C7n Community Meeting Minutes

# C7n Community Meeting Minutes # October 11 2022 :::info - **URL:** meet.google.com/mii-evqh-esh - **Date:** October 11th, 2022 (2:00 PM (ET) / 11:00 AM (PT) / 6PM (UTC)) - **[Timezone Converter (Click me)](https://www.timeanddate.com/worldclock/converter.html?iso=20220621T180000&p1=263&p2=224&p3=136&p4=37&p5=367&p6=438&p7=248&p8=22)** - **Agenda** 1. Intros `10m` 1. Agenda Items `20m` 1. PR Party `30m` - **Meeting Contact:** Jorge: <jorge@stacklet.io> - **Video Archive and Transcripts**: https://mtngs.io/cloud-custodian/community-meetings/ ::: [![Video Recording](https://img.youtube.com/vi/7Kmjpd6oVzw/0.jpg)](https://youtu.be/7Kmjpd6oVzw) ## Agenda Item - Intros, etc. - Governance Updates - See this [GitHub issue](https://github.com/cloud-custodian/cloud-custodian/issues/7149) for the latest draft revisions. - Governance as Code day: - Next week! - [Registration](https://hopin.com/events/governance-as-code-day-with-cloud-custodian-hosted-by-stacklet-2022?hss_channel=tw-1242918094160498699) - We're testing Slack! Join us: - [Invite page](https://communityinviter.com/apps/cloud-custodian/c7n-chat) - PRs incoming to update project link - Still working on an archive solution, more to follow next week - [sonny] - K8s provider update - See [#7697](https://github.com/cloud-custodian/cloud-custodian/pull/7697) - Docs PR: https://github.com/thisisshi/cloud-custodian/pull/21/files - [Example Policies](https://github.com/thisisshi/cloud-custodian/tree/6fa80c1b3d95aa1656e54f88cd3d545c823d0ea1/docs/source/kubernetes/examples) - feedback wanted! - Shift Left Survey: https://www.surveymonkey.com/r/8Y53GJQ - From the community: :boom: https://github.com/cloud-custodian/cloud-custodian/issues/7553 # Weekly Report Weekly status report for cloud-custodian/cloud-custodian Week #41 2022 ## Weekly Stats | | Opened this week| Closed this week| |--|---|-----| |Issues| 17 | 14| |PR's| 37 | 25| | | | |--|--| | New stars | 0| | New forks | 0| ## PR's Opened * [#7867](https://github.com/cloud-custodian/cloud-custodian/pull/7867): releng - changelog generator updates * [#7866](https://github.com/cloud-custodian/cloud-custodian/pull/7866): releng - changelog generator updates * :boom: [#7865](https://github.com/cloud-custodian/cloud-custodian/pull/7865): c7n_tencentcloud - resources - cam * [#7864](https://github.com/cloud-custodian/cloud-custodian/pull/7864): Update azure sql va filter * [#7862](https://github.com/cloud-custodian/cloud-custodian/pull/7862): improve docker layer cache * [#7861](https://github.com/cloud-custodian/cloud-custodian/pull/7861): aws - security-group - used filter - enrich attribute * [#7860](https://github.com/cloud-custodian/cloud-custodian/pull/7860): c7n_kube - cache - fix cache usage * [#7859](https://github.com/cloud-custodian/cloud-custodian/pull/7859): Add new RDS Proxy resource * [#7857](https://github.com/cloud-custodian/cloud-custodian/pull/7857): tools/c7n_mailer - lazily import processor modules * [#7854](https://github.com/cloud-custodian/cloud-custodian/pull/7854): Add c7n:MatchedIpPermissions to notification * [#7852](https://github.com/cloud-custodian/cloud-custodian/pull/7852): releng - 0.9.20 pkg rebase and increment * [#7851](https://github.com/cloud-custodian/cloud-custodian/pull/7851): AWS Metric Alarm Filter * [#7850](https://github.com/cloud-custodian/cloud-custodian/pull/7850): tools/c7n-left - refactor terraform support to subpackage * [#7849](https://github.com/cloud-custodian/cloud-custodian/pull/7849): tools/c7n-left - refactor terraform support to subpackage * [#7848](https://github.com/cloud-custodian/cloud-custodian/pull/7848): releng - pin poetry and fix setup gen * [#7844](https://github.com/cloud-custodian/cloud-custodian/pull/7844): releng - fix poetrypkg gen-setup command * [#7843](https://github.com/cloud-custodian/cloud-custodian/pull/7843): releng - fix poetry pkg script, add test * [#7840](https://github.com/cloud-custodian/cloud-custodian/pull/7840): azure - webapp - add webapp authentication filter * [#7832](https://github.com/cloud-custodian/cloud-custodian/pull/7832): core - policy var formatting preserves var type * [#7828](https://github.com/cloud-custodian/cloud-custodian/pull/7828): aws - elasticsearch - filter/action on source ips * [#7827](https://github.com/cloud-custodian/cloud-custodian/pull/7827): img tags need to be relative for the root index * [#7826](https://github.com/cloud-custodian/cloud-custodian/pull/7826): aws - metrics - support extended statistics * [#7824](https://github.com/cloud-custodian/cloud-custodian/pull/7824): c7n_tencentcloud: add fixture for environment variables, and fix typos in query.py. * [#7823](https://github.com/cloud-custodian/cloud-custodian/pull/7823): releng - docker - include tencentcloud provider * [#7822](https://github.com/cloud-custodian/cloud-custodian/pull/7822): aws - sqs - set-encryption key usage consistency * [#7821](https://github.com/cloud-custodian/cloud-custodian/pull/7821): aws - s3 - config handle missing configuration for regional specific feature sets * [#7819](https://github.com/cloud-custodian/cloud-custodian/pull/7819): c7n_tencentcloud - resources - ami&nat gateway&cbs snapshot * [#7818](https://github.com/cloud-custodian/cloud-custodian/pull/7818): c7n_tencentcloud - Add environment fixture, and add 'qcs' to resources. * [#7817](https://github.com/cloud-custodian/cloud-custodian/pull/7817): Add cloudwatch put subscription filter action * [#7816](https://github.com/cloud-custodian/cloud-custodian/pull/7816): Add cloudwatch put subscription filter action * [#7815](https://github.com/cloud-custodian/cloud-custodian/pull/7815): utils - handle interpolation of non-string variables * [#7813](https://github.com/cloud-custodian/cloud-custodian/pull/7813): aws - dynamodb - enhancement recommended for the consecuitive-backups filter * [#7809](https://github.com/cloud-custodian/cloud-custodian/pull/7809): c7n_tencentcloud - resources - clb&cbs * [#7807](https://github.com/cloud-custodian/cloud-custodian/pull/7807): aws - rds - list db instance option groups * [#7806](https://github.com/cloud-custodian/cloud-custodian/pull/7806): c7n_tencentcloud - filters - metrics * [#7804](https://github.com/cloud-custodian/cloud-custodian/pull/7804): aws - iam-user - add login-profile filter * [#7803](https://github.com/cloud-custodian/cloud-custodian/pull/7803): tools/c7n-left - run policies on terraform ## PR's Closed * [#7866](https://github.com/cloud-custodian/cloud-custodian/pull/7866): releng - changelog generator updates * [#7862](https://github.com/cloud-custodian/cloud-custodian/pull/7862): improve docker layer cache * [#7850](https://github.com/cloud-custodian/cloud-custodian/pull/7850): tools/c7n-left - refactor terraform support to subpackage * [#7849](https://github.com/cloud-custodian/cloud-custodian/pull/7849): tools/c7n-left - refactor terraform support to subpackage * [#7848](https://github.com/cloud-custodian/cloud-custodian/pull/7848): releng - pin poetry and fix setup gen * [#7844](https://github.com/cloud-custodian/cloud-custodian/pull/7844): releng - fix poetrypkg gen-setup command * [#7843](https://github.com/cloud-custodian/cloud-custodian/pull/7843): releng - fix poetry pkg script, add test * [#7832](https://github.com/cloud-custodian/cloud-custodian/pull/7832): core - policy var formatting preserves var type * [#7828](https://github.com/cloud-custodian/cloud-custodian/pull/7828): aws - elasticsearch - filter/action on source ips * [#7827](https://github.com/cloud-custodian/cloud-custodian/pull/7827): img tags need to be relative for the root index * [#7824](https://github.com/cloud-custodian/cloud-custodian/pull/7824): c7n_tencentcloud: add fixture for environment variables, and fix typos in query.py. * [#7823](https://github.com/cloud-custodian/cloud-custodian/pull/7823): releng - docker - include tencentcloud provider * [#7822](https://github.com/cloud-custodian/cloud-custodian/pull/7822): aws - sqs - set-encryption key usage consistency * [#7821](https://github.com/cloud-custodian/cloud-custodian/pull/7821): aws - s3 - config handle missing configuration for regional specific feature sets * [#7818](https://github.com/cloud-custodian/cloud-custodian/pull/7818): c7n_tencentcloud - Add environment fixture, and add 'qcs' to resources. * [#7816](https://github.com/cloud-custodian/cloud-custodian/pull/7816): Add cloudwatch put subscription filter action * [#7815](https://github.com/cloud-custodian/cloud-custodian/pull/7815): utils - handle interpolation of non-string variables * [#7806](https://github.com/cloud-custodian/cloud-custodian/pull/7806): c7n_tencentcloud - filters - metrics * [#7803](https://github.com/cloud-custodian/cloud-custodian/pull/7803): tools/c7n-left - run policies on terraform * [#7802](https://github.com/cloud-custodian/cloud-custodian/pull/7802): aws - servicecatalog - added new resource of type catalog-product * [#7790](https://github.com/cloud-custodian/cloud-custodian/pull/7790): docs - tencentcloud usage readme * [#7750](https://github.com/cloud-custodian/cloud-custodian/pull/7750): aws - dynamodb - disable consecutive backups filter * [#7747](https://github.com/cloud-custodian/cloud-custodian/pull/7747): docs - Change gitter link to slack for chat * [#7744](https://github.com/cloud-custodian/cloud-custodian/pull/7744): Added Instance Metadata Tags action * [#7706](https://github.com/cloud-custodian/cloud-custodian/pull/7706): Add FMS WAFv2 support for alb, cloudfront ## Issues Opened * [#7858](https://github.com/cloud-custodian/cloud-custodian/issues/7858): aws - apigateway.websockets.stage - add resource, tag filters/actions, and delete action * [#7856](https://github.com/cloud-custodian/cloud-custodian/issues/7856): Lambdas aren't deprovisioned after policies are removed * [#7853](https://github.com/cloud-custodian/cloud-custodian/issues/7853): Deployment of c7n-mailer Fails Due to Missing Package * [#7847](https://github.com/cloud-custodian/cloud-custodian/issues/7847): Unable to Copy tags from EC2 to Security Groups. * [#7845](https://github.com/cloud-custodian/cloud-custodian/issues/7845): releng - dont cast None in setup.py * [#7842](https://github.com/cloud-custodian/cloud-custodian/issues/7842): Need support for AppSync Resource in custodian platform * [#7841](https://github.com/cloud-custodian/cloud-custodian/issues/7841): C7N Mailer - Allow Redis cluster to have encryption in transit enabled * [#7839](https://github.com/cloud-custodian/cloud-custodian/issues/7839): using member-role for periodic policy not running on remote account * [#7838](https://github.com/cloud-custodian/cloud-custodian/issues/7838): Automatically filter out automated snapshots from rds-snapshot resource. * [#7837](https://github.com/cloud-custodian/cloud-custodian/issues/7837): Use case-insensitive checks for allowed conditions in `cross-account` filters * [#7833](https://github.com/cloud-custodian/cloud-custodian/issues/7833): The 'report' command shows results even when no matching resources * [#7831](https://github.com/cloud-custodian/cloud-custodian/issues/7831): Lambda does not have filter to check on policy statements that allow public access. * [#7830](https://github.com/cloud-custodian/cloud-custodian/issues/7830): Issue which Security group Ingress filter type * [#7829](https://github.com/cloud-custodian/cloud-custodian/issues/7829): c7n-salactus gives syntax error * [#7820](https://github.com/cloud-custodian/cloud-custodian/issues/7820): Support percentile statistics in CloudWatch metrics filter * [#7814](https://github.com/cloud-custodian/cloud-custodian/issues/7814): AWS - global resource cloudfront runs on multiple regions * [#7808](https://github.com/cloud-custodian/cloud-custodian/issues/7808): Mode config-rule cannot handle S3 Buckets in eu-north-1 ## Issues Closed * [#7856](https://github.com/cloud-custodian/cloud-custodian/issues/7856): Lambdas aren't deprovisioned after policies are removed * [#7845](https://github.com/cloud-custodian/cloud-custodian/issues/7845): releng - dont cast None in setup.py * [#7839](https://github.com/cloud-custodian/cloud-custodian/issues/7839): using member-role for periodic policy not running on remote account * [#7831](https://github.com/cloud-custodian/cloud-custodian/issues/7831): Lambda does not have filter to check on policy statements that allow public access. * [#7814](https://github.com/cloud-custodian/cloud-custodian/issues/7814): AWS - global resource cloudfront runs on multiple regions * [#7808](https://github.com/cloud-custodian/cloud-custodian/issues/7808): Mode config-rule cannot handle S3 Buckets in eu-north-1 * [#7778](https://github.com/cloud-custodian/cloud-custodian/issues/7778): releng - add tecentcloud to tools/dev/dockerpkg and the docker images * [#7762](https://github.com/cloud-custodian/cloud-custodian/issues/7762): SQS Set-Encryption Not Standard * [#7760](https://github.com/cloud-custodian/cloud-custodian/issues/7760): Still Getting Type Error when using set-s3-public-block * [#7695](https://github.com/cloud-custodian/cloud-custodian/issues/7695): GetBucketLocation api failure for cross region buckets * [#7553](https://github.com/cloud-custodian/cloud-custodian/issues/7553): Define and use of integer variables (YAML-files) - c7n-org * [#6734](https://github.com/cloud-custodian/cloud-custodian/issues/6734): Variable interpolation only works on strings * [#3992](https://github.com/cloud-custodian/cloud-custodian/issues/3992): Add a feature to specify the region(s) to deploy into the policy document * [#1410](https://github.com/cloud-custodian/cloud-custodian/issues/1410): index given cw metric on given set of resources