Skip to content

feat(aws-cdk): add resource change filtering for deploy and diff commands #917

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Draft
wants to merge 1 commit into
base: main
Choose a base branch
from
Draft

feat(aws-cdk): add resource change filtering for deploy and diff commands #917

wants to merge 1 commit into from
+423 −0

Conversation

@mrgrain
Copy link
Contributor

@mrgrain mrgrain commented Oct 24, 2025

Why

Enables safer CDK deployments by restricting changes to only specified resource types or properties, preventing accidental modifications to critical infrastructure.

What

Adds --allow-resource-changes option to deploy and diff commands with support for:

  • Resource type filtering (AWS::Lambda::Function)
  • Property-level filtering (AWS::Lambda::Function.Code.S3Key)
  • Wildcard patterns (AWS::Lambda::*)
cdk deploy --allow-resource-changes AWS::Lambda::Function.Code.S3Key

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license

@mrgrain
feat(aws-cdk): add resource change filtering for deploy and diff comm…
98ecc74 
…ands

Add --allow-resource-changes option to restrict deployments to specific resource types or properties. This enables safer deployments by preventing unintended changes to critical resources.

- Add ResourceFilter API with pattern matching for resource types and properties
- Integrate validation into deploy and diff commands
- Support wildcard patterns (e.g., AWS::Lambda::*)
- Provide detailed violation messages with remediation guidance
- Include comprehensive unit tests and integration tests
@aws-cdk-automation aws-cdk-automation requested a review from a team October 24, 2025 13:40
@mrgrain mrgrain marked this pull request as draft October 24, 2025 13:40
@github-actions github-actions bot added the p2 label Oct 24, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

p2

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@mrgrain