AWS Lambda code signing is the practice of digitally signing source code packages for functions and layers. The goal of code signing is to ensure that only trusted code runs in your AWS Lambda functions.

AWS Signer is a fully-managed code-signing service that can be used to verify the integrity of your AWS Lambda code. Before your code is deployed, AWS Lambda will perform a series of validation checks which will determine whether to accept or reject the deployment package.

In this lab, you will work in the AWS console to configure code signing for an AWS Lambda function using AWS Signer. This lab also covers the signature validation process in detail, including the validation checks and policies that can be applied to your code signing configurations.

Learning Objectives

Upon completion of this intermediate-level lab, you will be able to:

• Prepare an Amazon S3 bucket to store signed assets
• Create an AWS Signer signing profile
• Configure an AWS Lambda function code signing configuration
• Initiate a signing job in AWS Signer

Intended Audience

• Cloud Architects
• DevOps Engineers
• Software Engineers

Prerequisites

Familiarity with the following will be beneficial but is not required:

• Amazon Simple Storage Service (S3)
• AWS Lambda

The following content can be used to fulfill the prerequisite:

• Introduction to Amazon S3
• Understanding AWS Lambda to Run & Scale Your Code