostPrefix trait of an operation.
extensions
Optional
RuntimeExtension[]
Optional extensions
logger
Optional
Logger
Optional logger for logging debug/info/warn/error.
maxAttempts
Optional
number | Provider<number>
Value for how many times a request will be made at most in case of retry.
profile
Optional
string
Setting a client profile is similar to setting a value for the AWS_PROFILE environment variable. Setting a profile on a client in code only affects the single client instance, unlike AWS_PROFILE.When set, and only for environments where an AWS configuration file exists, fields configurable by this file will be retrieved from the specified profile within that file. Conflicting code configuration and environment variables will still have higher priority.For client credential resolution that involves checking the AWS configuration file, the client's profile (this value) will be used unless a different profile is set in the credential provider options.
region
Optional
string | Provider<string>
The AWS region to which this client will send requests
requestHandler
Optional
__HttpHandlerUserInput
The HTTP handler to use or its constructor options. Fetch in browser and Https in Nodejs.
retryMode
Optional
string | Provider<string>
Specifies which retry algorithm to use.
useDualstackEndpoint
Optional
boolean | Provider<boolean>
Enables IPv6/IPv4 dualstack endpoint.
useFipsEndpoint
Optional
boolean | Provider<boolean>
Enables FIPS compatible endpoints.
Additional config fields are described in the full configuration type: SignerClientConfig