alsmola · May 8, 2022 22:22
diff --git a/policy.yml b/policy.yml
 {
    "Version": "2012-10-17",
    "Statement": [
       {
            "Effect": "Allow",
            "Action": [
              "signer:GetSigningProfile",
              "signer:PutSigningProfile"
            ]
            "Resource": "arn:aws:signer:us-east-1:[account-number]:/signing-profiles/[signing-profile-name]"
        },
        {
            "Effect": "Allow",
            "Action": [
                "lambda:GetCodeSigningConfig",
                "lambda:PutFunctionCodeSigningConfig",
                "lambda:UpdateCodeSigningConfig"
            ],
            "Resource": "arn:aws:lambda:us-east-1:[account-number]:code-signing-config:csc-[csc-id]"
        },
        {
            "Effect": "Allow",
            "Action": [
                "lambda:AddPermission",
                "lambda:CreateFunction",
                "lambda:GetFunction",
                "lambda:GetFunctionCodeSigningConfig",
                "lambda:ListTags",
                "lambda:ListVersionsByFunction",
                "lambda:PublishVersion",
                "lambda:PutFunctionCodeSigningConfig",
                "lambda:UpdateFunctionCode"
            ],
            "Resource": "arn:aws:lambda:us-east-1:[account-number]:function:[function-name]"
        }
    ]
 }
	{
	"Version": "2012-10-17",
	"Statement": [
	{
	"Effect": "Allow",
	"Action": [
	"signer:GetSigningProfile",
	"signer:PutSigningProfile"
	]
	"Resource": "arn:aws:signer:us-east-1:[account-number]:/signing-profiles/[signing-profile-name]"
	},
	{
	"Effect": "Allow",
	"Action": [
	"lambda:GetCodeSigningConfig",
	"lambda:PutFunctionCodeSigningConfig",
	"lambda:UpdateCodeSigningConfig"
	],
	"Resource": "arn:aws:lambda:us-east-1:[account-number]:code-signing-config:csc-[csc-id]"
	},
	{
	"Effect": "Allow",
	"Action": [
	"lambda:AddPermission",
	"lambda:CreateFunction",
	"lambda:GetFunction",
	"lambda:GetFunctionCodeSigningConfig",
	"lambda:ListTags",
	"lambda:ListVersionsByFunction",
	"lambda:PublishVersion",
	"lambda:PutFunctionCodeSigningConfig",
	"lambda:UpdateFunctionCode"
	],
	"Resource": "arn:aws:lambda:us-east-1:[account-number]:function:[function-name]"
	}
	]
	}