C7N Community Meeting Minutes 2024-02-20

# C7N Community Meeting Minutes 2024-02-20 ## February 20th, 2024 :::info - **URL:** meet.google.com/mii-evqh-esh - **Date:** February 20, 2024 (2:00 PM (ET) / 11:00 AM (PT) / 7PM (UTC)) - **[Timezone Converter (Click me)](https://www.timeanddate.com/worldclock/converter.html?iso=20220621T180000&p1=263&p2=224&p3=136&p4=37&p5=367&p6=438&p7=248&p8=22)** - **Agenda** 1. Intros `10m` 1. Agenda Items `20m` 1. PR Party `30m` - **Meeting Contact:** AJ: <aj@stacklet.io> - **Video Archive and Transcripts**: https://mtngs.io/cloud-custodian/community-meetings/ ::: ## Agenda Items - Cloud Custodian Day Recap! - Videos [posted](https://www.youtube.com/playlist?list=PLtIlR7WdaxTGv47Au6iJQ25DUH4on21gs) ### PR/Issue Discussion - [aws - Added new action and a bugfix for existing action for route53 #9291](https://github.com/cloud-custodian/cloud-custodian/pull/9291) - [Set Athena Workgroup Encryption also tries to change readonly field #9296](https://github.com/cloud-custodian/cloud-custodian/issues/9296) - [awscc - update action - ensure patch only against updatable properties #9297](https://github.com/cloud-custodian/cloud-custodian/pull/9297) - [How to shoehorn Appmesh Virtual Gateway / Virtual Node into the CC resource pattern given it has no "id" and given that "arn" and "createdDate" are not top level fields. #9306](https://github.com/orgs/cloud-custodian/discussions/9306) - Ideally some of these questions can be answered in a way that feeds into contributor docs - Next release status - Currently blocked by issue with Oracle's SDK's aggressive pinning of the cryptography package - PR open upstream - [chore: update cryptography version to < 43.0.0 to avoid cve #624](https://github.com/oracle/oci-python-sdk/pull/624) # Weekly Report Weekly status report for cloud-custodian/cloud-custodian Week #07 2024 ## Weekly Stats | | Opened this week| Closed this week| |--|---|-----| |Issues| 6 | 3| |PR's| 21 | 10| | | | |--|--| | New stars | 17| | New forks | 2| ## PR's Opened * [#9305](https://github.com/cloud-custodian/cloud-custodian/pull/9305): Bump cryptography from 41.0.7 to 42.0.2 in /tools/c7n_azure * [#9304](https://github.com/cloud-custodian/cloud-custodian/pull/9304): Bump cryptography from 41.0.7 to 42.0.2 in /tools/c7n_mailer * [#9303](https://github.com/cloud-custodian/cloud-custodian/pull/9303): Bump cryptography from 41.0.7 to 42.0.2 * [#9302](https://github.com/cloud-custodian/cloud-custodian/pull/9302): Bump cryptography from 41.0.7 to 42.0.2 in /tools/c7n_openstack * [#9301](https://github.com/cloud-custodian/cloud-custodian/pull/9301): aws - bedrock - add support for knowledge base * [#9300](https://github.com/cloud-custodian/cloud-custodian/pull/9300): aws - add cwa filter for alarms that have a parent composite alarm * [#9297](https://github.com/cloud-custodian/cloud-custodian/pull/9297): awscc - update action - ensure patch only against updatable properties * [#9294](https://github.com/cloud-custodian/cloud-custodian/pull/9294): aws - fix iam-role config resource ID * [#9293](https://github.com/cloud-custodian/cloud-custodian/pull/9293): shift-left - log policy error during execution * [#9291](https://github.com/cloud-custodian/cloud-custodian/pull/9291): aws - Added new action and a bugfix for existing action for route53 * [#9290](https://github.com/cloud-custodian/cloud-custodian/pull/9290): appmesh - added many tests - but not enough - need help finding observable side effects of the config * [#9289](https://github.com/cloud-custodian/cloud-custodian/pull/9289): Much more comprehensive tests BUT also a problem needing help to fix * [#9288](https://github.com/cloud-custodian/cloud-custodian/pull/9288): aws - ecs-service - modify-definition with resize support * [#9287](https://github.com/cloud-custodian/cloud-custodian/pull/9287): feat: add condition_scope to cross-account filter * [#9285](https://github.com/cloud-custodian/cloud-custodian/pull/9285): aws - make account_id available to c7n-org report * [#9284](https://github.com/cloud-custodian/cloud-custodian/pull/9284): aws - make account_id available to c7n-org report * [#9283](https://github.com/cloud-custodian/cloud-custodian/pull/9283): aws - lambda resize from cost recommendation hub * [#9282](https://github.com/cloud-custodian/cloud-custodian/pull/9282): aws - bedrock customization jobs, tag, kms-key and stop action * [#9281](https://github.com/cloud-custodian/cloud-custodian/pull/9281): aws - ec2 resize from cost hub recommendation * [#9279](https://github.com/cloud-custodian/cloud-custodian/pull/9279): docs - update vector.dev toml configuration * [#9278](https://github.com/cloud-custodian/cloud-custodian/pull/9278): releng - remove beta label on gcp ## PR's Closed * [#9294](https://github.com/cloud-custodian/cloud-custodian/pull/9294): aws - fix iam-role config resource ID * [#9289](https://github.com/cloud-custodian/cloud-custodian/pull/9289): Much more comprehensive tests BUT also a problem needing help to fix * [#9284](https://github.com/cloud-custodian/cloud-custodian/pull/9284): aws - make account_id available to c7n-org report * [#9283](https://github.com/cloud-custodian/cloud-custodian/pull/9283): aws - lambda resize from cost recommendation hub * [#9282](https://github.com/cloud-custodian/cloud-custodian/pull/9282): aws - bedrock customization jobs, tag, kms-key and stop action * [#9281](https://github.com/cloud-custodian/cloud-custodian/pull/9281): aws - ec2 resize from cost hub recommendation * [#9279](https://github.com/cloud-custodian/cloud-custodian/pull/9279): docs - update vector.dev toml configuration * [#9278](https://github.com/cloud-custodian/cloud-custodian/pull/9278): releng - remove beta label on gcp * [#9271](https://github.com/cloud-custodian/cloud-custodian/pull/9271): aws - s3 - add support for storage lens configuration * [#9115](https://github.com/cloud-custodian/cloud-custodian/pull/9115): azure - sql-server-vulnerability-assessments and sql-server.filters.vulnerability-assessments ## Issues Opened * [#9307](https://github.com/cloud-custodian/cloud-custodian/issues/9307): How to shoehorn Appmesh Virtual Gateway / Virtual Node into the CC resource pattern given it has no "id" and given that "arn" and "createdDate" are not top level fields. * [#9299](https://github.com/cloud-custodian/cloud-custodian/issues/9299): aws - cloudwatch alarms add support to filter out alarms with a parent composite alarm * [#9298](https://github.com/cloud-custodian/cloud-custodian/issues/9298): custodian schema gcp.vpc.filters.firewall shows AWS example policy for aws.security-group and aws.ecs-task-definition * [#9296](https://github.com/cloud-custodian/cloud-custodian/issues/9296): Set Athena Workgroup Encryption also tries to change readonly field * [#9292](https://github.com/cloud-custodian/cloud-custodian/issues/9292): Unable to get dynamodb-backup resources * [#9286](https://github.com/cloud-custodian/cloud-custodian/issues/9286): Check old EC2 instance whether its rebooted or not, required filter with OS level uptime ## Issues Closed * [#9263](https://github.com/cloud-custodian/cloud-custodian/issues/9263): Newly AWS enabled region in not available * [#9246](https://github.com/cloud-custodian/cloud-custodian/issues/9246): Add support for storage lens configuration for s3 service in Cloud Custodian * [#5474](https://github.com/cloud-custodian/cloud-custodian/issues/5474): docs - investigate alternatives to sphinx