fix(lambda): incorrect values for prop UntrustedArtifactOnDeployment (#…

…13667) The allowed values for `UntrustedArtifactOnDeployment` in the `AWS::Lambda::CodeSigningConfig` resource type are 'Warn' and 'Enforce'. This was incorrectly set in the CDK. fixes #13586 ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
aws · Mar 19, 2021 · 0757686 · 0757686
1 parent 0ea4b19
commit 0757686
Show file tree

Hide file tree

Showing 2 changed files with 4 additions and 4 deletions.
diff --git a/packages/@aws-cdk/aws-lambda/lib/code-signing-config.ts b/packages/@aws-cdk/aws-lambda/lib/code-signing-config.ts
@@ -10,13 +10,13 @@ export enum UntrustedArtifactOnDeployment {
   /**
    * Lambda blocks the deployment request if signature validation checks fail.
    */
-  ENFORCE = 'enforce',
+  ENFORCE = 'Enforce',
 
   /**
    * Lambda allows the deployment of the code package, but issues a warning.
    * Lambda issues a new Amazon CloudWatch metric, called a signature validation error and also stores the warning in CloudTrail.
    */
-  WARN = 'warn',
+  WARN = 'Warn',
 }
 
 /**

diff --git a/packages/@aws-cdk/aws-lambda/test/code-signing-config.test.ts b/packages/@aws-cdk/aws-lambda/test/code-signing-config.test.ts
@@ -28,7 +28,7 @@ describe('code signing config', () => {
         }],
       },
       CodeSigningPolicies: {
-        UntrustedArtifactOnDeployment: lambda.UntrustedArtifactOnDeployment.WARN,
+        UntrustedArtifactOnDeployment: 'Warn',
       },
     });
   });
@@ -78,7 +78,7 @@ describe('code signing config', () => {
 
     expect(stack).toHaveResource('AWS::Lambda::CodeSigningConfig', {
       CodeSigningPolicies: {
-        UntrustedArtifactOnDeployment: lambda.UntrustedArtifactOnDeployment.ENFORCE,
+        UntrustedArtifactOnDeployment: 'Enforce',
       },
       Description: 'test description',
     });