CLI: add flag when running garbage collector to ignore non-authorized stacks

[TiagoVentosa]

Describe the feature

add some kind of flag to the cdk gc command (for example --skip-unauthorized-stacks) so that when checking the stacks (GetTemplateSummary) it ignores those that the user does not have access instead of failing the command

Use Case

I was very excited for this new feature, but when I tried running it, I got the following error:

npx cdk gc --unstable=gc --rollback-buffer-days 5
 ⏳  Garbage Collecting environment aws://<ACCOUNT>/eu-west-1...
Error refreshing stacks: AccessDenied: User: arn:aws:sts::<ACCOUNT>:assumed-role/<ROLE> is not authorized 
to perform: cloudformation:GetTemplateSummary on 
resource: arn:aws:cloudformation:eu-west-1:<ACCOUNT>:stack/<ORGANIZATION-STACK> 
with an explicit deny in a service control policy

(newlines added to improve readability)

Where is a stack used my my company to do initial setup of AWS accounts.

Proposed Solution

Instead of automatically failing, have some way to ignore stacks in error. Right now I know of no way to skip it

Other Information

No response

Acknowledgements

• I may be able to implement this feature request
• This feature might incur a breaking change

CDK version used

2.171.1

Environment details (OS name and version, etc.)

macOS Sonoma 14.7

[khushail]

Hi @TiagoVentosa , thanks for reaching out and requesting this.
I see that cdk gc support was implemented recently with the idea of collecting unused assets in your bootstrapped S3 bucket with these PRs -

• feat(cli): garbage collect s3 assets (under --unstable flag) #31611
• feat(cli): garbage collect ecr assets (under --unstable flag) #31841

But what you are suggesting also seems to be a good add-on.

Requesting team's thoughts on this feature as it would be great to have their say whether its something on their radar for future implementation or would be considered from community.