diff --git a/.gitignore b/.gitignore
index 23c4f66559b1e..f7e84da12cec4 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1,3 +1,4 @@
+.vscode
 .DS_Store
 node_modules
 lerna-debug.log
diff --git a/packages/aws-cdk/test/cloudformation/test.perms.ts b/packages/aws-cdk/test/cloudformation/test.perms.ts
index 998f1884f0f34..732e5f8646e44 100644
--- a/packages/aws-cdk/test/cloudformation/test.perms.ts
+++ b/packages/aws-cdk/test/cloudformation/test.perms.ts
@@ -1,5 +1,5 @@
 import { Test } from 'nodeunit';
-import { FnConcat, PolicyDocument, PolicyStatement, resolve } from '../../lib';
+import { CanonicalUserPrincipal, FnConcat, PolicyDocument, PolicyStatement, resolve } from '../../lib';
 
 export = {
     'the Permission class is a programming model for iam'(test: Test) {
@@ -91,6 +91,19 @@ export = {
         test.done();
     },
 
+    'canonicalUserPrincipal adds a principal to a policy with the passed canonical user id'(test: Test) {
+        const p = new PolicyStatement();
+        const canoncialUser = "averysuperduperlongstringfor";
+        p.addPrincipal(new CanonicalUserPrincipal(canoncialUser));
+        test.deepEqual(resolve(p), {
+            Effect: "Allow",
+            Principal: {
+              CanonicalUser: canoncialUser
+            }
+        });
+        test.done();
+    },
+
     'addAccountRootPrincipal adds a principal with the current account root'(test: Test) {
         const p = new PolicyStatement();
         p.addAccountRootPrincipal();