interface CodeSigningConfigProps
| Language | Type name |
|---|---|
 .NET | Amazon.CDK.AWS.Lambda.CodeSigningConfigProps |
 Go | github.com/aws/aws-cdk-go/awscdk/v2/awslambda#CodeSigningConfigProps |
 Java | software.amazon.awscdk.services.lambda.CodeSigningConfigProps |
 Python | aws_cdk.aws_lambda.CodeSigningConfigProps |
 TypeScript (source) | aws-cdk-lib » aws_lambda » CodeSigningConfigProps |
Construction properties for a Code Signing Config object.
Example
import * as signer from 'aws-cdk-lib/aws-signer';
const signingProfile = new signer.SigningProfile(this, 'SigningProfile', {
platform: signer.Platform.AWS_LAMBDA_SHA384_ECDSA,
});
const codeSigningConfig = new lambda.CodeSigningConfig(this, 'CodeSigningConfig', {
signingProfiles: [signingProfile],
});
new lambda.Function(this, 'Function', {
codeSigningConfig,
runtime: lambda.Runtime.NODEJS_18_X,
handler: 'index.handler',
code: lambda.Code.fromAsset(path.join(__dirname, 'lambda-handler')),
});
Properties
| Name | Type | Description |
|---|---|---|
| signing | ISigning[] | List of signing profiles that defines a trusted user who can sign a code package. |
| description? | string | Code signing configuration description. |
| untrusted | Untrusted | Code signing configuration policy for deployment validation failure. |
signingProfiles
Type:
ISigning[]
List of signing profiles that defines a trusted user who can sign a code package.
description?
Type:
string
(optional, default: No description.)
Code signing configuration description.
untrustedArtifactOnDeployment?
Type:
Untrusted
(optional, default: UntrustedArtifactOnDeployment.WARN)
Code signing configuration policy for deployment validation failure.
If you set the policy to Enforce, Lambda blocks the deployment request if signature validation checks fail. If you set the policy to Warn, Lambda allows the deployment and creates a CloudWatch log.