I'm creating an app in AWS CDK that has a KMS IKey with an IAM policy with PolicyStatements attached. My code doesn't attach them to the PolicyDocument, however when it comes back to me, it has two PolicyStatements that are effectively the same with one distinction, the principal.
In one, the principal is defined, and the other is {}. AWS's method hasPrincipal returns true for either, but when I go to cdk deploy it won't accept the empty object one. I tried removing the principal entirely from the PolicyStatement, but it didn't like that either.
I would like to delete the offending PolicyStatement since all other parameters are the same between the two. But I need to get into the iKey's list of policy statements in the PolicyDocument.
When I write my code to get into the IKey defined as:
var secretsKmsKey: IKey = generateEnvKMSKey(scope)
with the following:
secretsKmsKey.policy['statements']
// or
secretsKmsKey['policy']['statements']
In my debugger, it exists and I can do whatever I'd like with the iKey PolicyDocument. However, when I go to transpile I get:
Property 'policy' does not exist on type 'IKey'.
26 removeKmsEmptyPrincipalPolicy(secretsKmsKey['policy']['statements'])
debugger showing policy property exists on IKey object
How do I get into the IKey.policy to work with it? Documentation and transpiler says it's not there, debugger says it is.
aws: aws-cli/2.12.0 Python/3.11.4 Darwin/22.5.0 source/x86_64 prompt/off
cdk: 2.83.1 (build 006b542)
constructs: 10.1.31
typeScript: Version 4.3.2
node: v16.18.1
npm: 8.19.4
Tried accessing two different ways with the following:
secretsKmsKey.policy['statements']
// or
secretsKmsKey['policy']['statements']
Both worked in the debugger, not in the transpile.
Also tried deleting the principal from the PolicyStatement.
