Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

add a safety check to prevent clobbering non-CDK stacks

See original GitHub issue

$ cdk --version 0.34.0 (build 523807c)

By default, the cdk CLI should refuse any command that would mutate a non-cdk stack. For example, {diff, synth} should be accepted but {deploy, destroy} should be refused. A command line switch and/or declaration in cdk.json could be implemented to override this check globally and perhaps also per-stack.

A stack could be identified as “CDK managed” by the presence of a resource of type AWS::CDK::Metadata.

Issue Analytics

State:
Created 4 years ago
Comments:6 (1 by maintainers)

Top GitHub Comments

1reaction

dhx-mike-palandracommented, Dec 11, 2020

That’s a good observation, and generally your suggestions about IAM reflect best practice BUT they require a bit of advance planning.

My intent here is to suggest a safe guard for avoiding a potentially disruptive outcome: modifying a stack that was never managed by CDK before. Such an operation might be intentional but I believe it’s more likely to happen accidentally. As explained earlier, I believe such a change would be relatively simple to implement.

0reactions

github-actions[bot]commented, Jun 3, 2022

This issue has not received any attention in 1 year. If you want to keep this issue open, please leave a comment below and auto-close will be canceled.