To grant permission for a user to access the code signing API operations, attach one or more policy statements to the user policy. For more information about user policies, see Identity-based IAM policies for Lambda.
The following example policy statement grants permission to create, update, and retrieve code signing configurations.
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"lambda:CreateCodeSigningConfig",
"lambda:UpdateCodeSigningConfig",
"lambda:GetCodeSigningConfig"
],
"Resource": "*"
}
]
} Administrators can use the CodeSigningConfigArn condition key to specify the code signing
configurations that developers must use to create or update your functions.
The following example policy statement grants permission to create a function. The policy statement includes a
lambda:CodeSigningConfigArn condition to specify the allowed code signing configuration. Lambda
blocks any CreateFunction API request if its CodeSigningConfigArn parameter is missing
or does not match the value in the condition.
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "AllowReferencingCodeSigningConfig",
"Effect": "Allow",
"Action": [
"lambda:CreateFunction",
],
"Resource": "*",
"Condition": {
"StringEquals": {
"lambda:CodeSigningConfigArn":
“arn:aws:lambda:us-west-2:123456789012:code-signing-config:csc-0d4518bd353a0a7c6”
}
}
}
]
} 