如何使用 CDK 将帐户作为主体添加到 Elasticsearch 访问策略?

How to add account as principal to Elasticsearch access policy using CDK?

我正在尝试这个:

import * as elasticsearch from '@aws-cdk/aws-elasticsearch';
import * as iam from '@aws-cdk/aws-iam';
const config = { ... };
new elasticsearch.CfnDomain(config.stack, config.id, {
  accessPolicies: {
    "Version": "2012-10-17",
    "Statement": [{
      "Effect": "Allow",
      "Principal": {
        "AWS": (new iam.AccountRootPrincipal).arn
      },
      "Action": "es:*",
    }]
  },
  ...
});

但是现在,在成功部署之后,每次 运行 diff 时,我都会遇到这个问题:

问题不大,但我想要一个理想的解决方案。也许使用其中一个 iam 类 来创建策略?

将 CDK 更新到 1.31.0 后,问题消失了。