(deploy): Manual changeset approval via CLI

[mipearson]

🚀 Feature Request

General Information

• 👋 I may be able to implement this feature request
• ⚠️ This feature might incur a breaking change

Description

This is similar to aws/aws-cdk#2879, but my use case is less CI/CD and more CLI workflow.

Our existing tool (https://github.com/envato/stack_master) has the following workflow:

1. stack_master apply <stack> (similar to cdk deploy <stack>)
2. Stack Master creates the changeset, presents what would be changed/replaced/etc to the user
3. User verifies the changeset by pressing y
4. Changeset is applied

This is similar to CDK's behaviour if IAM changes are detected.

We've come to rely on this behaviour - it gives us confidence that the changes we're about to make don't accidentally replace something they shouldn't (eg, an RDS instance) or have other unexpected behaviour that doesn't show up in a simple diff.

From what I can tell, cdk diff infers what would be changed rather than creating a changeset, so there's the possibility that its idea of what would occur and what would actually happen may be different. For example, in "traditional" cloudformation, I've had updates occur on converting a JSON template to a YAML one, with no other changes.

Proposed Solution

Add a command line option (--confirm, maybe?) that always asks the user if they'd like to apply the proposed changset.

Add this to cdk.json as well so that it can be set on a per-project basis.

Add --no-confirm to override this in the CLI.

[rhboyd]

+1 for the --confirm flag

[konstantinj]

Heavy +1 from my side since we were using this confirmed workflow as well. Currently we can't use cdk for production because of this.

[eladb]

UX-wise it probably make sense to tie this into --require-approval

[konstantinj]

In a couple of weeks from now on I would have time for that. I guess creating an else here would be sufficient: https://github.com/aws/aws-cdk/blob/master/packages/aws-cdk/lib/api/deploy-stack.ts#L91

[konstantinj]

Would it be an option to just show a link to the console to review the changes there as a first version?
Creating those nice cli tables for a changeset seems quite sophisticated.

[stevehodgkiss]

It would be great to have this feature in aws-cdk! Changes can't be safely deployed without it, since there's no way to review the changeset beforehand. Currently, external tools would need to be used in combination with --no-execute and --change-set-name ... in order to review changesets before executing them.

My suggestion would be to add the same flags / UI as aws sam cli:

Source