The AWS Signer API provides programmatic access to create and manage signing profiles, signing jobs, and signing platform permissions for code signing of Lambda functions and IoT device software.
openapi: 3.0.0
info:
version: '2017-08-25'
x-release: v4
title: AWS Signer
description: '<p>AWS Signer is a fully managed code signing service to help you ensure the trust and integrity of your code. </p> <p>AWS Signer supports the following applications:</p> <p>With code signing
for AWS Lambda, you can sign <a href="http://docs.aws.amazon.com/lambda/latest/dg/">AWS Lambda</a> deployment packages. Integrated support is provided for <a href="http://docs.aws.amazon.com/AmazonS3/latest/gsg/">Amazon
S3</a>, <a href="http://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/">Amazon CloudWatch</a>, and <a href="http://docs.aws.amazon.com/awscloudtrail/latest/userguide/">AWS CloudTrail</a>. In
order to sign code, you create a signing profile and then use Signer to sign Lambda zip files in S3. </p> <p>With code signing for IoT, you can sign code for any IoT device that is supported by AWS.
IoT code signing is available for <a href="http://docs.aws.amazon.com/freertos/latest/userguide/">Amazon FreeRTOS</a> and <a href="http://docs.aws.amazon.com/iot/latest/developerguide/">AWS IoT Device
Management</a>, and is integrated with <a href="http://docs.aws.amazon.com/acm/latest/userguide/">AWS Certificate Manager (ACM)</a>. In order to sign code, you import a third-party code signing certificate
using ACM, and use that to sign updates in Amazon FreeRTOS and AWS IoT Device Management. </p> <p>With code signing for containers …(TBD)</p> <p>For more information about AWS Signer, see the <a href="https://docs.aws.amazon.com/signer/latest/developerguide/Welcome.html">AWS
Signer Developer Guide</a>.</p>'
x-logo:
url: 'https://twitter.com/awscloud/profile_image?size=original'
backgroundColor: '#FFFFFF'
termsOfService: 'https://aws.amazon.com/service-terms/'
contact:
name: Mike Ralphson
email: [email protected]
url: 'https://github.com/mermade/aws2openapi'
x-twitter: PermittedSoc
license:
name: Apache 2.0 License
url: 'http://www.apache.org/licenses/'
x-providerName: amazonaws.com
x-serviceName: signer
x-aws-signingName: signer
x-origin:
- contentType: application/json
url: 'https://raw.githubusercontent.com/aws/aws-sdk-js/master/apis/signer-2017-08-25.normal.json'
converter:
url: 'https://github.com/mermade/aws2openapi'
version: 1.0.0
x-apisguru-driver: external
x-apiClientRegistration:
url: 'https://portal.aws.amazon.com/gp/aws/developer/registration/index.html?nc2=h_ct'
x-apisguru-categories:
- cloud
x-preferred: true
externalDocs:
description: Amazon Web Services documentation
url: 'https://docs.aws.amazon.com/signer/'
servers:
- url: 'http://signer.{region}.amazonaws.com'
variables:
region:
description: The AWS region
enum:
- us-east-1
- us-east-2
- us-west-1
- us-west-2
- us-gov-west-1
- us-gov-east-1
- ca-central-1
- eu-north-1
- eu-west-1
- eu-west-2
- eu-west-3
- eu-central-1
- eu-south-1
- af-south-1
- ap-northeast-1
- ap-northeast-2
- ap-northeast-3
- ap-southeast-1
- ap-southeast-2
- ap-east-1
- ap-south-1
- sa-east-1
- me-south-1
default: us-east-1
description: The signer multi-region endpoint
- url: 'https://signer.{region}.amazonaws.com'
variables:
region:
description: The AWS region
enum:
- us-east-1
- us-east-2
- us-west-1
- us-west-2
- us-gov-west-1
- us-gov-east-1
- ca-central-1
- eu-north-1
- eu-west-1
- eu-west-2
- eu-west-3
- eu-central-1
- eu-south-1
- af-south-1
- ap-northeast-1
- ap-northeast-2
- ap-northeast-3
- ap-southeast-1
- ap-southeast-2
- ap-east-1
- ap-south-1
- sa-east-1
- me-south-1
default: us-east-1
description: The signer multi-region endpoint
- url: 'http://signer.{region}.amazonaws.com.cn'
variables:
region:
description: The AWS region
enum:
- cn-north-1
- cn-northwest-1
default: cn-north-1
description: The signer endpoint for China (Beijing) and China (Ningxia)
- url: 'https://signer.{region}.amazonaws.com.cn'
variables:
region:
description: The AWS region
enum:
- cn-north-1
- cn-northwest-1
default: cn-north-1
description: The signer endpoint for China (Beijing) and China (Ningxia)
x-hasEquivalentPaths: true
paths:
'/signing-profiles/{profileName}/permissions':
post:
operationId: AddProfilePermission
description: Adds cross-account permissions to a signing profile.
responses:
'200':
description: Success
content:
application/json:
schema:
$ref: '#/components/schemas/AddProfilePermissionResponse'
examples:
AddProfilePermission200Example:
summary: Default AddProfilePermission 200 response
x-microcks-default: true
value:
revisionId: example-value
'480':
description: ValidationException
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationException'
examples:
AddProfilePermission480Example:
summary: Default AddProfilePermission 480 response
x-microcks-default: true
value: example-value
'481':
description: ResourceNotFoundException
content:
application/json:
schema:
$ref: '#/components/schemas/ResourceNotFoundException'
examples:
AddProfilePermission481Example:
summary: Default AddProfilePermission 481 response
x-microcks-default: true
value: example-value
'482':
description: AccessDeniedException
content:
application/json:
schema:
$ref: '#/components/schemas/AccessDeniedException'
examples:
AddProfilePermission482Example:
summary: Default AddProfilePermission 482 response
x-microcks-default: true
value: example-value
'483':
description: ServiceLimitExceededException
content:
application/json:
schema:
$ref: '#/components/schemas/ServiceLimitExceededException'
examples:
AddProfilePermission483Example:
summary: Default AddProfilePermission 483 response
x-microcks-default: true
value: example-value
'484':
description: ConflictException
content:
application/json:
schema:
$ref: '#/components/schemas/ConflictException'
examples:
AddProfilePermission484Example:
summary: Default AddProfilePermission 484 response
x-microcks-default: true
value: example-value
'485':
description: TooManyRequestsException
content:
application/json:
schema:
$ref: '#/components/schemas/TooManyRequestsException'
examples:
AddProfilePermission485Example:
summary: Default AddProfilePermission 485 response
x-microcks-default: true
value: example-value
'486':
description: InternalServiceErrorException
content:
application/json:
schema:
$ref: '#/components/schemas/InternalServiceErrorException'
examples:
AddProfilePermission486Example:
summary: Default AddProfilePermission 486 response
x-microcks-default: true
value: example-value
parameters:
- name: profileName
in: path
required: true
description: The human-readable name of the signing profile.
schema:
type: string
pattern: '^[a-zA-Z0-9_]{2,}'
minLength: 2
maxLength: 64
requestBody:
required: true
content:
application/json:
schema:
type: object
required:
- action
- principal
- statementId
properties:
profileVersion:
description: The version of the signing profile.
type: string
pattern: '^[a-zA-Z0-9]{10}$'
minLength: 10
maxLength: 10
action:
description: The AWS Signer action permitted as part of cross-account permissions.
type: string
principal:
description: The AWS principal receiving cross-account permissions. This may be an IAM role or another AWS account ID.
type: string
revisionId:
description: A unique identifier for the current profile revision.
type: string
statementId:
description: A unique identifier for the cross-account permission statement.
type: string
examples:
AddProfilePermissionRequestExample:
summary: Default AddProfilePermission request
x-microcks-default: true
value:
profileVersion: MySigningProfile
action: example-value
principal: example-value
revisionId: example-value
statementId: example-value
summary: Amazon Add Profile Permission
x-microcks-operation:
delay: 0
dispatcher: FALLBACK
parameters:
- $ref: '#/components/parameters/X-Amz-Content-Sha256'
- $ref: '#/components/parameters/X-Amz-Date'
- $ref: '#/components/parameters/X-Amz-Algorithm'
- $ref: '#/components/parameters/X-Amz-Credential'
- $ref: '#/components/parameters/X-Amz-Security-Token'
- $ref: '#/components/parameters/X-Amz-Signature'
- $ref: '#/components/parameters/X-Amz-SignedHeaders'
get:
operationId: ListProfilePermissions
description: Lists the cross-account permissions associated with a signing profile.
responses:
'200':
description: Success
content:
application/json:
schema:
$ref: '#/components/schemas/ListProfilePermissionsResponse'
examples:
ListProfilePermissions200Example:
summary: Default ListProfilePermissions 200 response
x-microcks-default: true
value:
revisionId: example-value
policySizeBytes: example-value
permissions: example-value
nextToken: example-value
'480':
description: ValidationException
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationException'
examples:
ListProfilePermissions480Example:
summary: Default ListProfilePermissions 480 response
x-microcks-default: true
value: example-value
'481':
description: ResourceNotFoundException
content:
application/json:
schema:
$ref: '#/components/schemas/ResourceNotFoundException'
examples:
ListProfilePermissions481Example:
summary: Default ListProfilePermissions 481 response
x-microcks-default: true
value: example-value
'482':
description: AccessDeniedException
content:
application/json:
schema:
$ref: '#/components/schemas/AccessDeniedException'
examples:
ListProfilePermissions482Example:
summary: Default ListProfilePermissions 482 response
x-microcks-default: true
value: example-value
'483':
description: TooManyRequestsException
content:
application/json:
schema:
$ref: '#/components/schemas/TooManyRequestsException'
examples:
ListProfilePermissions483Example:
summary: Default ListProfilePermissions 483 response
x-microcks-default: true
value: example-value
'484':
description: InternalServiceErrorException
content:
application/json:
schema:
$ref: '#/components/schemas/InternalServiceErrorException'
examples:
ListProfilePermissions484Example:
summary: Default ListProfilePermissions 484 response
x-microcks-default: true
value: example-value
parameters:
- name: profileName
in: path
required: true
description: Name of the signing profile containing the cross-account permissions.
schema:
type: string
pattern: '^[a-zA-Z0-9_]{2,}'
minLength: 2
maxLength: 64
- name: nextToken
in: query
required: false
description: String for specifying the next set of paginated results.
schema:
type: string
summary: Amazon List Profile Permissions
x-microcks-operation:
delay: 0
dispatcher: FALLBACK
'/signing-profiles/{profileName}':
delete:
operationId: CancelSigningProfile
description: 'Changes the state of an <code>ACTIVE</code> signing profile to <code>CANCELED</code>. A canceled profile is still viewable with the <code>ListSigningProfiles</code> operation, but it
cannot perform new signing jobs, and is deleted two years after cancelation.'
responses:
'200':
description: Success
'480':
description: ResourceNotFoundException
content:
application/json:
schema:
$ref: '#/components/schemas/ResourceNotFoundException'
examples:
CancelSigningProfile480Example:
summary: Default CancelSigningProfile 480 response
x-microcks-default: true
value: example-value
'481':
description: AccessDeniedException
content:
application/json:
schema:
$ref: '#/components/schemas/AccessDeniedException'
examples:
CancelSigningProfile481Example:
summary: Default CancelSigningProfile 481 response
x-microcks-default: true
value: example-value
'482':
description: TooManyRequestsException
content:
application/json:
schema:
$ref: '#/components/schemas/TooManyRequestsException'
examples:
CancelSigningProfile482Example:
summary: Default CancelSigningProfile 482 response
x-microcks-default: true
value: example-value
'483':
description: InternalServiceErrorException
content:
application/json:
schema:
$ref: '#/components/schemas/InternalServiceErrorException'
examples:
CancelSigningProfile483Example:
summary: Default CancelSigningProfile 483 response
x-microcks-default: true
value: example-value
parameters:
- name: profileName
in: path
required: true
description: The name of the signing profile to be canceled.
schema:
type: string
pattern: '^[a-zA-Z0-9_]{2,}'
minLength: 2
maxLength: 64
summary: Amazon Cancel Signing Profile
x-microcks-operation:
delay: 0
dispatcher: FALLBACK
parameters:
- $ref: '#/components/parameters/X-Amz-Content-Sha256'
- $ref: '#/components/parameters/X-Amz-Date'
- $ref: '#/components/parameters/X-Amz-Algorithm'
- $ref: '#/components/parameters/X-Amz-Credential'
- $ref: '#/components/parameters/X-Amz-Security-Token'
- $ref: '#/components/parameters/X-Amz-Signature'
- $ref: '#/components/parameters/X-Amz-SignedHeaders'
get:
operationId: GetSigningProfile
description: Returns information on a specific signing profile.
responses:
'200':
description: Success
content:
application/json:
schema:
$ref: '#/components/schemas/GetSigningProfileResponse'
examples:
GetSigningProfile200Example:
summary: Default GetSigningProfile 200 response
x-microcks-default: true
value:
profileName: MySigningProfile
profileVersion: MySigningProfile
profileVersionArn: arn:aws:signer:us-east-1:123456789012:signing-profiles/MyProfile
revocationRecord:
revocationEffectiveFrom: example-value
revokedAt: example-value
revokedBy: example-value
signingMaterial: example-value
platformId: AWSLambda-SHA384-ECDSA
platformDisplayName: AWSLambda-SHA384-ECDSA
signatureValidityPeriod:
value: example-value
type: example-value
overrides: example-value
signingParameters: example-value
status: Active
statusReason: Active
arn: arn:aws:signer:us-east-1:123456789012:signing-profiles/MyProfile
tags: example-value
'480':
description: ResourceNotFoundException
content:
application/json:
schema:
$ref: '#/components/schemas/ResourceNotFoundException'
examples:
GetSigningProfile480Example:
summary: Default GetSigningProfile 480 response
x-microcks-default: true
value: example-value
'481':
description: AccessDeniedException
content:
application/json:
schema:
$ref: '#/components/schemas/AccessDeniedException'
examples:
GetSigningProfile481Example:
summary: Default GetSigningProfile 481 response
x-microcks-default: true
value: example-value
'482':
description: TooManyRequestsException
content:
application/json:
schema:
$ref: '#/components/schemas/TooManyRequestsException'
examples:
GetSigningProfile482Example:
summary: Default GetSigningProfile 482 response
x-microcks-default: true
value: example-value
'483':
description: InternalServiceErrorException
content:
application/json:
schema:
$ref: '#/components/schemas/InternalServiceErrorException'
examples:
GetSigningProfile483Example:
summary: Default GetSigningProfile 483 response
x-microcks-default: true
value: example-value
parameters:
- name: profileName
in: path
required: true
description: The name of the target signing profile.
schema:
type: string
pattern: '^[a-zA-Z0-9_]{2,}'
minLength: 2
maxLength: 64
- name: profileOwner
in: query
required: false
description: The AWS account ID of the profile owner.
schema:
type: string
pattern: '^[0-9]{12}$'
minLength: 12
maxLength: 12
summary: Amazon Get Signing Profile
x-microcks-operation:
delay: 0
dispatcher: FALLBACK
put:
operationId: PutSigningProfile
description: 'Creates a signing profile. A signing profile is a code signing template that can be used to carry out a pre-defined signing job. '
responses:
'200':
description: Success
content:
application/json:
schema:
$ref: '#/components/schemas/PutSigningProfileResponse'
examples:
PutSigningProfile200Example:
summary: Default PutSigningProfile 200 response
x-microcks-default: true
value:
arn: arn:aws:signer:us-east-1:123456789012:signing-profiles/MyProfile
profileVersion: MySigningProfile
profileVersionArn: arn:aws:signer:us-east-1:123456789012:signing-profiles/MyProfile
'480':
description: ResourceNotFoundException
content:
application/json:
schema:
$ref: '#/components/schemas/ResourceNotFoundException'
examples:
PutSigningProfile480Example:
summary: Default PutSigningProfile 480 response
x-microcks-default: true
value: example-value
'481':
description: AccessDeniedException
content:
application/json:
schema:
$ref: '#/components/schemas/AccessDeniedException'
examples:
PutSigningProfile481Example:
summary: Default PutSigningProfile 481 response
x-microcks-default: true
value: example-value
'482':
description: ValidationException
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationException'
examples:
PutSigningProfile482Example:
summary: Default PutSigningProfile 482 response
x-microcks-default: true
value: example-value
'483':
description: TooManyRequestsException
content:
application/json:
schema:
$ref: '#/components/schemas/TooManyRequestsException'
examples:
PutSigningProfile483Example:
summary: Default PutSigningProfile 483 response
x-microcks-default: true
value: example-value
'484':
description: InternalServiceErrorException
content:
application/json:
schema:
$ref: '#/components/schemas/InternalServiceErrorException'
examples:
PutSigningProfile484Example:
summary: Default PutSigningProfile 484 response
x-microcks-default: true
value: example-value
parameters:
- name: profileName
in: path
required: true
description: The name of the signing profile to be created.
schema:
type: string
pattern: '^[a-zA-Z0-9_]{2,}'
minLength: 2
maxLength: 64
requestBody:
required: true
content:
application/json:
schema:
type: object
required:
- platformId
properties:
signingMaterial:
description: The ACM certificate that is used to sign your code.
type: object
properties:
certificateArn:
allOf:
- $ref: '#/components/schemas/CertificateArn'
- description: The Amazon Resource Name (ARN) of the certificates that is used to sign your code.
signatureValidityPeriod:
description: The validity period for a signing job.
type: object
properties:
value:
allOf:
- $ref: '#/components/schemas/Integer'
- description: The numerical value of the time unit for signature validity.
type:
allOf:
- $ref: '#/components/schemas/ValidityType'
- description: The time unit for signature validity.
platformId:
description: The ID of the signing platform to be created.
type: string
overrides:
description: Any overrides that are applied to the signing configuration of a code signing platform.
type: object
properties:
signingConfiguration:
allOf:
- $ref: '#/components/schemas/SigningConfigurationOverrides'
- description: A signing configuration that overrides the default encryption or hash algorithm of a signing job.
signingImageFormat:
allOf:
- $ref: '#/components/schemas/ImageFormat'
- description: 'A signed image is a JSON object. When overriding the default signing platform configuration, a customer can select either of two signing formats, <code>JSONEmbedded</code>
or <code>JSONDetached</code>. (A third format value, <code>JSON</code>, is reserved for future use.) With <code>JSONEmbedded</code>, the signing image has the payload embedded
in it. With <code>JSONDetached</code>, the payload is not be embedded in the signing image.'
signingParameters:
description: Map of key-value pairs for signing. These can include any information that you want to use during signing.
type: object
additionalProperties:
$ref: '#/components/schemas/SigningParameterValue'
tags:
description: Tags to be associated with the signing profile that is being created.
type: object
minProperties: 1
maxProperties: 200
additionalProperties:
$ref: '#/components/schemas/TagValue'
examples:
PutSigningProfileRequestExample:
summary: Default PutSigningProfile request
x-microcks-default: true
value:
signingMaterial:
certificateArn: arn:aws:signer:us-east-1:123456789012:signing-profiles/MyProfile
signatureValidityPeriod:
value: example-value
type: example-value
platformId: AWSLambda-SHA384-ECDSA
overrides:
signingConfiguration: example-value
signingImageFormat: example-value
signingParameters: {}
tags: {}
summary: Amazon Put Signing Profile
x-microcks-operation:
delay: 0
dispatcher: FALLBACK
'/signing-jobs/{jobId}':
get:
operationId: DescribeSigningJob
description: 'Returns information about a specific code signing job. You specify the job by using the <code>jobId</code> value that is returned by the <a>StartSigningJob</a> operation. '
responses:
'200':
description: Success
content:
application/json:
schema:
$ref: '#/components/schemas/DescribeSigningJobResponse'
examples:
DescribeSigningJob200Example:
summary: Default DescribeSigningJob 200 response
x-microcks-default: true
value:
jobId: job-abc12345
source: example-value
signingMaterial: example-value
platformId: AWSLambda-SHA384-ECDSA
platformDisplayName: AWSLambda-SHA384-ECDSA
profileName: MySigningProfile
profileVersion: MySigningProfile
overrides: example-value
signingParameters: example-value
createdAt: example-value
completedAt: example-value
signatureExpiresAt: example-value
requestedBy: example-value
status: Active
statusReason: Active
revocationRecord: example-value
signedObject: example-value
jobOwner: job-abc12345
jobInvoker: job-abc12345
'480':
description: ResourceNotFoundException
content:
application/json:
schema:
$ref: '#/components/schemas/ResourceNotFoundException'
examples:
DescribeSigningJob480Example:
summary: Default DescribeSigningJob 480 response
x-microcks-default: true
value: example-value
'481':
description: AccessDeniedException
content:
application/json:
schema:
$ref: '#/components/schemas/AccessDeniedException'
examples:
DescribeSigningJob481Example:
summary: Default DescribeSigningJob 481 response
x-microcks-default: true
value: example-value
'482':
description: TooManyRequestsException
content:
application/json:
schema:
$ref: '#/components/schemas/TooManyRequestsException'
examples:
DescribeSigningJob482Example:
summary: Default DescribeSigningJob 482 response
x-microcks-default: true
value: example-value
'483':
description: InternalServiceErrorException
content:
application/json:
schema:
$ref: '#/components/schemas/InternalServiceErrorException'
examples:
DescribeSigningJob483Example:
summary: Default DescribeSigningJob 483 response
x-microcks-default: true
value: example-value
parameters:
- name: jobId
in: path
required: true
description: The ID of the signing job on input.
schema:
type: string
summary: Amazon Describe Signing Job
x-microcks-operation:
delay: 0
dispatcher: FALLBACK
parameters:
- $ref: '#/components/parameters/X-Amz-Content-Sha256'
- $ref: '#/components/parameters/X-Amz-Date'
- $ref: '#/components/parameters/X-Amz-Algorithm'
- $ref: '#/components/parameters/X-Amz-Credential'
- $ref: '#/components/parameters/X-Amz-Security-Token'
- $ref: '#/components/parameters/X-Amz-Signature'
- $ref: '#/components/parameters/X-Amz-SignedHeaders'
/revocations#signatureTimestamp&platformId&profileVersionArn&jobArn&certificateHashes:
get:
operationId: GetRevocationStatus
description: 'Retrieves the revocation status of one or more of the signing profile, signing job, and signing certificate.'
responses:
'200':
description: Success
content:
application/json:
schema:
$ref: '#/components/schemas/GetRevocationStatusResponse'
examples:
GetRevocationStatus200Example:
summary: Default GetRevocationStatus 200 response
x-microcks-default: true
value:
revokedEn
# --- truncated at 32 KB (126 KB total) ---
# Full source: https://raw.githubusercontent.com/api-evangelist/amazon-signer/refs/heads/main/openapi/amazon-signer.yaml