create_code_signing_config
(**kwargs)¶Creates a code signing configuration. A code signing configuration defines a list of allowed signing profiles and defines the code-signing validation policy (action to be taken if deployment validation checks fail).
See also: AWS API Documentation
Request Syntax
response = client.create_code_signing_config(
Description='string',
AllowedPublishers={
'SigningProfileVersionArns': [
'string',
]
},
CodeSigningPolicies={
'UntrustedArtifactOnDeployment': 'Warn'|'Enforce'
}
)
[REQUIRED]
Signing profiles for this code signing configuration.
The Amazon Resource Name (ARN) for each of the signing profiles. A signing profile defines a trusted user who can sign a code package.
The code signing policies define the actions to take if the validation checks fail.
Code signing configuration policy for deployment validation failure. If you set the policy to Enforce
, Lambda blocks the deployment request if signature validation checks fail. If you set the policy to Warn
, Lambda allows the deployment and creates a CloudWatch log.
Default value: Warn
dict
Response Syntax
{
'CodeSigningConfig': {
'CodeSigningConfigId': 'string',
'CodeSigningConfigArn': 'string',
'Description': 'string',
'AllowedPublishers': {
'SigningProfileVersionArns': [
'string',
]
},
'CodeSigningPolicies': {
'UntrustedArtifactOnDeployment': 'Warn'|'Enforce'
},
'LastModified': 'string'
}
}
Response Structure
(dict) --
CodeSigningConfig (dict) --
The code signing configuration.
CodeSigningConfigId (string) --
Unique identifer for the Code signing configuration.
CodeSigningConfigArn (string) --
The Amazon Resource Name (ARN) of the Code signing configuration.
Description (string) --
Code signing configuration description.
AllowedPublishers (dict) --
List of allowed publishers.
SigningProfileVersionArns (list) --
The Amazon Resource Name (ARN) for each of the signing profiles. A signing profile defines a trusted user who can sign a code package.
CodeSigningPolicies (dict) --
The code signing policy controls the validation failure action for signature mismatch or expiry.
UntrustedArtifactOnDeployment (string) --
Code signing configuration policy for deployment validation failure. If you set the policy to Enforce
, Lambda blocks the deployment request if signature validation checks fail. If you set the policy to Warn
, Lambda allows the deployment and creates a CloudWatch log.
Default value: Warn
LastModified (string) --
The date and time that the Code signing configuration was last modified, in ISO-8601 format (YYYY-MM-DDThh:mm:ss.sTZD).
Exceptions
Lambda.Client.exceptions.ServiceException
Lambda.Client.exceptions.InvalidParameterValueException