Skip to content

Resource: awsSignerSigningJob

Creates a Signer Signing Job.

Example Usage

/*Provider bindings are generated by running cdktf get.
See https://cdk.tf/provider-generation for more details.*/
import * as aws from "./.gen/providers/aws";
const awsSignerSigningProfileTestSp =
  new aws.signerSigningProfile.SignerSigningProfile(this, "test_sp", {
    platformId: "AWSLambda-SHA384-ECDSA",
  });
new aws.signerSigningJob.SignerSigningJob(this, "build_signing_job", {
  destination: {
    s3: {
      bucket: "s3-bucket-name",
      prefix: "signed/",
    },
  },
  ignoreSigningJobFailure: true,
  profileName: awsSignerSigningProfileTestSp.name,
  source: {
    s3: {
      bucket: "s3-bucket-name",
      key: "object-to-be-signed.zip",
      version: "jADjFYYYEXAMPLETszPjOmCMFDzd9dN1",
    },
  },
});

Argument Reference

  • profileName - (Required) The name of the profile to initiate the signing operation.
  • source - (Required) The S3 bucket that contains the object to sign. See Source below for details.
  • destination - (Required) The S3 bucket in which to save your signed object. See Destination below for details.
  • ignoreSigningJobFailure - (Optional) Set this argument to true to ignore signing job failures and retrieve failed status and reason. Default false.

Source

The source configuration block supports the following arguments:

  • s3 - (Required) A configuration block describing the S3 Source object: See S3 Source below for details.

S3 Source

The configuration block supports the following arguments:

  • bucket - (Required) Name of the S3 bucket.
  • key - (Required) Key name of the object that contains your unsigned code.
  • version - (Required) Version of your source image in your version enabled S3 bucket.

Destination

The destination configuration block supports the following arguments:

  • s3 - (Required) A configuration block describing the S3 Destination object: See S3 Destination below for details.

S3 Destination

The configuration block supports the following arguments:

  • bucket - (Required) Name of the S3 bucket.
  • prefix - (Optional) An Amazon S3 object key prefix that you can use to limit signed objects keys to begin with the specified prefix.

Attributes Reference

In addition to all arguments above, the following attributes are exported:

  • completedAt - Date and time in RFC3339 format that the signing job was completed.
  • createdAt - Date and time in RFC3339 format that the signing job was created.
  • jobId - The ID of the signing job on output.
  • jobInvoker - The IAM entity that initiated the signing job.
  • jobOwner - The AWS account ID of the job owner.
  • platformDisplayName - A human-readable name for the signing platform associated with the signing job.
  • platformId - The platform to which your signed code image will be distributed.
  • profileVersion - The version of the signing profile used to initiate the signing job.
  • requestedBy - The IAM principal that requested the signing job.
  • revocationRecord - A revocation record if the signature generated by the signing job has been revoked. Contains a timestamp and the ID of the IAM entity that revoked the signature.
  • signatureExpiresAt - The time when the signature of a signing job expires.
  • signedObject - Name of the S3 bucket where the signed code image is saved by code signing.
  • status - Status of the signing job.
  • statusReason - String value that contains the status reason.

Import

Signer signing jobs can be imported using the jobId, e.g.,

$ terraform import aws_signer_signing_job.test_signer_signing_job 9ed7e5c3-b8d4-4da0-8459-44e0b068f7ee