Creates a Signer Signing Profile Permission. That is, a cross-account permission for a signing profile.
resource "aws_signer_signing_profile" "prod_sp" {
platform_id = "AWSLambda-SHA384-ECDSA"
name_prefix = "prod_sp_"
signature_validity_period {
value = 5
type = "YEARS"
}
tags = {
tag1 = "value1"
tag2 = "value2"
}
}
resource "aws_signer_signing_profile_permission" "sp_permission_1" {
profile_name = aws_signer_signing_profile.prod_sp.name
action = "signer:StartSigningJob"
principal = var.aws_account
}
resource "aws_signer_signing_profile_permission" "sp_permission_2" {
profile_name = aws_signer_signing_profile.prod_sp.name
action = "signer:GetSigningProfile"
principal = var.aws_team_role_arn
statement_id = "ProdAccountStartSigningJob_StatementId"
}
resource "aws_signer_signing_profile_permission" "sp_permission_3" {
profile_name = aws_signer_signing_profile.prod_sp.name
action = "signer:RevokeSignature"
principal = "123456789012"
profile_version = aws_signer_signing_profile.prod_sp.version
statement_id_prefix = "version-permission-"
}
profile_name
- (Required) Name of the signing profile to add the cross-account permissions.action
- (Required) An AWS Signer action permitted as part of cross-account permissions. Valid values: signer:StartSigningJob
, signer:GetSigningProfile
, signer:RevokeSignature
, or signer:SignPayload
.principal
- (Required) The AWS principal to be granted a cross-account permission.profile_version
- (Optional) The signing profile version that a permission applies to.statement_id
- (Optional) A unique statement identifier. By default generated by Terraform.statement_id_prefix
- (Optional) A statement identifier prefix. Terraform will generate a unique suffix. Conflicts with statement_id
.This resource exports no additional attributes.
In Terraform v1.5.0 and later, use an import
block to import Signer signing profile permission statements using profile_name/statement_id. For example:
import {
to = aws_signer_signing_profile_permission.test_signer_signing_profile_permission
id = "prod_profile_DdW3Mk1foYL88fajut4mTVFGpuwfd4ACO6ANL0D1uIj7lrn8adK/ProdAccountStartSigningJobStatementId"
}
Using terraform import
, import Signer signing profile permission statements using profile_name/statement_id. For example:
% terraform import aws_signer_signing_profile_permission.test_signer_signing_profile_permission prod_profile_DdW3Mk1foYL88fajut4mTVFGpuwfd4ACO6ANL0D1uIj7lrn8adK/ProdAccountStartSigningJobStatementId