Signer examples using Amazon CLI - Amazon Command Line Interface
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).

This documentation is for Version 1 of the Amazon CLI only. For documentation related to Version 2 of the Amazon CLI, see the Version 2 User Guide.

Signer examples using Amazon CLI

The following code examples show you how to perform actions and implement common scenarios by using the Amazon Command Line Interface with Signer.

Actions are code excerpts from larger programs and must be run in context. While actions show you how to call individual service functions, you can see actions in context in their related scenarios.

Each example includes a link to the complete source code, where you can find instructions on how to set up and run the code in context.

Topics

Actions

The following code example shows how to use cancel-signing-profile.

Amazon CLI

To delete a signing profile

The following cancel-signing-profile example removes an existing signing profile from Amazon Signer.

aws signer cancel-signing-profile \ --profile-name MyProfile1

This command produces no output.

The following code example shows how to use describe-signing-job.

Amazon CLI

To display details about a signing job

The following describe-signing-job example displays details about the specified signing job.

aws signer describe-signing-job \ --job-id 2065c468-73e2-4385-a6c9-0123456789abc

Output:

{ "status": "Succeeded", "completedAt": 1568412037, "platformId": "AmazonFreeRTOS-Default", "signingMaterial": { "certificateArn": "arn:aws:acm:us-west-2:123456789012:certificate/6a55389b-306b-4e8c-a95c-0123456789abc" }, "statusReason": "Signing Succeeded", "jobId": "2065c468-73e2-4385-a6c9-0123456789abc", "source": { "s3": { "version": "PNyFaUTgsQh5ZdMCcoCe6pT1gOpgB_M4", "bucketName": "signer-source", "key": "MyCode.rb" } }, "profileName": "MyProfile2", "signedObject": { "s3": { "bucketName": "signer-destination", "key": "signed-2065c468-73e2-4385-a6c9-0123456789abc" } }, "requestedBy": "arn:aws:iam::123456789012:user/maria", "createdAt": 1568412036 }

The following code example shows how to use get-signing-platform.

Amazon CLI

To display details about a signing platform

The following get-signing-platform example displays details about the specified signing platform.

aws signer get-signing-platform \ --platform-id AmazonFreeRTOS-TI-CC3220SF

Output:

{ "category": "AWS", "displayName": "Amazon FreeRTOS SHA1-RSA CC3220SF-Format", "target": "SHA1-RSA-TISHA1", "platformId": "AmazonFreeRTOS-TI-CC3220SF", "signingConfiguration": { "encryptionAlgorithmOptions": { "defaultValue": "RSA", "allowedValues": [ "RSA" ] }, "hashAlgorithmOptions": { "defaultValue": "SHA1", "allowedValues": [ "SHA1" ] } }, "maxSizeInMB": 16, "partner": "AmazonFreeRTOS", "signingImageFormat": { "defaultFormat": "JSONEmbedded", "supportedFormats": [ "JSONEmbedded" ] } }

The following code example shows how to use get-signing-profile.

Amazon CLI

To display details about a signing profile

The following get-signing-profile example displays details about the specified signing profile.

aws signer get-signing-profile \ --profile-name MyProfile3

Output:

{ "platformId": "AmazonFreeRTOS-TI-CC3220SF", "profileName": "MyProfile3", "status": "Active", "signingMaterial": { "certificateArn": "arn:aws:acm:us-west-2:123456789012:certificate/6a55389b-306b-4e8c-a95c-0123456789abc" } }

The following code example shows how to use list-signing-jobs.

Amazon CLI

To list all signing jobs

The following list-signing-jobs example displays details about all signing jobs for the account.

aws signer list-signing-jobs

In this example, two jobs are returned, one successful, and one failed.

{ "jobs": [ { "status": "Succeeded", "signingMaterial": { "certificateArn": "arn:aws:acm:us-west-2:123456789012:certificate/6a55389b-306b-4e8c-a95c-0123456789abc" }, "jobId": "2065c468-73e2-4385-a6c9-0123456789abc", "source": { "s3": { "version": "PNyFaUTgsQh5ZdMCcoCe6pT1gOpgB_M4", "bucketName": "signer-source", "key": "MyCode.rb" } }, "signedObject": { "s3": { "bucketName": "signer-destination", "key": "signed-2065c468-73e2-4385-a6c9-0123456789abc" } }, "createdAt": 1568412036 }, { "status": "Failed", "source": { "s3": { "version": "PNyFaUTgsQh5ZdMCcoCe6pT1gOpgB_M4", "bucketName": "signer-source", "key": "MyOtherCode.rb" } }, "signingMaterial": { "certificateArn": "arn:aws:acm:us-west-2:123456789012:certificate/6a55389b-306b-4e8c-a95c-0123456789abc" }, "createdAt": 1568402690, "jobId": "74d9825e-22fc-4a0d-b962-0123456789abc" } ] }

The following code example shows how to use list-signing-platforms.

Amazon CLI

To list all signing platforms

The following list-signing-platforms example displays details about all available signing platforms.

aws signer list-signing-platforms

Output:

{ "platforms": [ { "category": "AWS", "displayName": "AWS IoT Device Management SHA256-ECDSA ", "target": "SHA256-ECDSA", "platformId": "AWSIoTDeviceManagement-SHA256-ECDSA", "signingConfiguration": { "encryptionAlgorithmOptions": { "defaultValue": "ECDSA", "allowedValues": [ "ECDSA" ] }, "hashAlgorithmOptions": { "defaultValue": "SHA256", "allowedValues": [ "SHA256" ] } }, "maxSizeInMB": 2048, "partner": "AWSIoTDeviceManagement", "signingImageFormat": { "defaultFormat": "JSONDetached", "supportedFormats": [ "JSONDetached" ] } }, { "category": "AWS", "displayName": "Amazon FreeRTOS SHA1-RSA CC3220SF-Format", "target": "SHA1-RSA-TISHA1", "platformId": "AmazonFreeRTOS-TI-CC3220SF", "signingConfiguration": { "encryptionAlgorithmOptions": { "defaultValue": "RSA", "allowedValues": [ "RSA" ] }, "hashAlgorithmOptions": { "defaultValue": "SHA1", "allowedValues": [ "SHA1" ] } }, "maxSizeInMB": 16, "partner": "AmazonFreeRTOS", "signingImageFormat": { "defaultFormat": "JSONEmbedded", "supportedFormats": [ "JSONEmbedded" ] } }, { "category": "AWS", "displayName": "Amazon FreeRTOS SHA256-ECDSA", "target": "SHA256-ECDSA", "platformId": "AmazonFreeRTOS-Default", "signingConfiguration": { "encryptionAlgorithmOptions": { "defaultValue": "ECDSA", "allowedValues": [ "ECDSA" ] }, "hashAlgorithmOptions": { "defaultValue": "SHA256", "allowedValues": [ "SHA256" ] } }, "maxSizeInMB": 16, "partner": "AmazonFreeRTOS", "signingImageFormat": { "defaultFormat": "JSONEmbedded", "supportedFormats": [ "JSONEmbedded" ] } } ] }

The following code example shows how to use list-signing-profiles.

Amazon CLI

To list all signing profiles

The following list-signing-profiles example displays details about all signing profiles for the account.

aws signer list-signing-profiles

Output:

{ "profiles": [ { "platformId": "AmazonFreeRTOS-TI-CC3220SF", "profileName": "MyProfile4", "status": "Active", "signingMaterial": { "certificateArn": "arn:aws:acm:us-west-2:123456789012:certificate/6a55389b-306b-4e8c-a95c-0123456789abc" } }, { "platformId": "AWSIoTDeviceManagement-SHA256-ECDSA", "profileName": "MyProfile5", "status": "Active", "signingMaterial": { "certificateArn": "arn:aws:acm:us-west-2:123456789012:certificate/6a55389b-306b-4e8c-a95c-0123456789abc" } } ] }

The following code example shows how to use put-signing-profile.

Amazon CLI

To create a signing profile

The following put-signing-profile example creates a signing profile using the specified certificate and platform.

aws signer put-signing-profile \ --profile-name MyProfile6 \ --signing-material certificateArn=arn:aws:acm:us-west-2:123456789012:certificate/6a55389b-306b-4e8c-a95c-0123456789abc \ --platform AmazonFreeRTOS-TI-CC3220SF

Output:

{ "arn": "arn:aws:signer:us-west-2:123456789012:/signing-profiles/MyProfile6" }

The following code example shows how to use start-signing-job.

Amazon CLI

To start a signing job

The following start-signing-job example starts a signing job on the code found at the specified source. It uses the specified profile to do the signing and places the signed code in the specified destination.

aws signer start-signing-job \ --source 's3={bucketName=signer-source,key=MyCode.rb,version=PNyFaUTgsQh5ZdMCcoCe6pT1gOpgB_M4}' \ --destination 's3={bucketName=signer-destination,prefix=signed-}' \ --profile-name MyProfile7

The output is the ID of the signing job.

{ "jobId": "2065c468-73e2-4385-a6c9-0123456789abc" }