In this post I will show you how to add a manual approval to AWS Cloud Development Kit (CDK) Pipelines to confirm security changes before deployment. In my role I talk to a lot of customers that are excited about the AWS Cloud Development Kit (CDK).
However, these same customers are concerned that their security engineering team does not know what is in the policies CDK generates.
Specifically, I want to allow CDK to generate policies, but I want a security engineer to review any changes using a manual approval step in the pipeline.
When you add ConfirmPermissionsBroadening to your CI/CD pipeline, CDK will wait for manual approval before deploying a change that includes new security rules.