When deploying any changes with the CDK that require IAM policy updates, you get the following message:

This deployment will make potentially sensitive changes according to your current security approval level

which is followed by the list of policy changes to be made and then a confirmation dialog. In general I think this is a good thing to have, but unfortunately it makes automating deployments difficult.

Is there a hidden flag or environment variable that can be set to skip this confirmation? Something like Terraform’s -auto-approve flag.

The following flag on the cdk deploy command can be used to skip this confirmation.

This is documented on this page. The full list of options can also be found by running cdk deploy --help