create_code_signing_config

create_code_signing_config(**kwargs)

Creates a code signing configuration. A code signing configuration defines a list of allowed signing profiles and defines the code-signing validation policy (action to be taken if deployment validation checks fail).

See also: AWS API Documentation

Request Syntax

response = client.create_code_signing_config(
    Description='string',
    AllowedPublishers={
        'SigningProfileVersionArns': [
            'string',
        ]
    },
    CodeSigningPolicies={
        'UntrustedArtifactOnDeployment': 'Warn'|'Enforce'
    }
)
Parameters
  • Description (string) -- Descriptive name for this code signing configuration.
  • AllowedPublishers (dict) --

    [REQUIRED]

    Signing profiles for this code signing configuration.

    • SigningProfileVersionArns (list) -- [REQUIRED]

      The Amazon Resource Name (ARN) for each of the signing profiles. A signing profile defines a trusted user who can sign a code package.

      • (string) --
  • CodeSigningPolicies (dict) --

    The code signing policies define the actions to take if the validation checks fail.

    • UntrustedArtifactOnDeployment (string) --

      Code signing configuration policy for deployment validation failure. If you set the policy to Enforce , Lambda blocks the deployment request if signature validation checks fail. If you set the policy to Warn , Lambda allows the deployment and creates a CloudWatch log.

      Default value: Warn

Return type

dict

Returns

Response Syntax

{
    'CodeSigningConfig': {
        'CodeSigningConfigId': 'string',
        'CodeSigningConfigArn': 'string',
        'Description': 'string',
        'AllowedPublishers': {
            'SigningProfileVersionArns': [
                'string',
            ]
        },
        'CodeSigningPolicies': {
            'UntrustedArtifactOnDeployment': 'Warn'|'Enforce'
        },
        'LastModified': 'string'
    }
}

Response Structure

  • (dict) --

    • CodeSigningConfig (dict) --

      The code signing configuration.

      • CodeSigningConfigId (string) --

        Unique identifer for the Code signing configuration.

      • CodeSigningConfigArn (string) --

        The Amazon Resource Name (ARN) of the Code signing configuration.

      • Description (string) --

        Code signing configuration description.

      • AllowedPublishers (dict) --

        List of allowed publishers.

        • SigningProfileVersionArns (list) --

          The Amazon Resource Name (ARN) for each of the signing profiles. A signing profile defines a trusted user who can sign a code package.

          • (string) --
      • CodeSigningPolicies (dict) --

        The code signing policy controls the validation failure action for signature mismatch or expiry.

        • UntrustedArtifactOnDeployment (string) --

          Code signing configuration policy for deployment validation failure. If you set the policy to Enforce , Lambda blocks the deployment request if signature validation checks fail. If you set the policy to Warn , Lambda allows the deployment and creates a CloudWatch log.

          Default value: Warn

      • LastModified (string) --

        The date and time that the Code signing configuration was last modified, in ISO-8601 format (YYYY-MM-DDThh:mm:ss.sTZD).

Exceptions

  • Lambda.Client.exceptions.ServiceException
  • Lambda.Client.exceptions.InvalidParameterValueException