RemoveProfilePermission

RemoveProfilePermission

Removes cross-account permissions from a signing profile.

Request Syntax

DELETE /signing-profiles/profileName/permissions/statementId?revisionId=revisionId HTTP/1.1

URI Request Parameters

The request uses the following URI parameters.

profileName (p. 41)

A human-readable name for the signing profile with permissions to be removed.

Length Constraints: Minimum length of 2. Maximum length of 64.

Pattern: ^[a-zA-Z0-9_]{2,}

Required: Yes revisionId (p. 41)

An identifier for the current revision of the signing profile permissions.

Required: Yes statementId (p. 41)

A unique identifier for the cross-account permissions statement.

Required: Yes

Request Body

The request does not have a request body.

Response Syntax

HTTP/1.1 200

Content-type: application/json { "revisionId": "string"

}

Response Elements

If the action is successful, the service sends back an HTTP 200 response.

The following data is returned in JSON format by the service.

revisionId (p. 41)

An identifier for the current revision of the profile permissions.

Errors

Type: String

Errors

For information about the errors that are common to all actions, see Common Errors (p. 84).

AccessDeniedException

You do not have sufficient access to perform this action.

HTTP Status Code: 403 ConflictException

The resource encountered a conflicting state.

HTTP Status Code: 409 InternalServiceErrorException

An internal error occurred.

HTTP Status Code: 500 ResourceNotFoundException

A specified resource could not be found.

HTTP Status Code: 404 TooManyRequestsException

The allowed number of job-signing requests has been exceeded.

This error supersedes the error ThrottlingException.

HTTP Status Code: 429 ValidationException

You signing certificate could not be validated.

HTTP Status Code: 400

See Also

For more information about using this API in one of the language-specific AWS SDKs, see the following:

• AWS Command Line Interface

• AWS SDK for .NET

• AWS SDK for C++

• AWS SDK for Go

• AWS SDK for Java V2

• AWS SDK for JavaScript

• AWS SDK for PHP V3

• AWS SDK for Python

• AWS SDK for Ruby V3

RevokeSignature

RevokeSignature

Changes the state of a signing job to REVOKED. This indicates that the signature is no longer valid.

Request Syntax

PUT /signing-jobs/jobId/revoke HTTP/1.1 Content-type: application/json

{ "jobOwner": "string", "reason": "string"

}

URI Request Parameters

The request uses the following URI parameters.

jobId (p. 43)

ID of the signing job to be revoked.

Required: Yes

Request Body

The request accepts the following data in JSON format.

jobOwner (p. 43)

AWS account ID of the job owner.

Type: String

Length Constraints: Fixed length of 12.

Pattern: ^[0-9]{12}$

Required: No reason (p. 43)

The reason for revoking the signing job.

Type: String

Length Constraints: Minimum length of 1. Maximum length of 500.

Required: Yes

Response Syntax

HTTP/1.1 200

Response Elements

Response Elements

If the action is successful, the service sends back an HTTP 200 response with an empty HTTP body.

Errors

For information about the errors that are common to all actions, see Common Errors (p. 84).

AccessDeniedException

You do not have sufficient access to perform this action.

HTTP Status Code: 403 InternalServiceErrorException

An internal error occurred.

HTTP Status Code: 500 ResourceNotFoundException

A specified resource could not be found.

HTTP Status Code: 404 TooManyRequestsException

The allowed number of job-signing requests has been exceeded.

This error supersedes the error ThrottlingException.

HTTP Status Code: 429 ValidationException

You signing certificate could not be validated.

HTTP Status Code: 400

See Also

For more information about using this API in one of the language-specific AWS SDKs, see the following:

• AWS Command Line Interface

• AWS SDK for .NET

• AWS SDK for C++

• AWS SDK for Go

• AWS SDK for Java V2

• AWS SDK for JavaScript

• AWS SDK for PHP V3

• AWS SDK for Python

• AWS SDK for Ruby V3

RevokeSigningProfile

RevokeSigningProfile

Changes the state of a signing profile to REVOKED. This indicates that signatures generated using the signing profile after an effective start date are no longer valid.

Request Syntax

PUT /signing-profiles/profileName/revoke HTTP/1.1 Content-type: application/json

{ "effectiveTime": number, "profileVersion": "string", "reason": "string"

}

URI Request Parameters

The request uses the following URI parameters.

profileName (p. 45)

The name of the signing profile to be revoked.

Length Constraints: Minimum length of 2. Maximum length of 64.

Pattern: ^[a-zA-Z0-9_]{2,}

Required: Yes

Request Body

The request accepts the following data in JSON format.

effectiveTime (p. 45)

A timestamp for when revocation of a Signing Profile should become effective. Signatures generated using the signing profile after this timestamp are not trusted.

Type: Timestamp Required: Yes profileVersion (p. 45)

The version of the signing profile to be revoked.

Type: String

Length Constraints: Fixed length of 10.

Pattern: ^[a-zA-Z0-9]{10}$

Required: Yes reason (p. 45)

The reason for revoking a signing profile.

Response Syntax

Type: String

Length Constraints: Minimum length of 1. Maximum length of 500.

Required: Yes

Response Syntax

HTTP/1.1 200

Response Elements

If the action is successful, the service sends back an HTTP 200 response with an empty HTTP body.

Errors

For information about the errors that are common to all actions, see Common Errors (p. 84).

AccessDeniedException

You do not have sufficient access to perform this action.

HTTP Status Code: 403 InternalServiceErrorException

An internal error occurred.

HTTP Status Code: 500 ResourceNotFoundException

A specified resource could not be found.

HTTP Status Code: 404 TooManyRequestsException

The allowed number of job-signing requests has been exceeded.

This error supersedes the error ThrottlingException.

HTTP Status Code: 429 ValidationException

You signing certificate could not be validated.

HTTP Status Code: 400

See Also

For more information about using this API in one of the language-specific AWS SDKs, see the following:

• AWS Command Line Interface

• AWS SDK for .NET

• AWS SDK for C++

See Also

• AWS SDK for Go

• AWS SDK for Java V2

• AWS SDK for JavaScript

• AWS SDK for PHP V3

• AWS SDK for Python

• AWS SDK for Ruby V3

StartSigningJob

StartSigningJob

Initiates a signing job to be performed on the code provided. Signing jobs are viewable by the

ListSigningJobs operation for two years after they are performed. Note the following requirements:

• You must create an Amazon S3 source bucket. For more information, see Creating a Bucket in the Amazon S3 Getting Started Guide.

• Your S3 source bucket must be version enabled.

• You must create an S3 destination bucket. Code signing uses your S3 destination bucket to write your signed code.

• You specify the name of the source and destination buckets when calling the StartSigningJob operation.

• You must also specify a request token that identifies your request to code signing.

You can call the DescribeSigningJob (p. 8) and the ListSigningJobs (p. 24) actions after you call StartSigningJob.

For a Java example that shows how to use this action, see StartSigningJob.

Request Syntax

POST /signing-jobs HTTP/1.1 Content-type: application/json { "clientRequestToken": "string", "destination": {

"profileName": "string", "profileOwner": "string", "source": {

URI Request Parameters

The request does not use any URI parameters.

Request Body

The request accepts the following data in JSON format.

clientRequestToken (p. 48)

String that identifies the signing request. All calls after the first that use this token return the same response as the first call.

Response Syntax

Type: String Required: Yes destination (p. 48)

The S3 bucket in which to save your signed object. The destination contains the name of your bucket and an optional prefix.

Type: Destination (p. 58) object Required: Yes

profileName (p. 48)

The name of the signing profile.

Type: String

Length Constraints: Minimum length of 2. Maximum length of 64.

Pattern: ^[a-zA-Z0-9_]{2,}

Required: Yes profileOwner (p. 48)

The AWS account ID of the signing profile owner.

Type: String

Length Constraints: Fixed length of 12.

Pattern: ^[0-9]{12}$

Required: No source (p. 48)

The S3 bucket that contains the object to sign or a BLOB that contains your raw code.

Type: Source (p. 81) object Required: Yes

Response Syntax

HTTP/1.1 200

Content-type: application/json {

"jobId": "string", "jobOwner": "string"

}

Response Elements

If the action is successful, the service sends back an HTTP 200 response.

The following data is returned in JSON format by the service.

jobId (p. 49)

The ID of your signing job.

Errors

Type: String jobOwner (p. 49)

The AWS account ID of the signing job owner.

Type: String

Length Constraints: Fixed length of 12.

Pattern: ^[0-9]{12}$

Errors

For information about the errors that are common to all actions, see Common Errors (p. 84).

AccessDeniedException

You do not have sufficient access to perform this action.

HTTP Status Code: 403 InternalServiceErrorException

An internal error occurred.

HTTP Status Code: 500 ResourceNotFoundException

A specified resource could not be found.

HTTP Status Code: 404 ThrottlingException

This error has been deprecated.

The request was denied due to request throttling.

Instead of this error, TooManyRequestsException should be used.

HTTP Status Code: 429 TooManyRequestsException

The allowed number of job-signing requests has been exceeded.

This error supersedes the error ThrottlingException.

HTTP Status Code: 429 ValidationException

You signing certificate could not be validated.

HTTP Status Code: 400

Examples

在文檔中 Code Signing for Amazon FreeRTOS API Reference API Version 2017-08-25 (頁 47-56)