docs(client-signer): Documentation updates for AWS Signer. Adds cross-account signing constraint and definitions for cross-account actions.

awstools · awstools · commit e184834db3a8 · 2024-04-30T18:17:36.000Z
diff --git a/clients/client-signer/src/commands/StartSigningJobCommand.ts b/clients/client-signer/src/commands/StartSigningJobCommand.ts
@@ -47,6 +47,9 @@ export interface StartSigningJobCommandOutput extends StartSigningJobResponse, _
  * 						<code>StartSigningJob</code> operation.</p>
  * 			         </li>
  *             <li>
+ * 				           <p>You must ensure the S3 buckets are from the same Region as the signing profile. Cross-Region signing isn't supported.</p>
+ * 			         </li>
+ *             <li>
  * 				           <p>You must also specify a request token that identifies your request to Signer.</p>
  * 			         </li>
  *          </ul>
diff --git a/clients/client-signer/src/models/models_0.ts b/clients/client-signer/src/models/models_0.ts
@@ -42,7 +42,27 @@ export interface AddProfilePermissionRequest {
   profileVersion?: string;
 
   /**
-   * <p>The AWS Signer action permitted as part of cross-account permissions.</p>
+   * <p>For cross-account signing. Grant a designated account permission to perform one or more of the following actions. Each action is associated with a specific API's operations. For more information about cross-account signing, see <a href="https://docs.aws.amazon.com/signer/latest/developerguide/signing-profile-cross-account.html">Using cross-account signing with signing profiles</a> in the <i>AWS Signer Developer Guide</i>.</p>
+   * 		       <p>You can designate the following actions to an account.</p>
+   * 		       <ul>
+   *             <li>
+   *                <p>
+   *                   <code>signer:StartSigningJob</code>. This action isn't supported for container image workflows. For details, see <a>StartSigningJob</a>.</p>
+   *             </li>
+   *             <li>
+   *                <p>
+   *                   <code>signer:SignPayload</code>. This action isn't supported for AWS Lambda workflows. For details, see <a>SignPayload</a>
+   *                </p>
+   *             </li>
+   *             <li>
+   *                <p>
+   *                   <code>signer:GetSigningProfile</code>. For details, see <a>GetSigningProfile</a>.</p>
+   *             </li>
+   *             <li>
+   *                <p>
+   *                   <code>signer:RevokeSignature</code>. For details, see <a>RevokeSignature</a>.</p>
+   *             </li>
+   *          </ul>
    * @public
    */
   action: string | undefined;
diff --git a/codegen/sdk-codegen/aws-models/signer.json b/codegen/sdk-codegen/aws-models/signer.json
@@ -115,7 +115,7 @@
         "action": {
           "target": "com.amazonaws.signer#String",
           "traits": {
-            "smithy.api#documentation": "<p>The AWS Signer action permitted as part of cross-account permissions.</p>",
+            "smithy.api#documentation": "<p>For cross-account signing. Grant a designated account permission to perform one or more of the following actions. Each action is associated with a specific API's operations. For more information about cross-account signing, see <a href=\"https://docs.aws.amazon.com/signer/latest/developerguide/signing-profile-cross-account.html\">Using cross-account signing with signing profiles</a> in the <i>AWS Signer Developer Guide</i>.</p>\n\t\t       <p>You can designate the following actions to an account.</p>\n\t\t       <ul>\n            <li>\n               <p>\n                  <code>signer:StartSigningJob</code>. This action isn't supported for container image workflows. For details, see <a>StartSigningJob</a>.</p>\n            </li>\n            <li>\n               <p>\n                  <code>signer:SignPayload</code>. This action isn't supported for AWS Lambda workflows. For details, see <a>SignPayload</a>\n               </p>\n            </li>\n            <li>\n               <p>\n                  <code>signer:GetSigningProfile</code>. For details, see <a>GetSigningProfile</a>.</p>\n            </li>\n            <li>\n               <p>\n                  <code>signer:RevokeSignature</code>. For details, see <a>RevokeSignature</a>.</p>\n            </li>\n         </ul>",
             "smithy.api#required": {}
           }
         },
@@ -2677,7 +2677,7 @@
         }
       ],
       "traits": {
-        "smithy.api#documentation": "<p>Initiates a signing job to be performed on the code provided. Signing jobs are\n\t\t\tviewable by the <code>ListSigningJobs</code> operation for two years after they are\n\t\t\tperformed. Note the following requirements: </p>\n\t\t       <ul>\n            <li>\n\t\t\t\t           <p> You must create an Amazon S3 source bucket. For more information, see <a href=\"http://docs.aws.amazon.com/AmazonS3/latest/gsg/CreatingABucket.html\">Creating a Bucket</a> in the\n\t\t\t\t\t\t<i>Amazon S3 Getting Started Guide</i>. </p>\n\t\t\t         </li>\n            <li>\n\t\t\t\t           <p>Your S3 source bucket must be version enabled.</p>\n\t\t\t         </li>\n            <li>\n\t\t\t\t           <p>You must create an S3 destination bucket. AWS Signer uses your S3 destination bucket to\n\t\t\t\t\twrite your signed code.</p>\n\t\t\t         </li>\n            <li>\n\t\t\t\t           <p>You specify the name of the source and destination buckets when calling the\n\t\t\t\t\t\t<code>StartSigningJob</code> operation.</p>\n\t\t\t         </li>\n            <li>\n\t\t\t\t           <p>You must also specify a request token that identifies your request to Signer.</p>\n\t\t\t         </li>\n         </ul>\n\t\t       <p>You can call the <a>DescribeSigningJob</a> and the <a>ListSigningJobs</a> actions after you call\n\t\t\t<code>StartSigningJob</code>.</p>\n\t\t       <p>For a Java example that shows how to use this action, see <a href=\"https://docs.aws.amazon.com/signer/latest/developerguide/api-startsigningjob.html\">StartSigningJob</a>.</p>",
+        "smithy.api#documentation": "<p>Initiates a signing job to be performed on the code provided. Signing jobs are\n\t\t\tviewable by the <code>ListSigningJobs</code> operation for two years after they are\n\t\t\tperformed. Note the following requirements: </p>\n\t\t       <ul>\n            <li>\n\t\t\t\t           <p> You must create an Amazon S3 source bucket. For more information, see <a href=\"http://docs.aws.amazon.com/AmazonS3/latest/gsg/CreatingABucket.html\">Creating a Bucket</a> in the\n\t\t\t\t\t\t<i>Amazon S3 Getting Started Guide</i>. </p>\n\t\t\t         </li>\n            <li>\n\t\t\t\t           <p>Your S3 source bucket must be version enabled.</p>\n\t\t\t         </li>\n            <li>\n\t\t\t\t           <p>You must create an S3 destination bucket. AWS Signer uses your S3 destination bucket to\n\t\t\t\t\twrite your signed code.</p>\n\t\t\t         </li>\n            <li>\n\t\t\t\t           <p>You specify the name of the source and destination buckets when calling the\n\t\t\t\t\t\t<code>StartSigningJob</code> operation.</p>\n\t\t\t         </li>\n            <li>\n\t\t\t\t           <p>You must ensure the S3 buckets are from the same Region as the signing profile. Cross-Region signing isn't supported.</p>\n\t\t\t         </li>\n            <li>\n\t\t\t\t           <p>You must also specify a request token that identifies your request to Signer.</p>\n\t\t\t         </li>\n         </ul>\n\t\t       <p>You can call the <a>DescribeSigningJob</a> and the <a>ListSigningJobs</a> actions after you call\n\t\t\t<code>StartSigningJob</code>.</p>\n\t\t       <p>For a Java example that shows how to use this action, see <a href=\"https://docs.aws.amazon.com/signer/latest/developerguide/api-startsigningjob.html\">StartSigningJob</a>.</p>",
         "smithy.api#http": {
           "method": "POST",
           "uri": "/signing-jobs",
