[ aws . lambda ]

create-code-signing-config

Description

Creates a code signing configuration. A code signing configuration defines a list of allowed signing profiles and defines the code-signing validation policy (action to be taken if deployment validation checks fail).

See also: AWS API Documentation

See ‘aws help’ for descriptions of global parameters.

Synopsis

  create-code-signing-config
[--description <value>]
--allowed-publishers <value>
[--code-signing-policies <value>]
[--cli-input-json | --cli-input-yaml]
[--generate-cli-skeleton <value>]

Options

--description (string)

Descriptive name for this code signing configuration.

--allowed-publishers (structure)

Signing profiles for this code signing configuration.

SigningProfileVersionArns -> (list)

The Amazon Resource Name (ARN) for each of the signing profiles. A signing profile defines a trusted user who can sign a code package.

(string)

Shorthand Syntax:

SigningProfileVersionArns=string,string

JSON Syntax:

{
  "SigningProfileVersionArns": ["string", ...]
}

--code-signing-policies (structure)

The code signing policies define the actions to take if the validation checks fail.

UntrustedArtifactOnDeployment -> (string)

Code signing configuration policy for deployment validation failure. If you set the policy to Enforce , Lambda blocks the deployment request if signature validation checks fail. If you set the policy to Warn , Lambda allows the deployment and creates a CloudWatch log.

Default value: Warn

Shorthand Syntax:

UntrustedArtifactOnDeployment=string

JSON Syntax:

{
  "UntrustedArtifactOnDeployment": "Warn"|"Enforce"
}

--cli-input-json | --cli-input-yaml (string) Reads arguments from the JSON string provided. The JSON string follows the format provided by --generate-cli-skeleton. If other arguments are provided on the command line, those values will override the JSON-provided values. It is not possible to pass arbitrary binary values using a JSON-provided value as the string will be taken literally. This may not be specified along with --cli-input-yaml.

--generate-cli-skeleton (string) Prints a JSON skeleton to standard output without sending an API request. If provided with no value or the value input, prints a sample input JSON that can be used as an argument for --cli-input-json. Similarly, if provided yaml-input it will print a sample input YAML that can be used with --cli-input-yaml. If provided with the value output, it validates the command inputs and returns a sample output JSON for that command.

See ‘aws help’ for descriptions of global parameters.

Output

CodeSigningConfig -> (structure)

The code signing configuration.

CodeSigningConfigId -> (string)

Unique identifer for the Code signing configuration.

CodeSigningConfigArn -> (string)

The Amazon Resource Name (ARN) of the Code signing configuration.

Description -> (string)

Code signing configuration description.

AllowedPublishers -> (structure)

List of allowed publishers.

SigningProfileVersionArns -> (list)

The Amazon Resource Name (ARN) for each of the signing profiles. A signing profile defines a trusted user who can sign a code package.

(string)

CodeSigningPolicies -> (structure)

The code signing policy controls the validation failure action for signature mismatch or expiry.

UntrustedArtifactOnDeployment -> (string)

Code signing configuration policy for deployment validation failure. If you set the policy to Enforce , Lambda blocks the deployment request if signature validation checks fail. If you set the policy to Warn , Lambda allows the deployment and creates a CloudWatch log.

Default value: Warn

LastModified -> (string)

The date and time that the Code signing configuration was last modified, in ISO-8601 format (YYYY-MM-DDThh:mm:ss.sTZD).