C7N Community Meeting Minutes 2023-05-30

# C7N Community Meeting Minutes 2023-05-30 ## May 30th 2023 :::info - **URL:** meet.google.com/mii-evqh-esh - **Date:** May 30, 2023 (2:00 PM (ET) / 11:00 AM (PT) / 7PM (UTC)) - **[Timezone Converter (Click me)](https://www.timeanddate.com/worldclock/converter.html?iso=20220621T180000&p1=263&p2=224&p3=136&p4=37&p5=367&p6=438&p7=248&p8=22)** - **Agenda** 1. Intros `10m` 1. Agenda Items `20m` 1. PR Party `30m` - **Meeting Contact:** AJ: <aj@stacklet.io> - **Video Archive and Transcripts**: https://mtngs.io/cloud-custodian/community-meetings/ ::: ## Agenda Items - Pregame: GCP Audit question from Prasanna - Instances matching policy but not stopping - Guidance: Confirm issue by checking execution logs - - Intros, etc. - We're moving on from Python 3.7 this year, details TBD, heads up: - https://github.com/cloud-custodian/cloud-custodian/issues/8092 - Tips and Tricks section in Discussions - https://github.com/cloud-custodian/cloud-custodian/discussions/categories/tips-and-tricks - Policy Packs? (ddao) ### PR/Issue Discussion # Weekly Report Weekly status report for cloud-custodian/cloud-custodian Week #22 2023 ## Here's what the team has focused on this week: - 0.9.27.0 released! - Docker builds failing - Appears to be due to a combination of freeze-wheel plugin changes and c7n-left's path dependency on c7n - Possible to use freeze-wheel during the c7n-left docker build rather than poetry export? ## Weekly Stats | | Opened this week| Closed this week| |--|---|-----| |Issues| 11 | 12| |PR's| 29 | 32| | | | |--|--| | New stars | 22| | New forks | 6| ## PR's Opened * [#8611](https://github.com/cloud-custodian/cloud-custodian/pull/8611): releng - use frozen wheels for c7n-left docker install * [#8610](https://github.com/cloud-custodian/cloud-custodian/pull/8610): aws - add delete action to directory and cloud-directory * [#8608](https://github.com/cloud-custodian/cloud-custodian/pull/8608): aws-efs-mount-target-add-cloudtrail-mode * [#8606](https://github.com/cloud-custodian/cloud-custodian/pull/8606): docs - document gcp env vars explicitly along with noting workload federation * [#8604](https://github.com/cloud-custodian/cloud-custodian/pull/8604): aws - security-group - used filter - handle ram vpc sharing eni when run in vpc owner * [#8601](https://github.com/cloud-custodian/cloud-custodian/pull/8601): GCP - add logging-sink resource and test * [#8600](https://github.com/cloud-custodian/cloud-custodian/pull/8600): quick update to example for bucket policy * [#8599](https://github.com/cloud-custodian/cloud-custodian/pull/8599): Added policy for recovery services * [#8598](https://github.com/cloud-custodian/cloud-custodian/pull/8598): aws - event bus delete action * [#8596](https://github.com/cloud-custodian/cloud-custodian/pull/8596): GCP - Added logging-sink resource * [#8595](https://github.com/cloud-custodian/cloud-custodian/pull/8595): aws - filter eni's based on OwnerId for unused sg filter * [#8593](https://github.com/cloud-custodian/cloud-custodian/pull/8593): Policy for azure recovery services * [#8591](https://github.com/cloud-custodian/cloud-custodian/pull/8591): releng - prep 0.9.27.0 release * [#8590](https://github.com/cloud-custodian/cloud-custodian/pull/8590): Added resource for azure recovery services vault * [#8589](https://github.com/cloud-custodian/cloud-custodian/pull/8589): Bump requests from 2.30.0 to 2.31.0 in /tools/c7n_mailer * [#8588](https://github.com/cloud-custodian/cloud-custodian/pull/8588): Bump requests from 2.30.0 to 2.31.0 in /tools/c7n_gcp * [#8587](https://github.com/cloud-custodian/cloud-custodian/pull/8587): Bump requests from 2.30.0 to 2.31.0 * [#8586](https://github.com/cloud-custodian/cloud-custodian/pull/8586): Bump requests from 2.30.0 to 2.31.0 in /tools/c7n_kube * [#8585](https://github.com/cloud-custodian/cloud-custodian/pull/8585): Bump requests from 2.30.0 to 2.31.0 in /tools/c7n_openstack * [#8584](https://github.com/cloud-custodian/cloud-custodian/pull/8584): Bump requests from 2.30.0 to 2.31.0 in /tools/c7n_azure * [#8583](https://github.com/cloud-custodian/cloud-custodian/pull/8583): Bump requests from 2.30.0 to 2.31.0 in /tools/c7n_policystream * [#8582](https://github.com/cloud-custodian/cloud-custodian/pull/8582): Bump requests from 2.30.0 to 2.31.0 in /tools/c7n_sphinxext * [#8580](https://github.com/cloud-custodian/cloud-custodian/pull/8580): add-azure-resource-monitor-log-profile * [#8579](https://github.com/cloud-custodian/cloud-custodian/pull/8579): azure - front-door and cdn waf filters for WAF policies * [#8576](https://github.com/cloud-custodian/cloud-custodian/pull/8576): aws - codecommit - add universal_augment to pull tags * [#8574](https://github.com/cloud-custodian/cloud-custodian/pull/8574): Added WAF resource and Filter for App Gateway WAF policies * [#8573](https://github.com/cloud-custodian/cloud-custodian/pull/8573): gcp - fix report fields metadata * [#8571](https://github.com/cloud-custodian/cloud-custodian/pull/8571): feat: adding support for gcp impersonated credentials * [#8569](https://github.com/cloud-custodian/cloud-custodian/pull/8569): gcp - fix metadata on a few resource types ## PR's Closed * [#8604](https://github.com/cloud-custodian/cloud-custodian/pull/8604): aws - security-group - used filter - handle ram vpc sharing eni when run in vpc owner * [#8600](https://github.com/cloud-custodian/cloud-custodian/pull/8600): quick update to example for bucket policy * [#8599](https://github.com/cloud-custodian/cloud-custodian/pull/8599): Added policy for recovery services * [#8598](https://github.com/cloud-custodian/cloud-custodian/pull/8598): aws - event bus delete action * [#8596](https://github.com/cloud-custodian/cloud-custodian/pull/8596): GCP - Added logging-sink resource * [#8595](https://github.com/cloud-custodian/cloud-custodian/pull/8595): aws - filter eni's based on OwnerId for unused sg filter * [#8593](https://github.com/cloud-custodian/cloud-custodian/pull/8593): Policy for azure recovery services * [#8591](https://github.com/cloud-custodian/cloud-custodian/pull/8591): releng - prep 0.9.27.0 release * [#8590](https://github.com/cloud-custodian/cloud-custodian/pull/8590): Added resource for azure recovery services vault * [#8589](https://github.com/cloud-custodian/cloud-custodian/pull/8589): Bump requests from 2.30.0 to 2.31.0 in /tools/c7n_mailer * [#8588](https://github.com/cloud-custodian/cloud-custodian/pull/8588): Bump requests from 2.30.0 to 2.31.0 in /tools/c7n_gcp * [#8587](https://github.com/cloud-custodian/cloud-custodian/pull/8587): Bump requests from 2.30.0 to 2.31.0 * [#8586](https://github.com/cloud-custodian/cloud-custodian/pull/8586): Bump requests from 2.30.0 to 2.31.0 in /tools/c7n_kube * [#8585](https://github.com/cloud-custodian/cloud-custodian/pull/8585): Bump requests from 2.30.0 to 2.31.0 in /tools/c7n_openstack * [#8584](https://github.com/cloud-custodian/cloud-custodian/pull/8584): Bump requests from 2.30.0 to 2.31.0 in /tools/c7n_azure * [#8583](https://github.com/cloud-custodian/cloud-custodian/pull/8583): Bump requests from 2.30.0 to 2.31.0 in /tools/c7n_policystream * [#8582](https://github.com/cloud-custodian/cloud-custodian/pull/8582): Bump requests from 2.30.0 to 2.31.0 in /tools/c7n_sphinxext * [#8580](https://github.com/cloud-custodian/cloud-custodian/pull/8580): add-azure-resource-monitor-log-profile * [#8576](https://github.com/cloud-custodian/cloud-custodian/pull/8576): aws - codecommit - add universal_augment to pull tags * [#8573](https://github.com/cloud-custodian/cloud-custodian/pull/8573): gcp - fix report fields metadata * [#8571](https://github.com/cloud-custodian/cloud-custodian/pull/8571): feat: adding support for gcp impersonated credentials * [#8569](https://github.com/cloud-custodian/cloud-custodian/pull/8569): gcp - fix metadata on a few resource types * [#8565](https://github.com/cloud-custodian/cloud-custodian/pull/8565): core - validate - report errors per file * [#8554](https://github.com/cloud-custodian/cloud-custodian/pull/8554): Added resources for cdn customdomain and cdn endpoint * [#8546](https://github.com/cloud-custodian/cloud-custodian/pull/8546): add-azure-resource-servicebus-namespace-networkruleset * [#8541](https://github.com/cloud-custodian/cloud-custodian/pull/8541): Add azure resource servicebus namespace authrules * [#8538](https://github.com/cloud-custodian/cloud-custodian/pull/8538): Adds ECR repository policy to saved resource for reporting * [#8519](https://github.com/cloud-custodian/cloud-custodian/pull/8519): gc - added bigtable instance, bigtable instance cluster, bigtable ins… * [#8475](https://github.com/cloud-custodian/cloud-custodian/pull/8475): core - value filter - add json value_type * [#8395](https://github.com/cloud-custodian/cloud-custodian/pull/8395): releng - automated releases * [#8372](https://github.com/cloud-custodian/cloud-custodian/pull/8372): aws - iam-user - add include-via option to policy filter * [#8353](https://github.com/cloud-custodian/cloud-custodian/pull/8353): releng - offer some guidance following a failed freeze-wheel ## Issues Opened * [#8609](https://github.com/cloud-custodian/cloud-custodian/issues/8609): aws - delete action of directory/cloud-directory services * [#8607](https://github.com/cloud-custodian/cloud-custodian/issues/8607): Adds cloudtrail support for efs-mount-target * [#8603](https://github.com/cloud-custodian/cloud-custodian/issues/8603): has-statement filter running into "list index out of range" error * [#8597](https://github.com/cloud-custodian/cloud-custodian/issues/8597): aws - event bus delete action * [#8594](https://github.com/cloud-custodian/cloud-custodian/issues/8594): aws - unused sg filter eni evaluation * [#8592](https://github.com/cloud-custodian/cloud-custodian/issues/8592): aws - notify action batch_size flexibility * [#8581](https://github.com/cloud-custodian/cloud-custodian/issues/8581): Increased Memory Usage in Version 0.9.26 * [#8578](https://github.com/cloud-custodian/cloud-custodian/issues/8578): It would be great if overwrite: False was an option with the tag action. * [#8577](https://github.com/cloud-custodian/cloud-custodian/issues/8577): configure EphemeralStorage when running in Lambda mode * [#8575](https://github.com/cloud-custodian/cloud-custodian/issues/8575): Azure - Add Snapshots resource * [#8568](https://github.com/cloud-custodian/cloud-custodian/issues/8568): Would like to get the feature --impersonate-service-account for GCP account ## Issues Closed * [#8603](https://github.com/cloud-custodian/cloud-custodian/issues/8603): has-statement filter running into "list index out of range" error * [#8597](https://github.com/cloud-custodian/cloud-custodian/issues/8597): aws - event bus delete action * [#8594](https://github.com/cloud-custodian/cloud-custodian/issues/8594): aws - unused sg filter eni evaluation * [#8575](https://github.com/cloud-custodian/cloud-custodian/issues/8575): Azure - Add Snapshots resource * [#8568](https://github.com/cloud-custodian/cloud-custodian/issues/8568): Would like to get the feature --impersonate-service-account for GCP account * [#8566](https://github.com/cloud-custodian/cloud-custodian/issues/8566): get errors after putting the slack_token in the mailer configuration * [#8537](https://github.com/cloud-custodian/cloud-custodian/issues/8537): The action set-wafv2 doesn't seem to accept my regex in the web-acl parameter * [#8528](https://github.com/cloud-custodian/cloud-custodian/issues/8528): GCP Cloud Run Service resource causing an error * [#8501](https://github.com/cloud-custodian/cloud-custodian/issues/8501): RDS snapshot copy-related-tag fails with error * [#7956](https://github.com/cloud-custodian/cloud-custodian/issues/7956): CodeCommit tags missing * [#7870](https://github.com/cloud-custodian/cloud-custodian/issues/7870): Random GetBucketLocation Failures Since Upgrading to v0.9.19 * [#7593](https://github.com/cloud-custodian/cloud-custodian/issues/7593): Error when sending logs from Lambda to s3 buckets in another region