Creating code signing configurations for Lambda
To enable code signing for a function, you create a code signing configuration and attach it to the function. A code signing configuration defines a list of allowed signing profiles and the policy action to take if any of the validation checks fail.
Sections
Configuration prerequisites
Before you can configure code signing for a Lambda function, use AWS Signer to do the following:
-
Create one or more signing profiles.
-
Use a signing profile to create a signed code package for your function.
For more information, see Creating Signing Profiles (Console) in the AWS Signer Developer Guide.
Creating code signing configurations
A code signing configuration defines a list of allowed signing profiles and the signature validation policy.
To create a code signing configuration (console)
-
Open the Code signing configurations page
of the Lambda console. -
Choose Create configuration.
-
For Description, enter a descriptive name for the configuration.
-
Under Signing profiles, add up to 20 signing profiles to the configuration.
-
For Signing profile version ARN, choose a profile version's Amazon Resource Name (ARN), or enter the ARN.
-
To add an additional signing profile, choose Add signing profiles.
-
-
Under Signature validation policy, choose Warn or Enforce.
-
Choose Create configuration.
Enabling code signing for a function
To enable code signing for a function, you associate a code signing configuration with the function.
To associate a code signing configuration with a function (console)
Open the Functions page
of the Lambda console. -
Choose the function for which you want to enable code signing.
-
Open the Configuration tab.
-
Scroll down and choose Code signing.
-
Choose Edit.
-
In Edit code signing, choose a code signing configuration for this function.
-
Choose Save.
