update following comments

Author: anthony-nhs

packages/cdkConstructs/src/constructs/PythonLambdaFunction.ts

@@ -4,7 +4,8 @@ import {
   ManagedPolicy,
   PolicyStatement,
   Role,
-  IManagedPolicy
+  IManagedPolicy,
+  IRole
 } from "aws-cdk-lib/aws-iam"
 import {
   Architecture,
@@ -18,7 +19,7 @@ import {
 import {join} from "node:path"
 import {createSharedLambdaResources} from "./lambdaSharedResources"
 import {addSuppressions} from "../utils/helpers"
-import {Key} from "aws-cdk-lib/aws-kms"
+import {IKey} from "aws-cdk-lib/aws-kms"
 import {CfnDeliveryStream} from "aws-cdk-lib/aws-kinesisfirehose"
 
 export interface PythonLambdaFunctionProps {
@@ -96,27 +97,27 @@ export interface PythonLambdaFunctionProps {
    * Optional KMS key for encrypting CloudWatch Logs.
    * If not provided, the value is imported from account resources export.
    */
-  readonly cloudWatchLogsKmsKey?: Key
+  readonly cloudWatchLogsKmsKey?: IKey
   /**
    * Optional IAM policy for allowing CloudWatch to use the KMS key for encrypting logs.
    * If not provided, the value is imported from account resources export.
    */
-  readonly cloudwatchEncryptionKMSPolicy?: ManagedPolicy
+  readonly cloudwatchEncryptionKMSPolicy?: IManagedPolicy
   /**
-   * Optional Kinesis stream for forwarding logs to Splunk.
+   * Optional firehose delivery stream for forwarding logs to Splunk.
    * If not provided, the value is imported from account resources export.
    */
   readonly splunkDeliveryStream?: CfnDeliveryStream
   /**
    * Optional IAM role for the subscription filter that forwards logs to Splunk.
    * If not provided, the value is imported from account resources export.
    */
-  readonly splunkSubscriptionFilterRole?: Role
+  readonly splunkSubscriptionFilterRole?: IRole
   /**
    * Optional IAM policy for allowing lambdas to use Lambda Insights log groups and streams.
    * If not provided, the value is imported from account resources export.
    */
-  readonly lambdaInsightsLogGroupPolicy?: ManagedPolicy
+  readonly lambdaInsightsLogGroupPolicy?: IManagedPolicy
   /**
    * Whether to create a subscription filter on the Lambda log group to forward logs to Splunk. Defaults to true.
    */

packages/cdkConstructs/src/constructs/TypescriptLambdaFunction.ts

@@ -1,6 +1,7 @@
 import {Duration} from "aws-cdk-lib"
 import {
   IManagedPolicy,
+  IRole,
   ManagedPolicy,
   PolicyStatement,
   Role
@@ -16,7 +17,7 @@ import {Construct} from "constructs"
 import {join} from "node:path"
 import {createSharedLambdaResources} from "./lambdaSharedResources"
 import {addSuppressions} from "../utils/helpers"
-import {Key} from "aws-cdk-lib/aws-kms"
+import {IKey} from "aws-cdk-lib/aws-kms"
 import {CfnDeliveryStream} from "aws-cdk-lib/aws-kinesisfirehose"
 
 export interface TypescriptLambdaFunctionProps {
@@ -90,27 +91,27 @@ export interface TypescriptLambdaFunctionProps {
    * Optional KMS key for encrypting CloudWatch Logs.
    * If not provided, the value is imported from account resources export.
    */
-  readonly cloudWatchLogsKmsKey?: Key
+  readonly cloudWatchLogsKmsKey?: IKey
   /**
    * Optional IAM policy for allowing CloudWatch to use the KMS key for encrypting logs.
    * If not provided, the value is imported from account resources export.
    */
-  readonly cloudwatchEncryptionKMSPolicy?: ManagedPolicy
+  readonly cloudwatchEncryptionKMSPolicy?: IManagedPolicy
   /**
-   * Optional Kinesis stream for forwarding logs to Splunk.
+   * Optional firehose delivery stream for forwarding logs to Splunk.
    * If not provided, the value is imported from account resources export.
    */
   readonly splunkDeliveryStream?: CfnDeliveryStream
   /**
    * Optional IAM role for the subscription filter that forwards logs to Splunk.
    * If not provided, the value is imported from account resources export.
    */
-  readonly splunkSubscriptionFilterRole?: Role
+  readonly splunkSubscriptionFilterRole?: IRole
   /**
    * Optional IAM policy for allowing lambdas to use Lambda Insights log groups and streams.
    * If not provided, the value is imported from account resources export.
    */
-  readonly lambdaInsightsLogGroupPolicy?: ManagedPolicy
+  readonly lambdaInsightsLogGroupPolicy?: IManagedPolicy
   /**
    * Whether to create a subscription filter on the Lambda log group to forward logs to Splunk. Defaults to true.
    */

packages/cdkConstructs/src/constructs/lambdaSharedResources.ts

@@ -1,10 +1,11 @@
 import {Construct} from "constructs"
 import {Fn, RemovalPolicy} from "aws-cdk-lib"
 import {Architecture, ILayerVersion, LayerVersion} from "aws-cdk-lib/aws-lambda"
-import {Key} from "aws-cdk-lib/aws-kms"
+import {IKey, Key} from "aws-cdk-lib/aws-kms"
 import {CfnLogGroup, CfnSubscriptionFilter, LogGroup} from "aws-cdk-lib/aws-logs"
 import {
   IManagedPolicy,
+  IRole,
   ManagedPolicy,
   PolicyStatement,
   Role,
@@ -21,11 +22,11 @@ export interface SharedLambdaResourceProps {
   readonly logRetentionInDays: number
   readonly additionalPolicies: Array<IManagedPolicy>
   readonly architecture: Architecture
-  readonly cloudWatchLogsKmsKey?: Key
-  readonly cloudwatchEncryptionKMSPolicy?: ManagedPolicy
+  readonly cloudWatchLogsKmsKey?: IKey
+  readonly cloudwatchEncryptionKMSPolicy?: IManagedPolicy
   readonly splunkDeliveryStream?: CfnDeliveryStream
-  readonly splunkSubscriptionFilterRole?: Role
-  readonly lambdaInsightsLogGroupPolicy?: ManagedPolicy
+  readonly splunkSubscriptionFilterRole?: IRole
+  readonly lambdaInsightsLogGroupPolicy?: IManagedPolicy
   readonly addSplunkSubscriptionFilter?: boolean
 }