C7n Community Meeting Minutes

# C7n Community Meeting Minutes # March 15th 2022 ###### tags: `Meeting` :::info - **URL:** meet.google.com/mii-evqh-esh - **Date:** March 15th, 2021 (3:00 PM (ET) / 12:00 PM (PT) / 7PM (UTC)) - **[Timezone Converter (Click me)](https://www.timeanddate.com/worldclock/converter.html?iso=20210629T190000&p1=tz_et&p2=tz_pt&p3=22&p4=240&p5=136&p6=176&p7=37&p8=248)** - **Agenda** 1. Intros `10m` 1. Agenda Items `20m` 1. PR Party `30m` - **Meeting Contact:** Jorge: <jorge@stacklet.io> - **Video:** https://www.youtube.com/watch?v=bERpbf_uUW8 - **Permalink:** ::: ## Agenda Items - Custodian 102 - March 16th (that's tomorrow!): Cloud Custodian 102 will cover c7n-org and c7n mailer. [Click the link](https://app.livestorm.co/stacklet-io/cloud-custodian-102-save-the-date-for-advance-session) for more details. - PyCon Sprint - We're planning on hacking on c7n as part of [PyCon 2022](https://us.pycon.org/2022/)! - [Our first This month in Cloud Custodian Newsletter](https://stacklet.io/blog/tmi-c7n-feb2022) is out! - (It's like these notes but higher level) ## Open Questions: - Mitushi - Check if an ec2 instance is in a certain subnet. Is there a regex to check the name of the tag instead of a value? - AJ: Good question! Don't know how to do this but here are some solutions that may work: - https://gitter.im/cloud-custodian/cloud-custodian?at=6230afbd9bd1c71ecaa3d115 - [Link to video discussion](https://youtu.be/wuZJic-EVbw?t=389) - Aakif - Azure, deployed a policy, with Stefan's help. We were able to successfully deploy, policy was working fine. - https://github.com/cloud-custodian/cloud-custodian/issues/7160 - [Link to video discussion](https://youtu.be/wuZJic-EVbw?t=721) ## :mag: PR and Issue Review ### Activity since 2022-02-28 ## [cloud-custodian/cloud-custodian](https://github.com/cloud-custodian/cloud-custodian) - repo pull\_requests * [**Added action for enabling an AWS Config Managed Rule** #7029](https://github.com/cloud-custodian/cloud-custodian/pull/7029) \[darrendao\] Similar to #7025 but implemented via action instead of run mode. Sample policy: policies: - name:... - Ask @kapilt to review. * [**Expand self.vtype == 'cidr' to support cidr range in filters/core.py** #7129](https://github.com/cloud-custodian/cloud-custodian/pull/7129) \[cahn1 & darrendao\] -TODO: Jorge to respond here This PR adds the ability to pass in a list of CIDRs for the cidr value type. There are many use cases for this... - @ajkerrigan comment on this - use case looks good - @kapilt to review * [**Added action to toggle metrics collection on glue jobs** #7151](https://github.com/cloud-custodian/cloud-custodian/pull/7151) \[darrendao\] This PR adds a new action toggle-metrics to resource glue-job. Our company relies on glue job metrics to identify... * [**Fixes for IAM and Security Hub filters** #7112](https://github.com/cloud-custodian/cloud-custodian/pull/7112) \[KISStian\] The IAM policy checker would fail if there was more than 1 principal included in a statement due to the assertion of... - TODO: AJ to submit test so we can get this over the line! * [**aws - quota - fix TooManyRequestsException when ListServices in us-east-1** #7138](https://github.com/cloud-custodian/cloud-custodian/pull/7138) \[kentnsw\] - TODO: Jorge to file issue on us warning about floods Because the us-east-1 has more services than some of the others, the service-quota filter will run into the... * [**azure - add initial defender resources** #7128](https://github.com/cloud-custodian/cloud-custodian/pull/7128) \[ajkerrigan\] This is partly addressing #7116 , and partly me figuring out the flow of adding Azure resources. High-level: Add... ## [cloud-custodian/cloud-custodian](https://github.com/cloud-custodian/cloud-custodian) * repo issues * :smiley: [**Unable to deploy GCP policies from AWS (workload identity federation)** #7155](https://github.com/cloud-custodian/cloud-custodian/issues/7155) \[darrendao\] kind/bug (Heads up from the Intuit crew if you're using [GCP Workload identity federation](https://cloud.google.com/iam/docs/workload-identity-federation) ## [cloud-custodian/examples](https://github.com/cloud-custodian/examples) * repo issues and pull requests * [**Add policies and infra for c7n workshop** #5](https://github.com/cloud-custodian/examples/pull/5) \[liz-acosta\] This PR adds example policies and infrastructure to support the c7n workshop webinar: Example... * [**Include intentionally broken infra as an example** #8](https://github.com/cloud-custodian/examples/issues/8) \[castrojo\] * [**Configure Terraform cache, specify Makefile shell** #9](https://github.com/cloud-custodian/examples/pull/9) \[ajkerrigan\] Addresses a couple issues I've encountered running these examples across systems: Sets a common Terraform Provider... created at 2022-03-14 13:08 by [dinghy 0.7.1](https://pypi.org/project/dinghy/0.7.1).