# C7N Community Meeting Minutes 2023-09-05 ## September 5th 2023 :::info - **URL:** meet.google.com/mii-evqh-esh - **Date:** Septermber 5, 2023 (2:00 PM (ET) / 11:00 AM (PT) / 7PM (UTC)) - **[Timezone Converter (Click me)](https://www.timeanddate.com/worldclock/converter.html?iso=20220621T180000&p1=263&p2=224&p3=136&p4=37&p5=367&p6=438&p7=248&p8=22)** - **Agenda** 1. Intros `10m` 1. Agenda Items `20m` 1. PR Party `30m` - **Meeting Contact:** AJ: <aj@stacklet.io> - **Video Archive and Transcripts**: https://mtngs.io/cloud-custodian/community-meetings/ ::: ## Agenda Items - Intros, etc. - We're moving on from Python 3.7 this year, details TBD, heads up: - https://github.com/cloud-custodian/cloud-custodian/issues/8092 - Next release? - Aiming for tomorrow, 2023-09-06 - Pratyush will be at the helm :tada: - Transient Docker build failure? - Discussion: https://cloud-custodian.slack.com/archives/C03UC3D92J3/p1693536754243599?thread_ts=1693520209.427159&cid=C03UC3D92J3 - Document limitations of periodic Lambda mode policies (lack of caching, time limits, stampeding herd across accounts...) - Adding jitter to schedule time could avoid one problem, but the recommendation is to run policies outside Lambda instead (c7n-org + codebuild/ecs/etc) ### PR/Issue Discussion - [aws - glue catalog - kms-key filter and set-encryption refactor #8833](https://github.com/cloud-custodian/cloud-custodian/pull/8833) # Weekly Report Weekly status report for cloud-custodian/cloud-custodian Week #36 2023 ## Weekly Stats | | Opened this week| Closed this week| |--|---|-----| |Issues| 13 | 10| |PR's| 24 | 24| | | | |--|--| | New stars | 22| | New forks | 24| ## PR's Opened * [#8906](https://github.com/cloud-custodian/cloud-custodian/pull/8906): c7n-left - cli output module resource refs * [#8905](https://github.com/cloud-custodian/cloud-custodian/pull/8905): Create new filter keyvault-keys-rotation to check rotation policy * [#8904](https://github.com/cloud-custodian/cloud-custodian/pull/8904): c7n-left - ensure tfmeta has type for all block types * [#8903](https://github.com/cloud-custodian/cloud-custodian/pull/8903): gcp - kms keyring filter * [#8902](https://github.com/cloud-custodian/cloud-custodian/pull/8902): gcp - vpc-firewall-filter * [#8901](https://github.com/cloud-custodian/cloud-custodian/pull/8901): gcp - vpc-firewall-filter * [#8900](https://github.com/cloud-custodian/cloud-custodian/pull/8900): gcp - snapshot filters: disk availability * [#8899](https://github.com/cloud-custodian/cloud-custodian/pull/8899): gcp - loadbalancer-backend-frontend-ssl and loadbalancer-target-https-proxy-ssl-policy * [#8897](https://github.com/cloud-custodian/cloud-custodian/pull/8897): tencentcloud support to auth by the profile way * [#8896](https://github.com/cloud-custodian/cloud-custodian/pull/8896): tencentcloud support to auth by the profile way * [#8895](https://github.com/cloud-custodian/cloud-custodian/pull/8895): Added IAM Access Analyzer findings resource * [#8894](https://github.com/cloud-custodian/cloud-custodian/pull/8894): c7n-left - fix default tags with module resources * [#8892](https://github.com/cloud-custodian/cloud-custodian/pull/8892): aws - ecs - adding network-location filter for ecs-service and ecs-task * [#8891](https://github.com/cloud-custodian/cloud-custodian/pull/8891): aws - rds - delete | filter out resources associated with a cluster * [#8884](https://github.com/cloud-custodian/cloud-custodian/pull/8884): Az blob upload fix fixes #8885 * [#8883](https://github.com/cloud-custodian/cloud-custodian/pull/8883): Fix bug destinationPortRange test * [#8882](https://github.com/cloud-custodian/cloud-custodian/pull/8882): c7n-left - value_from fix, env var interpolation support, and docs on data resources plus a tag test * [#8880](https://github.com/cloud-custodian/cloud-custodian/pull/8880): Enhancement/adding valid gcp node versions, master version, and imagetype to nodepool and cluster resources * [#8878](https://github.com/cloud-custodian/cloud-custodian/pull/8878): aws - tag rename action via universal/resource group tag api * [#8877](https://github.com/cloud-custodian/cloud-custodian/pull/8877): gcp - compute - add suspend and pause actions * [#8876](https://github.com/cloud-custodian/cloud-custodian/pull/8876): aws - elasticache and rg skip delete when linked with global ds * [#8874](https://github.com/cloud-custodian/cloud-custodian/pull/8874): docs - fix c7n-left check encryption policy * [#8872](https://github.com/cloud-custodian/cloud-custodian/pull/8872): releng - move some obsolete things to sandbox * [#8871](https://github.com/cloud-custodian/cloud-custodian/pull/8871): oci - documentation correction ## PR's Closed * [#8906](https://github.com/cloud-custodian/cloud-custodian/pull/8906): c7n-left - cli output module resource refs * [#8904](https://github.com/cloud-custodian/cloud-custodian/pull/8904): c7n-left - ensure tfmeta has type for all block types * [#8897](https://github.com/cloud-custodian/cloud-custodian/pull/8897): tencentcloud support to auth by the profile way * [#8896](https://github.com/cloud-custodian/cloud-custodian/pull/8896): tencentcloud support to auth by the profile way * [#8895](https://github.com/cloud-custodian/cloud-custodian/pull/8895): Added IAM Access Analyzer findings resource * [#8894](https://github.com/cloud-custodian/cloud-custodian/pull/8894): c7n-left - fix default tags with module resources * [#8891](https://github.com/cloud-custodian/cloud-custodian/pull/8891): aws - rds - delete | filter out resources associated with a cluster * [#8884](https://github.com/cloud-custodian/cloud-custodian/pull/8884): Az blob upload fix fixes #8885 * [#8883](https://github.com/cloud-custodian/cloud-custodian/pull/8883): Fix bug destinationPortRange test * [#8882](https://github.com/cloud-custodian/cloud-custodian/pull/8882): c7n-left - value_from fix, env var interpolation support, and docs on data resources plus a tag test * [#8878](https://github.com/cloud-custodian/cloud-custodian/pull/8878): aws - tag rename action via universal/resource group tag api * [#8877](https://github.com/cloud-custodian/cloud-custodian/pull/8877): gcp - compute - add suspend and pause actions * [#8874](https://github.com/cloud-custodian/cloud-custodian/pull/8874): docs - fix c7n-left check encryption policy * [#8871](https://github.com/cloud-custodian/cloud-custodian/pull/8871): oci - documentation correction * [#8870](https://github.com/cloud-custodian/cloud-custodian/pull/8870): Create monitor logs profile storage filter * [#8868](https://github.com/cloud-custodian/cloud-custodian/pull/8868): aws - s3 - adding bucket_key_enabled to bucket-encryption filter * [#8851](https://github.com/cloud-custodian/cloud-custodian/pull/8851): resolver - support decompression when using value_from with s3 * [#8825](https://github.com/cloud-custodian/cloud-custodian/pull/8825): gcp - instance-group-manager, zone * [#8812](https://github.com/cloud-custodian/cloud-custodian/pull/8812): gcp - firewall filters: attached-to-cluster * [#8798](https://github.com/cloud-custodian/cloud-custodian/pull/8798): Add CIDR support for Azure NSG * [#8699](https://github.com/cloud-custodian/cloud-custodian/pull/8699): gcp - added spanner-instance-backup * [#8678](https://github.com/cloud-custodian/cloud-custodian/pull/8678): gcp - added bucket-access-control-list * [#5037](https://github.com/cloud-custodian/cloud-custodian/pull/5037): Add c7n_guardian enhancement for getting regions out of yaml file * [#4344](https://github.com/cloud-custodian/cloud-custodian/pull/4344): gcp - load balancer - url maps - delete action ## Issues Opened * [#8913](https://github.com/cloud-custodian/cloud-custodian/issues/8913): c7n-left - cli output for module should show mod resource paths * [#8898](https://github.com/cloud-custodian/cloud-custodian/issues/8898): cross-account filter checks all conditions for each filter parameter * [#8893](https://github.com/cloud-custodian/cloud-custodian/issues/8893): Throttling error on DescribeTargetGroupAttributes for app-elb-target-group resource type * [#8890](https://github.com/cloud-custodian/cloud-custodian/issues/8890): Create a Cloud Custodian filter that checks Cloudwatch Alarms and takes action on resources * [#8889](https://github.com/cloud-custodian/cloud-custodian/issues/8889): c7n-left - allow using environment variables in policies * [#8888](https://github.com/cloud-custodian/cloud-custodian/issues/8888): c7n-left - support value_from * [#8887](https://github.com/cloud-custodian/cloud-custodian/issues/8887): Add resize action to gcp.gke-nodepool * [#8886](https://github.com/cloud-custodian/cloud-custodian/issues/8886): RDS instance delete not working * [#8885](https://github.com/cloud-custodian/cloud-custodian/issues/8885): output to Azure blob storage doesn't store actual output * [#8881](https://github.com/cloud-custodian/cloud-custodian/issues/8881): support value_from headers from environment variables * [#8879](https://github.com/cloud-custodian/cloud-custodian/issues/8879): docs - c7n-left example of traverse to data resource and policy on data resource. * [#8875](https://github.com/cloud-custodian/cloud-custodian/issues/8875): Add Support for `rename-label` for GCP resources akin to AWS `rename-tag` * :boom: [#8873](https://github.com/cloud-custodian/cloud-custodian/issues/8873): {now} does not expand in value_from.url when running in serverless mode ## Issues Closed * [#8913](https://github.com/cloud-custodian/cloud-custodian/issues/8913): c7n-left - cli output for module should show mod resource paths * [#8889](https://github.com/cloud-custodian/cloud-custodian/issues/8889): c7n-left - allow using environment variables in policies * [#8888](https://github.com/cloud-custodian/cloud-custodian/issues/8888): c7n-left - support value_from * [#8886](https://github.com/cloud-custodian/cloud-custodian/issues/8886): RDS instance delete not working * [#8885](https://github.com/cloud-custodian/cloud-custodian/issues/8885): output to Azure blob storage doesn't store actual output * [#8879](https://github.com/cloud-custodian/cloud-custodian/issues/8879): docs - c7n-left example of traverse to data resource and policy on data resource. * [#8859](https://github.com/cloud-custodian/cloud-custodian/issues/8859): GCP - switch from "stop" to "pause" for stop actions in gcp.instances * [#8788](https://github.com/cloud-custodian/cloud-custodian/issues/8788): AWS Resources add rename-tag action * [#8654](https://github.com/cloud-custodian/cloud-custodian/issues/8654): Add support for Access Analyzer * [#4547](https://github.com/cloud-custodian/cloud-custodian/issues/4547): gcp - vpc service - work with organizations