Skip to main content
With the config committed, generate computes exactly what will change and provision applies it. Nothing is applied that wasn’t first generated and reviewable. For production, both run from CI; running locally is the sandbox flow.

Preview: infra generate

synthetiq infra generate \
  --profile <aws-profile>
generate validates the config against the real account (certificates issued and covering the right names, network ids real and usable) and creates a CloudFormation change set for each stack (synthetiq-infra, synthetiq-edge) — without executing anything. It writes a changeset file under _infra/changesets/ containing:
  • The resource-level table (action, resource, type, replacement warnings)
  • Property-level before/after for every modified resource
  • The full configuration of each created resource
  • The resolved parameter values
Commit the changeset file — it’s the record of what was reviewed. The change sets themselves are parked in your AWS account, tied to the config by a content hash. Exit codes match terraform plan -detailed-exitcode: 0 with no file when nothing changed, 2 when changes are pending.

Apply: infra provision

synthetiq infra provision \
  --profile <aws-profile>
provision executes only what was reviewed:
  1. Verify — the parked change sets still exist and are executable. If the config changed since generate, or the stack moved underneath the change set, it stops and asks for a re-plan.
  2. Pre-flight — simulates the required permissions for the executing principal; validates your own private subnets if you supplied them.
  3. Execute — runs the change sets in order (synthetiq-infra, then synthetiq-edge).
  4. Finish — prints the three app DNS records to create, seeds the deploy key, and registers the infrastructure with the Synthetiq platform.
provision runs with a Synthetiq identity — your login locally, the service account in CI — and refuses a changeset generated by a different CLI version than the one applying it (--allow-version-skew overrides). Confirm the account is registered and ready for deployments: 
synthetiq infra status

Updating

Updates are the same loop: edit the config, then generate → review → provision. To pick up Synthetiq platform updates, upgrade the CLI first: 
npm install -g @synthetiq/cli@latest

# review the diff
synthetiq infra generate \
  --profile <aws-profile>

# apply it
synthetiq infra provision \
  --profile <aws-profile>
generate produces an update change set against the existing stacks — only what changes, with replacement warnings. Re-running with no changes is a green no-op. In CI, pin @synthetiq/cli in the infra repo and upgrade via version-bump PRs — see Staying current.

After provisioning

Deploy apps with a single click from the Synthetiq console — deployments run through the deploy role created during provisioning. See Resources created for everything now in your account.