Selecione suas preferências de cookies

Usamos cookies essenciais e ferramentas semelhantes que são necessárias para fornecer nosso site e serviços. Usamos cookies de desempenho para coletar estatísticas anônimas, para que possamos entender como os clientes usam nosso site e fazer as devidas melhorias. Cookies essenciais não podem ser desativados, mas você pode clicar em “Personalizar” ou “Recusar” para recusar cookies de desempenho.

Se você concordar, a AWS e terceiros aprovados também usarão cookies para fornecer recursos úteis do site, lembrar suas preferências e exibir conteúdo relevante, incluindo publicidade relevante. Para aceitar ou recusar todos os cookies não essenciais, clique em “Aceitar” ou “Recusar”. Para fazer escolhas mais detalhadas, clique em “Personalizar”.

Inline policies for Signer

Modo de foco
Inline policies for Signer - AWS Signer
Esta página não foi traduzida para seu idioma. Solicitar tradução

Inline policies are standalone identity-based policies that an administrator creates and embeds directly into a single principal (user, group, or role). Administrators can create and manage policies using the AWS Management Console, the AWS Command Line Interface (AWS CLI), or the IAM API.

To manage policies in the AWS Management Console

To provide access, add permissions to your users, groups, or roles:

Limit Access for Signing to All Signing Profiles Within an Account

The following policies allow a principal to discover every SigningProfile within an account and to use any of them to submit, describe, and list signing jobs.

Policy for Lambda

{ "Version":"2012-10-17", "Statement":[ { "Effect":"Allow", "Action":[ "signer:GetSigningProfile", "signer:ListSigningProfiles", "signer:StartSigningJob", "signer:DescribeSigningJob", "signer:ListSigningJobs" ], "Resource":"*" } ] }

Policy for containers

{ "Version":"2012-10-17", "Statement":[ { "Effect":"Allow", "Action":[ "signer:GetSigningProfile", "signer:ListSigningProfiles", "signer:SignPayload", "signer:GetRevocationStatus", "signer:DescribeSigningJob", "signer:ListSigningJobs" ], "Resource":"*" } ] }

Limit Access for Signing to a Specific Signing Profile

The following policies allow a principal to call GetSigningProfile and StartSigningJob only on profile MySigningProfile.

Policy for Lambda

{ "Version":"2012-10-17", "Statement":[ { "Effect":"Allow", "Action":[ "signer:GetSigningProfile", "signer:StartSigningJob" ], "Resource":"arn:aws:signer:Region:444455556666:/signing-profiles/MySigningProfile" }, { "Effect":"Allow", "Action":[ "signer:ListSigningJobs", "signer:ListSigningProfiles", "signer:DescribeSigningJob" ], "Resource":"*" } ] }

Policy for containers

{ "Version":"2012-10-17", "Statement":[ { "Effect":"Allow", "Action":[ "signer:GetSigningProfile", "signer:SignPayload" ], "Resource":"arn:aws:signer:Region:444455556666:/signing-profiles/MySigningProfile" }, { "Effect":"Allow", "Action":[ "signer:ListSigningJobs", "signer:ListSigningProfiles", "signer:DescribeSigningJob" ], "Resource":"*" } ] }

Limit Access for Signing to a Specific Signing Profile Version

The following policy allows a principal to call GetSigningProfile and StartSigningJob only on version abcde12345 of profile MySigningProfile.

{ "Version":"2012-10-17", "Statement":[ { "Effect":"Allow", "Action":[ "signer:GetSigningProfile", "signer:SignPayload" ], "Resource":"arn:aws:signer:Region:444455556666:/signing-profiles/MySigningProfile", "Condition":{ "StringEquals":{ "signer:ProfileVersion":"version" } } }, { "Effect":"Allow", "Action":[ "signer:ListSigningJobs", "signer:ListSigningProfiles", "signer:DescribeSigningJob" ], "Resource":"*" } ] }

Allow Full Access

The following policy allows a principal to perform any AWS Signer action.

{ "Version":"2012-10-17", "Statement":[ { "Effect":"Allow", "Action":"signer:*", "Resource":"*" } ] }
PrivacidadeTermos do sitePreferências de cookies
© 2025, Amazon Web Services, Inc. ou suas afiliadas. Todos os direitos reservados.