Posted On: Nov 23, 2020

You can now ensure that only trusted and verified code is deployed in your AWS Lambda functions. With Code Signing for Lambda, administrators can configure Lambda functions to only accept signed code on deployment. When developers deploy signed code to such functions, Lambda checks the signatures to ensure the code is not altered or tampered. Additionally, Lambda ensures the code is signed by trusted developers before accepting the deployment.

This feature uses AWS Signer, a fully managed code signing service from AWS. Administrators create a Signing Profile, a resource in Signer that is used for creating signatures, and use AWS Identity and Access Management (IAM) to provide access to users. Within Lambda, administrators specify the permitted signing profiles for each function. Administrators can also configure whether to warn or reject if signature checks fail at deployment.

You can use Code Signing for Lambda in the following AWS Regions: US East (Ohio), US East (N. Virginia), US West (N. California), US West (Oregon), Africa (Cape Town), Asia Pacific (Hong Kong), Asia Pacific (Mumbai), Asia Pacific (Seoul), Asia Pacific (Singapore), Asia Pacific (Sydney), Asia Pacific (Tokyo), Canada (Central), Europe (Frankfurt), Europe (Ireland), Europe (London), Europe (Milan), Europe (Paris), Europe (Stockholm), Middle East (Bahrain), South America (São Paulo). For more information, see the AWS Region table. There is no additional cost for using this feature. To learn more, read our blog, see Lambda developer guide, or see Signer developer guide.