C7N Community Meeting Minutes 2023-10-31

# C7N Community Meeting Minutes 2023-10-31 ## October 31st 2023 :::info - **URL:** meet.google.com/mii-evqh-esh - **Date:** October 31, 2023 (2:00 PM (ET) / 11:00 AM (PT) / 7PM (UTC)) - **[Timezone Converter (Click me)](https://www.timeanddate.com/worldclock/converter.html?iso=20220621T180000&p1=263&p2=224&p3=136&p4=37&p5=367&p6=438&p7=248&p8=22)** - **Agenda** 1. Intros `10m` 1. Agenda Items `20m` 1. PR Party `30m` - **Meeting Contact:** AJ: <aj@stacklet.io> - **Video Archive and Transcripts**: https://mtngs.io/cloud-custodian/community-meetings/ ::: ## Agenda Items - Intros, etc. - Issue incoming around fetching credentials from ECS tasks - botocore.exceptions.EndpointConnectionError: Could not connect to the endpoint URL: "http://169.254.170.2/v2/credentials/XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX"\ ### PR/Issue Discussion - https://github.com/cloud-custodian/cloud-custodian/pull/9107 - Testing welcome! # Weekly Report Weekly status report for cloud-custodian/cloud-custodian Week #44 2023 ## Weekly Stats | | Opened this week| Closed this week| |--|---|-----| |Issues| 10 | 10| |PR's| 43 | 38| | | | |--|--| | New stars | 18| | New forks | 8| ## PR's Opened * [#9127](https://github.com/cloud-custodian/cloud-custodian/pull/9127): adding postgresql flexible servers start and stop features * [#9126](https://github.com/cloud-custodian/cloud-custodian/pull/9126): fix: get SG IDs from all interfaces on an EC2 instance in 'security-group' filter * [#9125](https://github.com/cloud-custodian/cloud-custodian/pull/9125): aws - dynamodb-table - delete protection config and force delete * [#9123](https://github.com/cloud-custodian/cloud-custodian/pull/9123): openstack - user.filters.extended-info * [#9122](https://github.com/cloud-custodian/cloud-custodian/pull/9122): Bump github.com/docker/docker from 23.0.3+incompatible to 24.0.7+incompatible in /tools/cask * [#9121](https://github.com/cloud-custodian/cloud-custodian/pull/9121): aws - add support for workspaces web * [#9119](https://github.com/cloud-custodian/cloud-custodian/pull/9119): openstack - server.filters.security-group * [#9118](https://github.com/cloud-custodian/cloud-custodian/pull/9118): azure - stream-job * [#9117](https://github.com/cloud-custodian/cloud-custodian/pull/9117): Update azure poetry lock * [#9116](https://github.com/cloud-custodian/cloud-custodian/pull/9116): azure - storage.filters * [#9115](https://github.com/cloud-custodian/cloud-custodian/pull/9115): azure - sql-server-vulnerability-assessments and sql-server.filters.vulnerability-assessments * [#9114](https://github.com/cloud-custodian/cloud-custodian/pull/9114): azure - sql-server.filters failover-group-filter sql-server-security-alert-policies * [#9113](https://github.com/cloud-custodian/cloud-custodian/pull/9113): azure - sql-managed-instance and its filters * [#9110](https://github.com/cloud-custodian/cloud-custodian/pull/9110): aws - secrets manager tag, ignore reserved tags * [#9108](https://github.com/cloud-custodian/cloud-custodian/pull/9108): releng - update deps and restore azure lock file * [#9107](https://github.com/cloud-custodian/cloud-custodian/pull/9107): aws - cache clients by region * [#9105](https://github.com/cloud-custodian/cloud-custodian/pull/9105): Update the docker README for c7n_mailer * [#9104](https://github.com/cloud-custodian/cloud-custodian/pull/9104): releng: vendor selections of distutils * [#9103](https://github.com/cloud-custodian/cloud-custodian/pull/9103): Added support for 'aws-iso' partition * [#9101](https://github.com/cloud-custodian/cloud-custodian/pull/9101): add a case-insensitive option in 'Type' filter * [#9100](https://github.com/cloud-custodian/cloud-custodian/pull/9100): aws - add eni detach and eip disassociate actions, fix check-permissions filter * [#9099](https://github.com/cloud-custodian/cloud-custodian/pull/9099): Rds cluster pending maintenance list filter * [#9098](https://github.com/cloud-custodian/cloud-custodian/pull/9098): azure - sql-database.filters.data-encryption * [#9097](https://github.com/cloud-custodian/cloud-custodian/pull/9097): azure - azure.sql-auditing-settings * [#9096](https://github.com/cloud-custodian/cloud-custodian/pull/9096): Update azure poetry lock * [#9094](https://github.com/cloud-custodian/cloud-custodian/pull/9094): Make AWS waf global * [#9092](https://github.com/cloud-custodian/cloud-custodian/pull/9092): aws - modify-sgs by tags - vpc id check * [#9090](https://github.com/cloud-custodian/cloud-custodian/pull/9090): releng - update dependencies - 2023-10 * [#9088](https://github.com/cloud-custodian/cloud-custodian/pull/9088): Bump urllib3 from 1.26.17 to 1.26.18 in /tools/c7n_tencentcloud * [#9087](https://github.com/cloud-custodian/cloud-custodian/pull/9087): Bump urllib3 from 1.26.17 to 1.26.18 in /tools/c7n_mailer * [#9086](https://github.com/cloud-custodian/cloud-custodian/pull/9086): Bump urllib3 from 1.26.17 to 1.26.18 in /tools/c7n_azure * [#9085](https://github.com/cloud-custodian/cloud-custodian/pull/9085): Bump urllib3 from 1.26.17 to 1.26.18 in /tools/c7n_terraform * [#9084](https://github.com/cloud-custodian/cloud-custodian/pull/9084): Bump urllib3 from 1.26.17 to 1.26.18 in /tools/c7n_openstack * [#9083](https://github.com/cloud-custodian/cloud-custodian/pull/9083): Bump urllib3 from 1.26.17 to 1.26.18 in /tools/c7n_sphinxext * [#9082](https://github.com/cloud-custodian/cloud-custodian/pull/9082): Bump urllib3 from 1.26.17 to 1.26.18 in /tools/c7n_left * [#9081](https://github.com/cloud-custodian/cloud-custodian/pull/9081): Bump urllib3 from 1.26.17 to 1.26.18 in /tools/c7n_kube * [#9080](https://github.com/cloud-custodian/cloud-custodian/pull/9080): Bump urllib3 from 1.26.17 to 1.26.18 in /tools/c7n_org * [#9079](https://github.com/cloud-custodian/cloud-custodian/pull/9079): Bump urllib3 from 1.26.17 to 1.26.18 in /tools/c7n_trailcreator * [#9078](https://github.com/cloud-custodian/cloud-custodian/pull/9078): Bump urllib3 from 1.26.17 to 1.26.18 in /tools/c7n_policystream * [#9077](https://github.com/cloud-custodian/cloud-custodian/pull/9077): Bump urllib3 from 1.26.17 to 1.26.18 in /tools/c7n_logexporter * [#9076](https://github.com/cloud-custodian/cloud-custodian/pull/9076): Bump urllib3 from 1.26.17 to 1.26.18 in /tools/c7n_gcp * [#9075](https://github.com/cloud-custodian/cloud-custodian/pull/9075): Bump urllib3 from 1.26.17 to 1.26.18 * [#9074](https://github.com/cloud-custodian/cloud-custodian/pull/9074): Bump urllib3 from 1.26.17 to 1.26.18 in /tools/c7n_awscc ## PR's Closed * [#9121](https://github.com/cloud-custodian/cloud-custodian/pull/9121): aws - add support for workspaces web * [#9119](https://github.com/cloud-custodian/cloud-custodian/pull/9119): openstack - server.filters.security-group * [#9110](https://github.com/cloud-custodian/cloud-custodian/pull/9110): aws - secrets manager tag, ignore reserved tags * [#9108](https://github.com/cloud-custodian/cloud-custodian/pull/9108): releng - update deps and restore azure lock file * [#9105](https://github.com/cloud-custodian/cloud-custodian/pull/9105): Update the docker README for c7n_mailer * [#9104](https://github.com/cloud-custodian/cloud-custodian/pull/9104): releng: vendor selections of distutils * [#9103](https://github.com/cloud-custodian/cloud-custodian/pull/9103): Added support for 'aws-iso' partition * [#9101](https://github.com/cloud-custodian/cloud-custodian/pull/9101): add a case-insensitive option in 'Type' filter * [#9099](https://github.com/cloud-custodian/cloud-custodian/pull/9099): Rds cluster pending maintenance list filter * [#9098](https://github.com/cloud-custodian/cloud-custodian/pull/9098): azure - sql-database.filters.data-encryption * [#9096](https://github.com/cloud-custodian/cloud-custodian/pull/9096): Update azure poetry lock * [#9094](https://github.com/cloud-custodian/cloud-custodian/pull/9094): Make AWS waf global * [#9092](https://github.com/cloud-custodian/cloud-custodian/pull/9092): aws - modify-sgs by tags - vpc id check * [#9090](https://github.com/cloud-custodian/cloud-custodian/pull/9090): releng - update dependencies - 2023-10 * [#9088](https://github.com/cloud-custodian/cloud-custodian/pull/9088): Bump urllib3 from 1.26.17 to 1.26.18 in /tools/c7n_tencentcloud * [#9087](https://github.com/cloud-custodian/cloud-custodian/pull/9087): Bump urllib3 from 1.26.17 to 1.26.18 in /tools/c7n_mailer * [#9086](https://github.com/cloud-custodian/cloud-custodian/pull/9086): Bump urllib3 from 1.26.17 to 1.26.18 in /tools/c7n_azure * [#9085](https://github.com/cloud-custodian/cloud-custodian/pull/9085): Bump urllib3 from 1.26.17 to 1.26.18 in /tools/c7n_terraform * [#9084](https://github.com/cloud-custodian/cloud-custodian/pull/9084): Bump urllib3 from 1.26.17 to 1.26.18 in /tools/c7n_openstack * [#9083](https://github.com/cloud-custodian/cloud-custodian/pull/9083): Bump urllib3 from 1.26.17 to 1.26.18 in /tools/c7n_sphinxext * [#9082](https://github.com/cloud-custodian/cloud-custodian/pull/9082): Bump urllib3 from 1.26.17 to 1.26.18 in /tools/c7n_left * [#9081](https://github.com/cloud-custodian/cloud-custodian/pull/9081): Bump urllib3 from 1.26.17 to 1.26.18 in /tools/c7n_kube * [#9080](https://github.com/cloud-custodian/cloud-custodian/pull/9080): Bump urllib3 from 1.26.17 to 1.26.18 in /tools/c7n_org * [#9079](https://github.com/cloud-custodian/cloud-custodian/pull/9079): Bump urllib3 from 1.26.17 to 1.26.18 in /tools/c7n_trailcreator * [#9078](https://github.com/cloud-custodian/cloud-custodian/pull/9078): Bump urllib3 from 1.26.17 to 1.26.18 in /tools/c7n_policystream * [#9077](https://github.com/cloud-custodian/cloud-custodian/pull/9077): Bump urllib3 from 1.26.17 to 1.26.18 in /tools/c7n_logexporter * [#9076](https://github.com/cloud-custodian/cloud-custodian/pull/9076): Bump urllib3 from 1.26.17 to 1.26.18 in /tools/c7n_gcp * [#9075](https://github.com/cloud-custodian/cloud-custodian/pull/9075): Bump urllib3 from 1.26.17 to 1.26.18 * [#9074](https://github.com/cloud-custodian/cloud-custodian/pull/9074): Bump urllib3 from 1.26.17 to 1.26.18 in /tools/c7n_awscc * [#9072](https://github.com/cloud-custodian/cloud-custodian/pull/9072): Fix: Handles InvalidParameterValueException for refreshing trusted advisor checks (#9001) * [#9071](https://github.com/cloud-custodian/cloud-custodian/pull/9071): Fix list index error in aws arn parsing * [#9064](https://github.com/cloud-custodian/cloud-custodian/pull/9064): openstack - security-group * [#9058](https://github.com/cloud-custodian/cloud-custodian/pull/9058): aws - add support for opensearch serverless * [#9053](https://github.com/cloud-custodian/cloud-custodian/pull/9053): aws - add support for opensearch domain * [#9049](https://github.com/cloud-custodian/cloud-custodian/pull/9049): Bump golang.org/x/net from 0.7.0 to 0.17.0 in /tools/omnissm * [#9046](https://github.com/cloud-custodian/cloud-custodian/pull/9046): Enhanchement/adding port ranges to firewall rules * [#9039](https://github.com/cloud-custodian/cloud-custodian/pull/9039): azure - machine-learning-workspace * [#8990](https://github.com/cloud-custodian/cloud-custodian/pull/8990): Update tagcompliance.rst ## Issues Opened * [#9120](https://github.com/cloud-custodian/cloud-custodian/issues/9120): aws - workspaces web support * [#9112](https://github.com/cloud-custodian/cloud-custodian/issues/9112): aws.asg - Resize using a threshold * [#9111](https://github.com/cloud-custodian/cloud-custodian/issues/9111): aws.asg - Set desired capacity to the maximum taken from cloudwatch metrics for a specific period * [#9109](https://github.com/cloud-custodian/cloud-custodian/issues/9109): Adding Parent tags to resources * [#9106](https://github.com/cloud-custodian/cloud-custodian/issues/9106): c7n-mailer - Amazon SES Verified Domain Identity instead of a Verified Email Address Identity * [#9102](https://github.com/cloud-custodian/cloud-custodian/issues/9102): Handle aws-iso region * [#9095](https://github.com/cloud-custodian/cloud-custodian/issues/9095): The check-permissions Filter is not Always Working as Expected * [#9093](https://github.com/cloud-custodian/cloud-custodian/issues/9093): aws.secrets-manager:tag action tries to retag secret with existing tags as well * [#9091](https://github.com/cloud-custodian/cloud-custodian/issues/9091): aws - modify sg by tags * [#9089](https://github.com/cloud-custodian/cloud-custodian/issues/9089): Azure resource filtering should not be case-sensitive ## Issues Closed * [#9120](https://github.com/cloud-custodian/cloud-custodian/issues/9120): aws - workspaces web support * [#9102](https://github.com/cloud-custodian/cloud-custodian/issues/9102): Handle aws-iso region * [#9093](https://github.com/cloud-custodian/cloud-custodian/issues/9093): aws.secrets-manager:tag action tries to retag secret with existing tags as well * [#9091](https://github.com/cloud-custodian/cloud-custodian/issues/9091): aws - modify sg by tags * [#9089](https://github.com/cloud-custodian/cloud-custodian/issues/9089): Azure resource filtering should not be case-sensitive * [#9057](https://github.com/cloud-custodian/cloud-custodian/issues/9057): aws - opensearch serverless support * [#9052](https://github.com/cloud-custodian/cloud-custodian/issues/9052): aws - opensearch domain support * [#9027](https://github.com/cloud-custodian/cloud-custodian/issues/9027): https://cloudcustodian.io/getting-started/policyStructure/ doesn't work * [#9001](https://github.com/cloud-custodian/cloud-custodian/issues/9001): AWS account filter service-limits runs into unrefreshable check ID c1dfprch07 * [#8394](https://github.com/cloud-custodian/cloud-custodian/issues/8394): releng - remove distutils version usage from the code base