code_signing_configs
Creates, updates, deletes or gets a code_signing_config resource or lists code_signing_configs in a region
Overview
| Name | code_signing_configs |
| Type | Resource |
| Description | Resource Type definition for AWS::Lambda::CodeSigningConfig. |
| Id | awscc.lambda.code_signing_configs |
Fields
- get (all properties)
- list (identifiers only)
| Name | Datatype | Description |
|---|---|---|
description | string | A description of the CodeSigningConfig |
allowed_publishers | object | When the CodeSigningConfig is later on attached to a function, the function code will be expected to be signed by profiles from this list |
code_signing_policies | object | Policies to control how to act if a signature is invalid |
code_signing_config_id | string | A unique identifier for CodeSigningConfig resource |
code_signing_config_arn | string | A unique Arn for CodeSigningConfig resource |
tags | array | A list of tags to apply to CodeSigningConfig resource |
region | string | AWS region. |
| Name | Datatype | Description |
|---|---|---|
code_signing_config_arn | string | A unique Arn for CodeSigningConfig resource |
region | string | AWS region. |
For more information, see AWS::Lambda::CodeSigningConfig.
Methods
| Name | Resource | Accessible by | Required Params |
|---|---|---|---|
create_resource | code_signing_configs | INSERT | AllowedPublishers, region |
delete_resource | code_signing_configs | DELETE | Identifier, region |
update_resource | code_signing_configs | UPDATE | Identifier, PatchDocument, region |
list_resources | code_signing_configs_list_only | SELECT | region |
get_resource | code_signing_configs | SELECT | Identifier, region |
SELECT examples
- get (all properties)
- list (identifiers only)
Gets all properties from an individual code_signing_config.
SELECT
region,
description,
allowed_publishers,
code_signing_policies,
code_signing_config_id,
code_signing_config_arn,
tags
FROM awscc.lambda.code_signing_configs
WHERE
region = 'us-east-1' AND
Identifier = '{{ code_signing_config_arn }}';
Lists all code_signing_configs in a region.
SELECT
region,
code_signing_config_arn
FROM awscc.lambda.code_signing_configs_list_only
WHERE
region = 'us-east-1';
INSERT example
Use the following StackQL query and manifest file to create a new code_signing_config resource, using stack-deploy.
- Required Properties
- All Properties
- Manifest
/*+ create */
INSERT INTO awscc.lambda.code_signing_configs (
AllowedPublishers,
region
)
SELECT
'{{ allowed_publishers }}',
'{{ region }}';
/*+ create */
INSERT INTO awscc.lambda.code_signing_configs (
Description,
AllowedPublishers,
CodeSigningPolicies,
Tags,
region
)
SELECT
'{{ description }}',
'{{ allowed_publishers }}',
'{{ code_signing_policies }}',
'{{ tags }}',
'{{ region }}';
version: 1
name: stack name
description: stack description
providers:
- aws
globals:
- name: region
value: '{{ vars.AWS_REGION }}'
resources:
- name: code_signing_config
props:
- name: description
value: '{{ description }}'
- name: allowed_publishers
value:
signing_profile_version_arns:
- '{{ signing_profile_version_arns[0] }}'
- name: code_signing_policies
value:
untrusted_artifact_on_deployment: '{{ untrusted_artifact_on_deployment }}'
- name: tags
value:
- value: '{{ value }}'
key: '{{ key }}'
UPDATE example
Use the following StackQL query and manifest file to update a code_signing_config resource, using stack-deploy.
/*+ update */
UPDATE awscc.lambda.code_signing_configs
SET PatchDocument = string('{{ {
"Description": description,
"AllowedPublishers": allowed_publishers,
"CodeSigningPolicies": code_signing_policies,
"Tags": tags
} | generate_patch_document }}')
WHERE
region = '{{ region }}' AND
Identifier = '{{ code_signing_config_arn }}';
DELETE example
/*+ delete */
DELETE FROM awscc.lambda.code_signing_configs
WHERE
Identifier = '{{ code_signing_config_arn }}' AND
region = 'us-east-1';
Permissions
To operate on the code_signing_configs resource, the following permissions are required:
- Create
- Read
- Update
- Delete
- List
lambda:CreateCodeSigningConfig,
lambda:TagResource
lambda:GetCodeSigningConfig,
lambda:ListTags
lambda:UpdateCodeSigningConfig,
lambda:TagResource,
lambda:UntagResource
lambda:DeleteCodeSigningConfig
lambda:ListCodeSigningConfigs