84 lines
2.8 KiB
TypeScript
84 lines
2.8 KiB
TypeScript
import type { Construct } from 'constructs';
|
|
import type { CodeSigningConfigReference, ICodeSigningConfigRef } from './lambda.generated';
|
|
import type { ISigningProfile } from '../../aws-signer';
|
|
import type { IResource } from '../../core';
|
|
import { Resource } from '../../core';
|
|
/**
|
|
* Code signing configuration policy for deployment validation failure.
|
|
*/
|
|
export declare enum UntrustedArtifactOnDeployment {
|
|
/**
|
|
* Lambda blocks the deployment request if signature validation checks fail.
|
|
*/
|
|
ENFORCE = "Enforce",
|
|
/**
|
|
* Lambda allows the deployment of the code package, but issues a warning.
|
|
* Lambda issues a new Amazon CloudWatch metric, called a signature validation error and also stores the warning in CloudTrail.
|
|
*/
|
|
WARN = "Warn"
|
|
}
|
|
/**
|
|
* A Code Signing Config
|
|
*/
|
|
export interface ICodeSigningConfig extends IResource, ICodeSigningConfigRef {
|
|
/**
|
|
* The ARN of Code Signing Config
|
|
* @attribute
|
|
*/
|
|
readonly codeSigningConfigArn: string;
|
|
/**
|
|
* The id of Code Signing Config
|
|
* @attribute
|
|
*/
|
|
readonly codeSigningConfigId: string;
|
|
}
|
|
/**
|
|
* Construction properties for a Code Signing Config object
|
|
*/
|
|
export interface CodeSigningConfigProps {
|
|
/**
|
|
* List of signing profiles that defines a
|
|
* trusted user who can sign a code package.
|
|
*/
|
|
readonly signingProfiles: ISigningProfile[];
|
|
/**
|
|
* Code signing configuration policy for deployment validation failure.
|
|
* If you set the policy to Enforce, Lambda blocks the deployment request
|
|
* if signature validation checks fail.
|
|
* If you set the policy to Warn, Lambda allows the deployment and
|
|
* creates a CloudWatch log.
|
|
*
|
|
* @default UntrustedArtifactOnDeployment.WARN
|
|
*/
|
|
readonly untrustedArtifactOnDeployment?: UntrustedArtifactOnDeployment;
|
|
/**
|
|
* Code signing configuration description.
|
|
*
|
|
* @default - No description.
|
|
*/
|
|
readonly description?: string;
|
|
}
|
|
/**
|
|
* Defines a Code Signing Config.
|
|
*
|
|
* @resource AWS::Lambda::CodeSigningConfig
|
|
*/
|
|
export declare class CodeSigningConfig extends Resource implements ICodeSigningConfig {
|
|
/**
|
|
* Uniquely identifies this class.
|
|
*/
|
|
static readonly PROPERTY_INJECTION_ID: string;
|
|
/**
|
|
* Creates a Signing Profile construct that represents an external Signing Profile.
|
|
*
|
|
* @param scope The parent creating construct (usually `this`).
|
|
* @param id The construct's name.
|
|
* @param codeSigningConfigArn The ARN of code signing config.
|
|
*/
|
|
static fromCodeSigningConfigArn(scope: Construct, id: string, codeSigningConfigArn: string): ICodeSigningConfig;
|
|
readonly codeSigningConfigArn: string;
|
|
readonly codeSigningConfigId: string;
|
|
constructor(scope: Construct, id: string, props: CodeSigningConfigProps);
|
|
get codeSigningConfigRef(): CodeSigningConfigReference;
|
|
}
|