Docs Home
AWS v6.73.0 published on Wednesday, Mar 19, 2025 by Pulumi
aws.signer.SigningProfilePermission
Explore with Pulumi AI
Creates a Signer Signing Profile Permission. That is, a cross-account permission for a signing profile.
Example Usage
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
const prodSp = new aws.signer.SigningProfile("prod_sp", {
platformId: "AWSLambda-SHA384-ECDSA",
namePrefix: "prod_sp_",
signatureValidityPeriod: {
value: 5,
type: "YEARS",
},
tags: {
tag1: "value1",
tag2: "value2",
},
});
const spPermission1 = new aws.signer.SigningProfilePermission("sp_permission_1", {
profileName: prodSp.name,
action: "signer:StartSigningJob",
principal: awsAccount,
});
const spPermission2 = new aws.signer.SigningProfilePermission("sp_permission_2", {
profileName: prodSp.name,
action: "signer:GetSigningProfile",
principal: awsTeamRoleArn,
statementId: "ProdAccountStartSigningJob_StatementId",
});
const spPermission3 = new aws.signer.SigningProfilePermission("sp_permission_3", {
profileName: prodSp.name,
action: "signer:RevokeSignature",
principal: "123456789012",
profileVersion: prodSp.version,
statementIdPrefix: "version-permission-",
});
import pulumi
import pulumi_aws as aws
prod_sp = aws.signer.SigningProfile("prod_sp",
platform_id="AWSLambda-SHA384-ECDSA",
name_prefix="prod_sp_",
signature_validity_period={
"value": 5,
"type": "YEARS",
},
tags={
"tag1": "value1",
"tag2": "value2",
})
sp_permission1 = aws.signer.SigningProfilePermission("sp_permission_1",
profile_name=prod_sp.name,
action="signer:StartSigningJob",
principal=aws_account)
sp_permission2 = aws.signer.SigningProfilePermission("sp_permission_2",
profile_name=prod_sp.name,
action="signer:GetSigningProfile",
principal=aws_team_role_arn,
statement_id="ProdAccountStartSigningJob_StatementId")
sp_permission3 = aws.signer.SigningProfilePermission("sp_permission_3",
profile_name=prod_sp.name,
action="signer:RevokeSignature",
principal="123456789012",
profile_version=prod_sp.version,
statement_id_prefix="version-permission-")
package main
import (
"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/signer"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
prodSp, err := signer.NewSigningProfile(ctx, "prod_sp", &signer.SigningProfileArgs{
PlatformId: pulumi.String("AWSLambda-SHA384-ECDSA"),
NamePrefix: pulumi.String("prod_sp_"),
SignatureValidityPeriod: &signer.SigningProfileSignatureValidityPeriodArgs{
Value: pulumi.Int(5),
Type: pulumi.String("YEARS"),
},
Tags: pulumi.StringMap{
"tag1": pulumi.String("value1"),
"tag2": pulumi.String("value2"),
},
})
if err != nil {
return err
}
_, err = signer.NewSigningProfilePermission(ctx, "sp_permission_1", &signer.SigningProfilePermissionArgs{
ProfileName: prodSp.Name,
Action: pulumi.String("signer:StartSigningJob"),
Principal: pulumi.Any(awsAccount),
})
if err != nil {
return err
}
_, err = signer.NewSigningProfilePermission(ctx, "sp_permission_2", &signer.SigningProfilePermissionArgs{
ProfileName: prodSp.Name,
Action: pulumi.String("signer:GetSigningProfile"),
Principal: pulumi.Any(awsTeamRoleArn),
StatementId: pulumi.String("ProdAccountStartSigningJob_StatementId"),
})
if err != nil {
return err
}
_, err = signer.NewSigningProfilePermission(ctx, "sp_permission_3", &signer.SigningProfilePermissionArgs{
ProfileName: prodSp.Name,
Action: pulumi.String("signer:RevokeSignature"),
Principal: pulumi.String("123456789012"),
ProfileVersion: prodSp.Version,
StatementIdPrefix: pulumi.String("version-permission-"),
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Aws = Pulumi.Aws;
return await Deployment.RunAsync(() =>
{
var prodSp = new Aws.Signer.SigningProfile("prod_sp", new()
{
PlatformId = "AWSLambda-SHA384-ECDSA",
NamePrefix = "prod_sp_",
SignatureValidityPeriod = new Aws.Signer.Inputs.SigningProfileSignatureValidityPeriodArgs
{
Value = 5,
Type = "YEARS",
},
Tags =
{
{ "tag1", "value1" },
{ "tag2", "value2" },
},
});
var spPermission1 = new Aws.Signer.SigningProfilePermission("sp_permission_1", new()
{
ProfileName = prodSp.Name,
Action = "signer:StartSigningJob",
Principal = awsAccount,
});
var spPermission2 = new Aws.Signer.SigningProfilePermission("sp_permission_2", new()
{
ProfileName = prodSp.Name,
Action = "signer:GetSigningProfile",
Principal = awsTeamRoleArn,
StatementId = "ProdAccountStartSigningJob_StatementId",
});
var spPermission3 = new Aws.Signer.SigningProfilePermission("sp_permission_3", new()
{
ProfileName = prodSp.Name,
Action = "signer:RevokeSignature",
Principal = "123456789012",
ProfileVersion = prodSp.Version,
StatementIdPrefix = "version-permission-",
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.signer.SigningProfile;
import com.pulumi.aws.signer.SigningProfileArgs;
import com.pulumi.aws.signer.inputs.SigningProfileSignatureValidityPeriodArgs;
import com.pulumi.aws.signer.SigningProfilePermission;
import com.pulumi.aws.signer.SigningProfilePermissionArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var prodSp = new SigningProfile("prodSp", SigningProfileArgs.builder()
.platformId("AWSLambda-SHA384-ECDSA")
.namePrefix("prod_sp_")
.signatureValidityPeriod(SigningProfileSignatureValidityPeriodArgs.builder()
.value(5)
.type("YEARS")
.build())
.tags(Map.ofEntries(
Map.entry("tag1", "value1"),
Map.entry("tag2", "value2")
))
.build());
var spPermission1 = new SigningProfilePermission("spPermission1", SigningProfilePermissionArgs.builder()
.profileName(prodSp.name())
.action("signer:StartSigningJob")
.principal(awsAccount)
.build());
var spPermission2 = new SigningProfilePermission("spPermission2", SigningProfilePermissionArgs.builder()
.profileName(prodSp.name())
.action("signer:GetSigningProfile")
.principal(awsTeamRoleArn)
.statementId("ProdAccountStartSigningJob_StatementId")
.build());
var spPermission3 = new SigningProfilePermission("spPermission3", SigningProfilePermissionArgs.builder()
.profileName(prodSp.name())
.action("signer:RevokeSignature")
.principal("123456789012")
.profileVersion(prodSp.version())
.statementIdPrefix("version-permission-")
.build());
}
}
resources:
prodSp:
type: aws:signer:SigningProfile
name: prod_sp
properties:
platformId: AWSLambda-SHA384-ECDSA
namePrefix: prod_sp_
signatureValidityPeriod:
value: 5
type: YEARS
tags:
tag1: value1
tag2: value2
spPermission1:
type: aws:signer:SigningProfilePermission
name: sp_permission_1
properties:
profileName: ${prodSp.name}
action: signer:StartSigningJob
principal: ${awsAccount}
spPermission2:
type: aws:signer:SigningProfilePermission
name: sp_permission_2
properties:
profileName: ${prodSp.name}
action: signer:GetSigningProfile
principal: ${awsTeamRoleArn}
statementId: ProdAccountStartSigningJob_StatementId
spPermission3:
type: aws:signer:SigningProfilePermission
name: sp_permission_3
properties:
profileName: ${prodSp.name}
action: signer:RevokeSignature
principal: '123456789012'
profileVersion: ${prodSp.version}
statementIdPrefix: version-permission-
Create SigningProfilePermission Resource
Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.
Constructor syntax
new SigningProfilePermission(name: string, args: SigningProfilePermissionArgs, opts?: CustomResourceOptions);@overload
def SigningProfilePermission(resource_name: str,
args: SigningProfilePermissionArgs,
opts: Optional[ResourceOptions] = None)
@overload
def SigningProfilePermission(resource_name: str,
opts: Optional[ResourceOptions] = None,
action: Optional[str] = None,
principal: Optional[str] = None,
profile_name: Optional[str] = None,
profile_version: Optional[str] = None,
statement_id: Optional[str] = None,
statement_id_prefix: Optional[str] = None)func NewSigningProfilePermission(ctx *Context, name string, args SigningProfilePermissionArgs, opts ...ResourceOption) (*SigningProfilePermission, error)public SigningProfilePermission(string name, SigningProfilePermissionArgs args, CustomResourceOptions? opts = null)
public SigningProfilePermission(String name, SigningProfilePermissionArgs args)
public SigningProfilePermission(String name, SigningProfilePermissionArgs args, CustomResourceOptions options)
type: aws:signer:SigningProfilePermission
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
Parameters
- name string
- The unique name of the resource.
- args SigningProfilePermissionArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args SigningProfilePermissionArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args SigningProfilePermissionArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args SigningProfilePermissionArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args SigningProfilePermissionArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
Constructor example
The following reference example uses placeholder values for all input properties.
var signingProfilePermissionResource = new Aws.Signer.SigningProfilePermission("signingProfilePermissionResource", new()
{
Action = "string",
Principal = "string",
ProfileName = "string",
ProfileVersion = "string",
StatementId = "string",
StatementIdPrefix = "string",
});
example, err := signer.NewSigningProfilePermission(ctx, "signingProfilePermissionResource", &signer.SigningProfilePermissionArgs{
Action: pulumi.String("string"),
Principal: pulumi.String("string"),
ProfileName: pulumi.String("string"),
ProfileVersion: pulumi.String("string"),
StatementId: pulumi.String("string"),
StatementIdPrefix: pulumi.String("string"),
})
var signingProfilePermissionResource = new SigningProfilePermission("signingProfilePermissionResource", SigningProfilePermissionArgs.builder()
.action("string")
.principal("string")
.profileName("string")
.profileVersion("string")
.statementId("string")
.statementIdPrefix("string")
.build());
signing_profile_permission_resource = aws.signer.SigningProfilePermission("signingProfilePermissionResource",
action="string",
principal="string",
profile_name="string",
profile_version="string",
statement_id="string",
statement_id_prefix="string")
const signingProfilePermissionResource = new aws.signer.SigningProfilePermission("signingProfilePermissionResource", {
action: "string",
principal: "string",
profileName: "string",
profileVersion: "string",
statementId: "string",
statementIdPrefix: "string",
});
type: aws:signer:SigningProfilePermission
properties:
action: string
principal: string
profileName: string
profileVersion: string
statementId: string
statementIdPrefix: string
SigningProfilePermission Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.
The SigningProfilePermission resource accepts the following input properties:
- Action string
- An AWS Signer action permitted as part of cross-account permissions. Valid values:
signer:StartSigningJob,signer:GetSigningProfile,signer:RevokeSignature, orsigner:SignPayload. - Principal string
- The AWS principal to be granted a cross-account permission.
- Profile
Name string - Name of the signing profile to add the cross-account permissions.
- Profile
Version string - The signing profile version that a permission applies to.
- Statement
Id string - A unique statement identifier. By default generated by the provider.
- Statement
Id stringPrefix - A statement identifier prefix. The provider will generate a unique suffix. Conflicts with
statement_id.
- Action string
- An AWS Signer action permitted as part of cross-account permissions. Valid values:
signer:StartSigningJob,signer:GetSigningProfile,signer:RevokeSignature, orsigner:SignPayload. - Principal string
- The AWS principal to be granted a cross-account permission.
- Profile
Name string - Name of the signing profile to add the cross-account permissions.
- Profile
Version string - The signing profile version that a permission applies to.
- Statement
Id string - A unique statement identifier. By default generated by the provider.
- Statement
Id stringPrefix - A statement identifier prefix. The provider will generate a unique suffix. Conflicts with
statement_id.
- action String
- An AWS Signer action permitted as part of cross-account permissions. Valid values:
signer:StartSigningJob,signer:GetSigningProfile,signer:RevokeSignature, orsigner:SignPayload. - principal String
- The AWS principal to be granted a cross-account permission.
- profile
Name String - Name of the signing profile to add the cross-account permissions.
- profile
Version String - The signing profile version that a permission applies to.
- statement
Id String - A unique statement identifier. By default generated by the provider.
- statement
Id StringPrefix - A statement identifier prefix. The provider will generate a unique suffix. Conflicts with
statement_id.
- action string
- An AWS Signer action permitted as part of cross-account permissions. Valid values:
signer:StartSigningJob,signer:GetSigningProfile,signer:RevokeSignature, orsigner:SignPayload. - principal string
- The AWS principal to be granted a cross-account permission.
- profile
Name string - Name of the signing profile to add the cross-account permissions.
- profile
Version string - The signing profile version that a permission applies to.
- statement
Id string - A unique statement identifier. By default generated by the provider.
- statement
Id stringPrefix - A statement identifier prefix. The provider will generate a unique suffix. Conflicts with
statement_id.
- action str
- An AWS Signer action permitted as part of cross-account permissions. Valid values:
signer:StartSigningJob,signer:GetSigningProfile,signer:RevokeSignature, orsigner:SignPayload. - principal str
- The AWS principal to be granted a cross-account permission.
- profile_
name str - Name of the signing profile to add the cross-account permissions.
- profile_
version str - The signing profile version that a permission applies to.
- statement_
id str - A unique statement identifier. By default generated by the provider.
- statement_
id_ strprefix - A statement identifier prefix. The provider will generate a unique suffix. Conflicts with
statement_id.
- action String
- An AWS Signer action permitted as part of cross-account permissions. Valid values:
signer:StartSigningJob,signer:GetSigningProfile,signer:RevokeSignature, orsigner:SignPayload. - principal String
- The AWS principal to be granted a cross-account permission.
- profile
Name String - Name of the signing profile to add the cross-account permissions.
- profile
Version String - The signing profile version that a permission applies to.
- statement
Id String - A unique statement identifier. By default generated by the provider.
- statement
Id StringPrefix - A statement identifier prefix. The provider will generate a unique suffix. Conflicts with
statement_id.
Outputs
All input properties are implicitly available as output properties. Additionally, the SigningProfilePermission resource produces the following output properties:
- Id string
- The provider-assigned unique ID for this managed resource.
- Id string
- The provider-assigned unique ID for this managed resource.
- id String
- The provider-assigned unique ID for this managed resource.
- id string
- The provider-assigned unique ID for this managed resource.
- id str
- The provider-assigned unique ID for this managed resource.
- id String
- The provider-assigned unique ID for this managed resource.
Look up Existing SigningProfilePermission Resource
Get an existing SigningProfilePermission resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
public static get(name: string, id: Input<ID>, state?: SigningProfilePermissionState, opts?: CustomResourceOptions): SigningProfilePermission@staticmethod
def get(resource_name: str,
id: str,
opts: Optional[ResourceOptions] = None,
action: Optional[str] = None,
principal: Optional[str] = None,
profile_name: Optional[str] = None,
profile_version: Optional[str] = None,
statement_id: Optional[str] = None,
statement_id_prefix: Optional[str] = None) -> SigningProfilePermissionfunc GetSigningProfilePermission(ctx *Context, name string, id IDInput, state *SigningProfilePermissionState, opts ...ResourceOption) (*SigningProfilePermission, error)public static SigningProfilePermission Get(string name, Input<string> id, SigningProfilePermissionState? state, CustomResourceOptions? opts = null)public static SigningProfilePermission get(String name, Output<String> id, SigningProfilePermissionState state, CustomResourceOptions options)resources: _: type: aws:signer:SigningProfilePermission get: id: ${id}- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- resource_name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- Action string
- An AWS Signer action permitted as part of cross-account permissions. Valid values:
signer:StartSigningJob,signer:GetSigningProfile,signer:RevokeSignature, orsigner:SignPayload. - Principal string
- The AWS principal to be granted a cross-account permission.
- Profile
Name string - Name of the signing profile to add the cross-account permissions.
- Profile
Version string - The signing profile version that a permission applies to.
- Statement
Id string - A unique statement identifier. By default generated by the provider.
- Statement
Id stringPrefix - A statement identifier prefix. The provider will generate a unique suffix. Conflicts with
statement_id.
- Action string
- An AWS Signer action permitted as part of cross-account permissions. Valid values:
signer:StartSigningJob,signer:GetSigningProfile,signer:RevokeSignature, orsigner:SignPayload. - Principal string
- The AWS principal to be granted a cross-account permission.
- Profile
Name string - Name of the signing profile to add the cross-account permissions.
- Profile
Version string - The signing profile version that a permission applies to.
- Statement
Id string - A unique statement identifier. By default generated by the provider.
- Statement
Id stringPrefix - A statement identifier prefix. The provider will generate a unique suffix. Conflicts with
statement_id.
- action String
- An AWS Signer action permitted as part of cross-account permissions. Valid values:
signer:StartSigningJob,signer:GetSigningProfile,signer:RevokeSignature, orsigner:SignPayload. - principal String
- The AWS principal to be granted a cross-account permission.
- profile
Name String - Name of the signing profile to add the cross-account permissions.
- profile
Version String - The signing profile version that a permission applies to.
- statement
Id String - A unique statement identifier. By default generated by the provider.
- statement
Id StringPrefix - A statement identifier prefix. The provider will generate a unique suffix. Conflicts with
statement_id.
- action string
- An AWS Signer action permitted as part of cross-account permissions. Valid values:
signer:StartSigningJob,signer:GetSigningProfile,signer:RevokeSignature, orsigner:SignPayload. - principal string
- The AWS principal to be granted a cross-account permission.
- profile
Name string - Name of the signing profile to add the cross-account permissions.
- profile
Version string - The signing profile version that a permission applies to.
- statement
Id string - A unique statement identifier. By default generated by the provider.
- statement
Id stringPrefix - A statement identifier prefix. The provider will generate a unique suffix. Conflicts with
statement_id.
- action str
- An AWS Signer action permitted as part of cross-account permissions. Valid values:
signer:StartSigningJob,signer:GetSigningProfile,signer:RevokeSignature, orsigner:SignPayload. - principal str
- The AWS principal to be granted a cross-account permission.
- profile_
name str - Name of the signing profile to add the cross-account permissions.
- profile_
version str - The signing profile version that a permission applies to.
- statement_
id str - A unique statement identifier. By default generated by the provider.
- statement_
id_ strprefix - A statement identifier prefix. The provider will generate a unique suffix. Conflicts with
statement_id.
- action String
- An AWS Signer action permitted as part of cross-account permissions. Valid values:
signer:StartSigningJob,signer:GetSigningProfile,signer:RevokeSignature, orsigner:SignPayload. - principal String
- The AWS principal to be granted a cross-account permission.
- profile
Name String - Name of the signing profile to add the cross-account permissions.
- profile
Version String - The signing profile version that a permission applies to.
- statement
Id String - A unique statement identifier. By default generated by the provider.
- statement
Id StringPrefix - A statement identifier prefix. The provider will generate a unique suffix. Conflicts with
statement_id.
Import
Using pulumi import, import Signer signing profile permission statements using profile_name/statement_id. For example:
$ pulumi import aws:signer/signingProfilePermission:SigningProfilePermission test_signer_signing_profile_permission prod_profile_DdW3Mk1foYL88fajut4mTVFGpuwfd4ACO6ANL0D1uIj7lrn8adK/ProdAccountStartSigningJobStatementId
To learn more about importing existing cloud resources, see Importing resources.
Package Details
- Repository
- AWS Classic pulumi/pulumi-aws
- License
- Apache-2.0
- Notes
- This Pulumi package is based on the
awsTerraform Provider.