{"id":9530,"library":"aws-cdk-aws-signer","title":"AWS CDK Signer Construct Library","description":"The `aws-cdk-aws-signer` library provides AWS Cloud Development Kit (CDK) constructs for defining AWS Signer resources. It simplifies the creation and management of signing profiles, allowing you to sign code and artifacts with robust cryptographic integrity. This entry reflects version 1.204.0, part of the CDK v1 series, which typically follows a rapid release cadence with new features and bug fixes.","status":"active","version":"1.204.0","language":"en","source_language":"en","source_url":"https://github.com/aws/aws-cdk.git","tags":["aws","cdk","cloud","infrastructure","signer","code-signing","security"],"install":[{"cmd":"pip install aws-cdk-aws-signer","lang":"bash","label":"Install `aws-cdk-aws-signer`"}],"dependencies":[{"reason":"This is a CDK v1 construct library and depends on the core CDK v1 library for its runtime.","package":"aws-cdk.core","optional":false}],"imports":[{"symbol":"aws_signer","correct":"from aws_cdk import aws_signer"},{"symbol":"Platform","correct":"from aws_cdk.aws_signer import Platform"},{"symbol":"SigningProfile","correct":"from aws_cdk.aws_signer import SigningProfile"}],"quickstart":{"code":"import aws_cdk as cdk\nfrom aws_cdk import aws_signer as signer\n\napp = cdk.App()\nstack = cdk.Stack(app, \"MySignerStack\")\n\n# Create an AWS Signer Signing Profile\nsigning_profile = signer.SigningProfile(\n    stack, \"MySigningProfile\",\n    platform=signer.Platform.AWS_LAMBDA_SHA384_ECDSA,\n    signature_validity=cdk.Duration.days(30)\n)\n\ncdk.CfnOutput(stack, \"SigningProfileArn\", value=signing_profile.signing_profile_arn)\n\napp.synth()","lang":"python","description":"This quickstart demonstrates how to define a basic AWS Signer Signing Profile using the `aws-cdk-aws-signer` construct library. It creates a profile suitable for AWS Lambda code signing with a 30-day validity period and exports its ARN."},"warnings":[{"fix":"For CDK v2, use the `aws_cdk.aws_signer` module directly from `aws-cdk-lib`. If you must use v1, ensure your project exclusively uses v1 dependencies and syntax. Migration guides exist for moving from CDK v1 to v2.","message":"This library (`aws-cdk-aws-signer`) is part of AWS CDK v1. It is not compatible with AWS CDK v2 (`aws-cdk-lib`) out-of-the-box. Attempting to use v1 constructs directly in a v2 application will lead to `ModuleNotFoundError` or `jsii` compatibility issues.","severity":"breaking","affected_versions":"All 1.x.x versions when used with CDK v2"},{"fix":"Consult the AWS Signer documentation for a list of supported regions and ensure your CDK stack is deployed to one of them. You can specify the region when initializing your CDK stack (e.g., `cdk.Stack(app, 'MyStack', env=cdk.Environment(region='us-east-1'))`).","message":"AWS Signer is not available in all AWS Regions. Attempting to deploy Signer resources in an unsupported region will result in deployment failures (e.g., 'ResourceNotFoundException' or 'InvalidRegionException').","severity":"gotcha","affected_versions":"All versions"},{"fix":"Always explicitly specify a valid `signer.Platform` when creating a `SigningProfile`, e.g., `platform=signer.Platform.AWS_LAMBDA_SHA384_ECDSA`. Refer to the AWS Signer documentation for available platform IDs.","message":"The `platform` property is mandatory for `signer.SigningProfile` and determines the type of code/artifact that can be signed. Using an incorrect platform or omitting it will lead to deployment errors or functional issues.","severity":"gotcha","affected_versions":"All 1.x.x versions"},{"fix":"Always consider and explicitly set `signature_validity` using `cdk.Duration` to match your organizational security policies and operational requirements for signed artifacts.","message":"The `signature_validity` property defines how long a signature created by the profile remains valid. If this duration is too short, signed artifacts might expire prematurely; if too long, it might pose a security risk. The default validity is often not suitable for all use cases.","severity":"gotcha","affected_versions":"All 1.x.x versions"}],"env_vars":null,"last_verified":"2026-04-17T00:00:00.000Z","next_check":"2026-07-16T00:00:00.000Z","problems":[{"fix":"Ensure the package is installed: `pip install aws-cdk-aws-signer`. If using CDK v2, change the import to `from aws_cdk_lib import aws_signer` and install `aws-cdk-lib` instead.","cause":"The `aws-cdk-aws-signer` package is not installed, or you are attempting to use CDK v1 imports in a CDK v2 project (where `aws_signer` is part of `aws_cdk_lib.aws_signer`).","error":"ModuleNotFoundError: No module named 'aws_cdk.aws_signer'"},{"fix":"Add the `platform` argument with a valid `signer.Platform` enum value, e.g., `platform=signer.Platform.AWS_LAMBDA_SHA384_ECDSA`.","cause":"The `platform` property was not provided when instantiating a `SigningProfile` construct, which is a mandatory parameter.","error":"jsii.errors.JSIIError: SigningProfile: platform is required"},{"fix":"Ensure the IAM user or role used for CDK deployment has permissions for `signer:*` actions, especially `signer:PutSigningProfile`, `signer:GetSigningProfile`, and `iam:*` for role creation. Review CloudFormation event logs for specific permission failures.","cause":"The AWS credentials configured for CDK deployment lack sufficient permissions to create AWS Signer resources or associated IAM roles.","error":"Failed to create change set for the stack SignerStack: The security token included in the request is invalid."}]}