CodeSigningConfig for AWS Lambda

shasha · August 27, 2021, 6:12pm

Hello,
Is there a way to add CodeSigningConfigArn in the serverless.yml file? As per AWS Cloudformation documentation, CodeSigningConfigArn is used to enable code signing for the function.

https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-function.html

How do I use that with Serverless?

serverlessnoob · December 24, 2024, 9:52am

Hi Shasha,

I’m leaving this here for anyone that comes across this:

With your serverless file you will have a function block such as:

functions:
  ApiAuthorizer:
    name: api-authorizer-name
    handler: com.company.project.authorizer.AuthorizerFunction
    package:
      artifact: ${param:myS3Location}/authorizer.zip
    timeout: 300

Then at the top level (so the level where “functions” is defined in the serverless.yml file you have this resource and extensions configuration:

resources:
  extensions:
    ApiAuthorizerLambdaFunction:
      Properties:
        CodeSigningConfigArn:
          ${ssm:/myProject/signingConfig}

Two things here:

The name of the extension is the lambda function identifier NOT the name under the lambda function. In this case “ApiAuthorizer” not “api-authorizer-name”
You’ll also need a signing configuration set up that you can use. In my case it comes from ssm.

Topic		Replies	Views
Serverless framework custom Lambda function Serverless Framework lambda	1	197	April 23, 2025
How to export the qualified ARN of lambda functions created in serverless.yml Serverless Framework	3	16712	June 20, 2023
Unclear how to reference Lambda Role ARN in serverless.yml Serverless Framework aws	6	31855	November 3, 2020
Dynamic ARN to Cognito authorizer Serverless Framework aws	10	7236	July 6, 2022
Custom Authorizer ARN reference Serverless Framework aws	15	15744	October 10, 2019

CodeSigningConfig for AWS Lambda

Related topics