AWS Security ChangesHomeSearch

AWS lambda medium security documentation change

Service: lambda · 2025-10-10 · Security-related medium

File: lambda/latest/dg/monitoring-metrics-types.md

Summary

Added Deployment metrics section with SignatureValidationErrors tracking code signing failures

Security assessment

New metric helps detect code signing validation failures when using Warn policy. Directly relates to code integrity verification security controls.

Diff

diff --git a/lambda/latest/dg/monitoring-metrics-types.md b/lambda/latest/dg/monitoring-metrics-types.md
index 00bf48c0c..aa373dbd6 100644
--- a//lambda/latest/dg/monitoring-metrics-types.md
+++ b//lambda/latest/dg/monitoring-metrics-types.md
@@ -5 +5 @@
-Invocation metricsPerformance metricsConcurrency metricsAsynchronous invocation metricsEvent source mapping metrics
+Invocation metricsDeployment metricsPerformance metricsConcurrency metricsAsynchronous invocation metricsEvent source mapping metrics
@@ -14,0 +15,2 @@ This section describes the types of Lambda metrics available in the CloudWatch c
+  * Deployment metrics
+
@@ -50,0 +53,9 @@ Invocation metrics are binary indicators of the outcome of a Lambda function inv
+## Deployment metrics
+
+Deployment metrics provide information about Lambda function deployment events and related validation processes.
+
+  * `SignatureValidationErrors` – The number of times a code package deployment has occurred with signature validation failures when the code signing configuration policy is set to `Warn`. This metric is emitted when the expiry, mismatch, or revocation checks fail but the deployment is still allowed due to the `Warn` policy setting. For more information about code signing, see [Using code signing to verify code integrity with Lambda](./configuration-codesigning.html).
+
+
+
+