C7n Community Meeting Minutes

# C7n Community Meeting Minutes # August 16th 2022 :::info - **URL:** meet.google.com/mii-evqh-esh - **Date:** August 16th, 2022 (2:00 PM (ET) / 11:00 PM (PT) / 6PM (UTC)) - **[Timezone Converter (Click me)](https://www.timeanddate.com/worldclock/converter.html?iso=20220621T180000&p1=263&p2=224&p3=136&p4=37&p5=367&p6=438&p7=248&p8=22)** - **Agenda** 1. Intros `10m` 1. Agenda Items `20m` 1. PR Party `30m` - **Meeting Contact:** Jorge: <jorge@stacklet.io> - **Video Archive and Transcripts**: https://mtngs.io/cloud-custodian/community-meetings/ ::: [![Video Recording](https://img.youtube.com/vi/5PuCO5l0tPw/0.jpg)](https://youtu.be/5PuCO5l0tPw) ## Agenda Item - Intros, etc. - Governance Updates - See this [GitHub issue](https://github.com/cloud-custodian/cloud-custodian/issues/7149) for the latest draft revisions. - Governance as Code day CFPs are open! - https://github.com/orgs/cloud-custodian/discussions/7625 - [CFP Form](https://docs.google.com/forms/d/e/1FAIpQLSfUf5bB0k-XZRH_IXUnCQxIX1nxHI0dxrSxOXUMBhMNtUh0lQ/viewform) - [Registration](https://hopin.com/events/governance-as-code-day-with-cloud-custodian-hosted-by-stacklet-2022?hss_channel=tw-1242918094160498699) - Release Information: - 0.9.18 is out: https://github.com/cloud-custodian/cloud-custodian/releases/tag/0.9.18.0 https://ismsguy.medium.com/ingesting-cloud-custodian-logs-into-sumo-logic-part-1-4e6af6df70a ## Weekly Stats | | Opened this week| Closed this week| |--|---|-----| |Issues| 26 | 16| |PR's| 50 | 48| | | | |--|--| | New stars | | | New forks | | AJ: https://github.com/cloud-custodian/cloud-custodian/discussions/7650 Kapil: https://github.com/cloud-custodian/cloud-custodian/pull/7659 (Want to see an item discussed? Add a `:boom:` next to an item!) ## PR's Opened * :boom: [#7654](https://github.com/cloud-custodian/cloud-custodian/pull/7654): Fix for VPC FlowLog issue #7648 * [#7653](https://github.com/cloud-custodian/cloud-custodian/pull/7653): Fix for VPC FlowLog issue #7648 * :table: [#7652](https://github.com/cloud-custodian/cloud-custodian/pull/7652): feat: add lambda handler as parameter #7635 * :boom: [#7651](https://github.com/cloud-custodian/cloud-custodian/pull/7651): metrics - end_time round up 1 unit to include now * [#7649](https://github.com/cloud-custodian/cloud-custodian/pull/7649): Fix for VPC FlowLog issue #7648 * [#7645](https://github.com/cloud-custodian/cloud-custodian/pull/7645): aws - quotas - update quotas onto the default quotas * [#7644](https://github.com/cloud-custodian/cloud-custodian/pull/7644): c7n-org - support vars in the script args * [#7643](https://github.com/cloud-custodian/cloud-custodian/pull/7643): mailer - jinja get_date_age support seconds * [#7642](https://github.com/cloud-custodian/cloud-custodian/pull/7642): c7n-org - no overwrite when merge acct tags to resource result * [#7638](https://github.com/cloud-custodian/cloud-custodian/pull/7638): aws - actions - kms tagging * [#7637](https://github.com/cloud-custodian/cloud-custodian/pull/7637): gcp - marked-for-op - fix to support actions with hyphens * :boom: [#7636](https://github.com/cloud-custodian/cloud-custodian/pull/7636): releng - bump package versions for 0.9.18.0 * [#7632](https://github.com/cloud-custodian/cloud-custodian/pull/7632): aws - apigw cross-account, handle policy mangling and use correct default * [#7631](https://github.com/cloud-custodian/cloud-custodian/pull/7631): offhour - escape tag restricted chars with uxx * [#7630](https://github.com/cloud-custodian/cloud-custodian/pull/7630): gcp - also get project id from GCP_PROJECT env * [#7629](https://github.com/cloud-custodian/cloud-custodian/pull/7629): gcp - metrics - start/end time need to end with Z * [#7628](https://github.com/cloud-custodian/cloud-custodian/pull/7628): Add new count filter to the RDS and RDS Cluster resources * [#7627](https://github.com/cloud-custodian/cloud-custodian/pull/7627): Only disable Stop/Termination Protection only when necessary * [#7626](https://github.com/cloud-custodian/cloud-custodian/pull/7626): Added new resource securityContacts * [#7624](https://github.com/cloud-custodian/cloud-custodian/pull/7624): gcp - sql - fix augment function in GCP SQL * [#7622](https://github.com/cloud-custodian/cloud-custodian/pull/7622): aws.event-rule | Filter unknown arns and add event-bus as a valid target * [#7621](https://github.com/cloud-custodian/cloud-custodian/pull/7621): releng - docs build - update cache keys to address stale cache issue * [#7619](https://github.com/cloud-custodian/cloud-custodian/pull/7619): releng - docker update poetry version and update ubuntu base image * [#7618](https://github.com/cloud-custodian/cloud-custodian/pull/7618): Aws.rds.cluster.paragroup.filter * [#7617](https://github.com/cloud-custodian/cloud-custodian/pull/7617): Allow to pass role to subscription-filter #7609 * [#7614](https://github.com/cloud-custodian/cloud-custodian/pull/7614): Update URL for Meeting Archives * [#7613](https://github.com/cloud-custodian/cloud-custodian/pull/7613): Add myself as admin contact for the project * [#7611](https://github.com/cloud-custodian/cloud-custodian/pull/7611): aws - filters - add `aws:SourceAccount` support to cross-account filter * [#7608](https://github.com/cloud-custodian/cloud-custodian/pull/7608): feat: add ec2 filter for disableApiStop attribute * [#7607](https://github.com/cloud-custodian/cloud-custodian/pull/7607): fix: terminate only 'batch' number of instances a request * [#7605](https://github.com/cloud-custodian/cloud-custodian/pull/7605): releng - update policystream to use 22.04 and remove libgit compilation * [#7603](https://github.com/cloud-custodian/cloud-custodian/pull/7603): gcp - gke - add labels filters and actions * [#7602](https://github.com/cloud-custodian/cloud-custodian/pull/7602): release - 0.9.18.0 - prep for release 0.9.18 * [#7601](https://github.com/cloud-custodian/cloud-custodian/pull/7601): lint - fix E275 findings from pycodestyle 2.9.0 * [#7598](https://github.com/cloud-custodian/cloud-custodian/pull/7598): Make Terminate `force=True` work with Stop Protection * [#7594](https://github.com/cloud-custodian/cloud-custodian/pull/7594): fix: skip incorrect action_date instead of failing c7n * [#7592](https://github.com/cloud-custodian/cloud-custodian/pull/7592): Get Bucket Encryption Fails When No Encryption Configuration Is Present but KMS Bucket Key is Enabled * [#7591](https://github.com/cloud-custodian/cloud-custodian/pull/7591): Get Bucket Encryption Fails When No Encryption Configuration Is Present but KMS Bucket Key is Enabled * [#7588](https://github.com/cloud-custodian/cloud-custodian/pull/7588): aws - cloudfront - support fetching with arns * [#7586](https://github.com/cloud-custodian/cloud-custodian/pull/7586): tools/c7n-mailer - fix null exception of notify_action_to * [#7585](https://github.com/cloud-custodian/cloud-custodian/pull/7585): AWS - RedshiftParameterGroup Added new resource type param-group * [#7579](https://github.com/cloud-custodian/cloud-custodian/pull/7579): chore: cleanup the blob output handlers. * [#7578](https://github.com/cloud-custodian/cloud-custodian/pull/7578): Created a filter on account resource to check if s3 bucket i.e.registered for lake-formation belongs to same account or not * [#7576](https://github.com/cloud-custodian/cloud-custodian/pull/7576): aws - cloudfront - post-finding fix webacl attribute * [#7575](https://github.com/cloud-custodian/cloud-custodian/pull/7575): aws - kinesis - config source attribute adaptation fix * [#7574](https://github.com/cloud-custodian/cloud-custodian/pull/7574): aws - apigw waf - fix for #7573 and cloudtrail mode support for apigw * [#7572](https://github.com/cloud-custodian/cloud-custodian/pull/7572): aws - quotas - include aws default service quotas * [#7570](https://github.com/cloud-custodian/cloud-custodian/pull/7570): core - structural validate handle explicit null filters or actions * [#7569](https://github.com/cloud-custodian/cloud-custodian/pull/7569): aws - vpc - flow-logs - bugfix LogDestination key error * [#7568](https://github.com/cloud-custodian/cloud-custodian/pull/7568): aws - budget execution mode ## PR's Closed * [#7653](https://github.com/cloud-custodian/cloud-custodian/pull/7653): Fix for VPC FlowLog issue #7648 * [#7651](https://github.com/cloud-custodian/cloud-custodian/pull/7651): metrics - end_time round up 1 unit to include now * [#7649](https://github.com/cloud-custodian/cloud-custodian/pull/7649): Fix for VPC FlowLog issue #7648 * [#7645](https://github.com/cloud-custodian/cloud-custodian/pull/7645): aws - quotas - update quotas onto the default quotas * [#7643](https://github.com/cloud-custodian/cloud-custodian/pull/7643): mailer - jinja get_date_age support seconds * [#7642](https://github.com/cloud-custodian/cloud-custodian/pull/7642): c7n-org - no overwrite when merge acct tags to resource result * [#7638](https://github.com/cloud-custodian/cloud-custodian/pull/7638): aws - actions - kms tagging * [#7637](https://github.com/cloud-custodian/cloud-custodian/pull/7637): gcp - marked-for-op - fix to support actions with hyphens * [#7636](https://github.com/cloud-custodian/cloud-custodian/pull/7636): releng - bump package versions for 0.9.18.0 * [#7632](https://github.com/cloud-custodian/cloud-custodian/pull/7632): aws - apigw cross-account, handle policy mangling and use correct default * [#7631](https://github.com/cloud-custodian/cloud-custodian/pull/7631): offhour - escape tag restricted chars with uxx * [#7630](https://github.com/cloud-custodian/cloud-custodian/pull/7630): gcp - also get project id from GCP_PROJECT env * [#7629](https://github.com/cloud-custodian/cloud-custodian/pull/7629): gcp - metrics - start/end time need to end with Z * [#7627](https://github.com/cloud-custodian/cloud-custodian/pull/7627): Only disable Stop/Termination Protection only when necessary * [#7624](https://github.com/cloud-custodian/cloud-custodian/pull/7624): gcp - sql - fix augment function in GCP SQL * [#7622](https://github.com/cloud-custodian/cloud-custodian/pull/7622): aws.event-rule | Filter unknown arns and add event-bus as a valid target * [#7621](https://github.com/cloud-custodian/cloud-custodian/pull/7621): releng - docs build - update cache keys to address stale cache issue * [#7619](https://github.com/cloud-custodian/cloud-custodian/pull/7619): releng - docker update poetry version and update ubuntu base image * [#7613](https://github.com/cloud-custodian/cloud-custodian/pull/7613): Add myself as admin contact for the project * [#7611](https://github.com/cloud-custodian/cloud-custodian/pull/7611): aws - filters - add `aws:SourceAccount` support to cross-account filter * [#7607](https://github.com/cloud-custodian/cloud-custodian/pull/7607): fix: terminate only 'batch' number of instances a request * [#7605](https://github.com/cloud-custodian/cloud-custodian/pull/7605): releng - update policystream to use 22.04 and remove libgit compilation * [#7602](https://github.com/cloud-custodian/cloud-custodian/pull/7602): release - 0.9.18.0 - prep for release 0.9.18 * [#7601](https://github.com/cloud-custodian/cloud-custodian/pull/7601): lint - fix E275 findings from pycodestyle 2.9.0 * [#7598](https://github.com/cloud-custodian/cloud-custodian/pull/7598): Make Terminate `force=True` work with Stop Protection * [#7594](https://github.com/cloud-custodian/cloud-custodian/pull/7594): fix: skip incorrect action_date instead of failing c7n * [#7592](https://github.com/cloud-custodian/cloud-custodian/pull/7592): Get Bucket Encryption Fails When No Encryption Configuration Is Present but KMS Bucket Key is Enabled * [#7591](https://github.com/cloud-custodian/cloud-custodian/pull/7591): Get Bucket Encryption Fails When No Encryption Configuration Is Present but KMS Bucket Key is Enabled * [#7588](https://github.com/cloud-custodian/cloud-custodian/pull/7588): aws - cloudfront - support fetching with arns * [#7586](https://github.com/cloud-custodian/cloud-custodian/pull/7586): tools/c7n-mailer - fix null exception of notify_action_to * [#7579](https://github.com/cloud-custodian/cloud-custodian/pull/7579): chore: cleanup the blob output handlers. * [#7576](https://github.com/cloud-custodian/cloud-custodian/pull/7576): aws - cloudfront - post-finding fix webacl attribute * [#7575](https://github.com/cloud-custodian/cloud-custodian/pull/7575): aws - kinesis - config source attribute adaptation fix * [#7572](https://github.com/cloud-custodian/cloud-custodian/pull/7572): aws - quotas - include aws default service quotas * [#7570](https://github.com/cloud-custodian/cloud-custodian/pull/7570): core - structural validate handle explicit null filters or actions * [#7569](https://github.com/cloud-custodian/cloud-custodian/pull/7569): aws - vpc - flow-logs - bugfix LogDestination key error * [#7568](https://github.com/cloud-custodian/cloud-custodian/pull/7568): aws - budget execution mode * [#7561](https://github.com/cloud-custodian/cloud-custodian/pull/7561): AWS - Connect - Create new Connect resource and instance-attribute filter * [#7525](https://github.com/cloud-custodian/cloud-custodian/pull/7525): aws - sns and sqs- add reusable "has-statement" filter * [#7519](https://github.com/cloud-custodian/cloud-custodian/pull/7519): aws - waf/wafv2 - ability to associate apigateway, cloudfront and elb resources between waf and wafv2 web-acls * [#7498](https://github.com/cloud-custodian/cloud-custodian/pull/7498): gcp - gcp-periodic - trigger type is http, fix for delta_resource, require service-account * [#7460](https://github.com/cloud-custodian/cloud-custodian/pull/7460): AWS - Workspaces - Create filter for workspaces directory connection aliases * [#7307](https://github.com/cloud-custodian/cloud-custodian/pull/7307): aws - metrics - align metric window with cloudwatch retention schedule * [#7273](https://github.com/cloud-custodian/cloud-custodian/pull/7273): aws - rename and update lakeformation resource * [#7252](https://github.com/cloud-custodian/cloud-custodian/pull/7252): Fsx backup checks * [#7221](https://github.com/cloud-custodian/cloud-custodian/pull/7221): slack_delivery: Allow using email address in tag's value * [#7200](https://github.com/cloud-custodian/cloud-custodian/pull/7200): [Issue #6152] Error while executing policy flow-logs-enabled * [#5885](https://github.com/cloud-custodian/cloud-custodian/pull/5885): aws - apigw cross-account, handle policy mangling and use correct default ## Issues Opened * :boom: [#7656](https://github.com/cloud-custodian/cloud-custodian/issues/7656): Cloud custodian v0.9.18.0 is not able to find our policy file in the container * [#7648](https://github.com/cloud-custodian/cloud-custodian/issues/7648): VPC flow-logs policy Errors * [#7647](https://github.com/cloud-custodian/cloud-custodian/issues/7647): Add delete action and remove-statement action for secrets manager * [#7646](https://github.com/cloud-custodian/cloud-custodian/issues/7646): Add KMS filter for Secrets Manager * [#7641](https://github.com/cloud-custodian/cloud-custodian/issues/7641): aws.iam-role - [ERROR] ClientError: An error occurred (Throttling) when calling the SimulatePrincipalPolicy operation (reached max retries: 4): Rate exceeded * [#7639](https://github.com/cloud-custodian/cloud-custodian/issues/7639): AttributeError: 'list' object has no attribute 'get' * [#7635](https://github.com/cloud-custodian/cloud-custodian/issues/7635): Support for lambda layers and how to adjust environment/handler? * [#7634](https://github.com/cloud-custodian/cloud-custodian/issues/7634): UnitTests using assertTrue(x, y) instead of assertEqual(x, y) * [#7623](https://github.com/cloud-custodian/cloud-custodian/issues/7623): GCP mark(ed)-for-op support op that contains hyphen * [#7620](https://github.com/cloud-custodian/cloud-custodian/issues/7620): ci - doc builds not using cache and thus taking excess time * [#7612](https://github.com/cloud-custodian/cloud-custodian/issues/7612): DocumentDB offHours downtime support * [#7610](https://github.com/cloud-custodian/cloud-custodian/issues/7610): Policy using resource: iam-policy recieves UnrecognizedClientException during dry-run in GovCloud * [#7609](https://github.com/cloud-custodian/cloud-custodian/issues/7609): Allow to pass IAM role to "put_subscription_filter" call * [#7600](https://github.com/cloud-custodian/cloud-custodian/issues/7600): CI lint failing with E275 errors in pycodestyle 2.9.0 * [#7599](https://github.com/cloud-custodian/cloud-custodian/issues/7599): GuardDuty support for newer resources * [#7597](https://github.com/cloud-custodian/cloud-custodian/issues/7597): [EC2] Force Terminate does not work when `disableApiStop` is set * [#7593](https://github.com/cloud-custodian/cloud-custodian/issues/7593): Error when sending logs from Lambda to s3 buckets in another region * [#7590](https://github.com/cloud-custodian/cloud-custodian/issues/7590): Custodian GCP Http cache issue * :boom: [#7587](https://github.com/cloud-custodian/cloud-custodian/issues/7587): AWS Lakeformation registered location for S3 and role * [#7584](https://github.com/cloud-custodian/cloud-custodian/issues/7584): Service Limits are not showing updated limits * [#7583](https://github.com/cloud-custodian/cloud-custodian/issues/7583): Add Secrets Manager secrets resource * [#7582](https://github.com/cloud-custodian/cloud-custodian/issues/7582): Usage of `fallback_schedule` option in RDS offhours policy * [#7577](https://github.com/cloud-custodian/cloud-custodian/issues/7577): c7n-org Out of Memory (OOM) Condition When Running Merged Policy File Across 500+ Accounts * [#7573](https://github.com/cloud-custodian/cloud-custodian/issues/7573): APIGateway resources returned are tuples * [#7567](https://github.com/cloud-custodian/cloud-custodian/issues/7567): NoneType Issue * [#7566](https://github.com/cloud-custodian/cloud-custodian/issues/7566): account-service-limits for s3 ## Issues Closed * [#7623](https://github.com/cloud-custodian/cloud-custodian/issues/7623): GCP mark(ed)-for-op support op that contains hyphen * [#7620](https://github.com/cloud-custodian/cloud-custodian/issues/7620): ci - doc builds not using cache and thus taking excess time * [#7612](https://github.com/cloud-custodian/cloud-custodian/issues/7612): DocumentDB offHours downtime support * [#7600](https://github.com/cloud-custodian/cloud-custodian/issues/7600): CI lint failing with E275 errors in pycodestyle 2.9.0 * [#7597](https://github.com/cloud-custodian/cloud-custodian/issues/7597): [EC2] Force Terminate does not work when `disableApiStop` is set * [#7583](https://github.com/cloud-custodian/cloud-custodian/issues/7583): Add Secrets Manager secrets resource * [#7567](https://github.com/cloud-custodian/cloud-custodian/issues/7567): NoneType Issue * [#7566](https://github.com/cloud-custodian/cloud-custodian/issues/7566): account-service-limits for s3 * [#7564](https://github.com/cloud-custodian/cloud-custodian/issues/7564): Error using event-rule invalid-targets filter * [#7548](https://github.com/cloud-custodian/cloud-custodian/issues/7548): post-finding action of aws.distribution resource is throwing error * [#7471](https://github.com/cloud-custodian/cloud-custodian/issues/7471): Add AWS Connect resource to Cloud custodian * [#7470](https://github.com/cloud-custodian/cloud-custodian/issues/7470): Using `config-rule` mode with `aws.kinesis` resource results in `KeyError: 'StreamName'` * [#7158](https://github.com/cloud-custodian/cloud-custodian/issues/7158): Error installing c7n-gcp * [#6367](https://github.com/cloud-custodian/cloud-custodian/issues/6367): feat: Generic Helm Chart? * [#6258](https://github.com/cloud-custodian/cloud-custodian/issues/6258): Cross account filter in rest-api returning error while execution * [#6152](https://github.com/cloud-custodian/cloud-custodian/issues/6152): Error while executing policy flow-logs-enabled