UNPKG

@aws-cdk/aws-lambda/lib/code-signing-config.d.ts

Version:

2.58 kBTypeScriptView Raw

1import { ISigningProfile } from '@aws-cdk/aws-signer';
2import { IResource, Resource } from '@aws-cdk/core';
3import { Construct } from 'constructs';
4/**
* Code signing configuration policy for deployment validation failure.
*/
7export declare enum UntrustedArtifactOnDeployment {
  /**
   * Lambda blocks the deployment request if signature validation checks fail.
   */
  ENFORCE = "Enforce",
  /**
   * Lambda allows the deployment of the code package, but issues a warning.
   * Lambda issues a new Amazon CloudWatch metric, called a signature validation error and also stores the warning in CloudTrail.
   */
  WARN = "Warn"
17}
18/**
* A Code Signing Config
*/
21export interface ICodeSigningConfig extends IResource {
  /**
   * The ARN of Code Signing Config
   * @attribute
   */
  readonly codeSigningConfigArn: string;
  /**
   * The id of Code Signing Config
   * @attribute
   */
  readonly codeSigningConfigId: string;
32}
33/**
* Construction properties for a Code Signing Config object
*/
36export interface CodeSigningConfigProps {
  /**
   * List of signing profiles that defines a
   * trusted user who can sign a code package.
   */
  readonly signingProfiles: ISigningProfile[];
  /**
   * Code signing configuration policy for deployment validation failure.
   * If you set the policy to Enforce, Lambda blocks the deployment request
   * if signature validation checks fail.
   * If you set the policy to Warn, Lambda allows the deployment and
   * creates a CloudWatch log.
   *
   * @default UntrustedArtifactOnDeployment.WARN
   */
  readonly untrustedArtifactOnDeployment?: UntrustedArtifactOnDeployment;
  /**
   * Code signing configuration description.
   *
   * @default - No description.
   */
  readonly description?: string;
58}
59/**
* Defines a Code Signing Config.
*
* @resource AWS::Lambda::CodeSigningConfig
*/
64export declare class CodeSigningConfig extends Resource implements ICodeSigningConfig {
  /**
   * Creates a Signing Profile construct that represents an external Signing Profile.
   *
   * @param scope The parent creating construct (usually `this`).
   * @param id The construct's name.
   * @param codeSigningConfigArn The ARN of code signing config.
   */
  static fromCodeSigningConfigArn(scope: Construct, id: string, codeSigningConfigArn: string): ICodeSigningConfig;
  readonly codeSigningConfigArn: string;
  readonly codeSigningConfigId: string;
  constructor(scope: Construct, id: string, props: CodeSigningConfigProps);
76}

1	`import { ISigningProfile } from '@aws-cdk/aws-signer';`
2	`import { IResource, Resource } from '@aws-cdk/core';`
3	`import { Construct } from 'constructs';`
4	`/**`
5	`* Code signing configuration policy for deployment validation failure.`
6	`*/`
7	`export declare enum UntrustedArtifactOnDeployment {`
8	`/**`
9	`* Lambda blocks the deployment request if signature validation checks fail.`
10	`*/`
11	`ENFORCE = "Enforce",`
12	`/**`
13	`* Lambda allows the deployment of the code package, but issues a warning.`
14	`* Lambda issues a new Amazon CloudWatch metric, called a signature validation error and also stores the warning in CloudTrail.`
15	`*/`
16	`WARN = "Warn"`
17	`}`
18	`/**`
19	`* A Code Signing Config`
20	`*/`
21	`export interface ICodeSigningConfig extends IResource {`
22	`/**`
23	`* The ARN of Code Signing Config`
24	`* @attribute`
25	`*/`
26	`readonly codeSigningConfigArn: string;`
27	`/**`
28	`* The id of Code Signing Config`
29	`* @attribute`
30	`*/`
31	`readonly codeSigningConfigId: string;`
32	`}`
33	`/**`
34	`* Construction properties for a Code Signing Config object`
35	`*/`
36	`export interface CodeSigningConfigProps {`
37	`/**`
38	`* List of signing profiles that defines a`
39	`* trusted user who can sign a code package.`
40	`*/`
41	`readonly signingProfiles: ISigningProfile[];`
42	`/**`
43	`* Code signing configuration policy for deployment validation failure.`
44	`* If you set the policy to Enforce, Lambda blocks the deployment request`
45	`* if signature validation checks fail.`
46	`* If you set the policy to Warn, Lambda allows the deployment and`
47	`* creates a CloudWatch log.`
48	`*`
49	`* @default UntrustedArtifactOnDeployment.WARN`
50	`*/`
51	`readonly untrustedArtifactOnDeployment?: UntrustedArtifactOnDeployment;`
52	`/**`
53	`* Code signing configuration description.`
54	`*`
55	`* @default - No description.`
56	`*/`
57	`readonly description?: string;`
58	`}`
59	`/**`
60	`* Defines a Code Signing Config.`
61	`*`
62	`* @resource AWS::Lambda::CodeSigningConfig`
63	`*/`
64	`export declare class CodeSigningConfig extends Resource implements ICodeSigningConfig {`
65	`/**`
66	`* Creates a Signing Profile construct that represents an external Signing Profile.`
67	`*`
68	* @param scope The parent creating construct (usually `this`).
69	`* @param id The construct's name.`
70	`* @param codeSigningConfigArn The ARN of code signing config.`
71	`*/`
72	`static fromCodeSigningConfigArn(scope: Construct, id: string, codeSigningConfigArn: string): ICodeSigningConfig;`
73	`readonly codeSigningConfigArn: string;`
74	`readonly codeSigningConfigId: string;`
75	`constructor(scope: Construct, id: string, props: CodeSigningConfigProps);`
76	`}`