feat: Code signing support #658#719
Conversation
|
This PR has been automatically marked as stale because it has been open 30 days |
|
This PR has been automatically marked as stale because it has been open 30 days |
|
This PR has been automatically marked as stale because it has been open 30 days |
|
This PR was automatically closed because of stale in 10 days |
|
I'm going to lock this pull request because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues. If you have found a problem that seems related to this change, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further. |
2 participants
Is your request related to a new offering from AWS?
Yes ✅: please list the AWS provider version which introduced this functionality
All visible on https://github.com/terraform-aws-modules/terraform-aws-lambda/blob/master/examples/code-signing/main.tf#L55
Is your request related to a problem? Please describe.
To support code signing with this module it's required to pre-zip and upload the file to s3. This causes an issue when we rely on the packaging happening within the module as the zip is produced within the module and can't be signed.
Describe the solution you'd like.
Add a aws_signer_signing_job resource with expected variables:
[required] enable code signing
[required] signing profile_name
[optional] destination s3 prefix otherwise use the same as var.s3_prefix
[optional] destination s3 bucket otherwise use the same bucket as var.s3_bucket
Describe alternatives you've considered.
I tried to use the output module.this.s3_object.bucket to sign it and inject it to the s3_existing_package but that creates a looping dependency.
Additional context
Checkov rates code signing as a high finding: https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/aws-general-policies/bc-aws-272
Breaking Changes
No
How Has This Been Tested?
examples/code-signing/main.tfto demonstrate and validate my change(s)