1 | import { ISigningProfile } from '@aws-cdk/aws-signer';
|
2 | import { IResource, Resource } from '@aws-cdk/core';
|
3 | import { Construct } from 'constructs';
|
4 | /**
|
5 | * Code signing configuration policy for deployment validation failure.
|
6 | */
|
7 | export declare enum UntrustedArtifactOnDeployment {
|
8 | /**
|
9 | * Lambda blocks the deployment request if signature validation checks fail.
|
10 | */
|
11 | ENFORCE = "Enforce",
|
12 | /**
|
13 | * Lambda allows the deployment of the code package, but issues a warning.
|
14 | * Lambda issues a new Amazon CloudWatch metric, called a signature validation error and also stores the warning in CloudTrail.
|
15 | */
|
16 | WARN = "Warn"
|
17 | }
|
18 | /**
|
19 | * A Code Signing Config
|
20 | */
|
21 | export interface ICodeSigningConfig extends IResource {
|
22 | /**
|
23 | * The ARN of Code Signing Config
|
24 | * @attribute
|
25 | */
|
26 | readonly codeSigningConfigArn: string;
|
27 | /**
|
28 | * The id of Code Signing Config
|
29 | * @attribute
|
30 | */
|
31 | readonly codeSigningConfigId: string;
|
32 | }
|
33 | /**
|
34 | * Construction properties for a Code Signing Config object
|
35 | */
|
36 | export interface CodeSigningConfigProps {
|
37 | /**
|
38 | * List of signing profiles that defines a
|
39 | * trusted user who can sign a code package.
|
40 | */
|
41 | readonly signingProfiles: ISigningProfile[];
|
42 | /**
|
43 | * Code signing configuration policy for deployment validation failure.
|
44 | * If you set the policy to Enforce, Lambda blocks the deployment request
|
45 | * if signature validation checks fail.
|
46 | * If you set the policy to Warn, Lambda allows the deployment and
|
47 | * creates a CloudWatch log.
|
48 | *
|
49 | * @default UntrustedArtifactOnDeployment.WARN
|
50 | */
|
51 | readonly untrustedArtifactOnDeployment?: UntrustedArtifactOnDeployment;
|
52 | /**
|
53 | * Code signing configuration description.
|
54 | *
|
55 | * @default - No description.
|
56 | */
|
57 | readonly description?: string;
|
58 | }
|
59 | /**
|
60 | * Defines a Code Signing Config.
|
61 | *
|
62 | * @resource AWS::Lambda::CodeSigningConfig
|
63 | */
|
64 | export declare class CodeSigningConfig extends Resource implements ICodeSigningConfig {
|
65 | /**
|
66 | * Creates a Signing Profile construct that represents an external Signing Profile.
|
67 | *
|
68 | * @param scope The parent creating construct (usually `this`).
|
69 | * @param id The construct's name.
|
70 | * @param codeSigningConfigArn The ARN of code signing config.
|
71 | */
|
72 | static fromCodeSigningConfigArn(scope: Construct, id: string, codeSigningConfigArn: string): ICodeSigningConfig;
|
73 | readonly codeSigningConfigArn: string;
|
74 | readonly codeSigningConfigId: string;
|
75 | constructor(scope: Construct, id: string, props: CodeSigningConfigProps);
|
76 | }
|