Amazon Signer
AWS Signer is a fully managed code-signing service to ensure the trust and integrity of your code. It manages the code-signing certificate public and private keys and enables central management and deployment of code signing certificates for Lambda functions and IoT devices.
APIs
AWS Signer API
The AWS Signer API provides programmatic access to create and manage signing profiles, signing jobs, and signing platform permissions for code signing of Lambda functions and Io...
Features
Security administrators define signing policies and which IAM roles can sign code.
Automatically manages code-signing certificate public and private keys.
Central management and deployment of code-signing certificates.
Integration with AWS CloudTrail tracks who generates signatures for compliance.
No infrastructure to maintain — fully managed code signing service.
Revoke signing profiles and individual signatures with effective timestamps.
Use Cases
Sign Lambda deployment packages to ensure only trusted code is deployed.
Sign firmware images for microcontrollers and over-the-air (OTA) updates via Amazon FreeRTOS.
Sign container images using Notation CLI with Amazon ECR and verify at EKS deployment.
Track all signing operations via CloudTrail for audit and compliance requirements.
Integrations
Sign Lambda deployment packages; Lambda verifies signatures at deployment.
Sign firmware images for IoT microcontrollers and OTA updates.
Sign container images using Notation CLI stored in ECR registry.
Verify image ownership and integrity at Kubernetes deployment time.
Create or import SSL/TLS certificates used for code signing.
Record and audit all API calls to AWS Signer for compliance.
Sign code for IoT devices managed by AWS IoT Device Management.