code_signing_configs

Creates, updates, deletes or gets a code_signing_config resource or lists code_signing_configs in a region

Overview

Name	`code_signing_configs`
Type	Resource
Description	Resource Type definition for AWS::Lambda::CodeSigningConfig.
Id	`aws.lambda.code_signing_configs`

Fields

Name	Datatype	Description
`description`	`string`	A description of the CodeSigningConfig
`allowed_publishers`	`object`	When the CodeSigningConfig is later on attached to a function, the function code will be expected to be signed by profiles from this list
`code_signing_policies`	`object`	Policies to control how to act if a signature is invalid
`code_signing_config_id`	`string`	A unique identifier for CodeSigningConfig resource
`code_signing_config_arn`	`string`	A unique Arn for CodeSigningConfig resource
`tags`	`array`	A list of tags to apply to CodeSigningConfig resource
`region`	`string`	AWS region.

For more information, see AWS::Lambda::CodeSigningConfig.

Methods

Name	Accessible by	Required Params
`create_resource`	`INSERT`	`AllowedPublishers, region`
`delete_resource`	`DELETE`	`data__Identifier, region`
`update_resource`	`UPDATE`	`data__Identifier, data__PatchDocument, region`
`list_resources`	`SELECT`	`region`
`get_resource`	`SELECT`	`data__Identifier, region`

`SELECT` examples

Gets all code_signing_configs in a region.

SELECT
region,
description,
allowed_publishers,
code_signing_policies,
code_signing_config_id,
code_signing_config_arn,
tags
FROM aws.lambda.code_signing_configs
WHERE region = 'us-east-1';

Gets all properties from an individual code_signing_config.

SELECT
region,
description,
allowed_publishers,
code_signing_policies,
code_signing_config_id,
code_signing_config_arn,
tags
FROM aws.lambda.code_signing_configs
WHERE region = 'us-east-1' AND data__Identifier = '<CodeSigningConfigArn>';

`INSERT` example

Use the following StackQL query and manifest file to create a new code_signing_config resource, using stack-deploy.

Required Properties
All Properties
Manifest

/*+ create */
INSERT INTO aws.lambda.code_signing_configs (
 AllowedPublishers,
 region
)
SELECT 
'{{ AllowedPublishers }}',
'{{ region }}';

/*+ create */
INSERT INTO aws.lambda.code_signing_configs (
 Description,
 AllowedPublishers,
 CodeSigningPolicies,
 Tags,
 region
)
SELECT 
 '{{ Description }}',
 '{{ AllowedPublishers }}',
 '{{ CodeSigningPolicies }}',
 '{{ Tags }}',
 '{{ region }}';

version: 1
name: stack name
description: stack description
providers:
  - aws
globals:
  - name: region
    value: '{{ vars.AWS_REGION }}'
resources:
  - name: code_signing_config
    props:
      - name: Description
        value: '{{ Description }}'
      - name: AllowedPublishers
        value:
          SigningProfileVersionArns:
            - '{{ SigningProfileVersionArns[0] }}'
      - name: CodeSigningPolicies
        value:
          UntrustedArtifactOnDeployment: '{{ UntrustedArtifactOnDeployment }}'
      - name: Tags
        value:
          - Value: '{{ Value }}'
            Key: '{{ Key }}'

`DELETE` example

/*+ delete */
DELETE FROM aws.lambda.code_signing_configs
WHERE data__Identifier = '<CodeSigningConfigArn>'
AND region = 'us-east-1';

Permissions

To operate on the code_signing_configs resource, the following permissions are required:

Create

lambda:CreateCodeSigningConfig,
lambda:TagResource

Read

lambda:GetCodeSigningConfig,
lambda:ListTags

Update

lambda:UpdateCodeSigningConfig,
lambda:ListTags,
lambda:TagResource,
lambda:UntagResource

Delete

lambda:DeleteCodeSigningConfig

List

lambda:ListCodeSigningConfigs

Overview​

Fields​

Methods​

SELECT examples​

INSERT example​

DELETE example​

Permissions​

Create​

Read​

Update​

Delete​

List​