@gradientedge/cdk-utils-aws 2.5.0 → 2.7.0

package/dist/src/services/identity-access-management/main.d.ts

@@ -6,7 +6,7 @@ import { IBucket } from 'aws-cdk-lib/aws-s3';
 import { Queue } from 'aws-cdk-lib/aws-sqs';
 import { CommonConstruct } from '../../common/index.js';
 /**
- * Provides operations on AWS
+ * Provides operations on AWS Identity and Access Management (IAM).
  * - A new instance of this class is injected into {@link CommonConstruct} constructor.
  * - If a custom construct extends {@link CommonConstruct}, an instance is available within the context.
  * @example
@@ -72,7 +72,7 @@ export declare class IamManager {
     /**
      * @summary Method to create iam statement to list s3 buckets
      * @param scope scope in which this resource is defined
-     * @param bucket
+     * @param bucket the S3 bucket to grant list access to
      */
     statementForListBucket(scope: CommonConstruct, bucket: IBucket): PolicyStatement;
     /**
@@ -83,22 +83,22 @@ export declare class IamManager {
     /**
      * @summary Method to create iam statement to get s3 objects in buckets
      * @param scope scope in which this resource is defined
-     * @param bucket
-     * @param resourceArns list of ARNs to allow access to
+     * @param bucket the S3 bucket to grant read access to
+     * @param resourceArns optional list of ARNs to allow access to, defaults to all objects in the bucket
      */
     statementForGetAnyS3Objects(scope: CommonConstruct, bucket: IBucket, resourceArns?: string[]): PolicyStatement;
     /**
      * @summary Method to create iam statement to delete s3 objects in buckets
      * @param scope scope in which this resource is defined
-     * @param bucket
-     * @param resourceArns list of ARNs to allow access to
+     * @param bucket the S3 bucket to grant delete access to
+     * @param resourceArns optional list of ARNs to allow access to, defaults to all objects in the bucket
      */
     statementForDeleteAnyS3Objects(scope: CommonConstruct, bucket: IBucket, resourceArns?: string[]): PolicyStatement;
     /**
      * @summary Method to create iam statement to write s3 objects in buckets
      * @param scope scope in which this resource is defined
-     * @param bucket
-     * @param resourceArns list of ARNs to allow access to
+     * @param bucket the S3 bucket to grant write access to
+     * @param resourceArns optional list of ARNs to allow access to, defaults to all objects in the bucket
      */
     statementForPutAnyS3Objects(scope: CommonConstruct, bucket: IBucket, resourceArns?: string[]): PolicyStatement;
     /**
@@ -119,7 +119,7 @@ export declare class IamManager {
     /**
      * @summary Method to create iam statement to assume iam role
      * @param scope scope in which this resource is defined
-     * @param servicePrincipals
+     * @param servicePrincipals the list of service principals allowed to assume the role
      */
     statementForAssumeRole(scope: CommonConstruct, servicePrincipals: ServicePrincipal[]): PolicyStatement;
     /**
@@ -130,14 +130,14 @@ export declare class IamManager {
     /**
      * @summary Method to create iam statement to run ecs task
      * @param scope scope in which this resource is defined
-     * @param cluster
-     * @param task
+     * @param cluster the ECS cluster the task runs in
+     * @param task the ECS task definition to allow running
      */
     statementForRunEcsTask(scope: CommonConstruct, cluster: ICluster, task: ITaskDefinition): PolicyStatement;
     /**
      * @summary Method to create iam statement to create log stream
      * @param scope scope in which this resource is defined
-     * @param logGroup
+     * @param logGroup the CloudWatch log group to allow creating log streams in
      */
     statementForCreateLogStream(scope: CommonConstruct, logGroup: CfnLogGroup): PolicyStatement;
     /**
@@ -148,7 +148,7 @@ export declare class IamManager {
     /**
      * @summary Method to create iam statement to write log events
      * @param scope scope in which this resource is defined
-     * @param logGroup
+     * @param logGroup the CloudWatch log group to allow writing log events to
      */
     statementForPutLogEvent(scope: CommonConstruct, logGroup: CfnLogGroup): PolicyStatement;
     /**
@@ -177,12 +177,12 @@ export declare class IamManager {
      */
     createPolicyForCloudfrontInvalidation(resourceArns?: string[]): PolicyDocument;
     /**
-     * @summary Method to create iam policy for sqs
+     * @summary Method to create iam policy for SQS event processing
      * @param id scoped id of the resource
      * @param scope scope in which this resource is defined
-     * @param sqsQueue
-     * @param eventBridgeRule
-     * @param servicePrincipals
+     * @param sqsQueue the SQS queue to grant access to
+     * @param eventBridgeRule the EventBridge rule that sends events to the queue
+     * @param servicePrincipals optional list of service principals, defaults to events.amazonaws.com
      */
     createPolicyForSqsEvent(id: string, scope: CommonConstruct, sqsQueue: Queue, eventBridgeRule: IRule, servicePrincipals?: ServicePrincipal[]): PolicyDocument;
     /**
@@ -192,73 +192,73 @@ export declare class IamManager {
      */
     createRoleForCloudfrontInvalidation(id: string, scope: CommonConstruct): Role;
     /**
-     * @summary Method to create iam statement for cloud trail
+     * @summary Method to create iam role for CloudTrail
      * @param id scoped id of the resource
      * @param scope scope in which this resource is defined
-     * @param logGroup
+     * @param logGroup the CloudWatch log group for CloudTrail to deliver logs to
      */
     createRoleForCloudTrail(id: string, scope: CommonConstruct, logGroup: CfnLogGroup): CfnRole;
     /**
-     * @summary Method to create iam statement for ecs event
+     * @summary Method to create iam role for ECS event-driven task execution
      * @param id scoped id of the resource
      * @param scope scope in which this resource is defined
-     * @param cluster
-     * @param task
+     * @param cluster the ECS cluster the task runs in
+     * @param task the ECS task definition to allow running
      */
     createRoleForEcsEvent(id: string, scope: CommonConstruct, cluster: ICluster, task: ITaskDefinition): Role;
     /**
-     * @summary Method to create iam statement for ecs execution
+     * @summary Method to create iam role for ECS task execution
      * @param id scoped id of the resource
      * @param scope scope in which this resource is defined
-     * @param policy
+     * @param policy the inline policy document to attach to the role
      */
     createRoleForEcsExecution(id: string, scope: CommonConstruct, policy: PolicyDocument): Role;
     /**
-     * @summary Method to create iam statement for lambda execution
+     * @summary Method to create iam role for Lambda function execution
      * @param id scoped id of the resource
      * @param scope scope in which this resource is defined
-     * @param policy
-     * @param servicePrincipal
+     * @param policy the inline policy document to attach to the role
+     * @param servicePrincipal optional service principal, defaults to lambda.amazonaws.com
      */
     createRoleForLambda(id: string, scope: CommonConstruct, policy: PolicyDocument, servicePrincipal?: ServicePrincipal): Role;
     /**
-     * @summary Method to create iam statement for appconfig secrets manager integration
+     * @summary Method to create iam role for AppConfig Secrets Manager integration
      * @param id scoped id of the resource
      * @param scope scope in which this resource is defined
-     * @param policy
-     * @param servicePrincipal
+     * @param policy the inline policy document to attach to the role
+     * @param servicePrincipal optional service principal, defaults to appconfig.amazonaws.com
      */
     createRoleForAppConfigSecrets(id: string, scope: CommonConstruct, policy: PolicyDocument, servicePrincipal?: ServicePrincipal): Role;
     /**
-     * @summary Method to create iam statement for step function execution
+     * @summary Method to create iam role for Step Function execution
      * @param id scoped id of the resource
      * @param scope scope in which this resource is defined
-     * @param policy
-     * @param servicePrincipal
+     * @param policy the inline policy document to attach to the role
+     * @param servicePrincipal optional service principal, defaults to states.amazonaws.com
      */
     createRoleForStepFunction(id: string, scope: CommonConstruct, policy: PolicyDocument, servicePrincipal?: ServicePrincipal): Role;
     /**
-     * @summary Method to create iam statement for sqs to step function pipe
+     * @summary Method to create iam role for SQS to Step Function pipe
      * @param id scoped id of the resource
      * @param scope scope in which this resource is defined
-     * @param queueArn the arn of the sqs queue
-     * @param stepFunctionArn the arn of the step function
+     * @param queueArn the ARN of the SQS queue (source)
+     * @param stepFunctionArn the ARN of the Step Function (target)
      */
     createRoleForSqsToSfnPipe(id: string, scope: CommonConstruct, queueArn: string, stepFunctionArn: string): Role;
     /**
-     * @summary Method to create iam statement for sqs to lambda pipe
+     * @summary Method to create iam role for SQS to Lambda pipe
      * @param id scoped id of the resource
      * @param scope scope in which this resource is defined
-     * @param queueArn the arn of the sqs queue
-     * @param lambdaArn the arn of the lambda function
+     * @param queueArn the ARN of the SQS queue (source)
+     * @param lambdaArn the ARN of the Lambda function (target)
      */
     createRoleForSqsToLambdaPipe(id: string, scope: CommonConstruct, queueArn: string, lambdaArn: string): Role;
     /**
-     * @summary Method to create iam statement for dynamoDb to lambda function pipe
+     * @summary Method to create iam role for DynamoDB stream to Lambda function pipe
      * @param id scoped id of the resource
      * @param scope scope in which this resource is defined
-     * @param dynamoDbStreamArn the arn of the dynamoDb Stream queue
-     * @param lambdaFunctionArn the arn of the lambda function
+     * @param dynamoDbStreamArn the ARN of the DynamoDB stream (source)
+     * @param lambdaFunctionArn the ARN of the Lambda function (target)
      */
     createRoleForDynamoDbToLambdaPipe(id: string, scope: CommonConstruct, dynamoDbStreamArn: string, lambdaFunctionArn: string): Role;
 }

package/dist/src/services/identity-access-management/main.js

@@ -2,7 +2,7 @@ import { Stack } from 'aws-cdk-lib';
 import { CfnRole, Effect, ManagedPolicy, PolicyDocument, PolicyStatement, Role, ServicePrincipal, } from 'aws-cdk-lib/aws-iam';
 import { createCfnOutput } from '../../utils/index.js';
 /**
- * Provides operations on AWS
+ * Provides operations on AWS Identity and Access Management (IAM).
  * - A new instance of this class is injected into {@link CommonConstruct} constructor.
  * - If a custom construct extends {@link CommonConstruct}, an instance is available within the context.
  * @example
@@ -137,7 +137,7 @@ export class IamManager {
     /**
      * @summary Method to create iam statement to list s3 buckets
      * @param scope scope in which this resource is defined
-     * @param bucket
+     * @param bucket the S3 bucket to grant list access to
      */
     statementForListBucket(scope, bucket) {
         return new PolicyStatement({
@@ -160,8 +160,8 @@ export class IamManager {
     /**
      * @summary Method to create iam statement to get s3 objects in buckets
      * @param scope scope in which this resource is defined
-     * @param bucket
-     * @param resourceArns list of ARNs to allow access to
+     * @param bucket the S3 bucket to grant read access to
+     * @param resourceArns optional list of ARNs to allow access to, defaults to all objects in the bucket
      */
     statementForGetAnyS3Objects(scope, bucket, resourceArns) {
         return new PolicyStatement({
@@ -173,8 +173,8 @@ export class IamManager {
     /**
      * @summary Method to create iam statement to delete s3 objects in buckets
      * @param scope scope in which this resource is defined
-     * @param bucket
-     * @param resourceArns list of ARNs to allow access to
+     * @param bucket the S3 bucket to grant delete access to
+     * @param resourceArns optional list of ARNs to allow access to, defaults to all objects in the bucket
      */
     statementForDeleteAnyS3Objects(scope, bucket, resourceArns) {
         return new PolicyStatement({
@@ -186,8 +186,8 @@ export class IamManager {
     /**
      * @summary Method to create iam statement to write s3 objects in buckets
      * @param scope scope in which this resource is defined
-     * @param bucket
-     * @param resourceArns list of ARNs to allow access to
+     * @param bucket the S3 bucket to grant write access to
+     * @param resourceArns optional list of ARNs to allow access to, defaults to all objects in the bucket
      */
     statementForPutAnyS3Objects(scope, bucket, resourceArns) {
         return new PolicyStatement({
@@ -232,7 +232,7 @@ export class IamManager {
     /**
      * @summary Method to create iam statement to assume iam role
      * @param scope scope in which this resource is defined
-     * @param servicePrincipals
+     * @param servicePrincipals the list of service principals allowed to assume the role
      */
     statementForAssumeRole(scope, servicePrincipals) {
         return new PolicyStatement({
@@ -256,8 +256,8 @@ export class IamManager {
     /**
      * @summary Method to create iam statement to run ecs task
      * @param scope scope in which this resource is defined
-     * @param cluster
-     * @param task
+     * @param cluster the ECS cluster the task runs in
+     * @param task the ECS task definition to allow running
      */
     statementForRunEcsTask(scope, cluster, task) {
         return new PolicyStatement({
@@ -270,7 +270,7 @@ export class IamManager {
     /**
      * @summary Method to create iam statement to create log stream
      * @param scope scope in which this resource is defined
-     * @param logGroup
+     * @param logGroup the CloudWatch log group to allow creating log streams in
      */
     statementForCreateLogStream(scope, logGroup) {
         return new PolicyStatement({
@@ -299,7 +299,7 @@ export class IamManager {
     /**
      * @summary Method to create iam statement to write log events
      * @param scope scope in which this resource is defined
-     * @param logGroup
+     * @param logGroup the CloudWatch log group to allow writing log events to
      */
     statementForPutLogEvent(scope, logGroup) {
         return new PolicyStatement({
@@ -390,12 +390,12 @@ export class IamManager {
         });
     }
     /**
-     * @summary Method to create iam policy for sqs
+     * @summary Method to create iam policy for SQS event processing
      * @param id scoped id of the resource
      * @param scope scope in which this resource is defined
-     * @param sqsQueue
-     * @param eventBridgeRule
-     * @param servicePrincipals
+     * @param sqsQueue the SQS queue to grant access to
+     * @param eventBridgeRule the EventBridge rule that sends events to the queue
+     * @param servicePrincipals optional list of service principals, defaults to events.amazonaws.com
      */
     createPolicyForSqsEvent(id, scope, sqsQueue, eventBridgeRule, servicePrincipals) {
         return new PolicyDocument({
@@ -429,10 +429,10 @@ export class IamManager {
         });
     }
     /**
-     * @summary Method to create iam statement for cloud trail
+     * @summary Method to create iam role for CloudTrail
      * @param id scoped id of the resource
      * @param scope scope in which this resource is defined
-     * @param logGroup
+     * @param logGroup the CloudWatch log group for CloudTrail to deliver logs to
      */
     createRoleForCloudTrail(id, scope, logGroup) {
         const policy = new PolicyDocument({
@@ -455,11 +455,11 @@ export class IamManager {
         return role;
     }
     /**
-     * @summary Method to create iam statement for ecs event
+     * @summary Method to create iam role for ECS event-driven task execution
      * @param id scoped id of the resource
      * @param scope scope in which this resource is defined
-     * @param cluster
-     * @param task
+     * @param cluster the ECS cluster the task runs in
+     * @param task the ECS task definition to allow running
      */
     createRoleForEcsEvent(id, scope, cluster, task) {
         const policy = new PolicyDocument({
@@ -476,10 +476,10 @@ export class IamManager {
         return role;
     }
     /**
-     * @summary Method to create iam statement for ecs execution
+     * @summary Method to create iam role for ECS task execution
      * @param id scoped id of the resource
      * @param scope scope in which this resource is defined
-     * @param policy
+     * @param policy the inline policy document to attach to the role
      */
     createRoleForEcsExecution(id, scope, policy) {
         const role = new Role(scope, `${id}`, {
@@ -496,11 +496,11 @@ export class IamManager {
         return role;
     }
     /**
-     * @summary Method to create iam statement for lambda execution
+     * @summary Method to create iam role for Lambda function execution
      * @param id scoped id of the resource
      * @param scope scope in which this resource is defined
-     * @param policy
-     * @param servicePrincipal
+     * @param policy the inline policy document to attach to the role
+     * @param servicePrincipal optional service principal, defaults to lambda.amazonaws.com
      */
     createRoleForLambda(id, scope, policy, servicePrincipal) {
         const role = new Role(scope, `${id}`, {
@@ -517,11 +517,11 @@ export class IamManager {
         return role;
     }
     /**
-     * @summary Method to create iam statement for appconfig secrets manager integration
+     * @summary Method to create iam role for AppConfig Secrets Manager integration
      * @param id scoped id of the resource
      * @param scope scope in which this resource is defined
-     * @param policy
-     * @param servicePrincipal
+     * @param policy the inline policy document to attach to the role
+     * @param servicePrincipal optional service principal, defaults to appconfig.amazonaws.com
      */
     createRoleForAppConfigSecrets(id, scope, policy, servicePrincipal) {
         const role = new Role(scope, `${id}`, {
@@ -535,11 +535,11 @@ export class IamManager {
         return role;
     }
     /**
-     * @summary Method to create iam statement for step function execution
+     * @summary Method to create iam role for Step Function execution
      * @param id scoped id of the resource
      * @param scope scope in which this resource is defined
-     * @param policy
-     * @param servicePrincipal
+     * @param policy the inline policy document to attach to the role
+     * @param servicePrincipal optional service principal, defaults to states.amazonaws.com
      */
     createRoleForStepFunction(id, scope, policy, servicePrincipal) {
         const role = new Role(scope, `${id}`, {
@@ -556,11 +556,11 @@ export class IamManager {
         return role;
     }
     /**
-     * @summary Method to create iam statement for sqs to step function pipe
+     * @summary Method to create iam role for SQS to Step Function pipe
      * @param id scoped id of the resource
      * @param scope scope in which this resource is defined
-     * @param queueArn the arn of the sqs queue
-     * @param stepFunctionArn the arn of the step function
+     * @param queueArn the ARN of the SQS queue (source)
+     * @param stepFunctionArn the ARN of the Step Function (target)
      */
     createRoleForSqsToSfnPipe(id, scope, queueArn, stepFunctionArn) {
         const role = new Role(scope, `${id}`, {
@@ -575,11 +575,11 @@ export class IamManager {
         return role;
     }
     /**
-     * @summary Method to create iam statement for sqs to lambda pipe
+     * @summary Method to create iam role for SQS to Lambda pipe
      * @param id scoped id of the resource
      * @param scope scope in which this resource is defined
-     * @param queueArn the arn of the sqs queue
-     * @param lambdaArn the arn of the lambda function
+     * @param queueArn the ARN of the SQS queue (source)
+     * @param lambdaArn the ARN of the Lambda function (target)
      */
     createRoleForSqsToLambdaPipe(id, scope, queueArn, lambdaArn) {
         const role = new Role(scope, `${id}`, {
@@ -594,11 +594,11 @@ export class IamManager {
         return role;
     }
     /**
-     * @summary Method to create iam statement for dynamoDb to lambda function pipe
+     * @summary Method to create iam role for DynamoDB stream to Lambda function pipe
      * @param id scoped id of the resource
      * @param scope scope in which this resource is defined
-     * @param dynamoDbStreamArn the arn of the dynamoDb Stream queue
-     * @param lambdaFunctionArn the arn of the lambda function
+     * @param dynamoDbStreamArn the ARN of the DynamoDB stream (source)
+     * @param lambdaFunctionArn the ARN of the Lambda function (target)
      */
     createRoleForDynamoDbToLambdaPipe(id, scope, dynamoDbStreamArn, lambdaFunctionArn) {
         const role = new Role(scope, `${id}`, {

package/dist/src/services/key-management-service/types.d.ts

@@ -1,5 +1,7 @@
 import { KeyProps } from 'aws-cdk-lib/aws-kms';
 /**
+ * Properties for creating a KMS encryption key.
+ * @see {@link KeyProps}
  */
 /** @category Interface */
 export interface KmsKeyProps extends KeyProps {

package/dist/src/services/lambda/main.d.ts

@@ -27,8 +27,8 @@ export declare class LambdaManager {
      * @summary Method to create a lambda layer (nodejs)
      * @param id scoped id of the resource
      * @param scope scope in which this resource is defined
-     * @param code
-     * @param architectures
+     * @param code the asset code for the layer
+     * @param architectures optional list of compatible architectures, defaults to ARM_64
      */
     createLambdaLayer(id: string, scope: CommonConstruct, code: AssetCode, architectures?: Architecture[]): LayerVersion;
     /**
@@ -41,17 +41,17 @@ export declare class LambdaManager {
      * @summary Method to create a lambda function (nodejs)
      * @param id scoped id of the resource
      * @param scope scope in which this resource is defined
-     * @param props
-     * @param role
-     * @param layers
-     * @param code
-     * @param handler
-     * @param environment
-     * @param vpc
-     * @param securityGroups
-     * @param accessPoint
-     * @param mountPath
-     * @param vpcSubnets
+     * @param props the Lambda function properties
+     * @param role the IAM role for the function execution
+     * @param layers the list of Lambda layers to attach
+     * @param code the asset code for the function
+     * @param handler optional handler entry point, defaults to 'index.lambda_handler'
+     * @param environment optional environment variables to inject
+     * @param vpc optional VPC to place the function in
+     * @param securityGroups optional security groups when running in a VPC
+     * @param accessPoint optional EFS access point for file system mounting
+     * @param mountPath optional mount path for the EFS file system, defaults to '/mnt/msg'
+     * @param vpcSubnets optional subnet selection when running in a VPC
      */
     createLambdaFunction(id: string, scope: CommonConstruct, props: LambdaProps, role: Role | CfnRole, layers: ILayerVersion[], code: AssetCode, handler?: string, environment?: any, vpc?: IVpc, securityGroups?: ISecurityGroup[], accessPoint?: IAccessPoint, mountPath?: string, vpcSubnets?: SubnetSelection): Function;
     /**
@@ -73,23 +73,23 @@ export declare class LambdaManager {
      * @summary Method to create a lambda function (nodejs) with docker image
      * @param id scoped id of the resource
      * @param scope scope in which this resource is defined
-     * @param props
-     * @param role
-     * @param code
-     * @param environment
-     * @param vpc
-     * @param securityGroups
-     * @param accessPoint
-     * @param mountPath
-     * @param vpcSubnets
+     * @param props the Lambda function properties
+     * @param role the IAM role for the function execution
+     * @param code the Docker image code for the function
+     * @param environment optional environment variables to inject
+     * @param vpc optional VPC to place the function in
+     * @param securityGroups optional security groups when running in a VPC
+     * @param accessPoint optional EFS access point for file system mounting
+     * @param mountPath optional mount path for the EFS file system, defaults to '/mnt/msg'
+     * @param vpcSubnets optional subnet selection when running in a VPC
      */
     createLambdaDockerFunction(id: string, scope: CommonConstruct, props: LambdaProps, role: Role | CfnRole, code: DockerImageCode, environment?: any, vpc?: IVpc, securityGroups?: ISecurityGroup[], accessPoint?: IAccessPoint, mountPath?: string, vpcSubnets?: SubnetSelection): DockerImageFunction;
     /**
-     * @summary Method to create a lambda function Alias
+     * @summary Method to create a lambda function alias
      * @param id scoped id of the resource
      * @param scope scope in which this resource is defined
-     * @param props
-     * @param lambdaVersion
+     * @param props the Lambda alias properties
+     * @param lambdaVersion the Lambda function version to point the alias to
      */
     createLambdaFunctionAlias(id: string, scope: CommonConstruct, props: LambdaAliasProps, lambdaVersion: IVersion): Alias;
 }

package/dist/src/services/lambda/main.js

@@ -28,8 +28,8 @@ export class LambdaManager {
      * @summary Method to create a lambda layer (nodejs)
      * @param id scoped id of the resource
      * @param scope scope in which this resource is defined
-     * @param code
-     * @param architectures
+     * @param code the asset code for the layer
+     * @param architectures optional list of compatible architectures, defaults to ARM_64
      */
     createLambdaLayer(id, scope, code, architectures) {
         const lambdaLayer = new LayerVersion(scope, `${id}`, {
@@ -57,17 +57,17 @@ export class LambdaManager {
      * @summary Method to create a lambda function (nodejs)
      * @param id scoped id of the resource
      * @param scope scope in which this resource is defined
-     * @param props
-     * @param role
-     * @param layers
-     * @param code
-     * @param handler
-     * @param environment
-     * @param vpc
-     * @param securityGroups
-     * @param accessPoint
-     * @param mountPath
-     * @param vpcSubnets
+     * @param props the Lambda function properties
+     * @param role the IAM role for the function execution
+     * @param layers the list of Lambda layers to attach
+     * @param code the asset code for the function
+     * @param handler optional handler entry point, defaults to 'index.lambda_handler'
+     * @param environment optional environment variables to inject
+     * @param vpc optional VPC to place the function in
+     * @param securityGroups optional security groups when running in a VPC
+     * @param accessPoint optional EFS access point for file system mounting
+     * @param mountPath optional mount path for the EFS file system, defaults to '/mnt/msg'
+     * @param vpcSubnets optional subnet selection when running in a VPC
      */
     createLambdaFunction(id, scope, props, role, layers, code, handler, environment, vpc, securityGroups, accessPoint, mountPath, vpcSubnets) {
         if (!props)
@@ -167,15 +167,15 @@ export class LambdaManager {
      * @summary Method to create a lambda function (nodejs) with docker image
      * @param id scoped id of the resource
      * @param scope scope in which this resource is defined
-     * @param props
-     * @param role
-     * @param code
-     * @param environment
-     * @param vpc
-     * @param securityGroups
-     * @param accessPoint
-     * @param mountPath
-     * @param vpcSubnets
+     * @param props the Lambda function properties
+     * @param role the IAM role for the function execution
+     * @param code the Docker image code for the function
+     * @param environment optional environment variables to inject
+     * @param vpc optional VPC to place the function in
+     * @param securityGroups optional security groups when running in a VPC
+     * @param accessPoint optional EFS access point for file system mounting
+     * @param mountPath optional mount path for the EFS file system, defaults to '/mnt/msg'
+     * @param vpcSubnets optional subnet selection when running in a VPC
      */
     createLambdaDockerFunction(id, scope, props, role, code, environment, vpc, securityGroups, accessPoint, mountPath, vpcSubnets) {
         if (!props)
@@ -183,6 +183,7 @@ export class LambdaManager {
         if (!props.functionName)
             throw new Error(`Lambda functionName undefined for ${id}`);
         const functionName = scope.resourceNameFormatter.format(props.functionName, scope.props.resourceNameOptions?.lambdaFunction);
+        /* Optionally provision a dead letter queue with a redrive queue for failed invocations */
         let deadLetterQueue;
         if (props.deadLetterQueueEnabled) {
             const redriveQueue = scope.sqsManager.createRedriveQueueForLambda(`${id}-rdq`, scope, props);
@@ -225,11 +226,11 @@ export class LambdaManager {
         return lambdaFunction;
     }
     /**
-     * @summary Method to create a lambda function Alias
+     * @summary Method to create a lambda function alias
      * @param id scoped id of the resource
      * @param scope scope in which this resource is defined
-     * @param props
-     * @param lambdaVersion
+     * @param props the Lambda alias properties
+     * @param lambdaVersion the Lambda function version to point the alias to
      */
     createLambdaFunctionAlias(id, scope, props, lambdaVersion) {
         if (!props)