Which solution will meet this requirement?
Revoke all versions of the signing profile assigned to the developer.
Examine the developer’s IAM roles. Remove all permissions that grant access to Signer.
Re-encrypt all source code with a new AWS Key Management Service (AWS KMS) key.
Use Amazon CodeGuru to profile all the code that the Lambda functions use.
Explanations:
Revoking all versions of the signing profile associated with the developer ensures that any code signed by that profile can no longer be deployed to AWS Lambda functions. This prevents the developer’s code from being deployed, as Lambda functions require signed code to be deployed when using AWS Signer.
Removing permissions related to AWS Signer from the developer’s IAM roles would prevent the developer from signing code in the future, but it does not affect code that has already been signed and deployed to Lambda functions. The already signed code could still be deployed until the signing profile itself is revoked.
Re-encrypting all source code with a new AWS KMS key would not necessarily prevent deployment of the developer’s code. AWS Signer is used for verifying the authenticity of code deployments, not for encrypting the code. This action would not revoke access to previously signed code.
Amazon CodeGuru is a tool for code quality analysis, not for managing Lambda deployment or signing. It cannot prevent deployment of previously signed code or revoke signing profiles associated with the developer.