Description

We don't have a good way of communicating urgent matters to our users. This becomes especially relevant when security issues or breakages are discovered--we want to push communication around this, but the AWS Blog is not appropriate, Personal Health Dashboard might not get looked at and email will get spammy.

The CLI is an obvious place to integrate.

Working Backwards

The CDK CLI now automatically lets you know about issues that are important for the correctness, health and security of your CDK applications and toolchain.

Example messages we will push to you are:

• A security vulnerability has been detected in a (transitive) dependency of the CLI, and if you use Yarn you must take manual steps to protect yourself
• The Lambda runtime your CDK application is using is about to be deprecated and you should update it
• We fixed a serious issue in one of the CDK packages and you should update
• You are mixing CDKv1 package versions in your package.json, or you have carets on any of them (alternatively: you have multiple copies of the CDK in your dependency tree)

Every advisory is accompanied by a link information you about the details of the advisory, and what you should do to protect yourself.

CDK will tell you about applicable advisories on every run. You can opt to ignore messages and never be notified of them again.

Roles

• Driver (drives the proposal to completion): @user
• Approver(s): (assigned by CDK team)

Love this!

Another idea: have some rule that matches resources in templates, and throws up an advisory if we find a resource that matches some pattern or rule.

@otaviomacedo Can we mark this as done? 🎉 Edit: Whoops, I didn't notice the label