Fork me on GitHub
#aws
<
2024-06-05
>
Evan Bernard18:06:19

hello! I’m getting started with the AWS CDK, and in doing so, I wanted to get a good handle on the cdk diff command, particularly to diff local stacks (as in not-yet-deployed stacks) to check myself on whether I’m introducing unintended changes as I learn. however, I’m getting something in the output that I don’t quite understand, and I haven’t managed to google my way through it, either. 1. I created a fairly simple stack (in clojure, no less). I sent the CloudFormation template to a file, e.g. cdk synth > template.yml 2. I immediately try cdk diffing it to confirm that there’s no change (nor should there be; I haven’t made any changes!) output:

% cdk diff --template='./template.yml' --fail
Synthesized to: cdk.out

Other Changes
[-] Unknown Synthesized to: cdk.out
✨  Number of stacks with differences: 1

% echo $?
1
does anyone know what might be causing the Unknown Synthesized to: cdk.out bit? that seems like the thing that’s registering as a diff, hence the exit code of 1 ANSWER: I was holding it wrong! I was sending stdout to a file named template.yml, but that picked up the log line Synthesized to: cdk.out which looked enough like yaml that I didn’t catch it as NOT being an actual part of the cloudformation template. looked right past it. everything else was CDK fundamental stuff that @aisamu helped me with - thanks again!

🎉 1
Evan Bernard18:06:24

hmm. I notice that template.yml starts with: Synthesized to: cdk.out . that seems awfully relevant!

aisamu18:06:42

Isn't "Unknown" the name of the stack? (where it's supposed to go, that is)

Evan Bernard18:06:11

I’m betting that diff isn’t picking up that testStack is the name of the stack within the template.yml file

aisamu18:06:46

IIRC you can synth and diff against stacknames, there's not need to explicitly use files

Evan Bernard18:06:15

ah, sure enough - if I remove that first line such that template.yml no longer contains Synthesized to: cdk.out, we see what I expected:

% cdk diff testStack --template='template.yml' --fail
Synthesized to: cdk.out

There were no differences

✨  Number of stacks with differences: 0

% echo $?
0

Evan Bernard18:06:35

hmm. maybe I don’t quite understand stacks yet! how could I do that if I’m working off the same bit of CDK? I’m hoping to: 1. generate a CloudFormation template using some CDK code (e.g. that’s built from calling cdk synth that points to a cdk.json with an app attribute of clj -X main/-main ) 2. make some changes to main.clj 3. and then diff the CloudFormation template from step 1 with the result of the changes from step 2

aisamu18:06:05

And the way I remember grabbing templates wasn't by piping to a file - they should be inside cdk.out!

Evan Bernard18:06:45

ah .. let me fiddle with that! maybe I’m being weird for routing stdout to a file. I’ll wipe the cdk.out/ dir and see what that changes

Evan Bernard18:06:00

ah, that’s why I was doing that; cdk.out doesn’t seem to contain the output yaml

aisamu18:06:34

IIRC it contains json templates, not yaml!

Evan Bernard18:06:32

ahhh - are the json files the templates, and the yaml output of cdk synth is the cloudformation BUILT from those json templates? did I mention I’m new at this 😄

aisamu18:06:43

Cloudformation accepts both yaml and json!

aisamu18:06:47

CDK is a regular library that spits cloudformation json templates

Evan Bernard18:06:17

ooohh my goodness I know what’s going on. I think the answer is a lot more straightforward - I’m looking at the output of cdk synth… and the first line is, i think, a log! Synthesized to: cdk.out if that is indeed a log, my piping of the output yaml to a file for later comparison ended up scooping up that line which looks an awful lot like YAML, ergo…

aisamu18:06:54

You got it!

Evan Bernard18:06:36

well - I might be still suck with the same desire I started with, just with a really goofy problem out of the way. I still want to compare the YAML spit out by cdk synth between two changes to main.clj, but the stacks can’t exist simultaneously since they would be built from the same codebase

Evan Bernard18:06:03

now that I realize what I’m doing, i could always kill the first line of the output of cdk synth > template.yml , but that feels trashy

aisamu18:06:32

You can specify the output directory

cdk synth --output=~/templates

aisamu18:06:07

then use the different folder as a source of comparison

cdk diff --template ~/stacks/MyStack.old MyStack

Evan Bernard18:06:11

aha! just ran into that in cdk synth --help 🙂 foolish me, I was just looking https://docs.aws.amazon.com/cdk/v2/guide/ref-cli-cmd-synth.htmlwhich isn’t exhaustive

Evan Bernard18:06:27

hmm. that just changes the directory of where the json gets stored. that might be useful, but if it is I don’t get how yet. but I bet i’m missing a fundamental: what’s the distinction between the json files that get generated and saved to disk vs. the YAML output that cdk synth emits to stdout by default?

aisamu19:06:07

None! Json and Yaml are "equivalent"

Evan Bernard19:06:35

I see, and so I’ve been focusing too hard on the YAML that I see and the JSON that’s always been there!

1
Evan Bernard19:06:17

yep! just confirmed after a fresh round of cdk synthing, as well as introducing a small change to confirm that the diff picks it up:

% cdk diff --template='templates/testStack.template.json' --fail
Synthesized to: cdk.out

There were no differences

✨  Number of stacks with differences: 0

% cdk diff --template='templates/testStack.template.json' --fail
Synthesized to: cdk.out

Resources
[~] AWS::IAM::Role test-lambda-role testlambdaroleF589601D replace
 └─ [~] RoleName (requires replacement)
     ├─ [-] test-lambda-role
     └─ [+] test-lambda-role-NEW


✨  Number of stacks with differences: 1

Evan Bernard19:06:36

you’ve taught me a lot - thank you very much!

aisamu19:06:08

You're welcome! But note that you handled almost everything yourself :)

Evan Bernard19:06:12

that’s a nice, tight feedback cycle too: 1. make change 2. compare with cdk diff --template='template/fooStack.template.json' 3. if satisfied, cdk synth and move along once I know what I’m doing more, I can skip effectively cdk synthing twice 🙂

Evan Bernard19:06:47

hah, well thanks for also being an excellent rubber duck and taking the time, then!

❤️ 1
aisamu19:06:11

In a more regular setting you don't have to synth at all (it does that for you automatically), and you diff your local, proposed changes against something that's deployed (so no need to generate two templates locally - you compare the local/default template against the remote, deployed template)

Evan Bernard19:06:06

yeah, once I’m at the point where I’m willing to deploy, we’ll really be in business

Evan Bernard19:06:02

I think once I’m there, it’s just cdk diff FooStack, and that’ll compare what i’ve got locally to an actually-deployed stack named FooStack, right?

1
Evan Bernard19:06:57

oh no - are you ready for the worst part? it’s MY log line!!

😂 1
Evan Bernard19:06:22

it was me the whole time..