aws.lambda.CodeSigningConfig
Explore with Pulumi AI
Manages an AWS Lambda Code Signing Config. Use this resource to define allowed signing profiles and code-signing validation policies for Lambda functions to ensure code integrity and authenticity.
For information about Lambda code signing configurations and how to use them, see configuring code signing for Lambda functions.
Example Usage
Basic Usage
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
// Create signing profiles for different environments
const prod = new aws.signer.SigningProfile("prod", {
platformId: "AWSLambda-SHA384-ECDSA",
namePrefix: "prod_lambda_",
tags: {
Environment: "production",
},
});
const dev = new aws.signer.SigningProfile("dev", {
platformId: "AWSLambda-SHA384-ECDSA",
namePrefix: "dev_lambda_",
tags: {
Environment: "development",
},
});
// Code signing configuration with enforcement
const example = new aws.lambda.CodeSigningConfig("example", {
description: "Code signing configuration for Lambda functions",
allowedPublishers: {
signingProfileVersionArns: [
prod.versionArn,
dev.versionArn,
],
},
policies: {
untrustedArtifactOnDeployment: "Enforce",
},
tags: {
Environment: "production",
Purpose: "code-signing",
},
});
import pulumi
import pulumi_aws as aws
# Create signing profiles for different environments
prod = aws.signer.SigningProfile("prod",
platform_id="AWSLambda-SHA384-ECDSA",
name_prefix="prod_lambda_",
tags={
"Environment": "production",
})
dev = aws.signer.SigningProfile("dev",
platform_id="AWSLambda-SHA384-ECDSA",
name_prefix="dev_lambda_",
tags={
"Environment": "development",
})
# Code signing configuration with enforcement
example = aws.lambda_.CodeSigningConfig("example",
description="Code signing configuration for Lambda functions",
allowed_publishers={
"signing_profile_version_arns": [
prod.version_arn,
dev.version_arn,
],
},
policies={
"untrusted_artifact_on_deployment": "Enforce",
},
tags={
"Environment": "production",
"Purpose": "code-signing",
})
package main
import (
"github.com/pulumi/pulumi-aws/sdk/v7/go/aws/lambda"
"github.com/pulumi/pulumi-aws/sdk/v7/go/aws/signer"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
// Create signing profiles for different environments
prod, err := signer.NewSigningProfile(ctx, "prod", &signer.SigningProfileArgs{
PlatformId: pulumi.String("AWSLambda-SHA384-ECDSA"),
NamePrefix: pulumi.String("prod_lambda_"),
Tags: pulumi.StringMap{
"Environment": pulumi.String("production"),
},
})
if err != nil {
return err
}
dev, err := signer.NewSigningProfile(ctx, "dev", &signer.SigningProfileArgs{
PlatformId: pulumi.String("AWSLambda-SHA384-ECDSA"),
NamePrefix: pulumi.String("dev_lambda_"),
Tags: pulumi.StringMap{
"Environment": pulumi.String("development"),
},
})
if err != nil {
return err
}
// Code signing configuration with enforcement
_, err = lambda.NewCodeSigningConfig(ctx, "example", &lambda.CodeSigningConfigArgs{
Description: pulumi.String("Code signing configuration for Lambda functions"),
AllowedPublishers: &lambda.CodeSigningConfigAllowedPublishersArgs{
SigningProfileVersionArns: pulumi.StringArray{
prod.VersionArn,
dev.VersionArn,
},
},
Policies: &lambda.CodeSigningConfigPoliciesArgs{
UntrustedArtifactOnDeployment: pulumi.String("Enforce"),
},
Tags: pulumi.StringMap{
"Environment": pulumi.String("production"),
"Purpose": pulumi.String("code-signing"),
},
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Aws = Pulumi.Aws;
return await Deployment.RunAsync(() =>
{
// Create signing profiles for different environments
var prod = new Aws.Signer.SigningProfile("prod", new()
{
PlatformId = "AWSLambda-SHA384-ECDSA",
NamePrefix = "prod_lambda_",
Tags =
{
{ "Environment", "production" },
},
});
var dev = new Aws.Signer.SigningProfile("dev", new()
{
PlatformId = "AWSLambda-SHA384-ECDSA",
NamePrefix = "dev_lambda_",
Tags =
{
{ "Environment", "development" },
},
});
// Code signing configuration with enforcement
var example = new Aws.Lambda.CodeSigningConfig("example", new()
{
Description = "Code signing configuration for Lambda functions",
AllowedPublishers = new Aws.Lambda.Inputs.CodeSigningConfigAllowedPublishersArgs
{
SigningProfileVersionArns = new[]
{
prod.VersionArn,
dev.VersionArn,
},
},
Policies = new Aws.Lambda.Inputs.CodeSigningConfigPoliciesArgs
{
UntrustedArtifactOnDeployment = "Enforce",
},
Tags =
{
{ "Environment", "production" },
{ "Purpose", "code-signing" },
},
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.signer.SigningProfile;
import com.pulumi.aws.signer.SigningProfileArgs;
import com.pulumi.aws.lambda.CodeSigningConfig;
import com.pulumi.aws.lambda.CodeSigningConfigArgs;
import com.pulumi.aws.lambda.inputs.CodeSigningConfigAllowedPublishersArgs;
import com.pulumi.aws.lambda.inputs.CodeSigningConfigPoliciesArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
// Create signing profiles for different environments
var prod = new SigningProfile("prod", SigningProfileArgs.builder()
.platformId("AWSLambda-SHA384-ECDSA")
.namePrefix("prod_lambda_")
.tags(Map.of("Environment", "production"))
.build());
var dev = new SigningProfile("dev", SigningProfileArgs.builder()
.platformId("AWSLambda-SHA384-ECDSA")
.namePrefix("dev_lambda_")
.tags(Map.of("Environment", "development"))
.build());
// Code signing configuration with enforcement
var example = new CodeSigningConfig("example", CodeSigningConfigArgs.builder()
.description("Code signing configuration for Lambda functions")
.allowedPublishers(CodeSigningConfigAllowedPublishersArgs.builder()
.signingProfileVersionArns(
prod.versionArn(),
dev.versionArn())
.build())
.policies(CodeSigningConfigPoliciesArgs.builder()
.untrustedArtifactOnDeployment("Enforce")
.build())
.tags(Map.ofEntries(
Map.entry("Environment", "production"),
Map.entry("Purpose", "code-signing")
))
.build());
}
}
resources:
# Create signing profiles for different environments
prod:
type: aws:signer:SigningProfile
properties:
platformId: AWSLambda-SHA384-ECDSA
namePrefix: prod_lambda_
tags:
Environment: production
dev:
type: aws:signer:SigningProfile
properties:
platformId: AWSLambda-SHA384-ECDSA
namePrefix: dev_lambda_
tags:
Environment: development
# Code signing configuration with enforcement
example:
type: aws:lambda:CodeSigningConfig
properties:
description: Code signing configuration for Lambda functions
allowedPublishers:
signingProfileVersionArns:
- ${prod.versionArn}
- ${dev.versionArn}
policies:
untrustedArtifactOnDeployment: Enforce
tags:
Environment: production
Purpose: code-signing
Warning Only Configuration
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
const example = new aws.lambda.CodeSigningConfig("example", {
description: "Development code signing configuration",
allowedPublishers: {
signingProfileVersionArns: [dev.versionArn],
},
policies: {
untrustedArtifactOnDeployment: "Warn",
},
tags: {
Environment: "development",
Purpose: "code-signing",
},
});
import pulumi
import pulumi_aws as aws
example = aws.lambda_.CodeSigningConfig("example",
description="Development code signing configuration",
allowed_publishers={
"signing_profile_version_arns": [dev["versionArn"]],
},
policies={
"untrusted_artifact_on_deployment": "Warn",
},
tags={
"Environment": "development",
"Purpose": "code-signing",
})
package main
import (
"github.com/pulumi/pulumi-aws/sdk/v7/go/aws/lambda"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := lambda.NewCodeSigningConfig(ctx, "example", &lambda.CodeSigningConfigArgs{
Description: pulumi.String("Development code signing configuration"),
AllowedPublishers: &lambda.CodeSigningConfigAllowedPublishersArgs{
SigningProfileVersionArns: pulumi.StringArray{
dev.VersionArn,
},
},
Policies: &lambda.CodeSigningConfigPoliciesArgs{
UntrustedArtifactOnDeployment: pulumi.String("Warn"),
},
Tags: pulumi.StringMap{
"Environment": pulumi.String("development"),
"Purpose": pulumi.String("code-signing"),
},
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Aws = Pulumi.Aws;
return await Deployment.RunAsync(() =>
{
var example = new Aws.Lambda.CodeSigningConfig("example", new()
{
Description = "Development code signing configuration",
AllowedPublishers = new Aws.Lambda.Inputs.CodeSigningConfigAllowedPublishersArgs
{
SigningProfileVersionArns = new[]
{
dev.VersionArn,
},
},
Policies = new Aws.Lambda.Inputs.CodeSigningConfigPoliciesArgs
{
UntrustedArtifactOnDeployment = "Warn",
},
Tags =
{
{ "Environment", "development" },
{ "Purpose", "code-signing" },
},
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.lambda.CodeSigningConfig;
import com.pulumi.aws.lambda.CodeSigningConfigArgs;
import com.pulumi.aws.lambda.inputs.CodeSigningConfigAllowedPublishersArgs;
import com.pulumi.aws.lambda.inputs.CodeSigningConfigPoliciesArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var example = new CodeSigningConfig("example", CodeSigningConfigArgs.builder()
.description("Development code signing configuration")
.allowedPublishers(CodeSigningConfigAllowedPublishersArgs.builder()
.signingProfileVersionArns(dev.versionArn())
.build())
.policies(CodeSigningConfigPoliciesArgs.builder()
.untrustedArtifactOnDeployment("Warn")
.build())
.tags(Map.ofEntries(
Map.entry("Environment", "development"),
Map.entry("Purpose", "code-signing")
))
.build());
}
}
resources:
example:
type: aws:lambda:CodeSigningConfig
properties:
description: Development code signing configuration
allowedPublishers:
signingProfileVersionArns:
- ${dev.versionArn}
policies:
untrustedArtifactOnDeployment: Warn
tags:
Environment: development
Purpose: code-signing
Multiple Environment Configuration
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
// Production signing configuration
const prod = new aws.lambda.CodeSigningConfig("prod", {
description: "Production code signing configuration with strict enforcement",
allowedPublishers: {
signingProfileVersionArns: [prodAwsSignerSigningProfile.versionArn],
},
policies: {
untrustedArtifactOnDeployment: "Enforce",
},
tags: {
Environment: "production",
Security: "strict",
},
});
// Development signing configuration
const dev = new aws.lambda.CodeSigningConfig("dev", {
description: "Development code signing configuration with warnings",
allowedPublishers: {
signingProfileVersionArns: [
devAwsSignerSigningProfile.versionArn,
test.versionArn,
],
},
policies: {
untrustedArtifactOnDeployment: "Warn",
},
tags: {
Environment: "development",
Security: "flexible",
},
});
import pulumi
import pulumi_aws as aws
# Production signing configuration
prod = aws.lambda_.CodeSigningConfig("prod",
description="Production code signing configuration with strict enforcement",
allowed_publishers={
"signing_profile_version_arns": [prod_aws_signer_signing_profile["versionArn"]],
},
policies={
"untrusted_artifact_on_deployment": "Enforce",
},
tags={
"Environment": "production",
"Security": "strict",
})
# Development signing configuration
dev = aws.lambda_.CodeSigningConfig("dev",
description="Development code signing configuration with warnings",
allowed_publishers={
"signing_profile_version_arns": [
dev_aws_signer_signing_profile["versionArn"],
test["versionArn"],
],
},
policies={
"untrusted_artifact_on_deployment": "Warn",
},
tags={
"Environment": "development",
"Security": "flexible",
})
package main
import (
"github.com/pulumi/pulumi-aws/sdk/v7/go/aws/lambda"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
// Production signing configuration
_, err := lambda.NewCodeSigningConfig(ctx, "prod", &lambda.CodeSigningConfigArgs{
Description: pulumi.String("Production code signing configuration with strict enforcement"),
AllowedPublishers: &lambda.CodeSigningConfigAllowedPublishersArgs{
SigningProfileVersionArns: pulumi.StringArray{
prodAwsSignerSigningProfile.VersionArn,
},
},
Policies: &lambda.CodeSigningConfigPoliciesArgs{
UntrustedArtifactOnDeployment: pulumi.String("Enforce"),
},
Tags: pulumi.StringMap{
"Environment": pulumi.String("production"),
"Security": pulumi.String("strict"),
},
})
if err != nil {
return err
}
// Development signing configuration
_, err = lambda.NewCodeSigningConfig(ctx, "dev", &lambda.CodeSigningConfigArgs{
Description: pulumi.String("Development code signing configuration with warnings"),
AllowedPublishers: &lambda.CodeSigningConfigAllowedPublishersArgs{
SigningProfileVersionArns: pulumi.StringArray{
devAwsSignerSigningProfile.VersionArn,
test.VersionArn,
},
},
Policies: &lambda.CodeSigningConfigPoliciesArgs{
UntrustedArtifactOnDeployment: pulumi.String("Warn"),
},
Tags: pulumi.StringMap{
"Environment": pulumi.String("development"),
"Security": pulumi.String("flexible"),
},
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Aws = Pulumi.Aws;
return await Deployment.RunAsync(() =>
{
// Production signing configuration
var prod = new Aws.Lambda.CodeSigningConfig("prod", new()
{
Description = "Production code signing configuration with strict enforcement",
AllowedPublishers = new Aws.Lambda.Inputs.CodeSigningConfigAllowedPublishersArgs
{
SigningProfileVersionArns = new[]
{
prodAwsSignerSigningProfile.VersionArn,
},
},
Policies = new Aws.Lambda.Inputs.CodeSigningConfigPoliciesArgs
{
UntrustedArtifactOnDeployment = "Enforce",
},
Tags =
{
{ "Environment", "production" },
{ "Security", "strict" },
},
});
// Development signing configuration
var dev = new Aws.Lambda.CodeSigningConfig("dev", new()
{
Description = "Development code signing configuration with warnings",
AllowedPublishers = new Aws.Lambda.Inputs.CodeSigningConfigAllowedPublishersArgs
{
SigningProfileVersionArns = new[]
{
devAwsSignerSigningProfile.VersionArn,
test.VersionArn,
},
},
Policies = new Aws.Lambda.Inputs.CodeSigningConfigPoliciesArgs
{
UntrustedArtifactOnDeployment = "Warn",
},
Tags =
{
{ "Environment", "development" },
{ "Security", "flexible" },
},
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.lambda.CodeSigningConfig;
import com.pulumi.aws.lambda.CodeSigningConfigArgs;
import com.pulumi.aws.lambda.inputs.CodeSigningConfigAllowedPublishersArgs;
import com.pulumi.aws.lambda.inputs.CodeSigningConfigPoliciesArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
// Production signing configuration
var prod = new CodeSigningConfig("prod", CodeSigningConfigArgs.builder()
.description("Production code signing configuration with strict enforcement")
.allowedPublishers(CodeSigningConfigAllowedPublishersArgs.builder()
.signingProfileVersionArns(prodAwsSignerSigningProfile.versionArn())
.build())
.policies(CodeSigningConfigPoliciesArgs.builder()
.untrustedArtifactOnDeployment("Enforce")
.build())
.tags(Map.ofEntries(
Map.entry("Environment", "production"),
Map.entry("Security", "strict")
))
.build());
// Development signing configuration
var dev = new CodeSigningConfig("dev", CodeSigningConfigArgs.builder()
.description("Development code signing configuration with warnings")
.allowedPublishers(CodeSigningConfigAllowedPublishersArgs.builder()
.signingProfileVersionArns(
devAwsSignerSigningProfile.versionArn(),
test.versionArn())
.build())
.policies(CodeSigningConfigPoliciesArgs.builder()
.untrustedArtifactOnDeployment("Warn")
.build())
.tags(Map.ofEntries(
Map.entry("Environment", "development"),
Map.entry("Security", "flexible")
))
.build());
}
}
resources:
# Production signing configuration
prod:
type: aws:lambda:CodeSigningConfig
properties:
description: Production code signing configuration with strict enforcement
allowedPublishers:
signingProfileVersionArns:
- ${prodAwsSignerSigningProfile.versionArn}
policies:
untrustedArtifactOnDeployment: Enforce
tags:
Environment: production
Security: strict
# Development signing configuration
dev:
type: aws:lambda:CodeSigningConfig
properties:
description: Development code signing configuration with warnings
allowedPublishers:
signingProfileVersionArns:
- ${devAwsSignerSigningProfile.versionArn}
- ${test.versionArn}
policies:
untrustedArtifactOnDeployment: Warn
tags:
Environment: development
Security: flexible
Create CodeSigningConfig Resource
Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.
Constructor syntax
new CodeSigningConfig(name: string, args: CodeSigningConfigArgs, opts?: CustomResourceOptions);
@overload
def CodeSigningConfig(resource_name: str,
args: CodeSigningConfigArgs,
opts: Optional[ResourceOptions] = None)
@overload
def CodeSigningConfig(resource_name: str,
opts: Optional[ResourceOptions] = None,
allowed_publishers: Optional[CodeSigningConfigAllowedPublishersArgs] = None,
description: Optional[str] = None,
policies: Optional[CodeSigningConfigPoliciesArgs] = None,
region: Optional[str] = None,
tags: Optional[Mapping[str, str]] = None)
func NewCodeSigningConfig(ctx *Context, name string, args CodeSigningConfigArgs, opts ...ResourceOption) (*CodeSigningConfig, error)
public CodeSigningConfig(string name, CodeSigningConfigArgs args, CustomResourceOptions? opts = null)
public CodeSigningConfig(String name, CodeSigningConfigArgs args)
public CodeSigningConfig(String name, CodeSigningConfigArgs args, CustomResourceOptions options)
type: aws:lambda:CodeSigningConfig
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
Parameters
- name string
- The unique name of the resource.
- args CodeSigningConfigArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args CodeSigningConfigArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args CodeSigningConfigArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args CodeSigningConfigArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args CodeSigningConfigArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
Constructor example
The following reference example uses placeholder values for all input properties.
var codeSigningConfigResource = new Aws.Lambda.CodeSigningConfig("codeSigningConfigResource", new()
{
AllowedPublishers = new Aws.Lambda.Inputs.CodeSigningConfigAllowedPublishersArgs
{
SigningProfileVersionArns = new[]
{
"string",
},
},
Description = "string",
Policies = new Aws.Lambda.Inputs.CodeSigningConfigPoliciesArgs
{
UntrustedArtifactOnDeployment = "string",
},
Region = "string",
Tags =
{
{ "string", "string" },
},
});
example, err := lambda.NewCodeSigningConfig(ctx, "codeSigningConfigResource", &lambda.CodeSigningConfigArgs{
AllowedPublishers: &lambda.CodeSigningConfigAllowedPublishersArgs{
SigningProfileVersionArns: pulumi.StringArray{
pulumi.String("string"),
},
},
Description: pulumi.String("string"),
Policies: &lambda.CodeSigningConfigPoliciesArgs{
UntrustedArtifactOnDeployment: pulumi.String("string"),
},
Region: pulumi.String("string"),
Tags: pulumi.StringMap{
"string": pulumi.String("string"),
},
})
var codeSigningConfigResource = new CodeSigningConfig("codeSigningConfigResource", CodeSigningConfigArgs.builder()
.allowedPublishers(CodeSigningConfigAllowedPublishersArgs.builder()
.signingProfileVersionArns("string")
.build())
.description("string")
.policies(CodeSigningConfigPoliciesArgs.builder()
.untrustedArtifactOnDeployment("string")
.build())
.region("string")
.tags(Map.of("string", "string"))
.build());
code_signing_config_resource = aws.lambda_.CodeSigningConfig("codeSigningConfigResource",
allowed_publishers={
"signing_profile_version_arns": ["string"],
},
description="string",
policies={
"untrusted_artifact_on_deployment": "string",
},
region="string",
tags={
"string": "string",
})
const codeSigningConfigResource = new aws.lambda.CodeSigningConfig("codeSigningConfigResource", {
allowedPublishers: {
signingProfileVersionArns: ["string"],
},
description: "string",
policies: {
untrustedArtifactOnDeployment: "string",
},
region: "string",
tags: {
string: "string",
},
});
type: aws:lambda:CodeSigningConfig
properties:
allowedPublishers:
signingProfileVersionArns:
- string
description: string
policies:
untrustedArtifactOnDeployment: string
region: string
tags:
string: string
CodeSigningConfig Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.
The CodeSigningConfig resource accepts the following input properties:
- Allowed
Publishers CodeSigning Config Allowed Publishers Configuration block of allowed publishers as signing profiles for this code signing configuration. See below.
The following arguments are optional:
- Description string
- Descriptive name for this code signing configuration.
- Policies
Code
Signing Config Policies - Configuration block of code signing policies that define the actions to take if the validation checks fail. See below.
- Region string
- Region where this resource will be managed. Defaults to the Region set in the provider configuration.
- Dictionary<string, string>
- Map of tags to assign to the object. If configured with a provider
default_tags
configuration block present, tags with matching keys will overwrite those defined at the provider-level.
- Allowed
Publishers CodeSigning Config Allowed Publishers Args Configuration block of allowed publishers as signing profiles for this code signing configuration. See below.
The following arguments are optional:
- Description string
- Descriptive name for this code signing configuration.
- Policies
Code
Signing Config Policies Args - Configuration block of code signing policies that define the actions to take if the validation checks fail. See below.
- Region string
- Region where this resource will be managed. Defaults to the Region set in the provider configuration.
- map[string]string
- Map of tags to assign to the object. If configured with a provider
default_tags
configuration block present, tags with matching keys will overwrite those defined at the provider-level.
- allowed
Publishers CodeSigning Config Allowed Publishers Configuration block of allowed publishers as signing profiles for this code signing configuration. See below.
The following arguments are optional:
- description String
- Descriptive name for this code signing configuration.
- policies
Code
Signing Config Policies - Configuration block of code signing policies that define the actions to take if the validation checks fail. See below.
- region String
- Region where this resource will be managed. Defaults to the Region set in the provider configuration.
- Map<String,String>
- Map of tags to assign to the object. If configured with a provider
default_tags
configuration block present, tags with matching keys will overwrite those defined at the provider-level.
- allowed
Publishers CodeSigning Config Allowed Publishers Configuration block of allowed publishers as signing profiles for this code signing configuration. See below.
The following arguments are optional:
- description string
- Descriptive name for this code signing configuration.
- policies
Code
Signing Config Policies - Configuration block of code signing policies that define the actions to take if the validation checks fail. See below.
- region string
- Region where this resource will be managed. Defaults to the Region set in the provider configuration.
- {[key: string]: string}
- Map of tags to assign to the object. If configured with a provider
default_tags
configuration block present, tags with matching keys will overwrite those defined at the provider-level.
- allowed_
publishers CodeSigning Config Allowed Publishers Args Configuration block of allowed publishers as signing profiles for this code signing configuration. See below.
The following arguments are optional:
- description str
- Descriptive name for this code signing configuration.
- policies
Code
Signing Config Policies Args - Configuration block of code signing policies that define the actions to take if the validation checks fail. See below.
- region str
- Region where this resource will be managed. Defaults to the Region set in the provider configuration.
- Mapping[str, str]
- Map of tags to assign to the object. If configured with a provider
default_tags
configuration block present, tags with matching keys will overwrite those defined at the provider-level.
- allowed
Publishers Property Map Configuration block of allowed publishers as signing profiles for this code signing configuration. See below.
The following arguments are optional:
- description String
- Descriptive name for this code signing configuration.
- policies Property Map
- Configuration block of code signing policies that define the actions to take if the validation checks fail. See below.
- region String
- Region where this resource will be managed. Defaults to the Region set in the provider configuration.
- Map<String>
- Map of tags to assign to the object. If configured with a provider
default_tags
configuration block present, tags with matching keys will overwrite those defined at the provider-level.
Outputs
All input properties are implicitly available as output properties. Additionally, the CodeSigningConfig resource produces the following output properties:
- Arn string
- ARN of the code signing configuration.
- Config
Id string - Unique identifier for the code signing configuration.
- Id string
- The provider-assigned unique ID for this managed resource.
- Last
Modified string - Date and time that the code signing configuration was last modified.
- Dictionary<string, string>
- Map of tags assigned to the resource, including those inherited from the provider
default_tags
configuration block.
- Arn string
- ARN of the code signing configuration.
- Config
Id string - Unique identifier for the code signing configuration.
- Id string
- The provider-assigned unique ID for this managed resource.
- Last
Modified string - Date and time that the code signing configuration was last modified.
- map[string]string
- Map of tags assigned to the resource, including those inherited from the provider
default_tags
configuration block.
- arn String
- ARN of the code signing configuration.
- config
Id String - Unique identifier for the code signing configuration.
- id String
- The provider-assigned unique ID for this managed resource.
- last
Modified String - Date and time that the code signing configuration was last modified.
- Map<String,String>
- Map of tags assigned to the resource, including those inherited from the provider
default_tags
configuration block.
- arn string
- ARN of the code signing configuration.
- config
Id string - Unique identifier for the code signing configuration.
- id string
- The provider-assigned unique ID for this managed resource.
- last
Modified string - Date and time that the code signing configuration was last modified.
- {[key: string]: string}
- Map of tags assigned to the resource, including those inherited from the provider
default_tags
configuration block.
- arn str
- ARN of the code signing configuration.
- config_
id str - Unique identifier for the code signing configuration.
- id str
- The provider-assigned unique ID for this managed resource.
- last_
modified str - Date and time that the code signing configuration was last modified.
- Mapping[str, str]
- Map of tags assigned to the resource, including those inherited from the provider
default_tags
configuration block.
- arn String
- ARN of the code signing configuration.
- config
Id String - Unique identifier for the code signing configuration.
- id String
- The provider-assigned unique ID for this managed resource.
- last
Modified String - Date and time that the code signing configuration was last modified.
- Map<String>
- Map of tags assigned to the resource, including those inherited from the provider
default_tags
configuration block.
Look up Existing CodeSigningConfig Resource
Get an existing CodeSigningConfig resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
public static get(name: string, id: Input<ID>, state?: CodeSigningConfigState, opts?: CustomResourceOptions): CodeSigningConfig
@staticmethod
def get(resource_name: str,
id: str,
opts: Optional[ResourceOptions] = None,
allowed_publishers: Optional[CodeSigningConfigAllowedPublishersArgs] = None,
arn: Optional[str] = None,
config_id: Optional[str] = None,
description: Optional[str] = None,
last_modified: Optional[str] = None,
policies: Optional[CodeSigningConfigPoliciesArgs] = None,
region: Optional[str] = None,
tags: Optional[Mapping[str, str]] = None,
tags_all: Optional[Mapping[str, str]] = None) -> CodeSigningConfig
func GetCodeSigningConfig(ctx *Context, name string, id IDInput, state *CodeSigningConfigState, opts ...ResourceOption) (*CodeSigningConfig, error)
public static CodeSigningConfig Get(string name, Input<string> id, CodeSigningConfigState? state, CustomResourceOptions? opts = null)
public static CodeSigningConfig get(String name, Output<String> id, CodeSigningConfigState state, CustomResourceOptions options)
resources: _: type: aws:lambda:CodeSigningConfig get: id: ${id}
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- resource_name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- Allowed
Publishers CodeSigning Config Allowed Publishers Configuration block of allowed publishers as signing profiles for this code signing configuration. See below.
The following arguments are optional:
- Arn string
- ARN of the code signing configuration.
- Config
Id string - Unique identifier for the code signing configuration.
- Description string
- Descriptive name for this code signing configuration.
- Last
Modified string - Date and time that the code signing configuration was last modified.
- Policies
Code
Signing Config Policies - Configuration block of code signing policies that define the actions to take if the validation checks fail. See below.
- Region string
- Region where this resource will be managed. Defaults to the Region set in the provider configuration.
- Dictionary<string, string>
- Map of tags to assign to the object. If configured with a provider
default_tags
configuration block present, tags with matching keys will overwrite those defined at the provider-level. - Dictionary<string, string>
- Map of tags assigned to the resource, including those inherited from the provider
default_tags
configuration block.
- Allowed
Publishers CodeSigning Config Allowed Publishers Args Configuration block of allowed publishers as signing profiles for this code signing configuration. See below.
The following arguments are optional:
- Arn string
- ARN of the code signing configuration.
- Config
Id string - Unique identifier for the code signing configuration.
- Description string
- Descriptive name for this code signing configuration.
- Last
Modified string - Date and time that the code signing configuration was last modified.
- Policies
Code
Signing Config Policies Args - Configuration block of code signing policies that define the actions to take if the validation checks fail. See below.
- Region string
- Region where this resource will be managed. Defaults to the Region set in the provider configuration.
- map[string]string
- Map of tags to assign to the object. If configured with a provider
default_tags
configuration block present, tags with matching keys will overwrite those defined at the provider-level. - map[string]string
- Map of tags assigned to the resource, including those inherited from the provider
default_tags
configuration block.
- allowed
Publishers CodeSigning Config Allowed Publishers Configuration block of allowed publishers as signing profiles for this code signing configuration. See below.
The following arguments are optional:
- arn String
- ARN of the code signing configuration.
- config
Id String - Unique identifier for the code signing configuration.
- description String
- Descriptive name for this code signing configuration.
- last
Modified String - Date and time that the code signing configuration was last modified.
- policies
Code
Signing Config Policies - Configuration block of code signing policies that define the actions to take if the validation checks fail. See below.
- region String
- Region where this resource will be managed. Defaults to the Region set in the provider configuration.
- Map<String,String>
- Map of tags to assign to the object. If configured with a provider
default_tags
configuration block present, tags with matching keys will overwrite those defined at the provider-level. - Map<String,String>
- Map of tags assigned to the resource, including those inherited from the provider
default_tags
configuration block.
- allowed
Publishers CodeSigning Config Allowed Publishers Configuration block of allowed publishers as signing profiles for this code signing configuration. See below.
The following arguments are optional:
- arn string
- ARN of the code signing configuration.
- config
Id string - Unique identifier for the code signing configuration.
- description string
- Descriptive name for this code signing configuration.
- last
Modified string - Date and time that the code signing configuration was last modified.
- policies
Code
Signing Config Policies - Configuration block of code signing policies that define the actions to take if the validation checks fail. See below.
- region string
- Region where this resource will be managed. Defaults to the Region set in the provider configuration.
- {[key: string]: string}
- Map of tags to assign to the object. If configured with a provider
default_tags
configuration block present, tags with matching keys will overwrite those defined at the provider-level. - {[key: string]: string}
- Map of tags assigned to the resource, including those inherited from the provider
default_tags
configuration block.
- allowed_
publishers CodeSigning Config Allowed Publishers Args Configuration block of allowed publishers as signing profiles for this code signing configuration. See below.
The following arguments are optional:
- arn str
- ARN of the code signing configuration.
- config_
id str - Unique identifier for the code signing configuration.
- description str
- Descriptive name for this code signing configuration.
- last_
modified str - Date and time that the code signing configuration was last modified.
- policies
Code
Signing Config Policies Args - Configuration block of code signing policies that define the actions to take if the validation checks fail. See below.
- region str
- Region where this resource will be managed. Defaults to the Region set in the provider configuration.
- Mapping[str, str]
- Map of tags to assign to the object. If configured with a provider
default_tags
configuration block present, tags with matching keys will overwrite those defined at the provider-level. - Mapping[str, str]
- Map of tags assigned to the resource, including those inherited from the provider
default_tags
configuration block.
- allowed
Publishers Property Map Configuration block of allowed publishers as signing profiles for this code signing configuration. See below.
The following arguments are optional:
- arn String
- ARN of the code signing configuration.
- config
Id String - Unique identifier for the code signing configuration.
- description String
- Descriptive name for this code signing configuration.
- last
Modified String - Date and time that the code signing configuration was last modified.
- policies Property Map
- Configuration block of code signing policies that define the actions to take if the validation checks fail. See below.
- region String
- Region where this resource will be managed. Defaults to the Region set in the provider configuration.
- Map<String>
- Map of tags to assign to the object. If configured with a provider
default_tags
configuration block present, tags with matching keys will overwrite those defined at the provider-level. - Map<String>
- Map of tags assigned to the resource, including those inherited from the provider
default_tags
configuration block.
Supporting Types
CodeSigningConfigAllowedPublishers, CodeSigningConfigAllowedPublishersArgs
- Signing
Profile List<string>Version Arns - Set of ARNs for each of the signing profiles. A signing profile defines a trusted user who can sign a code package. Maximum of 20 signing profiles.
- Signing
Profile []stringVersion Arns - Set of ARNs for each of the signing profiles. A signing profile defines a trusted user who can sign a code package. Maximum of 20 signing profiles.
- signing
Profile List<String>Version Arns - Set of ARNs for each of the signing profiles. A signing profile defines a trusted user who can sign a code package. Maximum of 20 signing profiles.
- signing
Profile string[]Version Arns - Set of ARNs for each of the signing profiles. A signing profile defines a trusted user who can sign a code package. Maximum of 20 signing profiles.
- signing_
profile_ Sequence[str]version_ arns - Set of ARNs for each of the signing profiles. A signing profile defines a trusted user who can sign a code package. Maximum of 20 signing profiles.
- signing
Profile List<String>Version Arns - Set of ARNs for each of the signing profiles. A signing profile defines a trusted user who can sign a code package. Maximum of 20 signing profiles.
CodeSigningConfigPolicies, CodeSigningConfigPoliciesArgs
- Untrusted
Artifact stringOn Deployment - Code signing configuration policy for deployment validation failure. If you set the policy to
Enforce
, Lambda blocks the deployment request if code-signing validation checks fail. If you set the policy toWarn
, Lambda allows the deployment and creates a CloudWatch log. Valid values:Warn
,Enforce
. Default value:Warn
.
- Untrusted
Artifact stringOn Deployment - Code signing configuration policy for deployment validation failure. If you set the policy to
Enforce
, Lambda blocks the deployment request if code-signing validation checks fail. If you set the policy toWarn
, Lambda allows the deployment and creates a CloudWatch log. Valid values:Warn
,Enforce
. Default value:Warn
.
- untrusted
Artifact StringOn Deployment - Code signing configuration policy for deployment validation failure. If you set the policy to
Enforce
, Lambda blocks the deployment request if code-signing validation checks fail. If you set the policy toWarn
, Lambda allows the deployment and creates a CloudWatch log. Valid values:Warn
,Enforce
. Default value:Warn
.
- untrusted
Artifact stringOn Deployment - Code signing configuration policy for deployment validation failure. If you set the policy to
Enforce
, Lambda blocks the deployment request if code-signing validation checks fail. If you set the policy toWarn
, Lambda allows the deployment and creates a CloudWatch log. Valid values:Warn
,Enforce
. Default value:Warn
.
- untrusted_
artifact_ stron_ deployment - Code signing configuration policy for deployment validation failure. If you set the policy to
Enforce
, Lambda blocks the deployment request if code-signing validation checks fail. If you set the policy toWarn
, Lambda allows the deployment and creates a CloudWatch log. Valid values:Warn
,Enforce
. Default value:Warn
.
- untrusted
Artifact StringOn Deployment - Code signing configuration policy for deployment validation failure. If you set the policy to
Enforce
, Lambda blocks the deployment request if code-signing validation checks fail. If you set the policy toWarn
, Lambda allows the deployment and creates a CloudWatch log. Valid values:Warn
,Enforce
. Default value:Warn
.
Import
For backwards compatibility, the following legacy pulumi import
command is also supported:
$ pulumi import aws:lambda/codeSigningConfig:CodeSigningConfig example arn:aws:lambda:us-west-2:123456789012:code-signing-config:csc-0f6c334abcdea4d8b
To learn more about importing existing cloud resources, see Importing resources.
Package Details
- Repository
- AWS Classic pulumi/pulumi-aws
- License
- Apache-2.0
- Notes
- This Pulumi package is based on the
aws
Terraform Provider.