Lambda / Client / update_code_signing_config

update_code_signing_config#

Lambda.Client.update_code_signing_config(**kwargs)#

Update the code signing configuration. Changes to the code signing configuration take effect the next time a user tries to deploy a code package to the function.

See also: AWS API Documentation

Request Syntax

response = client.update_code_signing_config(
    CodeSigningConfigArn='string',
    Description='string',
    AllowedPublishers={
        'SigningProfileVersionArns': [
            'string',
        ]
    },
    CodeSigningPolicies={
        'UntrustedArtifactOnDeployment': 'Warn'|'Enforce'
    }
)
Parameters:
  • CodeSigningConfigArn (string) –

    [REQUIRED]

    The The Amazon Resource Name (ARN) of the code signing configuration.

  • Description (string) – Descriptive name for this code signing configuration.

  • AllowedPublishers (dict) –

    Signing profiles for this code signing configuration.

    • SigningProfileVersionArns (list) – [REQUIRED]

      The Amazon Resource Name (ARN) for each of the signing profiles. A signing profile defines a trusted user who can sign a code package.

      • (string) –

  • CodeSigningPolicies (dict) –

    The code signing policy.

    • UntrustedArtifactOnDeployment (string) –

      Code signing configuration policy for deployment validation failure. If you set the policy to Enforce, Lambda blocks the deployment request if signature validation checks fail. If you set the policy to Warn, Lambda allows the deployment and creates a CloudWatch log.

      Default value: Warn

Return type:

dict

Returns:

Response Syntax

{
    'CodeSigningConfig': {
        'CodeSigningConfigId': 'string',
        'CodeSigningConfigArn': 'string',
        'Description': 'string',
        'AllowedPublishers': {
            'SigningProfileVersionArns': [
                'string',
            ]
        },
        'CodeSigningPolicies': {
            'UntrustedArtifactOnDeployment': 'Warn'|'Enforce'
        },
        'LastModified': 'string'
    }
}

Response Structure

  • (dict) –

    • CodeSigningConfig (dict) –

      The code signing configuration

      • CodeSigningConfigId (string) –

        Unique identifer for the Code signing configuration.

      • CodeSigningConfigArn (string) –

        The Amazon Resource Name (ARN) of the Code signing configuration.

      • Description (string) –

        Code signing configuration description.

      • AllowedPublishers (dict) –

        List of allowed publishers.

        • SigningProfileVersionArns (list) –

          The Amazon Resource Name (ARN) for each of the signing profiles. A signing profile defines a trusted user who can sign a code package.

          • (string) –

      • CodeSigningPolicies (dict) –

        The code signing policy controls the validation failure action for signature mismatch or expiry.

        • UntrustedArtifactOnDeployment (string) –

          Code signing configuration policy for deployment validation failure. If you set the policy to Enforce, Lambda blocks the deployment request if signature validation checks fail. If you set the policy to Warn, Lambda allows the deployment and creates a CloudWatch log.

          Default value: Warn

      • LastModified (string) –

        The date and time that the Code signing configuration was last modified, in ISO-8601 format (YYYY-MM-DDThh:mm:ss.sTZD).

Exceptions