Why is this not opt-in rather than opt-out? Having to update every environment and stack to prevent data from being sent is a pain. Also are there further details on what will be sent? We have strict data control polices I have to adhere to.

Hello

This is probably illegal in the EU without explicit consent. You should make this an opt-in feature, not opt-out.

Edit: To clarify, if any information that may, in theory, make it possible to identify a person is collected, it requires consent (that being explicit opt-in) in accordance with Article 6 of the GDPR. So it doesn't really matter if you do identify anyone, it matters if you could with the information collected.

I’m generally fine with the telemetry feature itself and with having it enabled by default for new projects.
However, I’m opposed to existing CDK projects suddenly sending data after a dependency update, without any explicit action by the user.

Could we adopt a policy like the following?

1. If the cli-telemetry flag is absent in a project’s context, treat it as false (opt-out) so that pre-existing projects remain silent unless the user opts in.
2. For projects created with CDK versions that include telemetry support, default cli-telemetry to true.

This approach preserves backward compatibility while still giving new projects the benefits of telemetry.

How it is, that telemetry will be enabled for versions >= 2, while command disabling telemetry is supported for CLI version 2.1020.0 or later? So there is no way to disable telemetry for users on 2 <= version < 2.1020.0?

Enabling this by default already speaks volumes as to the supposed utility provided to the users. When you feel you need to make it opt-out, it's usually because you know people will not like the change.
As stated above, making this retroactive to existing projects is specially annoying and hostile to your users.

That is just a bad attitude.

When I try to execute the command
npx cdk cli-telemetry --disable

I receive following error: Unknown command: cli-telemetry

EDIT: I've upgraded to aws-cdk 2.1020.1 (from 2.1017.1) and that solved it

Hi, this is illegal in the EU if it's not opt-in. It's also a shadow pattern. It's also arguably going to break a number of things, including audits and the like.

Please, please do not do this. CDK/AWS is already a thorn in the sides of many as it is, this is adding insult to injury.

I'm still not seeing a way explained how to opt out without changing cdk.context.json file.

I need a scalable way to do this. I use Projen templates and cdk.context.json cannot be managed by Projen as cdk has to write cached lookups there.

I'm still not seeing a way explained how to opt out without changing cdk.context.json file.

I need a scalable way to do this. I use Projen templates and cdk.context.json cannot be managed by Projen as cdk has to write cached lookups there.

An environment variable being supported should be a minimum requirement. Unbelievable "proposal". I too now need to get a pre-pre deploy pipeline working to disable this intrusion.

I belive in projen that this is the right thing to do. It seems it works for me.

context: {
'cli-telemetry': false,
'aws-cdk:disable-metadata': true,
'@aws-cdk/core:enableAdditionalMetadataCollection': false
}

While we can’t get into the details of the analysis, we can assure you that we have thoroughly evaluated this feature against applicable legal and compliance requirements

This makes no sense to me.

"We can't be transparent about things with you about how we treat YOUR data and deal with YOUR privacy rights! Just trust us 🥺👉🏻👈🏻"

This wasn't a proposal. This was a plan. Everyone on the CDK team should be ashamed. Or proud, I guess, as this has become the defacto soul-selling behavior of Amazon.

GG team, Sep 1 is in just a few days and you can close this issue and ignore the pesky open source peasants.

Unbelievable handling of this thread.

Hi all,

I'm updating the launch date on this thread to say September 15th, 2025 to align with our internal timelines. It's still "on or after," that is, we'll let you know an official date where we are launching telemetry when there is one.

@moltar @Spezp, we have a multitude of opt-out mechanisms beyond cdk.context.json, including specifying in cdk.json or an environment variable. @mrpackethead has a great example of how you can use projen to opt-out of telemetry.

@mrpackethead, a region specific issue would be something like we see an increase in deploy failures in a new region like ap-east-2. We'd want to be able to notice that and get to the bottom of it. As for why we are collecting successful events, we need to in order to make data-driven decisions on what to work on next. The final decisions on what to work on next, which this data will supplement towards, are made by the AWS CDK team.

Please note that CDK adheres to the AWS-wide privacy policy for personal information collection.

I'm updating the launch date on this thread to say September 15th, >2025 to align with our internal timelines. It's still "on or after," >that is, we'll let you know an official date where we are launching >telemetry when there is on0e.

"We will be announcing the exact date at least 4 weeks prior to launch."

Given its 30 Aug, 4 weeks from that is September 27. So, while 'on or after 15th is technically correct', how about stop the gaming, and just do what you said you woudl do. Lets change the topic to Sept 27.

You've also said you'd publish the endpoint address for where the telemtry is going, so that people can modify their network permissions. Is that available yet? The 4 weeks really can't start till then. Unless you're ok with with breaking one of the fundemetnals of AWS leadership principasl "They work vigorously to earn and keep customer trust." But given the approach of this entire program of work. ( It never was a proposal, and it was entirely disingenuous to call it a prospal ) it seems that the CDK team are immune to this kind of behaviour. Its fair to say, that the CDK team have raised the irk of a lot of senior folks within AWS, who have privately expressed their dismay at the continuing saga that CDK has become. I would suggest to the cdk team, they need to figure out how to add value, earn trust, or risk becoming one of those thigns that Andy says is gone-burger.

I've never experienced before anyone in AWS attempting to gaslight me, by engaging with local AWS staff in an attempt to get me to stop asking questions.. Seriously, you asked for questions, you did'nt like the reponse, and then you dont' ask, them and then, you start that kind of behaviour.

I've never seen such a large number of thumbs down as this, ever in cdk history. its a sad sad day.

@mrpackethead has a great >example of how you can use projen to opt-out of telemetry.

There is nothing great about this at all. Its exceptionally poor. What we should be doing is this.

context: {
'cli-telemetry': true,
}

Because cli-telemtry shoudl be disabled by default.

@mrpackethead, a region specific >issue would be something like we see an increase in deploy failures in >a new region like ap-east-2. We'd want to be able to notice that and >get to the bottom of it.

Then get that from Cloudformation. The only way you can get the region info in the cli is to snoop on my credentials. That makes me very unhappy. One has to wonder if the CLoudformation team said, no way cdk team, that would breech customer trust.

As for why we are collecting successful events, we need to in order >to make data-driven decisions on what to work on next. The final > >decisions on what to work on next, which this data will supplement >towards, are made by the AWS CDK team.

I can tell you what the CDK team needs to work on next. Earning trust back again.

This wasn't a proposal. This was a plan.

yup. Its farcial to put this in an RFP. At best it could be a RFC, ( request for comments ).

Everyone on the CDK team should be ashamed.

Actually, it seems that there are multiple people in the CDK team who are deeply ashamed about this. It unfortunate that the majority are getting tarred by the directives that a few line managers are pushing.

They forget this burns their front line, SA's, TAMs, Account Managers, and in some case this will loose AWS revenue in the long game.

Or proud, I guess, as this has become the defacto soul-selling >behavior of Amazon.

Thats not my experience. Of all the aws services i've used/use, i've only seen this level of contempt for customers, with one other service. Theres been an ongoing history of this behavior for quite a few years.

I suggest the strongest message that we can send AWS will be to actively encourage all CDK users to disable telemetry.

Updating this in all the existing projects is a pain...

I hope AWS reverts to its customer-centric approach, rather than silently pushing such changes.