-
Notifications
You must be signed in to change notification settings - Fork 3.7k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
(diff): Support the --security-only
option for nested stacks
#30187
Comments
Hi @sakurai-ryo ,thanks for reaching out. I am able to repro the issue and could confirm Past issues and PRs - Since you are asking for additional parameter with command, please feel free to submit a PR. Team would be happy to review it. |
Describe the feature
The diff command with the
--security-only
option prints only security changes.Resources such as newly created S3 buckets are ignored.
However, this does not work for Nested Stacks.
For example, suppose we have a stack like this.
If you add an IAM Role to the parent stack, it will be output as diff.
However, if it is added to Nested Stacks, it will not print as a diff.
Use Case
A case where you want to check only the security-related diffs that have been changed in Nested Stacks.
Proposed Solution
Code needs to be added to the
printSecurityDiff
function to check the diff of Nested Stacks.aws-cdk/packages/aws-cdk/lib/diff.ts
Line 115 in 65f2bd9
Other Information
No response
Acknowledgements
CDK version used
2.141.0
Environment details (OS name and version, etc.)
MacOS
The text was updated successfully, but these errors were encountered: