# C7N Community Meeting Minutes 2024-04-02
## April 2nd, 2024
:::info
- **URL:** meet.google.com/mii-evqh-esh
- **Date:** April 2, 2024 (2:00 PM (ET) / 11:00 AM (PT) / 7PM (UTC))
- **[Timezone Converter (Click me)](https://www.timeanddate.com/worldclock/converter.html?iso=20220621T180000&p1=263&p2=224&p3=136&p4=37&p5=367&p6=438&p7=248&p8=22)**
- **Agenda**
1. Intros `10m`
1. Agenda Items `20m`
1. PR Party `30m`
- **Meeting Contact:** AJ: <aj@stacklet.io>
- **Video Archive and Transcripts**: https://mtngs.io/cloud-custodian/community-meetings/
:::
## Agenda Items
- c7n 0.9.35.0 subpackages published
- Retry pip installs if you've experienced surprise c7n downgrades while installing c7n-org, c7n-mailer, c7n-policystream, etc
- Looking at running a PyCon sprint. Focus areas:
- Docs / narrative style
- awscc improvements
- cloudformation hooks
- event mode(s) support
- CNCF security audit
- Audit complete, blog post upcoming
- Docker images
- Moving builds to wolfi
- Should we update images post-release? When/why/for how long?
- Azure SDK deprecation warnings
- Can we update Azure packages or squelch these warnings?
### PR/Issue Discussion
- https://github.com/cloud-custodian/cloud-custodian/pull/7798
- Pratyush has a separate PR in progress
- https://github.com/cloud-custodian/cloud-custodian/pull/9154
- Not changing required permissions, just annotating the ones we already use
- Related: Potential doc improvements coming https://github.com/orgs/cloud-custodian/discussions/7455
- Example _using_ those permission annotations to feed into an IAM policy: https://gist.github.com/ajkerrigan/f7879cdbbb0a3d285567d8e07e26a723
- Open question around how to support `config-poll-mode` for resource types that have no CFN type (such as `config-poll-type`)
- We need a resource type name to post compliance status, default to CFN type currently
- https://github.com/cloud-custodian/cloud-custodian/pull/9273
- New execution mode for eventbridge scheduler instead of event rules
- Open question around how to migrate from periodic to scheduler mode, and clean up old event rules
- Possible to use IAM session policies to fine tune Custodian permissions in different contexts?
- https://aws.amazon.com/blogs/security/create-fine-grained-session-permissions-using-iam-managed-policies/
# Weekly Report
Weekly status report for cloud-custodian/cloud-custodian Week #13 2024
## Weekly Stats
| | Opened this week| Closed this week|
|--|---|-----|
|Issues| 11 | 7|
|PR's| 17 | 18|
| | |
|--|--|
| New stars | 11|
| New forks | 0|
## PR's Opened
* [#9398](https://github.com/cloud-custodian/cloud-custodian/pull/9398): added support for chimesdkvoice voiceconnector - pull and event mode …
* [#9397](https://github.com/cloud-custodian/cloud-custodian/pull/9397): VirtualNode support for appmesh
* [#9394](https://github.com/cloud-custodian/cloud-custodian/pull/9394): Update transfer.py
* [#9392](https://github.com/cloud-custodian/cloud-custodian/pull/9392): releng - move c7n, c7n-org, c7n-mailer to wolfi
* [#9390](https://github.com/cloud-custodian/cloud-custodian/pull/9390): aws - sagemaker-cluster
* [#9389](https://github.com/cloud-custodian/cloud-custodian/pull/9389): releng - move c7n-left to chainguard wolfi-base from docker hub
* [#9384](https://github.com/cloud-custodian/cloud-custodian/pull/9384): releng - c7n-left - update tfparse and increment
* [#9382](https://github.com/cloud-custodian/cloud-custodian/pull/9382): aws - network attached resource ingress/egress filters
* [#9381](https://github.com/cloud-custodian/cloud-custodian/pull/9381): releng - ruff update and lint fixes
* [#9380](https://github.com/cloud-custodian/cloud-custodian/pull/9380): aws - add workspaces bundle support
* [#9378](https://github.com/cloud-custodian/cloud-custodian/pull/9378): added support for appmesh virtualnode
* [#9377](https://github.com/cloud-custodian/cloud-custodian/pull/9377): added support for appmesh-virtualnode
* [#9373](https://github.com/cloud-custodian/cloud-custodian/pull/9373): aws-Sagemaker-Domain
* [#9372](https://github.com/cloud-custodian/cloud-custodian/pull/9372): Bump black from 23.12.1 to 24.3.0 in /tools/c7n_mailer
* [#9371](https://github.com/cloud-custodian/cloud-custodian/pull/9371): Bump black from 23.12.1 to 24.3.0
* [#9370](https://github.com/cloud-custodian/cloud-custodian/pull/9370): Bump github.com/docker/docker from 24.0.7+incompatible to 24.0.9+incompatible in /tools/cask
* [#9368](https://github.com/cloud-custodian/cloud-custodian/pull/9368): aws - lambda@edge func expr, unique resourceIds
## PR's Closed
* [#9397](https://github.com/cloud-custodian/cloud-custodian/pull/9397): VirtualNode support for appmesh
* [#9389](https://github.com/cloud-custodian/cloud-custodian/pull/9389): releng - move c7n-left to chainguard wolfi-base from docker hub
* [#9384](https://github.com/cloud-custodian/cloud-custodian/pull/9384): releng - c7n-left - update tfparse and increment
* [#9381](https://github.com/cloud-custodian/cloud-custodian/pull/9381): releng - ruff update and lint fixes
* [#9378](https://github.com/cloud-custodian/cloud-custodian/pull/9378): added support for appmesh virtualnode
* [#9377](https://github.com/cloud-custodian/cloud-custodian/pull/9377): added support for appmesh-virtualnode
* [#9373](https://github.com/cloud-custodian/cloud-custodian/pull/9373): aws-Sagemaker-Domain
* [#9372](https://github.com/cloud-custodian/cloud-custodian/pull/9372): Bump black from 23.12.1 to 24.3.0 in /tools/c7n_mailer
* [#9371](https://github.com/cloud-custodian/cloud-custodian/pull/9371): Bump black from 23.12.1 to 24.3.0
* [#9370](https://github.com/cloud-custodian/cloud-custodian/pull/9370): Bump github.com/docker/docker from 24.0.7+incompatible to 24.0.9+incompatible in /tools/cask
* [#9368](https://github.com/cloud-custodian/cloud-custodian/pull/9368): aws - lambda@edge func expr, unique resourceIds
* [#9364](https://github.com/cloud-custodian/cloud-custodian/pull/9364): Adding RDS engine versions that can be stopped
* [#9361](https://github.com/cloud-custodian/cloud-custodian/pull/9361): doc: fix several minor typos and formatting
* [#9358](https://github.com/cloud-custodian/cloud-custodian/pull/9358): aws-OpenSearch-serverless resource and kms filter
* [#9325](https://github.com/cloud-custodian/cloud-custodian/pull/9325): Add azure certificate support
* [#9290](https://github.com/cloud-custodian/cloud-custodian/pull/9290): appmesh - added many tests - fixed big appmesh bug - extended CC to allow appmesh model to fit
* [#9154](https://github.com/cloud-custodian/cloud-custodian/pull/9154): aws - update tag permissions, expand s3 assembly permissions, add missing config_types
* [#9118](https://github.com/cloud-custodian/cloud-custodian/pull/9118): azure - stream-job
## Issues Opened
* [#9396](https://github.com/cloud-custodian/cloud-custodian/issues/9396): TypeError in Session.client() when executing gcp-periodic policies with Cloud Custodian on GCP
* [#9395](https://github.com/cloud-custodian/cloud-custodian/issues/9395): CI Docs cache doesn't handle removed/renamed resources
* [#9393](https://github.com/cloud-custodian/cloud-custodian/issues/9393): NotFoundException -> ResourceNotFoundException
* [#9391](https://github.com/cloud-custodian/cloud-custodian/issues/9391): c7n==0.9.35 missing cannot impot unicode writer
* [#9387](https://github.com/cloud-custodian/cloud-custodian/issues/9387): Strange behavior for offhours policy, only react on one single specific tag
* [#9386](https://github.com/cloud-custodian/cloud-custodian/issues/9386): Add support for regional Session Manager settings
* [#9385](https://github.com/cloud-custodian/cloud-custodian/issues/9385): c7n Dependency Issues With Other Paackages Like c7n-org and c7n-mailer
* [#9379](https://github.com/cloud-custodian/cloud-custodian/issues/9379): Unable to untag ELBv2 when it is attached with a new instance
* [#9376](https://github.com/cloud-custodian/cloud-custodian/issues/9376): Datetime representation in captured JSON files when recording api calls
* [#9375](https://github.com/cloud-custodian/cloud-custodian/issues/9375): Add support AWS resource : vpc-endpoint-service
* [#9367](https://github.com/cloud-custodian/cloud-custodian/issues/9367): aws - lambda@edge expression on cloudfront resources
## Issues Closed
* [#9385](https://github.com/cloud-custodian/cloud-custodian/issues/9385): c7n Dependency Issues With Other Paackages Like c7n-org and c7n-mailer
* [#9376](https://github.com/cloud-custodian/cloud-custodian/issues/9376): Datetime representation in captured JSON files when recording api calls
* [#9367](https://github.com/cloud-custodian/cloud-custodian/issues/9367): aws - lambda@edge expression on cloudfront resources
* [#9366](https://github.com/cloud-custodian/cloud-custodian/issues/9366): Unable to use cloudtrail based lambda execute for EBS volumes
* [#9362](https://github.com/cloud-custodian/cloud-custodian/issues/9362): Add support for aws sagemaker domain
* [#9341](https://github.com/cloud-custodian/cloud-custodian/issues/9341): c7n-policystream dependency conflict with c7n 0.9.35
* [#6113](https://github.com/cloud-custodian/cloud-custodian/issues/6113): releng - speed up docker build