# C7n Community Meeting Minutes
# August 16th 2022
:::info
- **URL:** meet.google.com/mii-evqh-esh
- **Date:** August 16th, 2022 (2:00 PM (ET) / 11:00 PM (PT) / 6PM (UTC))
- **[Timezone Converter (Click me)](https://www.timeanddate.com/worldclock/converter.html?iso=20220621T180000&p1=263&p2=224&p3=136&p4=37&p5=367&p6=438&p7=248&p8=22)**
- **Agenda**
1. Intros `10m`
1. Agenda Items `20m`
1. PR Party `30m`
- **Meeting Contact:** Jorge: <jorge@stacklet.io>
- **Video Archive and Transcripts**: https://mtngs.io/cloud-custodian/community-meetings/
:::
[![Video Recording](https://img.youtube.com/vi/5PuCO5l0tPw/0.jpg)](https://youtu.be/5PuCO5l0tPw)
## Agenda Item
- Intros, etc.
- Governance Updates
- See this [GitHub issue](https://github.com/cloud-custodian/cloud-custodian/issues/7149) for the latest draft revisions.
- Governance as Code day CFPs are open!
- https://github.com/orgs/cloud-custodian/discussions/7625
- [CFP Form](https://docs.google.com/forms/d/e/1FAIpQLSfUf5bB0k-XZRH_IXUnCQxIX1nxHI0dxrSxOXUMBhMNtUh0lQ/viewform)
- [Registration](https://hopin.com/events/governance-as-code-day-with-cloud-custodian-hosted-by-stacklet-2022?hss_channel=tw-1242918094160498699)
- Release Information:
- 0.9.18 is out: https://github.com/cloud-custodian/cloud-custodian/releases/tag/0.9.18.0
https://ismsguy.medium.com/ingesting-cloud-custodian-logs-into-sumo-logic-part-1-4e6af6df70a
## Weekly Stats
| | Opened this week| Closed this week|
|--|---|-----|
|Issues| 26 | 16|
|PR's| 50 | 48|
| | |
|--|--|
| New stars | |
| New forks | |
AJ: https://github.com/cloud-custodian/cloud-custodian/discussions/7650
Kapil: https://github.com/cloud-custodian/cloud-custodian/pull/7659
(Want to see an item discussed? Add a `:boom:` next to an item!)
## PR's Opened
* :boom: [#7654](https://github.com/cloud-custodian/cloud-custodian/pull/7654): Fix for VPC FlowLog issue #7648
* [#7653](https://github.com/cloud-custodian/cloud-custodian/pull/7653): Fix for VPC FlowLog issue #7648
* :table: [#7652](https://github.com/cloud-custodian/cloud-custodian/pull/7652): feat: add lambda handler as parameter #7635
* :boom: [#7651](https://github.com/cloud-custodian/cloud-custodian/pull/7651): metrics - end_time round up 1 unit to include now
* [#7649](https://github.com/cloud-custodian/cloud-custodian/pull/7649): Fix for VPC FlowLog issue #7648
* [#7645](https://github.com/cloud-custodian/cloud-custodian/pull/7645): aws - quotas - update quotas onto the default quotas
* [#7644](https://github.com/cloud-custodian/cloud-custodian/pull/7644): c7n-org - support vars in the script args
* [#7643](https://github.com/cloud-custodian/cloud-custodian/pull/7643): mailer - jinja get_date_age support seconds
* [#7642](https://github.com/cloud-custodian/cloud-custodian/pull/7642): c7n-org - no overwrite when merge acct tags to resource result
* [#7638](https://github.com/cloud-custodian/cloud-custodian/pull/7638): aws - actions - kms tagging
* [#7637](https://github.com/cloud-custodian/cloud-custodian/pull/7637): gcp - marked-for-op - fix to support actions with hyphens
* :boom: [#7636](https://github.com/cloud-custodian/cloud-custodian/pull/7636): releng - bump package versions for 0.9.18.0
* [#7632](https://github.com/cloud-custodian/cloud-custodian/pull/7632): aws - apigw cross-account, handle policy mangling and use correct default
* [#7631](https://github.com/cloud-custodian/cloud-custodian/pull/7631): offhour - escape tag restricted chars with uxx
* [#7630](https://github.com/cloud-custodian/cloud-custodian/pull/7630): gcp - also get project id from GCP_PROJECT env
* [#7629](https://github.com/cloud-custodian/cloud-custodian/pull/7629): gcp - metrics - start/end time need to end with Z
* [#7628](https://github.com/cloud-custodian/cloud-custodian/pull/7628): Add new count filter to the RDS and RDS Cluster resources
* [#7627](https://github.com/cloud-custodian/cloud-custodian/pull/7627): Only disable Stop/Termination Protection only when necessary
* [#7626](https://github.com/cloud-custodian/cloud-custodian/pull/7626): Added new resource securityContacts
* [#7624](https://github.com/cloud-custodian/cloud-custodian/pull/7624): gcp - sql - fix augment function in GCP SQL
* [#7622](https://github.com/cloud-custodian/cloud-custodian/pull/7622): aws.event-rule | Filter unknown arns and add event-bus as a valid target
* [#7621](https://github.com/cloud-custodian/cloud-custodian/pull/7621): releng - docs build - update cache keys to address stale cache issue
* [#7619](https://github.com/cloud-custodian/cloud-custodian/pull/7619): releng - docker update poetry version and update ubuntu base image
* [#7618](https://github.com/cloud-custodian/cloud-custodian/pull/7618): Aws.rds.cluster.paragroup.filter
* [#7617](https://github.com/cloud-custodian/cloud-custodian/pull/7617): Allow to pass role to subscription-filter #7609
* [#7614](https://github.com/cloud-custodian/cloud-custodian/pull/7614): Update URL for Meeting Archives
* [#7613](https://github.com/cloud-custodian/cloud-custodian/pull/7613): Add myself as admin contact for the project
* [#7611](https://github.com/cloud-custodian/cloud-custodian/pull/7611): aws - filters - add `aws:SourceAccount` support to cross-account filter
* [#7608](https://github.com/cloud-custodian/cloud-custodian/pull/7608): feat: add ec2 filter for disableApiStop attribute
* [#7607](https://github.com/cloud-custodian/cloud-custodian/pull/7607): fix: terminate only 'batch' number of instances a request
* [#7605](https://github.com/cloud-custodian/cloud-custodian/pull/7605): releng - update policystream to use 22.04 and remove libgit compilation
* [#7603](https://github.com/cloud-custodian/cloud-custodian/pull/7603): gcp - gke - add labels filters and actions
* [#7602](https://github.com/cloud-custodian/cloud-custodian/pull/7602): release - 0.9.18.0 - prep for release 0.9.18
* [#7601](https://github.com/cloud-custodian/cloud-custodian/pull/7601): lint - fix E275 findings from pycodestyle 2.9.0
* [#7598](https://github.com/cloud-custodian/cloud-custodian/pull/7598): Make Terminate `force=True` work with Stop Protection
* [#7594](https://github.com/cloud-custodian/cloud-custodian/pull/7594): fix: skip incorrect action_date instead of failing c7n
* [#7592](https://github.com/cloud-custodian/cloud-custodian/pull/7592): Get Bucket Encryption Fails When No Encryption Configuration Is Present but KMS Bucket Key is Enabled
* [#7591](https://github.com/cloud-custodian/cloud-custodian/pull/7591): Get Bucket Encryption Fails When No Encryption Configuration Is Present but KMS Bucket Key is Enabled
* [#7588](https://github.com/cloud-custodian/cloud-custodian/pull/7588): aws - cloudfront - support fetching with arns
* [#7586](https://github.com/cloud-custodian/cloud-custodian/pull/7586): tools/c7n-mailer - fix null exception of notify_action_to
* [#7585](https://github.com/cloud-custodian/cloud-custodian/pull/7585): AWS - RedshiftParameterGroup Added new resource type param-group
* [#7579](https://github.com/cloud-custodian/cloud-custodian/pull/7579): chore: cleanup the blob output handlers.
* [#7578](https://github.com/cloud-custodian/cloud-custodian/pull/7578): Created a filter on account resource to check if s3 bucket i.e.registered for lake-formation belongs to same account or not
* [#7576](https://github.com/cloud-custodian/cloud-custodian/pull/7576): aws - cloudfront - post-finding fix webacl attribute
* [#7575](https://github.com/cloud-custodian/cloud-custodian/pull/7575): aws - kinesis - config source attribute adaptation fix
* [#7574](https://github.com/cloud-custodian/cloud-custodian/pull/7574): aws - apigw waf - fix for #7573 and cloudtrail mode support for apigw
* [#7572](https://github.com/cloud-custodian/cloud-custodian/pull/7572): aws - quotas - include aws default service quotas
* [#7570](https://github.com/cloud-custodian/cloud-custodian/pull/7570): core - structural validate handle explicit null filters or actions
* [#7569](https://github.com/cloud-custodian/cloud-custodian/pull/7569): aws - vpc - flow-logs - bugfix LogDestination key error
* [#7568](https://github.com/cloud-custodian/cloud-custodian/pull/7568): aws - budget execution mode
## PR's Closed
* [#7653](https://github.com/cloud-custodian/cloud-custodian/pull/7653): Fix for VPC FlowLog issue #7648
* [#7651](https://github.com/cloud-custodian/cloud-custodian/pull/7651): metrics - end_time round up 1 unit to include now
* [#7649](https://github.com/cloud-custodian/cloud-custodian/pull/7649): Fix for VPC FlowLog issue #7648
* [#7645](https://github.com/cloud-custodian/cloud-custodian/pull/7645): aws - quotas - update quotas onto the default quotas
* [#7643](https://github.com/cloud-custodian/cloud-custodian/pull/7643): mailer - jinja get_date_age support seconds
* [#7642](https://github.com/cloud-custodian/cloud-custodian/pull/7642): c7n-org - no overwrite when merge acct tags to resource result
* [#7638](https://github.com/cloud-custodian/cloud-custodian/pull/7638): aws - actions - kms tagging
* [#7637](https://github.com/cloud-custodian/cloud-custodian/pull/7637): gcp - marked-for-op - fix to support actions with hyphens
* [#7636](https://github.com/cloud-custodian/cloud-custodian/pull/7636): releng - bump package versions for 0.9.18.0
* [#7632](https://github.com/cloud-custodian/cloud-custodian/pull/7632): aws - apigw cross-account, handle policy mangling and use correct default
* [#7631](https://github.com/cloud-custodian/cloud-custodian/pull/7631): offhour - escape tag restricted chars with uxx
* [#7630](https://github.com/cloud-custodian/cloud-custodian/pull/7630): gcp - also get project id from GCP_PROJECT env
* [#7629](https://github.com/cloud-custodian/cloud-custodian/pull/7629): gcp - metrics - start/end time need to end with Z
* [#7627](https://github.com/cloud-custodian/cloud-custodian/pull/7627): Only disable Stop/Termination Protection only when necessary
* [#7624](https://github.com/cloud-custodian/cloud-custodian/pull/7624): gcp - sql - fix augment function in GCP SQL
* [#7622](https://github.com/cloud-custodian/cloud-custodian/pull/7622): aws.event-rule | Filter unknown arns and add event-bus as a valid target
* [#7621](https://github.com/cloud-custodian/cloud-custodian/pull/7621): releng - docs build - update cache keys to address stale cache issue
* [#7619](https://github.com/cloud-custodian/cloud-custodian/pull/7619): releng - docker update poetry version and update ubuntu base image
* [#7613](https://github.com/cloud-custodian/cloud-custodian/pull/7613): Add myself as admin contact for the project
* [#7611](https://github.com/cloud-custodian/cloud-custodian/pull/7611): aws - filters - add `aws:SourceAccount` support to cross-account filter
* [#7607](https://github.com/cloud-custodian/cloud-custodian/pull/7607): fix: terminate only 'batch' number of instances a request
* [#7605](https://github.com/cloud-custodian/cloud-custodian/pull/7605): releng - update policystream to use 22.04 and remove libgit compilation
* [#7602](https://github.com/cloud-custodian/cloud-custodian/pull/7602): release - 0.9.18.0 - prep for release 0.9.18
* [#7601](https://github.com/cloud-custodian/cloud-custodian/pull/7601): lint - fix E275 findings from pycodestyle 2.9.0
* [#7598](https://github.com/cloud-custodian/cloud-custodian/pull/7598): Make Terminate `force=True` work with Stop Protection
* [#7594](https://github.com/cloud-custodian/cloud-custodian/pull/7594): fix: skip incorrect action_date instead of failing c7n
* [#7592](https://github.com/cloud-custodian/cloud-custodian/pull/7592): Get Bucket Encryption Fails When No Encryption Configuration Is Present but KMS Bucket Key is Enabled
* [#7591](https://github.com/cloud-custodian/cloud-custodian/pull/7591): Get Bucket Encryption Fails When No Encryption Configuration Is Present but KMS Bucket Key is Enabled
* [#7588](https://github.com/cloud-custodian/cloud-custodian/pull/7588): aws - cloudfront - support fetching with arns
* [#7586](https://github.com/cloud-custodian/cloud-custodian/pull/7586): tools/c7n-mailer - fix null exception of notify_action_to
* [#7579](https://github.com/cloud-custodian/cloud-custodian/pull/7579): chore: cleanup the blob output handlers.
* [#7576](https://github.com/cloud-custodian/cloud-custodian/pull/7576): aws - cloudfront - post-finding fix webacl attribute
* [#7575](https://github.com/cloud-custodian/cloud-custodian/pull/7575): aws - kinesis - config source attribute adaptation fix
* [#7572](https://github.com/cloud-custodian/cloud-custodian/pull/7572): aws - quotas - include aws default service quotas
* [#7570](https://github.com/cloud-custodian/cloud-custodian/pull/7570): core - structural validate handle explicit null filters or actions
* [#7569](https://github.com/cloud-custodian/cloud-custodian/pull/7569): aws - vpc - flow-logs - bugfix LogDestination key error
* [#7568](https://github.com/cloud-custodian/cloud-custodian/pull/7568): aws - budget execution mode
* [#7561](https://github.com/cloud-custodian/cloud-custodian/pull/7561): AWS - Connect - Create new Connect resource and instance-attribute filter
* [#7525](https://github.com/cloud-custodian/cloud-custodian/pull/7525): aws - sns and sqs- add reusable "has-statement" filter
* [#7519](https://github.com/cloud-custodian/cloud-custodian/pull/7519): aws - waf/wafv2 - ability to associate apigateway, cloudfront and elb resources between waf and wafv2 web-acls
* [#7498](https://github.com/cloud-custodian/cloud-custodian/pull/7498): gcp - gcp-periodic - trigger type is http, fix for delta_resource, require service-account
* [#7460](https://github.com/cloud-custodian/cloud-custodian/pull/7460): AWS - Workspaces - Create filter for workspaces directory connection aliases
* [#7307](https://github.com/cloud-custodian/cloud-custodian/pull/7307): aws - metrics - align metric window with cloudwatch retention schedule
* [#7273](https://github.com/cloud-custodian/cloud-custodian/pull/7273): aws - rename and update lakeformation resource
* [#7252](https://github.com/cloud-custodian/cloud-custodian/pull/7252): Fsx backup checks
* [#7221](https://github.com/cloud-custodian/cloud-custodian/pull/7221): slack_delivery: Allow using email address in tag's value
* [#7200](https://github.com/cloud-custodian/cloud-custodian/pull/7200): [Issue #6152] Error while executing policy flow-logs-enabled
* [#5885](https://github.com/cloud-custodian/cloud-custodian/pull/5885): aws - apigw cross-account, handle policy mangling and use correct default
## Issues Opened
* :boom: [#7656](https://github.com/cloud-custodian/cloud-custodian/issues/7656): Cloud custodian v0.9.18.0 is not able to find our policy file in the container
* [#7648](https://github.com/cloud-custodian/cloud-custodian/issues/7648): VPC flow-logs policy Errors
* [#7647](https://github.com/cloud-custodian/cloud-custodian/issues/7647): Add delete action and remove-statement action for secrets manager
* [#7646](https://github.com/cloud-custodian/cloud-custodian/issues/7646): Add KMS filter for Secrets Manager
* [#7641](https://github.com/cloud-custodian/cloud-custodian/issues/7641): aws.iam-role - [ERROR] ClientError: An error occurred (Throttling) when calling the SimulatePrincipalPolicy operation (reached max retries: 4): Rate exceeded
* [#7639](https://github.com/cloud-custodian/cloud-custodian/issues/7639): AttributeError: 'list' object has no attribute 'get'
* [#7635](https://github.com/cloud-custodian/cloud-custodian/issues/7635): Support for lambda layers and how to adjust environment/handler?
* [#7634](https://github.com/cloud-custodian/cloud-custodian/issues/7634): UnitTests using assertTrue(x, y) instead of assertEqual(x, y)
* [#7623](https://github.com/cloud-custodian/cloud-custodian/issues/7623): GCP mark(ed)-for-op support op that contains hyphen
* [#7620](https://github.com/cloud-custodian/cloud-custodian/issues/7620): ci - doc builds not using cache and thus taking excess time
* [#7612](https://github.com/cloud-custodian/cloud-custodian/issues/7612): DocumentDB offHours downtime support
* [#7610](https://github.com/cloud-custodian/cloud-custodian/issues/7610): Policy using resource: iam-policy recieves UnrecognizedClientException during dry-run in GovCloud
* [#7609](https://github.com/cloud-custodian/cloud-custodian/issues/7609): Allow to pass IAM role to "put_subscription_filter" call
* [#7600](https://github.com/cloud-custodian/cloud-custodian/issues/7600): CI lint failing with E275 errors in pycodestyle 2.9.0
* [#7599](https://github.com/cloud-custodian/cloud-custodian/issues/7599): GuardDuty support for newer resources
* [#7597](https://github.com/cloud-custodian/cloud-custodian/issues/7597): [EC2] Force Terminate does not work when `disableApiStop` is set
* [#7593](https://github.com/cloud-custodian/cloud-custodian/issues/7593): Error when sending logs from Lambda to s3 buckets in another region
* [#7590](https://github.com/cloud-custodian/cloud-custodian/issues/7590): Custodian GCP Http cache issue
* :boom: [#7587](https://github.com/cloud-custodian/cloud-custodian/issues/7587): AWS Lakeformation registered location for S3 and role
* [#7584](https://github.com/cloud-custodian/cloud-custodian/issues/7584): Service Limits are not showing updated limits
* [#7583](https://github.com/cloud-custodian/cloud-custodian/issues/7583): Add Secrets Manager secrets resource
* [#7582](https://github.com/cloud-custodian/cloud-custodian/issues/7582): Usage of `fallback_schedule` option in RDS offhours policy
* [#7577](https://github.com/cloud-custodian/cloud-custodian/issues/7577): c7n-org Out of Memory (OOM) Condition When Running Merged Policy File Across 500+ Accounts
* [#7573](https://github.com/cloud-custodian/cloud-custodian/issues/7573): APIGateway resources returned are tuples
* [#7567](https://github.com/cloud-custodian/cloud-custodian/issues/7567): NoneType Issue
* [#7566](https://github.com/cloud-custodian/cloud-custodian/issues/7566): account-service-limits for s3
## Issues Closed
* [#7623](https://github.com/cloud-custodian/cloud-custodian/issues/7623): GCP mark(ed)-for-op support op that contains hyphen
* [#7620](https://github.com/cloud-custodian/cloud-custodian/issues/7620): ci - doc builds not using cache and thus taking excess time
* [#7612](https://github.com/cloud-custodian/cloud-custodian/issues/7612): DocumentDB offHours downtime support
* [#7600](https://github.com/cloud-custodian/cloud-custodian/issues/7600): CI lint failing with E275 errors in pycodestyle 2.9.0
* [#7597](https://github.com/cloud-custodian/cloud-custodian/issues/7597): [EC2] Force Terminate does not work when `disableApiStop` is set
* [#7583](https://github.com/cloud-custodian/cloud-custodian/issues/7583): Add Secrets Manager secrets resource
* [#7567](https://github.com/cloud-custodian/cloud-custodian/issues/7567): NoneType Issue
* [#7566](https://github.com/cloud-custodian/cloud-custodian/issues/7566): account-service-limits for s3
* [#7564](https://github.com/cloud-custodian/cloud-custodian/issues/7564): Error using event-rule invalid-targets filter
* [#7548](https://github.com/cloud-custodian/cloud-custodian/issues/7548): post-finding action of aws.distribution resource is throwing error
* [#7471](https://github.com/cloud-custodian/cloud-custodian/issues/7471): Add AWS Connect resource to Cloud custodian
* [#7470](https://github.com/cloud-custodian/cloud-custodian/issues/7470): Using `config-rule` mode with `aws.kinesis` resource results in `KeyError: 'StreamName'`
* [#7158](https://github.com/cloud-custodian/cloud-custodian/issues/7158): Error installing c7n-gcp
* [#6367](https://github.com/cloud-custodian/cloud-custodian/issues/6367): feat: Generic Helm Chart?
* [#6258](https://github.com/cloud-custodian/cloud-custodian/issues/6258): Cross account filter in rest-api returning error while execution
* [#6152](https://github.com/cloud-custodian/cloud-custodian/issues/6152): Error while executing policy flow-logs-enabled