# C7N Community Meeting Minutes 2024-04-02 ## April 2nd, 2024 :::info - **URL:** meet.google.com/mii-evqh-esh - **Date:** April 2, 2024 (2:00 PM (ET) / 11:00 AM (PT) / 7PM (UTC)) - **[Timezone Converter (Click me)](https://www.timeanddate.com/worldclock/converter.html?iso=20220621T180000&p1=263&p2=224&p3=136&p4=37&p5=367&p6=438&p7=248&p8=22)** - **Agenda** 1. Intros `10m` 1. Agenda Items `20m` 1. PR Party `30m` - **Meeting Contact:** AJ: <aj@stacklet.io> - **Video Archive and Transcripts**: https://mtngs.io/cloud-custodian/community-meetings/ ::: ## Agenda Items - c7n 0.9.35.0 subpackages published - Retry pip installs if you've experienced surprise c7n downgrades while installing c7n-org, c7n-mailer, c7n-policystream, etc - Looking at running a PyCon sprint. Focus areas: - Docs / narrative style - awscc improvements - cloudformation hooks - event mode(s) support - CNCF security audit - Audit complete, blog post upcoming - Docker images - Moving builds to wolfi - Should we update images post-release? When/why/for how long? - Azure SDK deprecation warnings - Can we update Azure packages or squelch these warnings? ### PR/Issue Discussion - https://github.com/cloud-custodian/cloud-custodian/pull/7798 - Pratyush has a separate PR in progress - https://github.com/cloud-custodian/cloud-custodian/pull/9154 - Not changing required permissions, just annotating the ones we already use - Related: Potential doc improvements coming https://github.com/orgs/cloud-custodian/discussions/7455 - Example _using_ those permission annotations to feed into an IAM policy: https://gist.github.com/ajkerrigan/f7879cdbbb0a3d285567d8e07e26a723 - Open question around how to support `config-poll-mode` for resource types that have no CFN type (such as `config-poll-type`) - We need a resource type name to post compliance status, default to CFN type currently - https://github.com/cloud-custodian/cloud-custodian/pull/9273 - New execution mode for eventbridge scheduler instead of event rules - Open question around how to migrate from periodic to scheduler mode, and clean up old event rules - Possible to use IAM session policies to fine tune Custodian permissions in different contexts? - https://aws.amazon.com/blogs/security/create-fine-grained-session-permissions-using-iam-managed-policies/ # Weekly Report Weekly status report for cloud-custodian/cloud-custodian Week #13 2024 ## Weekly Stats | | Opened this week| Closed this week| |--|---|-----| |Issues| 11 | 7| |PR's| 17 | 18| | | | |--|--| | New stars | 11| | New forks | 0| ## PR's Opened * [#9398](https://github.com/cloud-custodian/cloud-custodian/pull/9398): added support for chimesdkvoice voiceconnector - pull and event mode … * [#9397](https://github.com/cloud-custodian/cloud-custodian/pull/9397): VirtualNode support for appmesh * [#9394](https://github.com/cloud-custodian/cloud-custodian/pull/9394): Update transfer.py * [#9392](https://github.com/cloud-custodian/cloud-custodian/pull/9392): releng - move c7n, c7n-org, c7n-mailer to wolfi * [#9390](https://github.com/cloud-custodian/cloud-custodian/pull/9390): aws - sagemaker-cluster * [#9389](https://github.com/cloud-custodian/cloud-custodian/pull/9389): releng - move c7n-left to chainguard wolfi-base from docker hub * [#9384](https://github.com/cloud-custodian/cloud-custodian/pull/9384): releng - c7n-left - update tfparse and increment * [#9382](https://github.com/cloud-custodian/cloud-custodian/pull/9382): aws - network attached resource ingress/egress filters * [#9381](https://github.com/cloud-custodian/cloud-custodian/pull/9381): releng - ruff update and lint fixes * [#9380](https://github.com/cloud-custodian/cloud-custodian/pull/9380): aws - add workspaces bundle support * [#9378](https://github.com/cloud-custodian/cloud-custodian/pull/9378): added support for appmesh virtualnode * [#9377](https://github.com/cloud-custodian/cloud-custodian/pull/9377): added support for appmesh-virtualnode * [#9373](https://github.com/cloud-custodian/cloud-custodian/pull/9373): aws-Sagemaker-Domain * [#9372](https://github.com/cloud-custodian/cloud-custodian/pull/9372): Bump black from 23.12.1 to 24.3.0 in /tools/c7n_mailer * [#9371](https://github.com/cloud-custodian/cloud-custodian/pull/9371): Bump black from 23.12.1 to 24.3.0 * [#9370](https://github.com/cloud-custodian/cloud-custodian/pull/9370): Bump github.com/docker/docker from 24.0.7+incompatible to 24.0.9+incompatible in /tools/cask * [#9368](https://github.com/cloud-custodian/cloud-custodian/pull/9368): aws - lambda@edge func expr, unique resourceIds ## PR's Closed * [#9397](https://github.com/cloud-custodian/cloud-custodian/pull/9397): VirtualNode support for appmesh * [#9389](https://github.com/cloud-custodian/cloud-custodian/pull/9389): releng - move c7n-left to chainguard wolfi-base from docker hub * [#9384](https://github.com/cloud-custodian/cloud-custodian/pull/9384): releng - c7n-left - update tfparse and increment * [#9381](https://github.com/cloud-custodian/cloud-custodian/pull/9381): releng - ruff update and lint fixes * [#9378](https://github.com/cloud-custodian/cloud-custodian/pull/9378): added support for appmesh virtualnode * [#9377](https://github.com/cloud-custodian/cloud-custodian/pull/9377): added support for appmesh-virtualnode * [#9373](https://github.com/cloud-custodian/cloud-custodian/pull/9373): aws-Sagemaker-Domain * [#9372](https://github.com/cloud-custodian/cloud-custodian/pull/9372): Bump black from 23.12.1 to 24.3.0 in /tools/c7n_mailer * [#9371](https://github.com/cloud-custodian/cloud-custodian/pull/9371): Bump black from 23.12.1 to 24.3.0 * [#9370](https://github.com/cloud-custodian/cloud-custodian/pull/9370): Bump github.com/docker/docker from 24.0.7+incompatible to 24.0.9+incompatible in /tools/cask * [#9368](https://github.com/cloud-custodian/cloud-custodian/pull/9368): aws - lambda@edge func expr, unique resourceIds * [#9364](https://github.com/cloud-custodian/cloud-custodian/pull/9364): Adding RDS engine versions that can be stopped * [#9361](https://github.com/cloud-custodian/cloud-custodian/pull/9361): doc: fix several minor typos and formatting * [#9358](https://github.com/cloud-custodian/cloud-custodian/pull/9358): aws-OpenSearch-serverless resource and kms filter * [#9325](https://github.com/cloud-custodian/cloud-custodian/pull/9325): Add azure certificate support * [#9290](https://github.com/cloud-custodian/cloud-custodian/pull/9290): appmesh - added many tests - fixed big appmesh bug - extended CC to allow appmesh model to fit * [#9154](https://github.com/cloud-custodian/cloud-custodian/pull/9154): aws - update tag permissions, expand s3 assembly permissions, add missing config_types * [#9118](https://github.com/cloud-custodian/cloud-custodian/pull/9118): azure - stream-job ## Issues Opened * [#9396](https://github.com/cloud-custodian/cloud-custodian/issues/9396): TypeError in Session.client() when executing gcp-periodic policies with Cloud Custodian on GCP * [#9395](https://github.com/cloud-custodian/cloud-custodian/issues/9395): CI Docs cache doesn't handle removed/renamed resources * [#9393](https://github.com/cloud-custodian/cloud-custodian/issues/9393): NotFoundException -> ResourceNotFoundException * [#9391](https://github.com/cloud-custodian/cloud-custodian/issues/9391): c7n==0.9.35 missing cannot impot unicode writer * [#9387](https://github.com/cloud-custodian/cloud-custodian/issues/9387): Strange behavior for offhours policy, only react on one single specific tag * [#9386](https://github.com/cloud-custodian/cloud-custodian/issues/9386): Add support for regional Session Manager settings * [#9385](https://github.com/cloud-custodian/cloud-custodian/issues/9385): c7n Dependency Issues With Other Paackages Like c7n-org and c7n-mailer * [#9379](https://github.com/cloud-custodian/cloud-custodian/issues/9379): Unable to untag ELBv2 when it is attached with a new instance * [#9376](https://github.com/cloud-custodian/cloud-custodian/issues/9376): Datetime representation in captured JSON files when recording api calls * [#9375](https://github.com/cloud-custodian/cloud-custodian/issues/9375): Add support AWS resource : vpc-endpoint-service * [#9367](https://github.com/cloud-custodian/cloud-custodian/issues/9367): aws - lambda@edge expression on cloudfront resources ## Issues Closed * [#9385](https://github.com/cloud-custodian/cloud-custodian/issues/9385): c7n Dependency Issues With Other Paackages Like c7n-org and c7n-mailer * [#9376](https://github.com/cloud-custodian/cloud-custodian/issues/9376): Datetime representation in captured JSON files when recording api calls * [#9367](https://github.com/cloud-custodian/cloud-custodian/issues/9367): aws - lambda@edge expression on cloudfront resources * [#9366](https://github.com/cloud-custodian/cloud-custodian/issues/9366): Unable to use cloudtrail based lambda execute for EBS volumes * [#9362](https://github.com/cloud-custodian/cloud-custodian/issues/9362): Add support for aws sagemaker domain * [#9341](https://github.com/cloud-custodian/cloud-custodian/issues/9341): c7n-policystream dependency conflict with c7n 0.9.35 * [#6113](https://github.com/cloud-custodian/cloud-custodian/issues/6113): releng - speed up docker build
Last changed by  
Cloud Custodian
Notes and useful things for c7n
25

Read more

C7N Community Meeting Minutes 2024-04-16

URL: meet.google.com/mii-evqh-esh

4/16/2024
C7N Community Meeting Minutes 2024-03-19

URL: meet.google.com/mii-evqh-esh

3/19/2024
C7N Community Meeting Minutes 2024-03-05

URL: meet.google.com/mii-evqh-esh

3/5/2024
C7N Community Meeting Minutes 2024-02-20

URL: meet.google.com/mii-evqh-esh

2/20/2024
Read more from Cloud Custodian
Published on HackMD