pantheon-ai/cfn-template-compare
Compares deployed CloudFormation templates with locally synthesized CDK templates to detect drift, validate changes, and ensure consistency before deployment. Use when the user wants to compare CDK output with a deployed stack, check for infrastructure drift, run a pre-deployment validation, audit IAM or security changes, investigate a failing deployment, or perform a 'cdk diff'-style review. Triggered by phrases like 'compare templates', 'check for drift', 'cfn drift', 'stack comparison', 'infrastructure drift detection', 'safe to deploy', or 'what changed in my CDK stack'.
Does it follow best practices?
Evaluation — 100%
↑ 1.09xAgent success when using this tile
Validation for skill structure
Evaluation results
98%
10%Compare Deployed Stack with Local CDK Changes
Complete template comparison workflow
aws get-template command
100%
100%
Output to JSON file
100%
100%
make synth command
100%
100%
Copy synthesized template
100%
100%
Structure comparison
60%
100%
Resource count check
60%
100%
Added/removed resources
70%
80%
Timestamped artifacts
100%
100%
Report template structure
100%
100%
Resource counts in summary
88%
100%
Status indicator
100%
100%
Without context: $0.2862 · 1m 18s · 11 turns · 12 in / 4,618 out tokens
With context: $0.7471 · 2m 42s · 18 turns · 5,847 in / 9,083 out tokens
100%
11%Pre-flight Checks for Template Comparison
Prerequisites validation and error handling
AWS credential check
100%
100%
Profile flag usage
100%
100%
Stack existence check
100%
100%
StackStatus query
100%
100%
CDK synth validation
67%
100%
JSON validation
60%
100%
Error messages present
100%
100%
Credential error fix
100%
100%
Stack not found fix
100%
100%
Synth failure fix
71%
100%
Without context: $0.3580 · 1m 49s · 12 turns · 12 in / 6,464 out tokens
With context: $0.5260 · 2m 38s · 19 turns · 18 in / 7,250 out tokens
100%
1%Detailed Security and IAM Analysis
Hierarchical comparison and security analysis
Structure comparison first
100%
100%
Resource count check
100%
100%
Added/removed check
100%
100%
Process substitution
100%
100%
Sorted resource lists
100%
100%
CDK Nag extraction
100%
100%
IAM resource filter
93%
100%
Hierarchical order explained
100%
100%
CDK Nag interpretation
100%
100%
IAM policy analysis
100%
100%
Without context: $0.4151 · 2m 28s · 13 turns · 13 in / 8,145 out tokens
With context: $0.8571 · 3m 19s · 23 turns · 64 in / 9,014 out tokens
100%
12%Categorize Template Differences by Risk Level
Risk categorization and deployment decision
Risk categories defined
100%
100%
GitRef as expected
100%
100%
Alarm threshold as medium
0%
100%
IAM policy as high risk
100%
100%
CDK Nag suppression as critical
100%
100%
Resource changes assessed
100%
100%
Deployment decision present
100%
100%
Decision matches risk
100%
100%
Required actions listed
100%
100%
Without context: $0.2280 · 1m 7s · 9 turns · 10 in / 3,427 out tokens
With context: $0.2925 · 1m 17s · 12 turns · 12 in / 3,786 out tokens
100%
3%Handle Very Large Template Comparison
Large template handling optimization
Problem threshold identified
100%
100%
Hierarchical approach recommended
100%
100%
Structure comparison first
100%
100%
Resource count comparison
100%
100%
Added/removed resources
100%
100%
Avoid line diff
100%
100%
Summarized output
100%
100%
Decision criteria clear
100%
100%
Security focused subset
63%
100%
Without context: $0.3262 · 1m 34s · 11 turns · 12 in / 5,559 out tokens
With context: $0.6426 · 1m 53s · 18 turns · 97 in / 7,245 out tokens
Install with Tessl CLI
npx tessl i pantheon-ai/cfn-template-compare- Evaluated
- Agent
- Claude Code