docs: add comments

aripalo · Oct 31, 2021 · 0cc2870 · 0cc2870
1 parent 24da2f0
commit 0cc2870
Showing 1 changed file with 30 additions and 2 deletions.
diff --git a/src/provider.ts b/src/provider.ts
@@ -1,21 +1,49 @@
 import * as iam from '@aws-cdk/aws-iam';
 import * as cdk from '@aws-cdk/core';
 
+/**
+ * Describes a Github OpenID Connect Identity Provider for AWS IAM.
+ */
 export interface IGithubActionsIdentityProvider extends iam.IOpenIdConnectProvider {}
 
-
+/**
+ * Github Actions as OpenID Connect Identity Provider for AWS IAM. 
+ * Can be defined only once per AWS Account.
+ * 
+ * Use `fromAccount` to retrieve a reference to existing Github OIDC provider.
+ * 
+ * @see https://docs.github.com/en/actions/deployment/security-hardening-your-deployments/configuring-openid-connect-in-amazon-web-services
+ */
 export class GithubActionsIdentityProvider extends iam.OpenIdConnectProvider implements IGithubActionsIdentityProvider {
 
   public static readonly issuer: string = 'token.actions.githubusercontent.com';
   public static readonly thumbprint: string = 'a031c46782e6e6c662c2c87c76da9aa62ccabd8e';
 
-  public static fromLookup(scope: cdk.Construct, id: string): IGithubActionsIdentityProvider {
+  /**
+   * Retrieve a reference to existing Github OIDC provider in your AWS account.
+   * An AWS account can only have single Github OIDC provider configured into it, 
+   * so internally the reference is made by constructing the ARN from AWS 
+   * Account ID & Github issuer URL.
+   * @param scope CDK Stack or Construct to which the provider is assigned to
+   * @param id CDK Construct ID given to the construct
+   * @returns a CDK Construct representing the Github OIDC provider
+   */
+  public static fromAccount(scope: cdk.Construct, id: string): IGithubActionsIdentityProvider {
     const accountId = cdk.Stack.of(scope).account;
     const providerArn = `arn:aws:iam::${accountId}:oidc-provider/${GithubActionsIdentityProvider.issuer}`;
     const provider = iam.OpenIdConnectProvider.fromOpenIdConnectProviderArn(scope, id, providerArn);
     return provider;
   }
 
+  /**
+   * Define a new Github OpenID Connect Identity PRovider for AWS IAM.
+   * Can be defined only once per AWS Account.
+   * 
+   * Use `fromAccount` to retrieve a reference to existing Github OIDC provider.
+   * 
+   * @param scope CDK Stack or Construct to which the provider is assigned to
+   * @param id CDK Construct ID given to the construct
+   */
   constructor(scope: cdk.Construct, id: string) {
     super(scope, id, {
       url: `https://${GithubActionsIdentityProvider.issuer}`,