CDK Diff is underrated

I think it is often very underrated to use an IAC diffing tool like with CDK cdk diff. Let's have a look what that is doing exactly and why it is useful.

The 5 minutes I spend running CDK diff have saved me days of rollbacks and late-night debugging sessions.

In smaller projects it is quite easy to understand what happens once you make a change

You deploy a new queue, a lambda function, some IAM permissions, and done.

But once your project becomes a bit more complex (or on projects you didn't create from scratch) one little change can have a large impact.

Sometimes you accidentally change an IAM permission which you shouldn't.

Sometimes, you forgot that the "small" rename will actually recreate your bucket. And sometimes you just increased your cost dramatically without realizing.

CDK diff can give you assurance on that.

My typical workflow

My typical workflow is:

1. Checkout main branch
2. Run cdk diff → no changes (supposed to be)
3. Make changes on branch
4. Run cdk diff again → should only show the changes you did

Doing this locally is not always possible. If it is not make use of it in PR comments or in the build pipeline.

Next step → Snapshot tests 😉