Resource: aws_signer_signing_profile_permission

Creates a Signer Signing Profile Permission. That is, a cross-account permission for a signing profile.

Example Usage

resource "aws_signer_signing_profile" "prod_sp" {
  platform_id = "AWSLambda-SHA384-ECDSA"
  name_prefix = "prod_sp_"

  signature_validity_period {
    value = 5
    type  = "YEARS"
  }

  tags = {
    tag1 = "value1"
    tag2 = "value2"
  }
}

resource "aws_signer_signing_profile_permission" "sp_permission_1" {
  profile_name = aws_signer_signing_profile.prod_sp.name
  action       = "signer:StartSigningJob"
  principal    = var.aws_account
}

resource "aws_signer_signing_profile_permission" "sp_permission_2" {
  profile_name = aws_signer_signing_profile.prod_sp.name
  action       = "signer:GetSigningProfile"
  principal    = var.aws_team_role_arn
  statement_id = "ProdAccountStartSigningJob_StatementId"
}

resource "aws_signer_signing_profile_permission" "sp_permission_3" {
  profile_name        = aws_signer_signing_profile.prod_sp.name
  action              = "signer:RevokeSignature"
  principal           = "123456789012"
  profile_version     = aws_signer_signing_profile.prod_sp.version
  statement_id_prefix = "version-permission-"
}

Argument Reference

Attribute Reference

This resource exports no additional attributes.

Import

In Terraform v1.5.0 and later, use an import block to import Signer signing profile permission statements using profile_name/statement_id. For example:

import {
  to = aws_signer_signing_profile_permission.test_signer_signing_profile_permission
  id = "prod_profile_DdW3Mk1foYL88fajut4mTVFGpuwfd4ACO6ANL0D1uIj7lrn8adK/ProdAccountStartSigningJobStatementId"
}

Using terraform import, import Signer signing profile permission statements using profile_name/statement_id. For example:

% terraform import aws_signer_signing_profile_permission.test_signer_signing_profile_permission prod_profile_DdW3Mk1foYL88fajut4mTVFGpuwfd4ACO6ANL0D1uIj7lrn8adK/ProdAccountStartSigningJobStatementId