aws-cdk-lib.aws_lambda.CodeSigningConfigProps

interface CodeSigningConfigProps

LanguageType name
.NETAmazon.CDK.AWS.Lambda.CodeSigningConfigProps
Gogithub.com/aws/aws-cdk-go/awscdk/v2/awslambda#CodeSigningConfigProps
Javasoftware.amazon.awscdk.services.lambda.CodeSigningConfigProps
Pythonaws_cdk.aws_lambda.CodeSigningConfigProps
TypeScript (source)aws-cdk-lib » aws_lambda » CodeSigningConfigProps

Construction properties for a Code Signing Config object.

Example

import * as signer from 'aws-cdk-lib/aws-signer';

const signingProfile = new signer.SigningProfile(this, 'SigningProfile', {
  platform: signer.Platform.AWS_LAMBDA_SHA384_ECDSA,
});

const codeSigningConfig = new lambda.CodeSigningConfig(this, 'CodeSigningConfig', {
  signingProfiles: [signingProfile],
});

new lambda.Function(this, 'Function', {
  codeSigningConfig,
  runtime: lambda.Runtime.NODEJS_18_X,
  handler: 'index.handler',
  code: lambda.Code.fromAsset(path.join(__dirname, 'lambda-handler')),
});

Properties

NameTypeDescription
signingProfilesISigningProfile[]List of signing profiles that defines a trusted user who can sign a code package.
description?stringCode signing configuration description.
untrustedArtifactOnDeployment?UntrustedArtifactOnDeploymentCode signing configuration policy for deployment validation failure.

signingProfiles

Type: ISigningProfile[]

List of signing profiles that defines a trusted user who can sign a code package.


description?

Type: string (optional, default: No description.)

Code signing configuration description.


untrustedArtifactOnDeployment?

Type: UntrustedArtifactOnDeployment (optional, default: UntrustedArtifactOnDeployment.WARN)

Code signing configuration policy for deployment validation failure.

If you set the policy to Enforce, Lambda blocks the deployment request if signature validation checks fail. If you set the policy to Warn, Lambda allows the deployment and creates a CloudWatch log.