Select your cookie preferences

We use essential cookies and similar tools that are necessary to provide our site and services. We use performance cookies to collect anonymous statistics, so we can understand how customers use our site and make improvements. Essential cookies cannot be deactivated, but you can choose “Customize” or “Decline” to decline performance cookies.

If you agree, AWS and approved third parties will also use cookies to provide useful site features, remember your preferences, and display relevant content, including relevant advertising. To accept or decline all non-essential cookies, choose “Accept” or “Decline.” To make more detailed choices, choose “Customize.”

Preferences
Contact Us
Feedback
AWS Documentation
Create an AWS Account
AddProfilePermission - AWS Signer
Request SyntaxURI Request ParametersRequest BodyResponse SyntaxResponse ElementsErrorsSee Also

AddProfilePermission

PDF

Adds cross-account permissions to a signing profile.

Request Syntax

POST /signing-profiles/profileName/permissions HTTP/1.1
Content-type: application/json

{
   "action": "string",
   "principal": "string",
   "profileVersion": "string",
   "revisionId": "string",
   "statementId": "string"
}

URI Request Parameters

The request uses the following URI parameters.

profileName

The human-readable name of the signing profile.

Length Constraints: Minimum length of 2. Maximum length of 64.

Pattern: ^[a-zA-Z0-9_]{2,}

Required: Yes

Request Body

The request accepts the following data in JSON format.

action

For cross-account signing. Grant a designated account permission to perform one or more of the following actions. Each action is associated with a specific API's operations. For more information about cross-account signing, see Using cross-account signing with signing profiles in the AWS Signer Developer Guide.

You can designate the following actions to an account.

  • signer:StartSigningJob. This action isn't supported for container image workflows. For details, see StartSigningJob.

  • signer:SignPayload. This action isn't supported for AWS Lambda workflows. For details, see SignPayload

  • signer:GetSigningProfile. For details, see GetSigningProfile.

  • signer:RevokeSignature. For details, see RevokeSignature.

Type: String

Required: Yes

principal

The AWS principal receiving cross-account permissions. This may be an IAM role or another AWS account ID.

Type: String

Required: Yes

profileVersion

The version of the signing profile.

Type: String

Length Constraints: Fixed length of 10.

Pattern: ^[a-zA-Z0-9]{10}$

Required: No

revisionId

A unique identifier for the current profile revision.

Type: String

Required: No

statementId

A unique identifier for the cross-account permission statement.

Type: String

Required: Yes

Response Syntax

HTTP/1.1 200
Content-type: application/json

{
   "revisionId": "string"
}

Response Elements

If the action is successful, the service sends back an HTTP 200 response.

The following data is returned in JSON format by the service.

revisionId

A unique identifier for the current profile revision.

Type: String

Errors

For information about the errors that are common to all actions, see Common Errors.

AccessDeniedException

You do not have sufficient access to perform this action.

HTTP Status Code: 403

ConflictException

The resource encountered a conflicting state.

HTTP Status Code: 409

InternalServiceErrorException

An internal error occurred.

HTTP Status Code: 500

ResourceNotFoundException

A specified resource could not be found.

HTTP Status Code: 404

ServiceLimitExceededException

The client is making a request that exceeds service limits.

HTTP Status Code: 402

TooManyRequestsException

The allowed number of job-signing requests has been exceeded.

This error supersedes the error ThrottlingException.

HTTP Status Code: 429

ValidationException

You signing certificate could not be validated.

HTTP Status Code: 400

See Also

For more information about using this API in one of the language-specific AWS SDKs, see the following:

Previous topic:

Actions

Need help?

PrivacySite termsCookie preferences
© 2025, Amazon Web Services, Inc. or its affiliates. All rights reserved.