AddProfilePermission
Adds cross-account permissions to a signing profile.
Request Syntax
POST /signing-profiles/profileName/permissions HTTP/1.1
Content-type: application/json
{
   "action": "string",
   "principal": "string",
   "profileVersion": "string",
   "revisionId": "string",
   "statementId": "string"
}URI Request Parameters
The request uses the following URI parameters.
- profileName
- 
               The human-readable name of the signing profile. Length Constraints: Minimum length of 2. Maximum length of 64. Pattern: ^[a-zA-Z0-9_]{2,}Required: Yes 
Request Body
The request accepts the following data in JSON format.
- action
- 
               For cross-account signing. Grant a designated account permission to perform one or more of the following actions. Each action is associated with a specific API's operations. For more information about cross-account signing, see Using cross-account signing with signing profiles in the AWS Signer Developer Guide. You can designate the following actions to an account. - 
                     signer:StartSigningJob. This action isn't supported for container image workflows. For details, see StartSigningJob.
- 
                     signer:SignPayload. This action isn't supported for AWS Lambda workflows. For details, see SignPayload
- 
                     signer:GetSigningProfile. For details, see GetSigningProfile.
- 
                     signer:RevokeSignature. For details, see RevokeSignature.
 Type: String Required: Yes 
- 
                     
- principal
- 
               The AWS principal receiving cross-account permissions. This may be an IAM role or another AWS account ID. Type: String Required: Yes 
- profileVersion
- 
               The version of the signing profile. Type: String Length Constraints: Fixed length of 10. Pattern: ^[a-zA-Z0-9]{10}$Required: No 
- revisionId
- 
               A unique identifier for the current profile revision. Type: String Required: No 
- statementId
- 
               A unique identifier for the cross-account permission statement. Type: String Required: Yes 
Response Syntax
HTTP/1.1 200
Content-type: application/json
{
   "revisionId": "string"
}Response Elements
If the action is successful, the service sends back an HTTP 200 response.
The following data is returned in JSON format by the service.
- revisionId
- 
               A unique identifier for the current profile revision. Type: String 
Errors
For information about the errors that are common to all actions, see Common Errors.
- AccessDeniedException
- 
               You do not have sufficient access to perform this action. HTTP Status Code: 403 
- ConflictException
- 
               The resource encountered a conflicting state. HTTP Status Code: 409 
- InternalServiceErrorException
- 
               An internal error occurred. HTTP Status Code: 500 
- ResourceNotFoundException
- 
               A specified resource could not be found. HTTP Status Code: 404 
- ServiceLimitExceededException
- 
               The client is making a request that exceeds service limits. HTTP Status Code: 402 
- TooManyRequestsException
- 
               The allowed number of job-signing requests has been exceeded. This error supersedes the error ThrottlingException.HTTP Status Code: 429 
- ValidationException
- 
               You signing certificate could not be validated. HTTP Status Code: 400 
See Also
For more information about using this API in one of the language-specific AWS SDKs, see the following: