Lambda / Client / create_code_signing_config

create_code_signing_config#

Lambda.Client.create_code_signing_config(**kwargs)#

Creates a code signing configuration. A code signing configuration defines a list of allowed signing profiles and defines the code-signing validation policy (action to be taken if deployment validation checks fail).

See also: AWS API Documentation

Request Syntax

response = client.create_code_signing_config(
    Description='string',
    AllowedPublishers={
        'SigningProfileVersionArns': [
            'string',
        ]
    },
    CodeSigningPolicies={
        'UntrustedArtifactOnDeployment': 'Warn'|'Enforce'
    },
    Tags={
        'string': 'string'
    }
)
Parameters:
  • Description (string) – Descriptive name for this code signing configuration.

  • AllowedPublishers (dict) –

    [REQUIRED]

    Signing profiles for this code signing configuration.

    • SigningProfileVersionArns (list) – [REQUIRED]

      The Amazon Resource Name (ARN) for each of the signing profiles. A signing profile defines a trusted user who can sign a code package.

      • (string) –

  • CodeSigningPolicies (dict) –

    The code signing policies define the actions to take if the validation checks fail.

    • UntrustedArtifactOnDeployment (string) –

      Code signing configuration policy for deployment validation failure. If you set the policy to Enforce, Lambda blocks the deployment request if signature validation checks fail. If you set the policy to Warn, Lambda allows the deployment and creates a CloudWatch log.

      Default value: Warn

  • Tags (dict) –

    A list of tags to add to the code signing configuration.

    • (string) –

      • (string) –

Return type:

dict

Returns:

Response Syntax

{
    'CodeSigningConfig': {
        'CodeSigningConfigId': 'string',
        'CodeSigningConfigArn': 'string',
        'Description': 'string',
        'AllowedPublishers': {
            'SigningProfileVersionArns': [
                'string',
            ]
        },
        'CodeSigningPolicies': {
            'UntrustedArtifactOnDeployment': 'Warn'|'Enforce'
        },
        'LastModified': 'string'
    }
}

Response Structure

  • (dict) –

    • CodeSigningConfig (dict) –

      The code signing configuration.

      • CodeSigningConfigId (string) –

        Unique identifer for the Code signing configuration.

      • CodeSigningConfigArn (string) –

        The Amazon Resource Name (ARN) of the Code signing configuration.

      • Description (string) –

        Code signing configuration description.

      • AllowedPublishers (dict) –

        List of allowed publishers.

        • SigningProfileVersionArns (list) –

          The Amazon Resource Name (ARN) for each of the signing profiles. A signing profile defines a trusted user who can sign a code package.

          • (string) –

      • CodeSigningPolicies (dict) –

        The code signing policy controls the validation failure action for signature mismatch or expiry.

        • UntrustedArtifactOnDeployment (string) –

          Code signing configuration policy for deployment validation failure. If you set the policy to Enforce, Lambda blocks the deployment request if signature validation checks fail. If you set the policy to Warn, Lambda allows the deployment and creates a CloudWatch log.

          Default value: Warn

      • LastModified (string) –

        The date and time that the Code signing configuration was last modified, in ISO-8601 format (YYYY-MM-DDThh:mm:ss.sTZD).

Exceptions

  • Lambda.Client.exceptions.ServiceException

  • Lambda.Client.exceptions.InvalidParameterValueException