@gradientedge/cdk-utils 8.91.0 → 8.93.0

package/dist/src/lib/services/aws/identity-access-management/main.js

@@ -28,9 +28,6 @@ const cdk = __importStar(require("aws-cdk-lib"));
 const iam = __importStar(require("aws-cdk-lib/aws-iam"));
 const utils = __importStar(require("../../../utils"));
 /**
- * @stability stable
- * @category cdk-utils.iam-manager
- * @subcategory Construct
  * @classdesc Provides operations on AWS IAM.
  * - A new instance of this class is injected into {@link CommonConstruct} constructor.
  * - If a custom construct extends {@link CommonConstruct}, an instance is available within the context.
@@ -44,19 +41,18 @@ const utils = __importStar(require("../../../utils"));
  *     this.iamManager.createRoleForEcsEvent('MyEcsRole', this, cluster, task)
  *   }
  * }
- *
  * @see [CDK IAM Module]{@link https://docs.aws.amazon.com/cdk/api/v2/docs/aws-cdk-lib.aws_iam-readme.html}
  */
 class IamManager {
     /**
      * @summary Method to create iam statement to read secrets
-     * @param {CommonConstruct} scope scope in which this resource is defined
-     * @param {string[]} resourceArns list of ARNs to allow access to
+     * @param scope scope in which this resource is defined
+     * @param resourceArns list of ARNs to allow access to
      */
     statementForReadSecrets(scope, resourceArns) {
         return new iam.PolicyStatement({
-            effect: iam.Effect.ALLOW,
             actions: ['secretsmanager:GetSecretValue'],
+            effect: iam.Effect.ALLOW,
             resources: resourceArns ?? [
                 `arn:aws:secretsmanager:${cdk.Stack.of(scope).region}:${cdk.Stack.of(scope).account}:secret:*`,
             ],
@@ -64,55 +60,54 @@ class IamManager {
     }
     /**
      * @summary Method to create iam statement to put events
-     * @param {string[]} resourceArns list of ARNs to allow access to
+     * @param resourceArns list of ARNs to allow access to
      */
     statementForPutEvents(resourceArns) {
         return new iam.PolicyStatement({
-            effect: iam.Effect.ALLOW,
             actions: ['events:PutEvents'],
+            effect: iam.Effect.ALLOW,
             resources: resourceArns ?? ['*'],
         });
     }
     /**
      * @summary Method to create iam statement to start stepfunction execution
-     * @param {string[]} resourceArns list of ARNs to allow access to
+     * @param resourceArns list of ARNs to allow access to
      */
     statementForStartExecution(resourceArns) {
         return new iam.PolicyStatement({
-            effect: iam.Effect.ALLOW,
             actions: ['states:StartExecution'],
+            effect: iam.Effect.ALLOW,
             resources: resourceArns ?? ['*'],
         });
     }
     /**
      * @summary Method to create iam statement to poll queue
-     * @param {string[]} resourceArns list of ARNs to allow access to
+     * @param resourceArns list of ARNs to allow access to
      */
     statementForPollQueue(resourceArns) {
         return new iam.PolicyStatement({
-            effect: iam.Effect.ALLOW,
             actions: ['sqs:ReceiveMessage', 'sqs:DeleteMessage', 'sqs:GetQueueAttributes'],
+            effect: iam.Effect.ALLOW,
             resources: resourceArns ?? ['*'],
         });
     }
     /**
      * @summary Method to create iam statement to invoke lambda function
-     * @param {string[]} resourceArns list of ARNs to allow access to
+     * @param resourceArns list of ARNs to allow access to
      */
     statementForInvokeLambda(resourceArns) {
         return new iam.PolicyStatement({
-            effect: iam.Effect.ALLOW,
             actions: ['lambda:InvokeFunction'],
+            effect: iam.Effect.ALLOW,
             resources: resourceArns ?? ['*'],
         });
     }
     /**
      * @summary Method to create iam statement to read app config
-     * @param {string[]} resourceArns list of ARNs to allow access to
+     * @param resourceArns list of ARNs to allow access to
      */
     statementForReadAnyAppConfig(resourceArns) {
         return new iam.PolicyStatement({
-            effect: iam.Effect.ALLOW,
             actions: [
                 'ssm:GetDocument',
                 'ssm:ListDocuments',
@@ -127,140 +122,141 @@ class IamManager {
                 'appconfig:GetConfiguration',
                 'appconfig:ListDeployments',
             ],
+            effect: iam.Effect.ALLOW,
             resources: resourceArns ?? ['*'],
         });
     }
     /**
      * @summary Method to create iam statement to access app config
-     * @param {string[]} resourceArns list of ARNs to allow access to
+     * @param resourceArns list of ARNs to allow access to
      */
     statementForAppConfigExecution(resourceArns) {
         return new iam.PolicyStatement({
-            effect: iam.Effect.ALLOW,
             actions: ['appconfig:GetLatestConfiguration', 'appconfig:StartConfigurationSession'],
+            effect: iam.Effect.ALLOW,
             resources: resourceArns ?? ['*'],
         });
     }
     /**
      * @summary Method to create iam statement to put xray telemetry
-     * @param {string[]} resourceArns list of ARNs to allow access to
+     * @param resourceArns list of ARNs to allow access to
      */
     statementForPutXrayTelemetry(resourceArns) {
         return new iam.PolicyStatement({
-            effect: iam.Effect.ALLOW,
             actions: ['xray:PutTraceSegments', 'xray:PutTelemetryRecords'],
+            effect: iam.Effect.ALLOW,
             resources: resourceArns ?? ['*'],
         });
     }
     /**
      * @summary Method to create iam statement to decrypt kms
-     * @param {string[]} resourceArns list of ARNs to allow access to
+     * @param resourceArns list of ARNs to allow access to
      */
     statementForDecryptKms(resourceArns) {
         return new iam.PolicyStatement({
-            effect: iam.Effect.ALLOW,
             actions: ['kms:Decrypt'],
+            effect: iam.Effect.ALLOW,
             resources: resourceArns ?? ['*'],
         });
     }
     /**
      * @summary Method to create iam statement to list s3 buckets
-     * @param {CommonConstruct} scope scope in which this resource is defined
-     * @param {s3.IBucket} bucket
+     * @param scope scope in which this resource is defined
+     * @param bucket
      */
     statementForListBucket(scope, bucket) {
         return new iam.PolicyStatement({
-            effect: iam.Effect.ALLOW,
             actions: ['s3:ListBucket'],
+            effect: iam.Effect.ALLOW,
             resources: [bucket.bucketArn],
         });
     }
     /**
      * @summary Method to create iam statement to list all s3 buckets
-     * @param {string[]} resourceArns list of ARNs to allow access to
+     * @param resourceArns list of ARNs to allow access to
      */
     statementForListAllMyBuckets(resourceArns) {
         return new iam.PolicyStatement({
-            effect: iam.Effect.ALLOW,
             actions: ['s3:ListAllMyBuckets'],
+            effect: iam.Effect.ALLOW,
             resources: resourceArns ?? ['*'],
         });
     }
     /**
      * @summary Method to create iam statement to get s3 objects in buckets
-     * @param {CommonConstruct} scope scope in which this resource is defined
-     * @param {s3.IBucket} bucket
-     * @param {string[]} resourceArns list of ARNs to allow access to
+     * @param scope scope in which this resource is defined
+     * @param bucket
+     * @param resourceArns list of ARNs to allow access to
      */
     statementForGetAnyS3Objects(scope, bucket, resourceArns) {
         return new iam.PolicyStatement({
-            effect: iam.Effect.ALLOW,
             actions: ['s3:GetObject', 's3:GetObjectAcl'],
+            effect: iam.Effect.ALLOW,
             resources: resourceArns ?? [bucket.arnForObjects(`*`)],
         });
     }
     /**
      * @summary Method to create iam statement to delete s3 objects in buckets
-     * @param {CommonConstruct} scope scope in which this resource is defined
-     * @param {s3.IBucket} bucket
-     * @param {string[]} resourceArns list of ARNs to allow access to
+     * @param scope scope in which this resource is defined
+     * @param bucket
+     * @param resourceArns list of ARNs to allow access to
      */
     statementForDeleteAnyS3Objects(scope, bucket, resourceArns) {
         return new iam.PolicyStatement({
-            effect: iam.Effect.ALLOW,
             actions: ['s3:DeleteObject'],
+            effect: iam.Effect.ALLOW,
             resources: resourceArns ?? [bucket.arnForObjects(`*`)],
         });
     }
     /**
      * @summary Method to create iam statement to write s3 objects in buckets
-     * @param {CommonConstruct} scope scope in which this resource is defined
-     * @param {s3.IBucket} bucket
-     * @param {string[]} resourceArns list of ARNs to allow access to
+     * @param scope scope in which this resource is defined
+     * @param bucket
+     * @param resourceArns list of ARNs to allow access to
      */
     statementForPutAnyS3Objects(scope, bucket, resourceArns) {
         return new iam.PolicyStatement({
-            effect: iam.Effect.ALLOW,
             actions: ['s3:PutObject', 's3:PutObjectAcl'],
+            effect: iam.Effect.ALLOW,
             resources: resourceArns ?? [bucket.arnForObjects(`*`)],
         });
     }
     /**
      * @summary Method to create iam statement to pass iam role
-     * @param {string[]} resourceArns list of ARNs to allow access to
+     * @param resourceArns list of ARNs to allow access to
      */
     statementForPassRole(resourceArns) {
         return new iam.PolicyStatement({
-            effect: iam.Effect.ALLOW,
             actions: ['iam:PassRole'],
+            effect: iam.Effect.ALLOW,
             resources: resourceArns ?? ['*'],
         });
     }
     /**
      * @summary Method to create iam statement to invalidate cloudfront cache
-     * @param {string[]} resourceArns list of ARNs to allow access to
+     * @param resourceArns list of ARNs to allow access to
      */
     statementForCloudfrontInvalidation(resourceArns) {
         return new iam.PolicyStatement({
-            effect: iam.Effect.ALLOW,
             actions: ['cloudfront:GetInvalidation', 'cloudfront:CreateInvalidation'],
+            effect: iam.Effect.ALLOW,
             resources: resourceArns ?? ['*'],
         });
     }
     /**
      * @summary Method to create iam statement to access efs
-     * @param {string[]} resourceArns list of ARNs to allow access to
+     * @param resourceArns list of ARNs to allow access to
      */
     statementForWriteEfs(resourceArns) {
         return new iam.PolicyStatement({
-            effect: iam.Effect.ALLOW,
             actions: ['elasticfilesystem:*'],
+            effect: iam.Effect.ALLOW,
             resources: resourceArns ?? ['*'],
         });
     }
     /**
      * @summary Method to create iam policy to invalidate cloudfront cache
-     * @param {string[]} resourceArns list of ARNs to allow access to
+     * @param resourceArns list of ARNs to allow access to
      */
     policyForCloudfrontInvalidation(resourceArns) {
         return new iam.PolicyDocument({
@@ -269,13 +265,13 @@ class IamManager {
                 this.statementForPutAnyLogEvent(),
                 this.statementForCloudfrontInvalidation(),
                 new iam.PolicyStatement({
-                    effect: iam.Effect.ALLOW,
                     actions: [
                         'ecr:GetDownloadUrlForLayer',
                         'ecr:BatchGetImage',
                         'ecr:BatchCheckLayerAvailability',
                         'ecr:GetAuthorizationToken',
                     ],
+                    effect: iam.Effect.ALLOW,
                     resources: resourceArns ?? ['*'],
                 }),
             ],
@@ -283,8 +279,8 @@ class IamManager {
     }
     /**
      * @summary Method to create iam role to invalidate cloudfront cache
-     * @param {string} id scoped id of the resource
-     * @param {CommonConstruct} scope scope in which this resource is defined
+     * @param id scoped id of the resource
+     * @param scope scope in which this resource is defined
      */
     roleForCloudfrontInvalidation(id, scope) {
         return new iam.Role(scope, `${id}-install-deps-project-role`, {
@@ -296,51 +292,51 @@ class IamManager {
     }
     /**
      * @summary Method to create iam statement to assume iam role
-     * @param {CommonConstruct} scope scope in which this resource is defined
-     * @param {iam.ServicePrincipal[]} servicePrincipals
+     * @param scope scope in which this resource is defined
+     * @param servicePrincipals
      */
     statementForAssumeRole(scope, servicePrincipals) {
         return new iam.PolicyStatement({
-            effect: iam.Effect.ALLOW,
             actions: ['sts:AssumeRole'],
+            effect: iam.Effect.ALLOW,
             principals: servicePrincipals,
         });
     }
     /**
      * @summary Method to create iam statement to pass ecs role
-     * @param {string[]} resourceArns list of ARNs to allow access to
+     * @param resourceArns list of ARNs to allow access to
      */
     statementForEcsPassRole(resourceArns) {
         return new iam.PolicyStatement({
-            effect: iam.Effect.ALLOW,
             actions: ['iam:PassRole'],
-            resources: resourceArns ?? ['*'],
             conditions: { StringLike: { 'iam:PassedToService': 'ecs-tasks.amazonaws.com' } },
+            effect: iam.Effect.ALLOW,
+            resources: resourceArns ?? ['*'],
         });
     }
     /**
      * @summary Method to create iam statement to run ecs task
-     * @param {CommonConstruct} scope scope in which this resource is defined
-     * @param {ecs.ICluster} cluster
-     * @param {ecs.ITaskDefinition} task
+     * @param scope scope in which this resource is defined
+     * @param cluster
+     * @param task
      */
     statementForRunEcsTask(scope, cluster, task) {
         return new iam.PolicyStatement({
-            effect: iam.Effect.ALLOW,
             actions: ['ecs:RunTask'],
-            resources: [task.taskDefinitionArn],
             conditions: { ArnLike: { 'ecs:cluster': cluster.clusterArn } },
+            effect: iam.Effect.ALLOW,
+            resources: [task.taskDefinitionArn],
         });
     }
     /**
      * @summary Method to create iam statement to create log stream
-     * @param {CommonConstruct} scope scope in which this resource is defined
-     * @param {logs.CfnLogGroup} logGroup
+     * @param scope scope in which this resource is defined
+     * @param logGroup
      */
     statementForCreateLogStream(scope, logGroup) {
         return new iam.PolicyStatement({
-            effect: iam.Effect.ALLOW,
             actions: ['logs:CreateLogStream'],
+            effect: iam.Effect.ALLOW,
             resources: [
                 `arn:aws:logs:${cdk.Stack.of(scope).region}:${cdk.Stack.of(scope).account}:log-group:${logGroup.logGroupName}:log-stream:${cdk.Stack.of(scope).account}_CloudTrail_eu-west-1*`,
             ],
@@ -349,24 +345,24 @@ class IamManager {
     }
     /**
      * @summary Method to create iam statement to create any log stream
-     * @param {string[]} resourceArns list of ARNs to allow access to
+     * @param resourceArns list of ARNs to allow access to
      */
     statementForCreateAnyLogStream(resourceArns) {
         return new iam.PolicyStatement({
-            effect: iam.Effect.ALLOW,
             actions: ['logs:CreateLogStream'],
+            effect: iam.Effect.ALLOW,
             resources: resourceArns ?? ['*'],
         });
     }
     /**
      * @summary Method to create iam statement to write log events
-     * @param {CommonConstruct} scope scope in which this resource is defined
-     * @param {logs.CfnLogGroup} logGroup
+     * @param scope scope in which this resource is defined
+     * @param logGroup
      */
     statementForPutLogEvent(scope, logGroup) {
         return new iam.PolicyStatement({
-            effect: iam.Effect.ALLOW,
             actions: ['logs:PutLogEvents'],
+            effect: iam.Effect.ALLOW,
             resources: [
                 `arn:aws:logs:${cdk.Stack.of(scope).region}:${cdk.Stack.of(scope).account}:log-group:${logGroup.logGroupName}:log-stream:${cdk.Stack.of(scope).account}_CloudTrail_eu-west-1*`,
             ],
@@ -375,22 +371,21 @@ class IamManager {
     }
     /**
      * @summary Method to create iam statement to write any log events
-     * @param {string[]} resourceArns list of ARNs to allow access to
+     * @param resourceArns list of ARNs to allow access to
      */
     statementForPutAnyLogEvent(resourceArns) {
         return new iam.PolicyStatement({
-            effect: iam.Effect.ALLOW,
             actions: ['logs:PutLogEvents'],
+            effect: iam.Effect.ALLOW,
             resources: resourceArns ?? ['*'],
         });
     }
     /**
      * @summary Method to create iam statement to read items from dynamodb table
-     * @param {string[]} resourceArns list of ARNs to allow access to
+     * @param resourceArns list of ARNs to allow access to
      */
     statementForReadTableItems(resourceArns) {
         return new iam.PolicyStatement({
-            effect: iam.Effect.ALLOW,
             actions: [
                 'dynamodb:PartiQLSelect',
                 'dynamodb:DescribeTable',
@@ -401,25 +396,26 @@ class IamManager {
                 'dynamodb:GetRecords',
                 'dynamodb:BatchGetItem',
             ],
+            effect: iam.Effect.ALLOW,
             resources: resourceArns ?? ['*'],
         });
     }
     /**
      * @summary Method to create iam statement to write items from dynamodb table
-     * @param {string[]} resourceArns list of ARNs to allow access to
+     * @param resourceArns list of ARNs to allow access to
      */
     statementForWriteTableItems(resourceArns) {
         return new iam.PolicyStatement({
-            effect: iam.Effect.ALLOW,
             actions: ['dynamodb:BatchWriteItem', 'dynamodb:DeleteItem', 'dynamodb:PutItem', 'dynamodb:UpdateItem'],
+            effect: iam.Effect.ALLOW,
             resources: resourceArns ?? ['*'],
         });
     }
     /**
      * @summary Method to create iam statement for cloud trail
-     * @param {string} id scoped id of the resource
-     * @param {CommonConstruct} scope scope in which this resource is defined
-     * @param {logs.CfnLogGroup} logGroup
+     * @param id scoped id of the resource
+     * @param scope scope in which this resource is defined
+     * @param logGroup
      */
     createRoleForCloudTrail(id, scope, logGroup) {
         const policy = new iam.PolicyDocument({
@@ -431,8 +427,8 @@ class IamManager {
             }),
             policies: [
                 {
-                    policyName: `${id}-policy-${scope.props.stage}`,
                     policyDocument: policy,
+                    policyName: `${id}-policy-${scope.props.stage}`,
                 },
             ],
             roleName: `${id}-${scope.props.stage}`,
@@ -443,10 +439,10 @@ class IamManager {
     }
     /**
      * @summary Method to create iam statement for ecs event
-     * @param {string} id scoped id of the resource
-     * @param {CommonConstruct} scope scope in which this resource is defined
-     * @param {ecs.ICluster} cluster
-     * @param {ecs.ITaskDefinition} task
+     * @param id scoped id of the resource
+     * @param scope scope in which this resource is defined
+     * @param cluster
+     * @param task
      */
     createRoleForEcsEvent(id, scope, cluster, task) {
         const policy = new iam.PolicyDocument({
@@ -464,9 +460,9 @@ class IamManager {
     }
     /**
      * @summary Method to create iam statement for ecs execution
-     * @param {string} id scoped id of the resource
-     * @param {CommonConstruct} scope scope in which this resource is defined
-     * @param {iam.PolicyDocument} policy
+     * @param id scoped id of the resource
+     * @param scope scope in which this resource is defined
+     * @param policy
      */
     createRoleForEcsExecution(id, scope, policy) {
         const role = new iam.Role(scope, `${id}`, {
@@ -484,10 +480,10 @@ class IamManager {
     }
     /**
      * @summary Method to create iam statement for lambda execution
-     * @param {string} id scoped id of the resource
-     * @param {CommonConstruct} scope scope in which this resource is defined
-     * @param {iam.PolicyDocument} policy
-     * @param {iam.ServicePrincipal} servicePrinicpal
+     * @param id scoped id of the resource
+     * @param scope scope in which this resource is defined
+     * @param policy
+     * @param servicePrinicpal
      */
     createRoleForLambda(id, scope, policy, servicePrinicpal) {
         const role = new iam.Role(scope, `${id}`, {
@@ -505,10 +501,10 @@ class IamManager {
     }
     /**
      * @summary Method to create iam statement for step function execution
-     * @param {string} id scoped id of the resource
-     * @param {CommonConstruct} scope scope in which this resource is defined
-     * @param {iam.PolicyDocument} policy
-     * @param {iam.ServicePrincipal} servicePrinicpal
+     * @param id scoped id of the resource
+     * @param scope scope in which this resource is defined
+     * @param policy
+     * @param servicePrinicpal
      */
     createRoleForStepFunction(id, scope, policy, servicePrinicpal) {
         const role = new iam.Role(scope, `${id}`, {
@@ -526,10 +522,10 @@ class IamManager {
     }
     /**
      * @summary Method to create iam statement for sqs to step function pipe
-     * @param {string} id scoped id of the resource
-     * @param {CommonConstruct} scope scope in which this resource is defined
-     * @param {string} queueArn the arn of the sqs queue
-     * @param {string} stepFunctionArn the arn of the step function
+     * @param id scoped id of the resource
+     * @param scope scope in which this resource is defined
+     * @param queueArn the arn of the sqs queue
+     * @param stepFunctionArn the arn of the step function
      */
     createRoleForSqsToSfnPipe(id, scope, queueArn, stepFunctionArn) {
         const role = new iam.Role(scope, `${id}`, {
@@ -545,8 +541,8 @@ class IamManager {
     }
     /**
      * @summary Method to create iam policy for sqs
-     * @param {string} id scoped id of the resource
-     * @param {CommonConstruct} scope scope in which this resource is defined
+     * @param id scoped id of the resource
+     * @param scope scope in which this resource is defined
      * @param sqsQueue
      * @param eventBridgeRule
      * @param servicePrincipals
@@ -556,12 +552,12 @@ class IamManager {
             statements: [
                 new iam.PolicyStatement({
                     actions: ['sqs:*'],
-                    effect: iam.Effect.ALLOW,
                     conditions: {
                         ArnEquals: {
                             'aws:SourceArn': eventBridgeRule,
                         },
                     },
+                    effect: iam.Effect.ALLOW,
                     principals: servicePrincipals ?? [new iam.ServicePrincipal('events.amazonaws.com')],
                     resources: [sqsQueue.queueArn],
                 }),

package/dist/src/lib/services/aws/key-management-service/main.d.ts

@@ -2,9 +2,6 @@ import * as kms from 'aws-cdk-lib/aws-kms';
 import { CommonConstruct } from '../../../common';
 import { KmsKeyProps } from './types';
 /**
- * @stability stable
- * @category cdk-utils.kms-manager
- * @subcategory Construct
  * @classdesc Provides operations on AWS KMS.
  * - A new instance of this class is injected into {@link CommonConstruct} constructor.
  * - If a custom construct extends {@link CommonConstruct}, an instance is available within the context.
@@ -18,15 +15,14 @@ import { KmsKeyProps } from './types';
  *     this.kms.createKey('MyKey', this)
  *   }
  * }
- *
  * @see [CDK KMS Module]{@link https://docs.aws.amazon.com/cdk/api/v2/docs/aws-cdk-lib.aws_kms-readme.html}
  */
 export declare class KmsManager {
     /**
      * @summary Method to create a KMS key
-     * @param {string} id scoped id of the resource
-     * @param {CommonConstruct} scope scope in which this resource is defined
-     * @param {KmsKeyProps} props KMS key props
+     * @param id scoped id of the resource
+     * @param scope scope in which this resource is defined
+     * @param props KMS key props
      */
     createKey(id: string, scope: CommonConstruct, props: KmsKeyProps): kms.Key;
 }

package/dist/src/lib/services/aws/key-management-service/main.js

@@ -27,9 +27,6 @@ exports.KmsManager = void 0;
 const kms = __importStar(require("aws-cdk-lib/aws-kms"));
 const utils = __importStar(require("../../../utils"));
 /**
- * @stability stable
- * @category cdk-utils.kms-manager
- * @subcategory Construct
  * @classdesc Provides operations on AWS KMS.
  * - A new instance of this class is injected into {@link CommonConstruct} constructor.
  * - If a custom construct extends {@link CommonConstruct}, an instance is available within the context.
@@ -43,30 +40,29 @@ const utils = __importStar(require("../../../utils"));
  *     this.kms.createKey('MyKey', this)
  *   }
  * }
- *
  * @see [CDK KMS Module]{@link https://docs.aws.amazon.com/cdk/api/v2/docs/aws-cdk-lib.aws_kms-readme.html}
  */
 class KmsManager {
     /**
      * @summary Method to create a KMS key
-     * @param {string} id scoped id of the resource
-     * @param {CommonConstruct} scope scope in which this resource is defined
-     * @param {KmsKeyProps} props KMS key props
+     * @param id scoped id of the resource
+     * @param scope scope in which this resource is defined
+     * @param props KMS key props
      */
     createKey(id, scope, props) {
         if (!props)
             throw `KMS Key props undefined for ${id}`;
         const key = new kms.Key(scope, `${id}`, {
-            description: props.description,
+            admins: props.admins,
             alias: `${props.alias}-${scope.props.stage}`,
+            description: props.description,
             enableKeyRotation: props.enableKeyRotation,
             enabled: props.enabled,
             keySpec: props.keySpec,
             keyUsage: props.keyUsage,
+            pendingWindow: props.pendingWindow,
             policy: props.policy,
-            admins: props.admins,
             removalPolicy: props.removalPolicy,
-            pendingWindow: props.pendingWindow,
         });
         utils.createCfnOutput(`${id}-keyId`, scope, key.keyId);
         utils.createCfnOutput(`${id}-keyArn`, scope, key.keyArn);

package/dist/src/lib/services/aws/key-management-service/types.d.ts

@@ -1,7 +1,5 @@
 import { KeyProps } from 'aws-cdk-lib/aws-kms';
 /**
- * @category cdk-utils.kms-manager
- * @subcategory Properties
  */
 export interface KmsKeyProps extends KeyProps {
 }