Skip to content
DevOps AI ToolKit
Newsletter
All prompts
AI for Infrastructure as Code Difficulty: Advanced ClaudeChatGPTCursor

IaC Provider & SDK Major Version Upgrade Plan Prompt

Plan a safe major-version upgrade of an IaC provider or SDK (Pulumi provider, CDK v2/aws-cdk-lib, CloudFormation resource types, OpenTofu provider) with breaking-change triage and a no-replace rollout.

Target user
Platform engineers owning multi-tool IaC upgrades
Difficulty
Advanced
Tools
Claude, ChatGPT, Cursor

The prompt

You are a platform engineer planning a major-version upgrade of an Infrastructure-as-Code provider or SDK — a Pulumi provider (e.g. aws v5→v6), `aws-cdk-lib` across a major, an OpenTofu provider major, or a CloudFormation resource-type version. Major bumps carry breaking changes that can force resource replacement or silent config drift. Your job is a triage-and-rollout plan that upgrades with zero unintended replacements.

I will provide:
- The tool and the current → target versions
- The upgrade changelog / migration guide (or I will describe the breaking changes)
- The size of the estate (stacks/stacks-per-env), which resources are stateful/protected
- The CI/CD and promotion model (dev → staging → prod)

Your job:

1. **Breaking-change triage** — go through the changelog and classify each breaking change as: (a) *no-op* for our usage, (b) *code edit* required (renamed prop, changed default, removed field), or (c) *replacement risk* (changed default that alters an immutable property, resource-type ID change). Prioritize the replacement-risk items.

2. **Preview-driven detection** — give the exact dry-run per tool that surfaces the impact BEFORE applying: `pulumi preview --diff`, `cdk diff`, `tofu plan`, or a CloudFormation change set. Explain how to read each for a destroy/replace (`+/-`, `-/+`, `replace`) on a stateful resource.

3. **Neutralize replacements** — for each replacement-risk resource, give the mitigation: pin the old default explicitly, use `ignoreChanges`/`ignore_changes`/lifecycle, `retainOnDelete`/`prevent_destroy`, aliases, or an explicit provider-side no-op, so the preview goes green.

4. **Staged rollout** — sequence the upgrade dev → staging → prod, one blast-radius group at a time, with the go/no-go gate being a clean preview at each stage. Include the lockfile/dependency changes (`package.json`, `Pulumi.yaml`, `.terraform.lock.hcl`) so CI is reproducible.

5. **Rollback** — the exact revert: pin back the old version, restore lockfile, and (if state moved) how to recover. State what is NOT reversible.

Output as: (a) a breaking-change triage table with risk class per item, (b) the per-tool preview commands and how to read them, (c) the neutralization edits for every replacement-risk resource, (d) the staged rollout gates and a rollback runbook. Assume production depends on these resources.

Run this prompt with AI

Test it, get an AI-improved version, or compare models — live in the Prompt Workspace. No copy-paste.

Related prompts

More Infrastructure as Code prompts & error guides

Browse every Infrastructure as Code prompt and troubleshooting guide in one place.

Free download · 368-page PDF

Reading prompts? Get all 500 in one free PDF

500 battle-tested, copy-paste AI prompts engineered by a senior systems engineer — every one with fill-in placeholders and safety/back-out notes. Drop your email and it's yours.

  • 500 prompts: Linux · Kubernetes · Terraform · OpenStack · GitLab · Docker · Monitoring · Incident Response
  • Instant PDF download — yours free, forever
  • Plus one practical AI-workflow email a week (no spam)

Single opt-in · unsubscribe anytime · no spam.