PCB
Reputation: 767
cdk diff does not diff from console changes
- I have a stack which creates IAM policies Its deployed successfully I then change a policy by removing few statements Then invoke cdk diff, which does not detect the drift
Is this expected?
Upvotes: 7
Views: 5637
Answers (1)
Wingjam
Reputation: 802
Indeed, cdk diff will only compare the specified stack with the local template file (created by the previous cdk deploy).
Thus, if you made some changes in the AWS Console, the AWS CDK will not detect the drift.
Since version 1.17.0, you can now do the following to detect and show drifted changes:
cdk deploy --no-execute
From the PR description:
You will be able to see the ChangeSet in AWS CloudFormation Console, validate the resources and discard or execute the ChangeSet.
Upvotes: 6
Related Questions
- 'cdk' is not recognized as an internal or external command
- AWS CDK Bootstrap itself broken
- Getting started with aws cdk - "empty" output of `cdk synth` command
- CDK not updating
- Using CDK diff to diff resources wrapped in a pipeline
- Does cdk diff comment actually read from AWS to compare with file generated in cdk.out?
- Aws-Cdk automatically input values
- cdk watch command never returns
- Simple CDK Testing Failing
- CDK adds random parameters