C7n Community Meeting Minutes

# C7n Community Meeting Minutes ## December 6th 2022 :::info - **URL:** meet.google.com/mii-evqh-esh - **Date:** December 6th, 2022 (2:00 PM (ET) / 11:00 AM (PT) / 6PM (UTC)) - **[Timezone Converter (Click me)](https://www.timeanddate.com/worldclock/converter.html?iso=20220621T180000&p1=263&p2=224&p3=136&p4=37&p5=367&p6=438&p7=248&p8=22)** - **Agenda** 1. Intros `10m` 1. Agenda Items `20m` 1. PR Party `30m` - **Meeting Contact:** Jorge: <jorge@stacklet.io> - **Video Archive and Transcripts**: https://mtngs.io/cloud-custodian/community-meetings/ ::: [![Video Recording](https://img.youtube.com/vi/BwfMc5RNv-8/0.jpg)](https://youtu.be/BwfMc5RNv-8) ## Agenda Items - Intros, etc. - We're testing Slack! Join us: - [Invite page](https://communityinviter.com/apps/cloud-custodian/c7n-chat) - Release Update [Sonny] - Dependency updates, poetry, etc. - [Release update](https://github.com/cloud-custodian/cloud-custodian/pull/7990) - .9.21 targetted for right after reInvent - Kapil: we'll need this: https://github.com/cloud-custodian/cloud-custodian/pull/8011 - Where we at now? - Kapil - release next week! - We're back from reinvent! - Thanks everyone for stopping by the booth! - If you're new here from reinvent, welcome! - No community meeting next time 20th december - We'll resume Jan 10th, jorge to adjust the calendar. - Kapil: ressurect Cask? - https://github.com/cloud-custodian/cloud-custodian/tree/master/tools/cask - Jorge volunteers to document this - - Kapil: There's no consistent identifier across resources? - Looking at adding a getURN? (did I spell that right?) - [Discussion here](https://youtu.be/BwfMc5RNv-8?t=1261) # Weekly Report Weekly status report for cloud-custodian/cloud-custodian Week #49 2022 ## Here's what the team has focused on this week: * ## Weekly Stats | | Opened this week| Closed this week| |--|---|-----| |Issues| 16 | 11| |PR's| 53 | 55| | | | |--|--| | New stars | 0| | New forks | 0| ## PR's Opened * :boom: [#7807](https://github.com/cloud-custodian/cloud-custodian/pull/7807): RDS instance TLS check * :boom: [#7946](https://github.com/cloud-custodian/cloud-custodian/pull/7946): APIGW WAFv2 * :boom: [#7029](https://github.com/cloud-custodian/cloud-custodian/pull/7029): Managed Config Rules * :boom: [#8056](https://github.com/cloud-custodian/cloud-custodian/pull/8056): AWS - AppSync - Create graphql api cache filter * [#8053](https://github.com/cloud-custodian/cloud-custodian/pull/8053): aws - iam-analyzer - add support for additional resources * [#8052](https://github.com/cloud-custodian/cloud-custodian/pull/8052): docs - tencentcloud resources docs with examples * [#8051](https://github.com/cloud-custodian/cloud-custodian/pull/8051): mailer - skip empty email addr and filter out invalid cc email addr * [#8049](https://github.com/cloud-custodian/cloud-custodian/pull/8049): aws - glue-connection - tag read/write support * [#8048](https://github.com/cloud-custodian/cloud-custodian/pull/8048): Chore/bump ubi * [#8047](https://github.com/cloud-custodian/cloud-custodian/pull/8047): tools/cask - support tencent cloud * [#8045](https://github.com/cloud-custodian/cloud-custodian/pull/8045): aws - cloudfront - updating s3 regexes for mismatch-s3-origin filter * [#8044](https://github.com/cloud-custodian/cloud-custodian/pull/8044): c7n_tencentcloud - resources - cos * [#8043](https://github.com/cloud-custodian/cloud-custodian/pull/8043): tencentcloud - client - support for assume role * [#8042](https://github.com/cloud-custodian/cloud-custodian/pull/8042): aws - route53 - define rrset and healthcheck as global resources * [#8041](https://github.com/cloud-custodian/cloud-custodian/pull/8041): adding resource for mysql flexible server * [#8039](https://github.com/cloud-custodian/cloud-custodian/pull/8039): fix - flake8/pyflakes bump removed type comments linting * [#8037](https://github.com/cloud-custodian/cloud-custodian/pull/8037): aws - Target group attributes check filter and modify action added * [#8036](https://github.com/cloud-custodian/cloud-custodian/pull/8036): c7n-org - cli - support not-accounts option * [#8035](https://github.com/cloud-custodian/cloud-custodian/pull/8035): c7n - cli - enable vars option to load vars file * [#8034](https://github.com/cloud-custodian/cloud-custodian/pull/8034): policy - support include, format vars after load * [#8033](https://github.com/cloud-custodian/cloud-custodian/pull/8033): c7n-org - support org level vars in config file * [#8030](https://github.com/cloud-custodian/cloud-custodian/pull/8030): aws - backup - add consecutive backups filter * [#8029](https://github.com/cloud-custodian/cloud-custodian/pull/8029): utils - reduce backoff_delays jitter * [#8028](https://github.com/cloud-custodian/cloud-custodian/pull/8028): aws - security-group - used filter - add interface usage annotation * [#8027](https://github.com/cloud-custodian/cloud-custodian/pull/8027): aws - dlm - use native arn attribute * [#8025](https://github.com/cloud-custodian/cloud-custodian/pull/8025): aws - elasticache - skip delete replication group if it is in use * [#8024](https://github.com/cloud-custodian/cloud-custodian/pull/8024): aws - ebs - divide into small batch to achieve better performance when retrieving EBS resources (codecov exception requested) * [#8023](https://github.com/cloud-custodian/cloud-custodian/pull/8023): aws - dynamodb - add update table action (could u pls make an exception for this codecov) * [#8022](https://github.com/cloud-custodian/cloud-custodian/pull/8022): aws - notify - prepare iam-saml-provider for notify * [#8021](https://github.com/cloud-custodian/cloud-custodian/pull/8021): aws - ami - add last-launched-time filter * [#8020](https://github.com/cloud-custodian/cloud-custodian/pull/8020): aws - account - check-cloudtrail sns lookup refactor * [#8019](https://github.com/cloud-custodian/cloud-custodian/pull/8019): fix - add GA code from older website * [#8018](https://github.com/cloud-custodian/cloud-custodian/pull/8018): Bump cryptography from 38.0.1 to 38.0.3 * [#8017](https://github.com/cloud-custodian/cloud-custodian/pull/8017): Bump cryptography from 38.0.1 to 38.0.3 in /tools/c7n_azure * [#8016](https://github.com/cloud-custodian/cloud-custodian/pull/8016): Bump cryptography from 38.0.1 to 38.0.3 in /tools/c7n_openstack * [#8014](https://github.com/cloud-custodian/cloud-custodian/pull/8014): policy - have conditions support vars * [#8013](https://github.com/cloud-custodian/cloud-custodian/pull/8013): releng - update poetry to 1.2.2 * [#8012](https://github.com/cloud-custodian/cloud-custodian/pull/8012): releng - github actions use concurrency option to only run on latest push * [#8011](https://github.com/cloud-custodian/cloud-custodian/pull/8011): c7n_left - github action output annotation fixes * [#8007](https://github.com/cloud-custodian/cloud-custodian/pull/8007): aws - ec2 - force stop override stop protection * [#8006](https://github.com/cloud-custodian/cloud-custodian/pull/8006): aws - iam-profile, ec2 - add has-specific-managed-policy filter * [#8002](https://github.com/cloud-custodian/cloud-custodian/pull/8002): docs - tencentcloud resource reference docs build * [#8001](https://github.com/cloud-custodian/cloud-custodian/pull/8001): releng - handle optional extras in gen-frozensetup * [#7999](https://github.com/cloud-custodian/cloud-custodian/pull/7999): aws - iam - instance-profile set-role action * [#7998](https://github.com/cloud-custodian/cloud-custodian/pull/7998): aws - Lambda kms key fix for securityhub finding * [#7996](https://github.com/cloud-custodian/cloud-custodian/pull/7996): aws - cloudhsm-cluster, augment and serverless mode * [#7995](https://github.com/cloud-custodian/cloud-custodian/pull/7995): releng - install mailer extras in docker image * [#7994](https://github.com/cloud-custodian/cloud-custodian/pull/7994): c7n_tencentcloud - filter - refactor metrics filter * [#7992](https://github.com/cloud-custodian/cloud-custodian/pull/7992): c7n_tencentcloud - tests - vcr add recording filter * [#7990](https://github.com/cloud-custodian/cloud-custodian/pull/7990): releng - 0.9.21.0 pkg-increment and pkg-rebase * [#7988](https://github.com/cloud-custodian/cloud-custodian/pull/7988): aws - hosted-zone - query-logging-enabled: add subscription filter details * [#7986](https://github.com/cloud-custodian/cloud-custodian/pull/7986): aws - cloudfront - wafv2-enabled fix to find resources which are associated with waf-classic acl * [#7984](https://github.com/cloud-custodian/cloud-custodian/pull/7984): aws - autotag action - fix none userinfo exception * [#7983](https://github.com/cloud-custodian/cloud-custodian/pull/7983): aws - transit-attachment - Support CloudTrail mode * [#7981](https://github.com/cloud-custodian/cloud-custodian/pull/7981): aws - Support CloudTrail mode for aws.transit-attachment * [#7980](https://github.com/cloud-custodian/cloud-custodian/pull/7980): core - fix issue on policy conditions (#7967) ## PR's Closed * [#8053](https://github.com/cloud-custodian/cloud-custodian/pull/8053): aws - iam-analyzer - add support for additional resources * [#8049](https://github.com/cloud-custodian/cloud-custodian/pull/8049): aws - glue-connection - tag read/write support * [#8048](https://github.com/cloud-custodian/cloud-custodian/pull/8048): Chore/bump ubi * [#8047](https://github.com/cloud-custodian/cloud-custodian/pull/8047): tools/cask - support tencent cloud * [#8045](https://github.com/cloud-custodian/cloud-custodian/pull/8045): aws - cloudfront - updating s3 regexes for mismatch-s3-origin filter * [#8043](https://github.com/cloud-custodian/cloud-custodian/pull/8043): tencentcloud - client - support for assume role * [#8042](https://github.com/cloud-custodian/cloud-custodian/pull/8042): aws - route53 - define rrset and healthcheck as global resources * [#8039](https://github.com/cloud-custodian/cloud-custodian/pull/8039): fix - flake8/pyflakes bump removed type comments linting * [#8036](https://github.com/cloud-custodian/cloud-custodian/pull/8036): c7n-org - cli - support not-accounts option * [#8030](https://github.com/cloud-custodian/cloud-custodian/pull/8030): aws - backup - add consecutive backups filter * [#8028](https://github.com/cloud-custodian/cloud-custodian/pull/8028): aws - security-group - used filter - add interface usage annotation * [#8027](https://github.com/cloud-custodian/cloud-custodian/pull/8027): aws - dlm - use native arn attribute * [#8022](https://github.com/cloud-custodian/cloud-custodian/pull/8022): aws - notify - prepare iam-saml-provider for notify * [#8019](https://github.com/cloud-custodian/cloud-custodian/pull/8019): fix - add GA code from older website * [#8018](https://github.com/cloud-custodian/cloud-custodian/pull/8018): Bump cryptography from 38.0.1 to 38.0.3 * [#8017](https://github.com/cloud-custodian/cloud-custodian/pull/8017): Bump cryptography from 38.0.1 to 38.0.3 in /tools/c7n_azure * [#8016](https://github.com/cloud-custodian/cloud-custodian/pull/8016): Bump cryptography from 38.0.1 to 38.0.3 in /tools/c7n_openstack * [#8013](https://github.com/cloud-custodian/cloud-custodian/pull/8013): releng - update poetry to 1.2.2 * [#8012](https://github.com/cloud-custodian/cloud-custodian/pull/8012): releng - github actions use concurrency option to only run on latest push * [#8011](https://github.com/cloud-custodian/cloud-custodian/pull/8011): c7n_left - github action output annotation fixes * [#8006](https://github.com/cloud-custodian/cloud-custodian/pull/8006): aws - iam-profile, ec2 - add has-specific-managed-policy filter * [#8002](https://github.com/cloud-custodian/cloud-custodian/pull/8002): docs - tencentcloud resource reference docs build * [#8001](https://github.com/cloud-custodian/cloud-custodian/pull/8001): releng - handle optional extras in gen-frozensetup * [#7999](https://github.com/cloud-custodian/cloud-custodian/pull/7999): aws - iam - instance-profile set-role action * [#7998](https://github.com/cloud-custodian/cloud-custodian/pull/7998): aws - Lambda kms key fix for securityhub finding * [#7996](https://github.com/cloud-custodian/cloud-custodian/pull/7996): aws - cloudhsm-cluster, augment and serverless mode * [#7995](https://github.com/cloud-custodian/cloud-custodian/pull/7995): releng - install mailer extras in docker image * [#7994](https://github.com/cloud-custodian/cloud-custodian/pull/7994): c7n_tencentcloud - filter - refactor metrics filter * [#7992](https://github.com/cloud-custodian/cloud-custodian/pull/7992): c7n_tencentcloud - tests - vcr add recording filter * [#7990](https://github.com/cloud-custodian/cloud-custodian/pull/7990): releng - 0.9.21.0 pkg-increment and pkg-rebase * [#7988](https://github.com/cloud-custodian/cloud-custodian/pull/7988): aws - hosted-zone - query-logging-enabled: add subscription filter details * [#7986](https://github.com/cloud-custodian/cloud-custodian/pull/7986): aws - cloudfront - wafv2-enabled fix to find resources which are associated with waf-classic acl * [#7984](https://github.com/cloud-custodian/cloud-custodian/pull/7984): aws - autotag action - fix none userinfo exception * [#7983](https://github.com/cloud-custodian/cloud-custodian/pull/7983): aws - transit-attachment - Support CloudTrail mode * [#7981](https://github.com/cloud-custodian/cloud-custodian/pull/7981): aws - Support CloudTrail mode for aws.transit-attachment * [#7974](https://github.com/cloud-custodian/cloud-custodian/pull/7974): aws.ami enhancements for issues #7972, #7232, #7031 * [#7971](https://github.com/cloud-custodian/cloud-custodian/pull/7971): Add gcp resource project info * [#7962](https://github.com/cloud-custodian/cloud-custodian/pull/7962): M.Hogg - Suggested fix for KMSKeyArn Parameter validation failed for … * [#7957](https://github.com/cloud-custodian/cloud-custodian/pull/7957): docs - add governance-as-code day orgs * [#7954](https://github.com/cloud-custodian/cloud-custodian/pull/7954): aws - event-rule - add set-rule-state action * [#7953](https://github.com/cloud-custodian/cloud-custodian/pull/7953): aws - composite-alarm - add resource and delete action * [#7947](https://github.com/cloud-custodian/cloud-custodian/pull/7947): aws - ec2 - add managed-policy filter * [#7919](https://github.com/cloud-custodian/cloud-custodian/pull/7919): aws - security-group - add alb-wafv2-enabled filter * [#7917](https://github.com/cloud-custodian/cloud-custodian/pull/7917): custodian lambdas - graviton support * [#7908](https://github.com/cloud-custodian/cloud-custodian/pull/7908): c7n_tencentcloud - resources - cdb & cdb_backup * [#7907](https://github.com/cloud-custodian/cloud-custodian/pull/7907): fix the parsing with the latest tfparse * [#7904](https://github.com/cloud-custodian/cloud-custodian/pull/7904): aws - lambda - added assume role for invoke lambda * [#7889](https://github.com/cloud-custodian/cloud-custodian/pull/7889): Use case-insensitive checks for allowed conditions in cross-account filters * [#7884](https://github.com/cloud-custodian/cloud-custodian/pull/7884): aws - efs - add has-statement filter * [#7876](https://github.com/cloud-custodian/cloud-custodian/pull/7876): azure - postgresql-server - add configuration-parameter filter * [#7865](https://github.com/cloud-custodian/cloud-custodian/pull/7865): c7n_tencentcloud - cam - add resources * [#7851](https://github.com/cloud-custodian/cloud-custodian/pull/7851): aws - account - check-cloudtrail filter: add include-management-events and log-metric-filter-pattern * [#7840](https://github.com/cloud-custodian/cloud-custodian/pull/7840): azure - webapp - add webapp authentication filter * [#7664](https://github.com/cloud-custodian/cloud-custodian/pull/7664): azure - sqlserver - add auditing filter * [#7223](https://github.com/cloud-custodian/cloud-custodian/pull/7223): aws - tags - copy-related-tag using resourcegroupstaggingapi, support tags as key ## Issues Opened * [#8055](https://github.com/cloud-custodian/cloud-custodian/issues/8055): c7n_gcp fails with "Nonetype" object is not iterable when running policy against project with no clusters * [#8054](https://github.com/cloud-custodian/cloud-custodian/issues/8054): security group scan prefix list my account work, but other account can't * [#8050](https://github.com/cloud-custodian/cloud-custodian/issues/8050): WAFv2 Add Ability to Check for Logging * [#8040](https://github.com/cloud-custodian/cloud-custodian/issues/8040): aws - Lambda output_dir - synchronize variable interpolation with notify message and `metadata.json` * [#8015](https://github.com/cloud-custodian/cloud-custodian/issues/8015): Support identifying relationships between Route 53 records and Elastic IPs * [#8010](https://github.com/cloud-custodian/cloud-custodian/issues/8010): Mailer - question about send mail to gcp target * [#8009](https://github.com/cloud-custodian/cloud-custodian/issues/8009): [aws:sns] ResourceNotFound Terminates Policy Evaluation Early * [#8008](https://github.com/cloud-custodian/cloud-custodian/issues/8008): awscc query.get_resources is not called for some of the resources * [#8005](https://github.com/cloud-custodian/cloud-custodian/issues/8005): IllegalLocationConstraintException when calling the GetBucketTagging operation * [#8004](https://github.com/cloud-custodian/cloud-custodian/issues/8004): Develop an action on Connect resource to disable the contact lens feature * [#8003](https://github.com/cloud-custodian/cloud-custodian/issues/8003): resume and suspend actions for asg should support a new filter to ignore ASGs with Spot Instances * [#7997](https://github.com/cloud-custodian/cloud-custodian/issues/7997): Add AWS MSK (Kafka) V2 Serverless Support * [#7991](https://github.com/cloud-custodian/cloud-custodian/issues/7991): aws - cloudhsm-cluster policies failing in event mode * [#7989](https://github.com/cloud-custodian/cloud-custodian/issues/7989): Replace AWS EventBridge Rules with EventBridge Scheduler * [#7987](https://github.com/cloud-custodian/cloud-custodian/issues/7987): Filter action CWL log group for retention, size * [#7985](https://github.com/cloud-custodian/cloud-custodian/issues/7985): wafv-enabled for CloudFront fails to return resources which are associated with waf-classic acl ## Issues Closed * [#8015](https://github.com/cloud-custodian/cloud-custodian/issues/8015): Support identifying relationships between Route 53 records and Elastic IPs * [#7991](https://github.com/cloud-custodian/cloud-custodian/issues/7991): aws - cloudhsm-cluster policies failing in event mode * [#7985](https://github.com/cloud-custodian/cloud-custodian/issues/7985): wafv-enabled for CloudFront fails to return resources which are associated with waf-classic acl * [#7977](https://github.com/cloud-custodian/cloud-custodian/issues/7977): Securityhub upload finding - Botocore ParamValidationError for aws.lambda with encrypted env variables * [#7961](https://github.com/cloud-custodian/cloud-custodian/issues/7961): route 53 resources are all global * [#7960](https://github.com/cloud-custodian/cloud-custodian/issues/7960): resources/awslambda.py using KMSKeyArn instead of KmsKeyArn * [#7837](https://github.com/cloud-custodian/cloud-custodian/issues/7837): Use case-insensitive checks for allowed conditions in `cross-account` filters * [#7763](https://github.com/cloud-custodian/cloud-custodian/issues/7763): cloudwatch alarms deletion failing * [#7529](https://github.com/cloud-custodian/cloud-custodian/issues/7529): Issue with mismatch-s3-origin filter for aws.distribution resource * [#7188](https://github.com/cloud-custodian/cloud-custodian/issues/7188): support `copy-related-tag` when related resource is not a first-class resource type * [#6351](https://github.com/cloud-custodian/cloud-custodian/issues/6351): Custodian policies that call GenerateCredentialReport api hit throttling limits intermittently.