C7n Community Meeting Minutes

# C7n Community Meeting Minutes ## November 22nd 2022 :::info - **URL:** meet.google.com/mii-evqh-esh - **Date:** November 22nd, 2022 (2:00 PM (ET) / 11:00 AM (PT) / 6PM (UTC)) - **[Timezone Converter (Click me)](https://www.timeanddate.com/worldclock/converter.html?iso=20220621T180000&p1=263&p2=224&p3=136&p4=37&p5=367&p6=438&p7=248&p8=22)** - **Agenda** 1. Intros `10m` 1. Agenda Items `20m` 1. PR Party `30m` - **Meeting Contact:** Jorge: <jorge@stacklet.io> - **Video Archive and Transcripts**: https://mtngs.io/cloud-custodian/community-meetings/ ::: [![Video Recording](https://img.youtube.com/vi/mi-Xo6520uI/0.jpg)](https://youtu.be/mi-Xo6520uI) ## Agenda Items - Intros, etc. - We're testing Slack! Join us: - [Invite page](https://communityinviter.com/apps/cloud-custodian/c7n-chat) - Release Update [Sonny] - Dependency updates, poetry, etc. - [Release update](https://github.com/cloud-custodian/cloud-custodian/pull/7990) - .9.21 targetted for right after reInvent - Kapil: we'll need this: https://github.com/cloud-custodian/cloud-custodian/pull/8011 - Cool Thing o' the Week - https://github.com/cloud-custodian/cloud-custodian/pull/7889 - Check out our [help wanted issues](https://github.com/cloud-custodian/cloud-custodian/issues?q=is%3Aopen+is%3Aissue+label%3A%22help+wanted%22). ## Weekly Stats | | Opened this week| Closed this week| |--|---|-----| |Issues| 28 | 9| |PR's| 53 | 62| | | | |--|--| | New stars | 235| | New forks | 56| ## PR's Opened * :boom: [#7988](https://github.com/cloud-custodian/cloud-custodian/pull/7988): Added CW subscription Filter details to c7n:log-config * :boom: [#7807](https://github.com/cloud-custodian/cloud-custodian/pull/7807): aws - rds - list db instance option groups * :boom: [#7729](https://github.com/cloud-custodian/cloud-custodian/pull/7729): aws - rds-cluster - add db-cluster-parameter filter * :boom: [#7874](https://github.com/cloud-custodian/cloud-custodian/pull/7874): aws - account - ses send metrics * :boom: [#7029](https://github.com/cloud-custodian/cloud-custodian/pull/7029): aws - account - managed config rule * :boom: [#7946](https://github.com/cloud-custodian/cloud-custodian/pull/7946): aws - rest-stage - wafv2 * [#8018](https://github.com/cloud-custodian/cloud-custodian/pull/8018): Bump cryptography from 38.0.1 to 38.0.3 * [#8017](https://github.com/cloud-custodian/cloud-custodian/pull/8017): Bump cryptography from 38.0.1 to 38.0.3 in /tools/c7n_azure * [#8016](https://github.com/cloud-custodian/cloud-custodian/pull/8016): Bump cryptography from 38.0.1 to 38.0.3 in /tools/c7n_openstack * [#8014](https://github.com/cloud-custodian/cloud-custodian/pull/8014): policy - have conditions support vars * [#8013](https://github.com/cloud-custodian/cloud-custodian/pull/8013): releng - update poetry to 1.2.2 * [#8012](https://github.com/cloud-custodian/cloud-custodian/pull/8012): releng - github actions use concurrency option to only run on latest push * [#8011](https://github.com/cloud-custodian/cloud-custodian/pull/8011): c7n_left - github action output annotation fixes * [#8007](https://github.com/cloud-custodian/cloud-custodian/pull/8007): aws - ec2 - force stop override stop protection * [#8006](https://github.com/cloud-custodian/cloud-custodian/pull/8006): aws - iam-profile, ec2 - add has-specific-managed-policy filter * [#8002](https://github.com/cloud-custodian/cloud-custodian/pull/8002): docs - tencentcloud resource reference docs build * :boom: [#8001](https://github.com/cloud-custodian/cloud-custodian/pull/8001): releng - handle optional extras in gen-frozensetup * [#7999](https://github.com/cloud-custodian/cloud-custodian/pull/7999): aws - iam - instance-profile set-role action * [#7998](https://github.com/cloud-custodian/cloud-custodian/pull/7998): aws - Lambda kms key fix for securityhub finding * [#7996](https://github.com/cloud-custodian/cloud-custodian/pull/7996): aws - cloudhsm-cluster, augment and serverless mode * :boom: [#7995](https://github.com/cloud-custodian/cloud-custodian/pull/7995): releng - install mailer extras in docker image * [#7994](https://github.com/cloud-custodian/cloud-custodian/pull/7994): c7n_tencentcloud - filter - refactor metrics filter * [#7992](https://github.com/cloud-custodian/cloud-custodian/pull/7992): c7n_tencentcloud - tests - vcr add recording filter * :boom: [#7990](https://github.com/cloud-custodian/cloud-custodian/pull/7990): releng - 0.9.21.0 pkg-increment and pkg-rebase * [#7986](https://github.com/cloud-custodian/cloud-custodian/pull/7986): aws - cloudfront - wafv2-enabled fix to find resources which are associated with waf-classic acl * [#7984](https://github.com/cloud-custodian/cloud-custodian/pull/7984): aws - autotag action - fix none userinfo exception * [#7983](https://github.com/cloud-custodian/cloud-custodian/pull/7983): aws - transit-attachment - Support CloudTrail mode * [#7981](https://github.com/cloud-custodian/cloud-custodian/pull/7981): aws - Support CloudTrail mode for aws.transit-attachment * [#7980](https://github.com/cloud-custodian/cloud-custodian/pull/7980): core - fix issue on policy conditions (#7967) * [#7975](https://github.com/cloud-custodian/cloud-custodian/pull/7975): Fix issue dumping FormatDate objs as JSON. * :boom: [#7974](https://github.com/cloud-custodian/cloud-custodian/pull/7974): aws.ami enhancements for issues #7972, #7232, #7031 * [#7971](https://github.com/cloud-custodian/cloud-custodian/pull/7971): Add gcp resource project info * [#7970](https://github.com/cloud-custodian/cloud-custodian/pull/7970): Update website banner for reinvent * [#7969](https://github.com/cloud-custodian/cloud-custodian/pull/7969): docs - enable the edit button for website * [#7968](https://github.com/cloud-custodian/cloud-custodian/pull/7968): fix - don't use gh-deploy command as it's destructive * [#7966](https://github.com/cloud-custodian/cloud-custodian/pull/7966): fix - wrap mkdocs in poetry run * [#7964](https://github.com/cloud-custodian/cloud-custodian/pull/7964): Fix/py version * [#7963](https://github.com/cloud-custodian/cloud-custodian/pull/7963): fix - gh action for website publishing * [#7962](https://github.com/cloud-custodian/cloud-custodian/pull/7962): M.Hogg - Suggested fix for KMSKeyArn Parameter validation failed for … * [#7959](https://github.com/cloud-custodian/cloud-custodian/pull/7959): aws - autotag action - autotag user with value * [#7957](https://github.com/cloud-custodian/cloud-custodian/pull/7957): docs - add governance-as-code day orgs * [#7954](https://github.com/cloud-custodian/cloud-custodian/pull/7954): aws - event-rule - add set-rule-state action * [#7953](https://github.com/cloud-custodian/cloud-custodian/pull/7953): aws - composite-alarm - add resource and delete action * [#7952](https://github.com/cloud-custodian/cloud-custodian/pull/7952): c7n_gcp-add-augment-to-big-query-resource-bq-table-to-extract-encryptionconfiguration * [#7951](https://github.com/cloud-custodian/cloud-custodian/pull/7951): C7n gcp add augment to big query resource bq table to extract encryption configuration * [#7949](https://github.com/cloud-custodian/cloud-custodian/pull/7949): c7n-left - output - add description to console output * [#7948](https://github.com/cloud-custodian/cloud-custodian/pull/7948): update version to 0.9.20 * [#7947](https://github.com/cloud-custodian/cloud-custodian/pull/7947): aws - ec2 - add managed-policy filter * [#7946](https://github.com/cloud-custodian/cloud-custodian/pull/7946): Apigwwaf * [#7945](https://github.com/cloud-custodian/cloud-custodian/pull/7945): releng - tencentcentcloud fix pyproject.toml project urls * [#7943](https://github.com/cloud-custodian/cloud-custodian/pull/7943): c7n-left - graph traversal filter * [#7942](https://github.com/cloud-custodian/cloud-custodian/pull/7942): c7n_kube - reports - fix reporting for k8s provider * [#7941](https://github.com/cloud-custodian/cloud-custodian/pull/7941): website - update text and css * [#7940](https://github.com/cloud-custodian/cloud-custodian/pull/7940): c7n-left - exit 1 when resources match policies * [#7939](https://github.com/cloud-custodian/cloud-custodian/pull/7939): aws - route53resolver - Add new resource for resolver query log config and action to associate vpcs * [#7938](https://github.com/cloud-custodian/cloud-custodian/pull/7938): aws - rds-snapshot - skip automated snapshots in delete action * [#7937](https://github.com/cloud-custodian/cloud-custodian/pull/7937): feat: new website * [#7934](https://github.com/cloud-custodian/cloud-custodian/pull/7934): c7n_tencentcloud - resources - new cos ## PR's Closed * [#8012](https://github.com/cloud-custodian/cloud-custodian/pull/8012): releng - github actions use concurrency option to only run on latest push * [#8006](https://github.com/cloud-custodian/cloud-custodian/pull/8006): aws - iam-profile, ec2 - add has-specific-managed-policy filter * [#8002](https://github.com/cloud-custodian/cloud-custodian/pull/8002): docs - tencentcloud resource reference docs build * [#8001](https://github.com/cloud-custodian/cloud-custodian/pull/8001): releng - handle optional extras in gen-frozensetup * [#7999](https://github.com/cloud-custodian/cloud-custodian/pull/7999): aws - iam - instance-profile set-role action * [#7998](https://github.com/cloud-custodian/cloud-custodian/pull/7998): aws - Lambda kms key fix for securityhub finding * [#7996](https://github.com/cloud-custodian/cloud-custodian/pull/7996): aws - cloudhsm-cluster, augment and serverless mode * [#7995](https://github.com/cloud-custodian/cloud-custodian/pull/7995): releng - install mailer extras in docker image * [#7994](https://github.com/cloud-custodian/cloud-custodian/pull/7994): c7n_tencentcloud - filter - refactor metrics filter * [#7992](https://github.com/cloud-custodian/cloud-custodian/pull/7992): c7n_tencentcloud - tests - vcr add recording filter * [#7984](https://github.com/cloud-custodian/cloud-custodian/pull/7984): aws - autotag action - fix none userinfo exception * [#7983](https://github.com/cloud-custodian/cloud-custodian/pull/7983): aws - transit-attachment - Support CloudTrail mode * [#7981](https://github.com/cloud-custodian/cloud-custodian/pull/7981): aws - Support CloudTrail mode for aws.transit-attachment * [#7975](https://github.com/cloud-custodian/cloud-custodian/pull/7975): Fix issue dumping FormatDate objs as JSON. * [#7971](https://github.com/cloud-custodian/cloud-custodian/pull/7971): Add gcp resource project info * [#7970](https://github.com/cloud-custodian/cloud-custodian/pull/7970): Update website banner for reinvent * [#7969](https://github.com/cloud-custodian/cloud-custodian/pull/7969): docs - enable the edit button for website * [#7968](https://github.com/cloud-custodian/cloud-custodian/pull/7968): fix - don't use gh-deploy command as it's destructive * [#7966](https://github.com/cloud-custodian/cloud-custodian/pull/7966): fix - wrap mkdocs in poetry run * [#7964](https://github.com/cloud-custodian/cloud-custodian/pull/7964): Fix/py version * [#7963](https://github.com/cloud-custodian/cloud-custodian/pull/7963): fix - gh action for website publishing * [#7962](https://github.com/cloud-custodian/cloud-custodian/pull/7962): M.Hogg - Suggested fix for KMSKeyArn Parameter validation failed for … * [#7957](https://github.com/cloud-custodian/cloud-custodian/pull/7957): docs - add governance-as-code day orgs * [#7954](https://github.com/cloud-custodian/cloud-custodian/pull/7954): aws - event-rule - add set-rule-state action * [#7953](https://github.com/cloud-custodian/cloud-custodian/pull/7953): aws - composite-alarm - add resource and delete action * [#7951](https://github.com/cloud-custodian/cloud-custodian/pull/7951): C7n gcp add augment to big query resource bq table to extract encryption configuration * [#7949](https://github.com/cloud-custodian/cloud-custodian/pull/7949): c7n-left - output - add description to console output * [#7948](https://github.com/cloud-custodian/cloud-custodian/pull/7948): update version to 0.9.20 * [#7947](https://github.com/cloud-custodian/cloud-custodian/pull/7947): aws - ec2 - add managed-policy filter * [#7945](https://github.com/cloud-custodian/cloud-custodian/pull/7945): releng - tencentcentcloud fix pyproject.toml project urls * [#7943](https://github.com/cloud-custodian/cloud-custodian/pull/7943): c7n-left - graph traversal filter * [#7942](https://github.com/cloud-custodian/cloud-custodian/pull/7942): c7n_kube - reports - fix reporting for k8s provider * [#7941](https://github.com/cloud-custodian/cloud-custodian/pull/7941): website - update text and css * [#7940](https://github.com/cloud-custodian/cloud-custodian/pull/7940): c7n-left - exit 1 when resources match policies * [#7938](https://github.com/cloud-custodian/cloud-custodian/pull/7938): aws - rds-snapshot - skip automated snapshots in delete action * [#7937](https://github.com/cloud-custodian/cloud-custodian/pull/7937): feat: new website * [#7934](https://github.com/cloud-custodian/cloud-custodian/pull/7934): c7n_tencentcloud - resources - new cos * [#7932](https://github.com/cloud-custodian/cloud-custodian/pull/7932): c7n_kube - role/cluster-role - add role and cluster role resources * [#7930](https://github.com/cloud-custodian/cloud-custodian/pull/7930): aws - secrets-manager - add has-statement filter * [#7928](https://github.com/cloud-custodian/cloud-custodian/pull/7928): c7n-left - update tfparse, json output includes resource, also jmespath query for json output * [#7917](https://github.com/cloud-custodian/cloud-custodian/pull/7917): custodian lambdas - graviton support * [#7914](https://github.com/cloud-custodian/cloud-custodian/pull/7914): Using assertEqual instead of assertTrue in unit tests * [#7908](https://github.com/cloud-custodian/cloud-custodian/pull/7908): c7n_tencentcloud - resources - cdb & cdb_backup * [#7907](https://github.com/cloud-custodian/cloud-custodian/pull/7907): fix the parsing with the latest tfparse * [#7905](https://github.com/cloud-custodian/cloud-custodian/pull/7905): c7n_tencentcloud - cls, es, vpc, tcr - add resources * [#7904](https://github.com/cloud-custodian/cloud-custodian/pull/7904): aws - lambda - added assume role for invoke lambda * [#7900](https://github.com/cloud-custodian/cloud-custodian/pull/7900): releng - c7n-left update tfparse version * :boom: [#7889](https://github.com/cloud-custodian/cloud-custodian/pull/7889): Use case-insensitive checks for allowed conditions in cross-account filters * [#7882](https://github.com/cloud-custodian/cloud-custodian/pull/7882): c7n_tencentcloud - resources - cos * [#7876](https://github.com/cloud-custodian/cloud-custodian/pull/7876): azure - postgresql-server - add configuration-parameter filter * [#7871](https://github.com/cloud-custodian/cloud-custodian/pull/7871): updating the KeyVault resource to use the list_by_subscription API * [#7864](https://github.com/cloud-custodian/cloud-custodian/pull/7864): Update azure sql va filter * [#7861](https://github.com/cloud-custodian/cloud-custodian/pull/7861): aws - security-group - used filter - enrich attribute * [#7851](https://github.com/cloud-custodian/cloud-custodian/pull/7851): aws - account - check-cloudtrail filter: add include-management-events and log-metric-filter-pattern * [#7840](https://github.com/cloud-custodian/cloud-custodian/pull/7840): azure - webapp - add webapp authentication filter * [#7813](https://github.com/cloud-custodian/cloud-custodian/pull/7813): aws - dynamodb - enhancement recommended for the consecuitive-backups filter * [#7670](https://github.com/cloud-custodian/cloud-custodian/pull/7670): azure-blob-soft-delete * [#7664](https://github.com/cloud-custodian/cloud-custodian/pull/7664): azure - sqlserver - add auditing filter * [#7143](https://github.com/cloud-custodian/cloud-custodian/pull/7143): add GitHub URL for PyPi * [#5876](https://github.com/cloud-custodian/cloud-custodian/pull/5876): aws - s3 - reduce time complexity of merging lifecycle rules * [#5739](https://github.com/cloud-custodian/cloud-custodian/pull/5739): POC for Not Found exceptions in resource_type * [#5699](https://github.com/cloud-custodian/cloud-custodian/pull/5699): aws - cli - add exclude-region option ## Issues Opened * [#8015](https://github.com/cloud-custodian/cloud-custodian/issues/8015): Support identifying relationships between Route 53 records and Elastic IPs * [#8010](https://github.com/cloud-custodian/cloud-custodian/issues/8010): Mailer - question about send mail to gcp target * [#8009](https://github.com/cloud-custodian/cloud-custodian/issues/8009): [aws:sns] ResourceNotFound Terminates Policy Evaluation Early * [#8008](https://github.com/cloud-custodian/cloud-custodian/issues/8008): awscc query.get_resources is not called for some of the resources * [#8005](https://github.com/cloud-custodian/cloud-custodian/issues/8005): IllegalLocationConstraintException when calling the GetBucketTagging operation * [#8004](https://github.com/cloud-custodian/cloud-custodian/issues/8004): Develop an action on Connect resource to disable the contact lens feature * [#8003](https://github.com/cloud-custodian/cloud-custodian/issues/8003): resume and suspend actions for asg should support a new filter to ignore ASGs with Spot Instances * [#7997](https://github.com/cloud-custodian/cloud-custodian/issues/7997): Add AWS MSK (Kafka) V2 Serverless Support * [#7991](https://github.com/cloud-custodian/cloud-custodian/issues/7991): aws - cloudhsm-cluster policies failing in event mode * [#7989](https://github.com/cloud-custodian/cloud-custodian/issues/7989): Replace AWS EventBridge Rules with EventBridge Scheduler * [#7987](https://github.com/cloud-custodian/cloud-custodian/issues/7987): Filter action CWL log group for retention, size * [#7985](https://github.com/cloud-custodian/cloud-custodian/issues/7985): wafv-enabled for CloudFront fails to return resources which are associated with waf-classic acl * [#7979](https://github.com/cloud-custodian/cloud-custodian/issues/7979): Support for Amazon Managed Workflows for Apache Airflow (MWAA) * [#7978](https://github.com/cloud-custodian/cloud-custodian/issues/7978): Support for AWS EMR Serverless * [#7977](https://github.com/cloud-custodian/cloud-custodian/issues/7977): Securityhub upload finding - Botocore ParamValidationError for aws.lambda with encrypted env variables * [#7976](https://github.com/cloud-custodian/cloud-custodian/issues/7976): Policies using AWS resource "security-group" logging wrong c7n version in CloudWatch logs. * [#7973](https://github.com/cloud-custodian/cloud-custodian/issues/7973): AWS EC2 - exception when processing ENI that is in-use but has no attachment * [#7972](https://github.com/cloud-custodian/cloud-custodian/issues/7972): Add more flexible 'set-permissions' action to aws.ami to manage AMI sharing policies * [#7967](https://github.com/cloud-custodian/cloud-custodian/issues/7967): "account.*" policy conditions prevent lambda based policies from executing. * [#7965](https://github.com/cloud-custodian/cloud-custodian/issues/7965): Update request: IAM Role's cross-account filter * [#7961](https://github.com/cloud-custodian/cloud-custodian/issues/7961): route 53 resources are all global * [#7960](https://github.com/cloud-custodian/cloud-custodian/issues/7960): resources/awslambda.py using KMSKeyArn instead of KmsKeyArn * [#7958](https://github.com/cloud-custodian/cloud-custodian/issues/7958): aws - ability to modify security group cidr without modifying the port(s) * [#7956](https://github.com/cloud-custodian/cloud-custodian/issues/7956): CodeCommit tags missing * [#7950](https://github.com/cloud-custodian/cloud-custodian/issues/7950): aws - 'auto-tag-user' values for more universal use. * [#7944](https://github.com/cloud-custodian/cloud-custodian/issues/7944): AttributeError: 'GlueDataCatalog' object has no attribute 'get_arns' * [#7936](https://github.com/cloud-custodian/cloud-custodian/issues/7936): Cache error on some long running policies * [#7935](https://github.com/cloud-custodian/cloud-custodian/issues/7935): Filter based on account number and tag ## Issues Closed * [#7991](https://github.com/cloud-custodian/cloud-custodian/issues/7991): aws - cloudhsm-cluster policies failing in event mode * [#7977](https://github.com/cloud-custodian/cloud-custodian/issues/7977): Securityhub upload finding - Botocore ParamValidationError for aws.lambda with encrypted env variables * [#7960](https://github.com/cloud-custodian/cloud-custodian/issues/7960): resources/awslambda.py using KMSKeyArn instead of KmsKeyArn * [#7916](https://github.com/cloud-custodian/cloud-custodian/issues/7916): "{now}" Generating Exception When Running With 0.9.19 * [#7838](https://github.com/cloud-custodian/cloud-custodian/issues/7838): Automatically filter out automated snapshots from rds-snapshot resource. * [#7837](https://github.com/cloud-custodian/cloud-custodian/issues/7837): Use case-insensitive checks for allowed conditions in `cross-account` filters * [#7763](https://github.com/cloud-custodian/cloud-custodian/issues/7763): cloudwatch alarms deletion failing * [#7634](https://github.com/cloud-custodian/cloud-custodian/issues/7634): UnitTests using assertTrue(x, y) instead of assertEqual(x, y) * [#6351](https://github.com/cloud-custodian/cloud-custodian/issues/6351): Custodian policies that call GenerateCredentialReport api hit throttling limits intermittently.