@pulumi/aws

import * as pulumi from "@pulumi/pulumi"; import * as outputs from "../types/output"; /** * Provides details about an AWS Lambda Code Signing Config. Use this data source to retrieve information about an existing code signing configuration for Lambda functions to ensure code integrity and authenticity. * * For information about Lambda code signing configurations and how to use them, see [configuring code signing for Lambda functions](https://docs.aws.amazon.com/lambda/latest/dg/configuration-codesigning.html). * * ## Example Usage * * ### Basic Usage * * ```typescript * import * as pulumi from "@pulumi/pulumi"; * import * as aws from "@pulumi/aws"; * * const example = aws.lambda.getCodeSigningConfig({ * arn: "arn:aws:lambda:us-west-2:123456789012:code-signing-config:csc-0f6c334abcdea4d8b", * }); * export const configDetails = { * configId: example.then(example => example.configId), * description: example.then(example => example.description), * policy: example.then(example => example.policies?.[0]?.untrustedArtifactOnDeployment), * }; * ``` * * ### Use in Lambda Function * * ```typescript * import * as pulumi from "@pulumi/pulumi"; * import * as aws from "@pulumi/aws"; * * // Get existing code signing configuration * const securityConfig = aws.lambda.getCodeSigningConfig({ * arn: codeSigningConfigArn, * }); * // Create Lambda function with code signing * const example = new aws.lambda.Function("example", { * code: new pulumi.asset.FileArchive("function.zip"), * name: "secure-function", * role: lambdaRole.arn, * handler: "index.handler", * runtime: aws.lambda.Runtime.NodeJS20dX, * codeSigningConfigArn: securityConfig.then(securityConfig => securityConfig.arn), * tags: { * Environment: "production", * Security: "code-signed", * }, * }); * ``` * * ### Validate Signing Profiles * * ```typescript * import * as pulumi from "@pulumi/pulumi"; * import * as aws from "@pulumi/aws"; * import * as std from "@pulumi/std"; * * export = async () => { * const example = await aws.lambda.getCodeSigningConfig({ * arn: codeSigningConfigArn, * }); * const allowedProfiles = example.allowedPublishers?.[0]?.signingProfileVersionArns; * const requiredProfile = "arn:aws:signer:us-west-2:123456789012:/signing-profiles/MyProfile"; * const profileAllowed = (await std.contains({ * input: allowedProfiles, * element: requiredProfile, * })).result; * // Conditional resource creation based on signing profile validation * const conditional: aws.lambda.Function[] = []; * for (const range = {value: 0}; range.value < (profileAllowed ? 1 : 0); range.value++) { * conditional.push(new aws.lambda.Function(`conditional-${range.value}`, { * code: new pulumi.asset.FileArchive("function.zip"), * name: "conditional-function", * role: lambdaRole.arn, * handler: "index.handler", * runtime: aws.lambda.Runtime.Python3d12, * codeSigningConfigArn: example.arn, * })); * } * return { * deploymentStatus: { * profileAllowed: profileAllowed, * functionCreated: profileAllowed, * message: profileAllowed ? "Function deployed with valid signing profile" : "Deployment blocked - signing profile not allowed", * }, * }; * } * ``` * * ### Multi-Environment Configuration * * ```typescript * import * as pulumi from "@pulumi/pulumi"; * import * as aws from "@pulumi/aws"; * * // Production code signing config * const prod = aws.lambda.getCodeSigningConfig({ * arn: "arn:aws:lambda:us-west-2:123456789012:code-signing-config:csc-prod-123", * }); * // Development code signing config * const dev = aws.lambda.getCodeSigningConfig({ * arn: "arn:aws:lambda:us-west-2:123456789012:code-signing-config:csc-dev-456", * }); * const prodPolicy = prod.then(prod => prod.policies?.[0]?.untrustedArtifactOnDeployment); * const devPolicy = dev.then(dev => dev.policies?.[0]?.untrustedArtifactOnDeployment); * const configComparison = { * prodEnforcement: prodPolicy, * devEnforcement: devPolicy, * policiesMatch: Promise.all([prodPolicy, devPolicy]).then(([prodPolicy, devPolicy]) => prodPolicy == devPolicy), * }; * export const environmentComparison = configComparison; * ``` */ export declare function getCodeSigningConfig(args: GetCodeSigningConfigArgs, opts?: pulumi.InvokeOptions): Promise<GetCodeSigningConfigResult>; /** * A collection of arguments for invoking getCodeSigningConfig. */ export interface GetCodeSigningConfigArgs { /** * ARN of the code signing configuration. * * The following arguments are optional: */ arn: string; /** * Region where this resource will be [managed](https://docs.aws.amazon.com/general/latest/gr/rande.html#regional-endpoints). Defaults to the Region set in the provider configuration. */ region?: string; } /** * A collection of values returned by getCodeSigningConfig. */ export interface GetCodeSigningConfigResult { /** * List of allowed publishers as signing profiles for this code signing configuration. See below. */ readonly allowedPublishers: outputs.lambda.GetCodeSigningConfigAllowedPublisher[]; readonly arn: string; /** * Unique identifier for the code signing configuration. */ readonly configId: string; /** * Code signing configuration description. */ readonly description: string; /** * The provider-assigned unique ID for this managed resource. */ readonly id: string; /** * Date and time that the code signing configuration was last modified. */ readonly lastModified: string; /** * List of code signing policies that control the validation failure action for signature mismatch or expiry. See below. */ readonly policies: outputs.lambda.GetCodeSigningConfigPolicy[]; readonly region: string; } /** * Provides details about an AWS Lambda Code Signing Config. Use this data source to retrieve information about an existing code signing configuration for Lambda functions to ensure code integrity and authenticity. * * For information about Lambda code signing configurations and how to use them, see [configuring code signing for Lambda functions](https://docs.aws.amazon.com/lambda/latest/dg/configuration-codesigning.html). * * ## Example Usage * * ### Basic Usage * * ```typescript * import * as pulumi from "@pulumi/pulumi"; * import * as aws from "@pulumi/aws"; * * const example = aws.lambda.getCodeSigningConfig({ * arn: "arn:aws:lambda:us-west-2:123456789012:code-signing-config:csc-0f6c334abcdea4d8b", * }); * export const configDetails = { * configId: example.then(example => example.configId), * description: example.then(example => example.description), * policy: example.then(example => example.policies?.[0]?.untrustedArtifactOnDeployment), * }; * ``` * * ### Use in Lambda Function * * ```typescript * import * as pulumi from "@pulumi/pulumi"; * import * as aws from "@pulumi/aws"; * * // Get existing code signing configuration * const securityConfig = aws.lambda.getCodeSigningConfig({ * arn: codeSigningConfigArn, * }); * // Create Lambda function with code signing * const example = new aws.lambda.Function("example", { * code: new pulumi.asset.FileArchive("function.zip"), * name: "secure-function", * role: lambdaRole.arn, * handler: "index.handler", * runtime: aws.lambda.Runtime.NodeJS20dX, * codeSigningConfigArn: securityConfig.then(securityConfig => securityConfig.arn), * tags: { * Environment: "production", * Security: "code-signed", * }, * }); * ``` * * ### Validate Signing Profiles * * ```typescript * import * as pulumi from "@pulumi/pulumi"; * import * as aws from "@pulumi/aws"; * import * as std from "@pulumi/std"; * * export = async () => { * const example = await aws.lambda.getCodeSigningConfig({ * arn: codeSigningConfigArn, * }); * const allowedProfiles = example.allowedPublishers?.[0]?.signingProfileVersionArns; * const requiredProfile = "arn:aws:signer:us-west-2:123456789012:/signing-profiles/MyProfile"; * const profileAllowed = (await std.contains({ * input: allowedProfiles, * element: requiredProfile, * })).result; * // Conditional resource creation based on signing profile validation * const conditional: aws.lambda.Function[] = []; * for (const range = {value: 0}; range.value < (profileAllowed ? 1 : 0); range.value++) { * conditional.push(new aws.lambda.Function(`conditional-${range.value}`, { * code: new pulumi.asset.FileArchive("function.zip"), * name: "conditional-function", * role: lambdaRole.arn, * handler: "index.handler", * runtime: aws.lambda.Runtime.Python3d12, * codeSigningConfigArn: example.arn, * })); * } * return { * deploymentStatus: { * profileAllowed: profileAllowed, * functionCreated: profileAllowed, * message: profileAllowed ? "Function deployed with valid signing profile" : "Deployment blocked - signing profile not allowed", * }, * }; * } * ``` * * ### Multi-Environment Configuration * * ```typescript * import * as pulumi from "@pulumi/pulumi"; * import * as aws from "@pulumi/aws"; * * // Production code signing config * const prod = aws.lambda.getCodeSigningConfig({ * arn: "arn:aws:lambda:us-west-2:123456789012:code-signing-config:csc-prod-123", * }); * // Development code signing config * const dev = aws.lambda.getCodeSigningConfig({ * arn: "arn:aws:lambda:us-west-2:123456789012:code-signing-config:csc-dev-456", * }); * const prodPolicy = prod.then(prod => prod.policies?.[0]?.untrustedArtifactOnDeployment); * const devPolicy = dev.then(dev => dev.policies?.[0]?.untrustedArtifactOnDeployment); * const configComparison = { * prodEnforcement: prodPolicy, * devEnforcement: devPolicy, * policiesMatch: Promise.all([prodPolicy, devPolicy]).then(([prodPolicy, devPolicy]) => prodPolicy == devPolicy), * }; * export const environmentComparison = configComparison; * ``` */ export declare function getCodeSigningConfigOutput(args: GetCodeSigningConfigOutputArgs, opts?: pulumi.InvokeOutputOptions): pulumi.Output<GetCodeSigningConfigResult>; /** * A collection of arguments for invoking getCodeSigningConfig. */ export interface GetCodeSigningConfigOutputArgs { /** * ARN of the code signing configuration. * * The following arguments are optional: */ arn: pulumi.Input<string>; /** * Region where this resource will be [managed](https://docs.aws.amazon.com/general/latest/gr/rande.html#regional-endpoints). Defaults to the Region set in the provider configuration. */ region?: pulumi.Input<string>; }