Code Signing Comes to AWS Lambda
Users of Lambda, the serverless computing platform from Amazon Web Services (AWS), can now make sure that only approved and unaltered code is able to be executed in their environments.
AWS recently announced that a new "Code Signing" feature is now live and free to use for AWS Lambda customers except those running applications out of the China, Osaka and U.S. GovCloud regions.
Code signing describes the process of verifying that programmatic code comes from a trusted source and is unmodified. With Code Signing enabled in Lambda, administrators can make sure that no rogue or corrupted code is deployed.
"This frees up organizations from the burden of building gatekeeper components in their deployment pipelines," wrote Channy Yun, principal developer advocate for AWS, in a blog post last week announcing the feature launch.
To enable Code Signing in Lambda, administrators first create a signing profile in the AWS Signer service, then give developers and trusted users access to that profile using the AWS Identity and Access Management (IAM) service.
Administrators then tell Lambda which signing profiles are accepted for which functions using Code Signing Configuration (CSC), new tool that "enables organizations to implement a separation of duties between administrators and developers," according to Yun. "Administrators can use CSC to set code signing policies on the functions, and developers can deploy code to the functions."
Yun's post provides a detailed step-by-step guide to implementing Code Signing in Lambda. More information on the feature is available here.