(lambda): Add ability to sign code using a code signing profile #12216
Comments
dontirun
added
feature-request
|
This feature is not yet available in CloudFormation. |
nija-at
added
effort/small
|
Although the CloudFormation documentation says it's unsupported, the SAM documentation for the CodeSigningConfigArn says that it is supported and passes it directly to that property for CloudFormation |
|
Additionally the ability to use signed code is independent from the CodeSigning config on the lambda function. The code needs to be signed via AWS Signer using a valid profile. If the Lambda then has the proper configuration the signing profile then the function will properly deploy. This ask is to implement both parts (with lambda bundling/assets) This is the code used in the SAM CLI to upload the code to and S3 bucket, start the signing job, and then returned the S3 location to the signed artifact. |
|
Thanks for letting me know that this is available in CloudFormation. |
nija-at
removed
the
needs-cfn
|
I really appreciate the work that has gone into PR #12656 , but I do not believe the PR will fully address this issue. If the code signing profile is set to Enforce, and I specify local code the deployment will fail due to code not being signed. The PR will resolve all the CloudFormation related aspects of this request, but there is an additional component to sign the code after it is uploaded to S3 (which I believe the CDK can handle) |
closes #12216 ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
|
Lambda supports now code signing . I suggest the CDK should add the ability to take a signer profile and sign unbundled/bundled assets after they are uploaded to S3. (This will require versioning to be enabled on the Bootstrap bucket)
I can currently do this with CloudFormation deployments utilizing the SAM CLI but not with the CDK
Use Case
I would like to verify the Lambda functions that I deploy as part of a Pipeline have been created by a trusted entity and unmodified.
This is a 🚀 Feature Request
The text was updated successfully, but these errors were encountered: