C7N Community Meeting Minutes 2023-10-17

# C7N Community Meeting Minutes 2023-10-17 ## October 17th 2023 :::info - **URL:** meet.google.com/mii-evqh-esh - **Date:** October 17, 2023 (2:00 PM (ET) / 11:00 AM (PT) / 7PM (UTC)) - **[Timezone Converter (Click me)](https://www.timeanddate.com/worldclock/converter.html?iso=20220621T180000&p1=263&p2=224&p3=136&p4=37&p5=367&p6=438&p7=248&p8=22)** - **Agenda** 1. Intros `10m` 1. Agenda Items `20m` 1. PR Party `30m` - **Meeting Contact:** AJ: <aj@stacklet.io> - **Video Archive and Transcripts**: https://mtngs.io/cloud-custodian/community-meetings/ ::: ## Agenda Items - Intros, etc. - Issue incoming around fetching credentials from ECS tasks - botocore.exceptions.EndpointConnectionError: Could not connect to the endpoint URL: "http://169.254.170.2/v2/credentials/XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX"\ ### PR/Issue Discussion - [ AWS account filter service-limits runs into unrefreshable check ID c1dfprch07 #9001 ](https://github.com/cloud-custodian/cloud-custodian/issues/9001) - Python version bumps - https://github.com/cloud-custodian/cloud-custodian/issues/9043 - https://github.com/cloud-custodian/cloud-custodian/issues/9034 - https://github.com/cloud-custodian/cloud-custodian/pull/9047 - ECS port exhaustion fetching creds - https://github.com/cloud-custodian/cloud-custodian/issues/9031 - boto3/s3 memory leak - https://github.com/cloud-custodian/cloud-custodian/pull/9065 - https://github.com/cloud-custodian/cloud-custodian/issues/8791 - https://gist.github.com/dmytro-afanasiev/94e1ec66f53f8302eb87ba4885982904 # Weekly Report Weekly status report for cloud-custodian/cloud-custodian Week #42 2023 ## Weekly Stats | | Opened this week| Closed this week| |--|---|-----| |Issues| 11 | 2| |PR's| 32 | 19| | | | |--|--| | New stars | 24| | New forks | 9| ## PR's Opened * [#9072](https://github.com/cloud-custodian/cloud-custodian/pull/9072): Fix: Handles InvalidParameterValueException for refreshing trusted advisor checks (#9001) * [#9071](https://github.com/cloud-custodian/cloud-custodian/pull/9071): Fix list index error in aws arn parsing * [#9070](https://github.com/cloud-custodian/cloud-custodian/pull/9070): aws - elasticsearch - fix error handling of boto3 * [#9069](https://github.com/cloud-custodian/cloud-custodian/pull/9069): GCP WIF not working - https://github.com/cloud-custodian/cloud-custodian/issues/7155 * [#9068](https://github.com/cloud-custodian/cloud-custodian/pull/9068): Corrected issue reported in https://github.com/cloud-custodian/cloud-custodian/issues/7155 * [#9066](https://github.com/cloud-custodian/cloud-custodian/pull/9066): aws - check-cloudtrail filter - fix * [#9065](https://github.com/cloud-custodian/cloud-custodian/pull/9065): Boto3 clients memory leak * [#9064](https://github.com/cloud-custodian/cloud-custodian/pull/9064): openstack - security-group * [#9063](https://github.com/cloud-custodian/cloud-custodian/pull/9063): aws - iam-oidc-provider - adds delete action * [#9062](https://github.com/cloud-custodian/cloud-custodian/pull/9062): azure - signalr * [#9061](https://github.com/cloud-custodian/cloud-custodian/pull/9061): azure - defender-assessment, defender-contacts, defender-jit-policies, defender-jit-policies-filter * [#9060](https://github.com/cloud-custodian/cloud-custodian/pull/9060): azure - security-assessments * [#9059](https://github.com/cloud-custodian/cloud-custodian/pull/9059): Log error and continue when deleting IGWs * [#9058](https://github.com/cloud-custodian/cloud-custodian/pull/9058): aws - add support for opensearch serverless * [#9053](https://github.com/cloud-custodian/cloud-custodian/pull/9053): aws - add support for opensearch domain * [#9051](https://github.com/cloud-custodian/cloud-custodian/pull/9051): aws - glue - fix toggle-metrics filter * [#9050](https://github.com/cloud-custodian/cloud-custodian/pull/9050): Bump golang.org/x/net from 0.7.0 to 0.17.0 in /tools/cask * [#9049](https://github.com/cloud-custodian/cloud-custodian/pull/9049): Bump golang.org/x/net from 0.7.0 to 0.17.0 in /tools/omnissm * [#9047](https://github.com/cloud-custodian/cloud-custodian/pull/9047): Add python3.11 to runtime property in policy lambda mode schema * [#9046](https://github.com/cloud-custodian/cloud-custodian/pull/9046): Enhanchement/adding port ranges to firewall rules * [#9045](https://github.com/cloud-custodian/cloud-custodian/pull/9045): azure - redis.filters.redis-firewall-filter * [#9044](https://github.com/cloud-custodian/cloud-custodian/pull/9044): azure - networksecuritygroup.filters.flow-analytics-logging * [#9042](https://github.com/cloud-custodian/cloud-custodian/pull/9042): add mysql-server-security-alert-policies-filter * [#9041](https://github.com/cloud-custodian/cloud-custodian/pull/9041): azure - postgresql-server.filters * [#9040](https://github.com/cloud-custodian/cloud-custodian/pull/9040): azure - mariadb-server * [#9039](https://github.com/cloud-custodian/cloud-custodian/pull/9039): azure - machine-learning-workspace * [#9038](https://github.com/cloud-custodian/cloud-custodian/pull/9038): azure - front-door.filters.web-application-firewall-policies * [#9037](https://github.com/cloud-custodian/cloud-custodian/pull/9037): azure - eventhub.filters.private-endpoint-connections * [#9035](https://github.com/cloud-custodian/cloud-custodian/pull/9035): azure - event-grid-topic * [#9032](https://github.com/cloud-custodian/cloud-custodian/pull/9032): fix: use correct regex patterns in ami shares * [#9030](https://github.com/cloud-custodian/cloud-custodian/pull/9030): Adding EffectiveFirewall filter to gke cluster * [#9029](https://github.com/cloud-custodian/cloud-custodian/pull/9029): c7n-left - support policy filtering for warn on ## PR's Closed * [#9070](https://github.com/cloud-custodian/cloud-custodian/pull/9070): aws - elasticsearch - fix error handling of boto3 * [#9068](https://github.com/cloud-custodian/cloud-custodian/pull/9068): Corrected issue reported in https://github.com/cloud-custodian/cloud-custodian/issues/7155 * [#9066](https://github.com/cloud-custodian/cloud-custodian/pull/9066): aws - check-cloudtrail filter - fix * [#9063](https://github.com/cloud-custodian/cloud-custodian/pull/9063): aws - iam-oidc-provider - adds delete action * [#9062](https://github.com/cloud-custodian/cloud-custodian/pull/9062): azure - signalr * [#9060](https://github.com/cloud-custodian/cloud-custodian/pull/9060): azure - security-assessments * [#9059](https://github.com/cloud-custodian/cloud-custodian/pull/9059): Log error and continue when deleting IGWs * [#9051](https://github.com/cloud-custodian/cloud-custodian/pull/9051): aws - glue - fix toggle-metrics filter * [#9050](https://github.com/cloud-custodian/cloud-custodian/pull/9050): Bump golang.org/x/net from 0.7.0 to 0.17.0 in /tools/cask * [#9047](https://github.com/cloud-custodian/cloud-custodian/pull/9047): Add python3.11 to runtime property in policy lambda mode schema * [#9040](https://github.com/cloud-custodian/cloud-custodian/pull/9040): azure - mariadb-server * [#9035](https://github.com/cloud-custodian/cloud-custodian/pull/9035): azure - event-grid-topic * [#9029](https://github.com/cloud-custodian/cloud-custodian/pull/9029): c7n-left - support policy filtering for warn on * [#8992](https://github.com/cloud-custodian/cloud-custodian/pull/8992): Add DesktopVirtualization resources * [#8968](https://github.com/cloud-custodian/cloud-custodian/pull/8968): aws - check-cloudtrail filter - update * [#8892](https://github.com/cloud-custodian/cloud-custodian/pull/8892): aws - ecs - adding network-location filter for ecs-service and ecs-task * [#8542](https://github.com/cloud-custodian/cloud-custodian/pull/8542): Adding new filter to examine resources contained within a resource group * [#8437](https://github.com/cloud-custodian/cloud-custodian/pull/8437): ensuring webacl detail is present for wafv2 resources * [#8420](https://github.com/cloud-custodian/cloud-custodian/pull/8420): Add api-key feature to values_from ## Issues Opened * [#9067](https://github.com/cloud-custodian/cloud-custodian/issues/9067): Can we please add support to setting AWS AMIs to a disabled state * [#9057](https://github.com/cloud-custodian/cloud-custodian/issues/9057): aws - opensearch serverless support * [#9056](https://github.com/cloud-custodian/cloud-custodian/issues/9056): Custodian stops processing IGW objects when it hits a DependencyViolation exception * [#9055](https://github.com/cloud-custodian/cloud-custodian/issues/9055): Match multiple values in network-location filter * [#9052](https://github.com/cloud-custodian/cloud-custodian/issues/9052): aws - opensearch domain support * [#9048](https://github.com/cloud-custodian/cloud-custodian/issues/9048): AWS - VPC Endpoint Service Allowed Principals Check Filter * [#9043](https://github.com/cloud-custodian/cloud-custodian/issues/9043): Support Python 3.11 Lambda Runtime * [#9036](https://github.com/cloud-custodian/cloud-custodian/issues/9036): Filter 'lifecycle-rule' for a AWS ECR doen't work with multiple lifecycle policies * [#9034](https://github.com/cloud-custodian/cloud-custodian/issues/9034): releng - support python 3.12 * [#9033](https://github.com/cloud-custodian/cloud-custodian/issues/9033): Enable lambda-mode for AWS Cloud Control Provider * [#9031](https://github.com/cloud-custodian/cloud-custodian/issues/9031): Custodian job errors/failures potentially because of exhaustion of ephemeral ports on the instance ## Issues Closed * [#9056](https://github.com/cloud-custodian/cloud-custodian/issues/9056): Custodian stops processing IGW objects when it hits a DependencyViolation exception * [#8940](https://github.com/cloud-custodian/cloud-custodian/issues/8940): c7n-left - support cli flag filtering for warning and failures