AddProfilePermission - AWS Signer
Request SyntaxURI Request ParametersRequest BodyResponse SyntaxResponse ElementsErrorsSee Also

AddProfilePermission

Adds cross-account permissions to a signing profile.

Request Syntax

POST /signing-profiles/profileName/permissions HTTP/1.1
Content-type: application/json

{
   "action": "string",
   "principal": "string",
   "profileVersion": "string",
   "revisionId": "string",
   "statementId": "string"
}

URI Request Parameters

The request uses the following URI parameters.

profileName

The human-readable name of the signing profile.

Length Constraints: Minimum length of 2. Maximum length of 64.

Pattern: ^[a-zA-Z0-9_]{2,}

Required: Yes

Request Body

The request accepts the following data in JSON format.

action

For cross-account signing. Grant a designated account permission to perform one or more of the following actions. Each action is associated with a specific API's operations. For more information about cross-account signing, see Using cross-account signing with signing profiles in the AWS Signer Developer Guide.

You can designate the following actions to an account.

  • signer:StartSigningJob. This action isn't supported for container image workflows. For details, see StartSigningJob.

  • signer:SignPayload. This action isn't supported for AWS Lambda workflows. For details, see SignPayload

  • signer:GetSigningProfile. For details, see GetSigningProfile.

  • signer:RevokeSignature. For details, see RevokeSignature.

Type: String

Required: Yes

principal

The AWS principal receiving cross-account permissions. This may be an IAM role or another AWS account ID.

Type: String

Required: Yes

profileVersion

The version of the signing profile.

Type: String

Length Constraints: Fixed length of 10.

Pattern: ^[a-zA-Z0-9]{10}$

Required: No

revisionId

A unique identifier for the current profile revision.

Type: String

Required: No

statementId

A unique identifier for the cross-account permission statement.

Type: String

Required: Yes

Response Syntax

HTTP/1.1 200
Content-type: application/json

{
   "revisionId": "string"
}

Response Elements

If the action is successful, the service sends back an HTTP 200 response.

The following data is returned in JSON format by the service.

revisionId

A unique identifier for the current profile revision.

Type: String

Errors

For information about the errors that are common to all actions, see Common Errors.

AccessDeniedException

You do not have sufficient access to perform this action.

HTTP Status Code: 403

ConflictException

The resource encountered a conflicting state.

HTTP Status Code: 409

InternalServiceErrorException

An internal error occurred.

HTTP Status Code: 500

ResourceNotFoundException

A specified resource could not be found.

HTTP Status Code: 404

ServiceLimitExceededException

The client is making a request that exceeds service limits.

HTTP Status Code: 402

TooManyRequestsException

The allowed number of job-signing requests has been exceeded.

This error supersedes the error ThrottlingException.

HTTP Status Code: 429

ValidationException

You signing certificate could not be validated.

HTTP Status Code: 400

See Also

For more information about using this API in one of the language-specific AWS SDKs, see the following: