42 lines
1.8 KiB
Markdown
42 lines
1.8 KiB
Markdown
# AWS::Signer Construct Library
|
|
|
|
|
|
AWS Signer is a fully managed code-signing service to ensure the trust and integrity of your code. Organizations validate code against
|
|
a digital signature to confirm that the code is unaltered and from a trusted publisher. For more information, see [What Is AWS
|
|
Signer?](https://docs.aws.amazon.com/signer/latest/developerguide/Welcome.html)
|
|
|
|
## Table of Contents
|
|
|
|
- [Signing Platform](#signing-platform)
|
|
- [Signing Profile](#signing-profile)
|
|
|
|
## Signing Platform
|
|
|
|
A signing platform is a predefined set of instructions that specifies the signature format and signing algorithms that AWS Signer should use
|
|
to sign a zip file. For more information go to [Signing Platforms in AWS Signer](https://docs.aws.amazon.com/signer/latest/developerguide/gs-platform.html).
|
|
|
|
AWS Signer provides a pre-defined set of signing platforms. They are available in the CDK as -
|
|
|
|
```text
|
|
Platform.AWS_IOT_DEVICE_MANAGEMENT_SHA256_ECDSA
|
|
Platform.AWS_LAMBDA_SHA384_ECDSA
|
|
Platform.AMAZON_FREE_RTOS_TI_CC3220SF
|
|
Platform.AMAZON_FREE_RTOS_DEFAULT
|
|
```
|
|
|
|
## Signing Profile
|
|
|
|
A signing profile is a code-signing template that can be used to pre-define the signature specifications for a signing job.
|
|
A signing profile includes a signing platform to designate the file type to be signed, the signature format, and the signature algorithms.
|
|
For more information, visit [Signing Profiles in AWS Signer](https://docs.aws.amazon.com/signer/latest/developerguide/gs-profile.html).
|
|
|
|
The following code sets up a signing profile for signing lambda code bundles -
|
|
|
|
```ts
|
|
const signingProfile = new signer.SigningProfile(this, 'SigningProfile', {
|
|
platform: signer.Platform.AWS_LAMBDA_SHA384_ECDSA,
|
|
});
|
|
```
|
|
|
|
A signing profile is valid by default for 135 months. This can be modified by specifying the `signatureValidityPeriod` property.
|