@pulumi/aws
Version:
A Pulumi package for creating and managing Amazon Web Services (AWS) cloud resources.
246 lines • 9.9 kB
JavaScript
;
// *** WARNING: this file was generated by pulumi-language-nodejs. ***
// *** Do not edit by hand unless you're certain you know what you are doing! ***
Object.defineProperty(exports, "__esModule", { value: true });
exports.getCodeSigningConfigOutput = exports.getCodeSigningConfig = void 0;
const pulumi = require("@pulumi/pulumi");
const utilities = require("../utilities");
/**
* Provides details about an AWS Lambda Code Signing Config. Use this data source to retrieve information about an existing code signing configuration for Lambda functions to ensure code integrity and authenticity.
*
* For information about Lambda code signing configurations and how to use them, see [configuring code signing for Lambda functions](https://docs.aws.amazon.com/lambda/latest/dg/configuration-codesigning.html).
*
* ## Example Usage
*
* ### Basic Usage
*
* ```typescript
* import * as pulumi from "@pulumi/pulumi";
* import * as aws from "@pulumi/aws";
*
* const example = aws.lambda.getCodeSigningConfig({
* arn: "arn:aws:lambda:us-west-2:123456789012:code-signing-config:csc-0f6c334abcdea4d8b",
* });
* export const configDetails = {
* configId: example.then(example => example.configId),
* description: example.then(example => example.description),
* policy: example.then(example => example.policies?.[0]?.untrustedArtifactOnDeployment),
* };
* ```
*
* ### Use in Lambda Function
*
* ```typescript
* import * as pulumi from "@pulumi/pulumi";
* import * as aws from "@pulumi/aws";
*
* // Get existing code signing configuration
* const securityConfig = aws.lambda.getCodeSigningConfig({
* arn: codeSigningConfigArn,
* });
* // Create Lambda function with code signing
* const example = new aws.lambda.Function("example", {
* code: new pulumi.asset.FileArchive("function.zip"),
* name: "secure-function",
* role: lambdaRole.arn,
* handler: "index.handler",
* runtime: aws.lambda.Runtime.NodeJS20dX,
* codeSigningConfigArn: securityConfig.then(securityConfig => securityConfig.arn),
* tags: {
* Environment: "production",
* Security: "code-signed",
* },
* });
* ```
*
* ### Validate Signing Profiles
*
* ```typescript
* import * as pulumi from "@pulumi/pulumi";
* import * as aws from "@pulumi/aws";
* import * as std from "@pulumi/std";
*
* export = async () => {
* const example = await aws.lambda.getCodeSigningConfig({
* arn: codeSigningConfigArn,
* });
* const allowedProfiles = example.allowedPublishers?.[0]?.signingProfileVersionArns;
* const requiredProfile = "arn:aws:signer:us-west-2:123456789012:/signing-profiles/MyProfile";
* const profileAllowed = (await std.contains({
* input: allowedProfiles,
* element: requiredProfile,
* })).result;
* // Conditional resource creation based on signing profile validation
* const conditional: aws.lambda.Function[] = [];
* for (const range = {value: 0}; range.value < (profileAllowed ? 1 : 0); range.value++) {
* conditional.push(new aws.lambda.Function(`conditional-${range.value}`, {
* code: new pulumi.asset.FileArchive("function.zip"),
* name: "conditional-function",
* role: lambdaRole.arn,
* handler: "index.handler",
* runtime: aws.lambda.Runtime.Python3d12,
* codeSigningConfigArn: example.arn,
* }));
* }
* return {
* deploymentStatus: {
* profileAllowed: profileAllowed,
* functionCreated: profileAllowed,
* message: profileAllowed ? "Function deployed with valid signing profile" : "Deployment blocked - signing profile not allowed",
* },
* };
* }
* ```
*
* ### Multi-Environment Configuration
*
* ```typescript
* import * as pulumi from "@pulumi/pulumi";
* import * as aws from "@pulumi/aws";
*
* // Production code signing config
* const prod = aws.lambda.getCodeSigningConfig({
* arn: "arn:aws:lambda:us-west-2:123456789012:code-signing-config:csc-prod-123",
* });
* // Development code signing config
* const dev = aws.lambda.getCodeSigningConfig({
* arn: "arn:aws:lambda:us-west-2:123456789012:code-signing-config:csc-dev-456",
* });
* const prodPolicy = prod.then(prod => prod.policies?.[0]?.untrustedArtifactOnDeployment);
* const devPolicy = dev.then(dev => dev.policies?.[0]?.untrustedArtifactOnDeployment);
* const configComparison = {
* prodEnforcement: prodPolicy,
* devEnforcement: devPolicy,
* policiesMatch: Promise.all([prodPolicy, devPolicy]).then(([prodPolicy, devPolicy]) => prodPolicy == devPolicy),
* };
* export const environmentComparison = configComparison;
* ```
*/
function getCodeSigningConfig(args, opts) {
opts = pulumi.mergeOptions(utilities.resourceOptsDefaults(), opts || {});
return pulumi.runtime.invoke("aws:lambda/getCodeSigningConfig:getCodeSigningConfig", {
"arn": args.arn,
"region": args.region,
}, opts);
}
exports.getCodeSigningConfig = getCodeSigningConfig;
/**
* Provides details about an AWS Lambda Code Signing Config. Use this data source to retrieve information about an existing code signing configuration for Lambda functions to ensure code integrity and authenticity.
*
* For information about Lambda code signing configurations and how to use them, see [configuring code signing for Lambda functions](https://docs.aws.amazon.com/lambda/latest/dg/configuration-codesigning.html).
*
* ## Example Usage
*
* ### Basic Usage
*
* ```typescript
* import * as pulumi from "@pulumi/pulumi";
* import * as aws from "@pulumi/aws";
*
* const example = aws.lambda.getCodeSigningConfig({
* arn: "arn:aws:lambda:us-west-2:123456789012:code-signing-config:csc-0f6c334abcdea4d8b",
* });
* export const configDetails = {
* configId: example.then(example => example.configId),
* description: example.then(example => example.description),
* policy: example.then(example => example.policies?.[0]?.untrustedArtifactOnDeployment),
* };
* ```
*
* ### Use in Lambda Function
*
* ```typescript
* import * as pulumi from "@pulumi/pulumi";
* import * as aws from "@pulumi/aws";
*
* // Get existing code signing configuration
* const securityConfig = aws.lambda.getCodeSigningConfig({
* arn: codeSigningConfigArn,
* });
* // Create Lambda function with code signing
* const example = new aws.lambda.Function("example", {
* code: new pulumi.asset.FileArchive("function.zip"),
* name: "secure-function",
* role: lambdaRole.arn,
* handler: "index.handler",
* runtime: aws.lambda.Runtime.NodeJS20dX,
* codeSigningConfigArn: securityConfig.then(securityConfig => securityConfig.arn),
* tags: {
* Environment: "production",
* Security: "code-signed",
* },
* });
* ```
*
* ### Validate Signing Profiles
*
* ```typescript
* import * as pulumi from "@pulumi/pulumi";
* import * as aws from "@pulumi/aws";
* import * as std from "@pulumi/std";
*
* export = async () => {
* const example = await aws.lambda.getCodeSigningConfig({
* arn: codeSigningConfigArn,
* });
* const allowedProfiles = example.allowedPublishers?.[0]?.signingProfileVersionArns;
* const requiredProfile = "arn:aws:signer:us-west-2:123456789012:/signing-profiles/MyProfile";
* const profileAllowed = (await std.contains({
* input: allowedProfiles,
* element: requiredProfile,
* })).result;
* // Conditional resource creation based on signing profile validation
* const conditional: aws.lambda.Function[] = [];
* for (const range = {value: 0}; range.value < (profileAllowed ? 1 : 0); range.value++) {
* conditional.push(new aws.lambda.Function(`conditional-${range.value}`, {
* code: new pulumi.asset.FileArchive("function.zip"),
* name: "conditional-function",
* role: lambdaRole.arn,
* handler: "index.handler",
* runtime: aws.lambda.Runtime.Python3d12,
* codeSigningConfigArn: example.arn,
* }));
* }
* return {
* deploymentStatus: {
* profileAllowed: profileAllowed,
* functionCreated: profileAllowed,
* message: profileAllowed ? "Function deployed with valid signing profile" : "Deployment blocked - signing profile not allowed",
* },
* };
* }
* ```
*
* ### Multi-Environment Configuration
*
* ```typescript
* import * as pulumi from "@pulumi/pulumi";
* import * as aws from "@pulumi/aws";
*
* // Production code signing config
* const prod = aws.lambda.getCodeSigningConfig({
* arn: "arn:aws:lambda:us-west-2:123456789012:code-signing-config:csc-prod-123",
* });
* // Development code signing config
* const dev = aws.lambda.getCodeSigningConfig({
* arn: "arn:aws:lambda:us-west-2:123456789012:code-signing-config:csc-dev-456",
* });
* const prodPolicy = prod.then(prod => prod.policies?.[0]?.untrustedArtifactOnDeployment);
* const devPolicy = dev.then(dev => dev.policies?.[0]?.untrustedArtifactOnDeployment);
* const configComparison = {
* prodEnforcement: prodPolicy,
* devEnforcement: devPolicy,
* policiesMatch: Promise.all([prodPolicy, devPolicy]).then(([prodPolicy, devPolicy]) => prodPolicy == devPolicy),
* };
* export const environmentComparison = configComparison;
* ```
*/
function getCodeSigningConfigOutput(args, opts) {
opts = pulumi.mergeOptions(utilities.resourceOptsDefaults(), opts || {});
return pulumi.runtime.invokeOutput("aws:lambda/getCodeSigningConfig:getCodeSigningConfig", {
"arn": args.arn,
"region": args.region,
}, opts);
}
exports.getCodeSigningConfigOutput = getCodeSigningConfigOutput;
//# sourceMappingURL=getCodeSigningConfig.js.map