From 0757686790c25ab1cc0f040d9f6039cef6648d44 Mon Sep 17 00:00:00 2001
From: Niranjan Jayakar <nija@amazon.com>
Date: Fri, 19 Mar 2021 00:24:15 +0000
Subject: [PATCH] fix(lambda): incorrect values for prop
 UntrustedArtifactOnDeployment (#13667)

The allowed values for `UntrustedArtifactOnDeployment` in the
`AWS::Lambda::CodeSigningConfig` resource type are 'Warn' and 'Enforce'.

This was incorrectly set in the CDK.

fixes #13586


----

*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
---
 packages/@aws-cdk/aws-lambda/lib/code-signing-config.ts       | 4 ++--
 packages/@aws-cdk/aws-lambda/test/code-signing-config.test.ts | 4 ++--
 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/packages/@aws-cdk/aws-lambda/lib/code-signing-config.ts b/packages/@aws-cdk/aws-lambda/lib/code-signing-config.ts
index 0472eb5d048f5..5e76436b75cca 100644
--- a/packages/@aws-cdk/aws-lambda/lib/code-signing-config.ts
+++ b/packages/@aws-cdk/aws-lambda/lib/code-signing-config.ts
@@ -10,13 +10,13 @@ export enum UntrustedArtifactOnDeployment {
   /**
    * Lambda blocks the deployment request if signature validation checks fail.
    */
-  ENFORCE = 'enforce',
+  ENFORCE = 'Enforce',
 
   /**
    * Lambda allows the deployment of the code package, but issues a warning.
    * Lambda issues a new Amazon CloudWatch metric, called a signature validation error and also stores the warning in CloudTrail.
    */
-  WARN = 'warn',
+  WARN = 'Warn',
 }
 
 /**
diff --git a/packages/@aws-cdk/aws-lambda/test/code-signing-config.test.ts b/packages/@aws-cdk/aws-lambda/test/code-signing-config.test.ts
index 3e123ab5d5d89..6f6c1047f5453 100644
--- a/packages/@aws-cdk/aws-lambda/test/code-signing-config.test.ts
+++ b/packages/@aws-cdk/aws-lambda/test/code-signing-config.test.ts
@@ -28,7 +28,7 @@ describe('code signing config', () => {
         }],
       },
       CodeSigningPolicies: {
-        UntrustedArtifactOnDeployment: lambda.UntrustedArtifactOnDeployment.WARN,
+        UntrustedArtifactOnDeployment: 'Warn',
       },
     });
   });
@@ -78,7 +78,7 @@ describe('code signing config', () => {
 
     expect(stack).toHaveResource('AWS::Lambda::CodeSigningConfig', {
       CodeSigningPolicies: {
-        UntrustedArtifactOnDeployment: lambda.UntrustedArtifactOnDeployment.ENFORCE,
+        UntrustedArtifactOnDeployment: 'Enforce',
       },
       Description: 'test description',
     });