Configurations in this directory creates resources to support testing, validating, as well as an example base for supporting the clowdhaus/aws-lambda-code-signing-action:
- AWS Lambda code signing config
- AWS Signer signing profile
- Signing profile permissions for signer
- IAM role which is authorized to perform signing (as well as carry out functionality defined with this action - wait for successful job completion, rename signed object, etc.)
- Supporting resources:
- IAM user to authenticate action workflow to AWS and assume IAM role for signing
- S3 bucket and object for demonstrating signing (bucket is used as both source and destination)
To provision, execute the following:
$ terraform init
$ terraform plan
$ terraform apply| Name | Version |
|---|---|
| terraform | ~> 1.0 |
| aws | >= 3.17 |
| Name | Version |
|---|---|
| archive | n/a |
| aws | >= 3.17 |
| Name | Source | Version |
|---|---|---|
| signing_test_bucket | terraform-aws-modules/s3-bucket/aws | ~> 2.10 |
| Name | Type |
|---|---|
| aws_iam_role.signer | resource |
| aws_iam_role_policy.signer | resource |
| aws_lambda_code_signing_config.this | resource |
| aws_s3_bucket_object.test | resource |
| aws_signer_signing_profile.this | resource |
| aws_signer_signing_profile_permission.signer_role_get_signing_profile | resource |
| aws_signer_signing_profile_permission.signer_role_start_signing_job | resource |
| archive_file.test | data source |
| aws_caller_identity.current | data source |
| aws_iam_policy_document.signer | data source |
| aws_iam_policy_document.signer_assume | data source |
| aws_region.current | data source |
| aws_ssm_parameter.github_oidc_id | data source |
No inputs.
No outputs.
Apache-2.0 Licensed. See LICENSE.