C7n Community Meeting Minutes

# C7n Community Meeting Minutes # November 8th 2022 :::info - **URL:** meet.google.com/mii-evqh-esh - **Date:** November 8th, 2022 (2:00 PM (ET) / 11:00 AM (PT) / 6PM (UTC)) - **[Timezone Converter (Click me)](https://www.timeanddate.com/worldclock/converter.html?iso=20220621T180000&p1=263&p2=224&p3=136&p4=37&p5=367&p6=438&p7=248&p8=22)** - **Agenda** 1. Intros `10m` 1. Agenda Items `20m` 1. PR Party `30m` - **Meeting Contact:** Jorge: <jorge@stacklet.io> - **Video Archive and Transcripts**: https://mtngs.io/cloud-custodian/community-meetings/ ::: [![Video Recording](https://img.youtube.com/vi/G-RvKw8Oqk0/0.jpg)](https://youtu.be/G-RvKw8Oqk0) ## Agenda Item - Intros, etc. - We're testing Slack! Join us: - [Invite page](https://communityinviter.com/apps/cloud-custodian/c7n-chat) - Marco almost done with archives on the website, just need to dust off his node skills - :boom: [#7919](https://github.com/cloud-custodian/cloud-custodian/pull/7919): aws - security-group - add alb-wafv2-enabled filter - Pratyush found some scalability issues [AJ/Pratyush]: - [#7936](https://github.com/cloud-custodian/cloud-custodian/issues/7936): Cache error on some long running policies - https://github.com/cloud-custodian/cloud-custodian/pull/7923 - c7n-left [] - Needs reference docs? - tencentcloud? [Kapil] - Release Sync [Sonny] - KubeCon release - overview - Release on the 15th? (Next Tuesday) # Weekly Report Weekly status report for cloud-custodian/cloud-custodian Week #45 2022 (Note, due to KubeCon this month we're covering 4 weeks of activity) ## Weekly Stats | | Opened this week| Closed this week| |--|---|-----| |Issues| 13 | 1| |PR's| 29 | 32| | | | |--|--| | New stars | 0| | New forks | 0| ## PR's Opened * :boom: [#7975](https://github.com/cloud-custodian/cloud-custodian/pull/7947) - aws ec2 add managed-policy filter * :boom: [#7884](https://github.com/cloud-custodian/cloud-custodian/pull/7884) - aws - efs - add has-statement filter * :boom: [#7874](https://github.com/cloud-custodian/cloud-custodian/pull/7874) - SES addition * :boom: [#7729](https://github.com/cloud-custodian/cloud-custodian/pull/7729) - aws - rds-cluster - add db-cluster-parameter filter * :boom: [#7029](https://github.com/cloud-custodian/cloud-custodian/pull/7029) - config managed rules * :boom: [#7919](https://github.com/cloud-custodian/cloud-custodian/pull/7919) - aws - security-group - add alb-wafv2-enabled filter * :boom: [#7946](https://github.com/cloud-custodian/cloud-custodian/pull/7946) - APIGW waf support * :boom: [#7975](https://github.com/cloud-custodian/cloud-custodian/pull/7975): Fix issue dumping FormatDate objs as JSON. * [#7974](https://github.com/cloud-custodian/cloud-custodian/pull/7974): aws.ami enhancements for issues #7972, #7232, #7031 * [#7971](https://github.com/cloud-custodian/cloud-custodian/pull/7971): Add gcp resource project info * [#7970](https://github.com/cloud-custodian/cloud-custodian/pull/7970): Update website banner for reinvent * :boom: [#7969](https://github.com/cloud-custodian/cloud-custodian/pull/7969): docs - enable the edit button for website * [#7968](https://github.com/cloud-custodian/cloud-custodian/pull/7968): fix - don't use gh-deploy command as it's destructive * [#7966](https://github.com/cloud-custodian/cloud-custodian/pull/7966): fix - wrap mkdocs in poetry run * :boom: [#7964](https://github.com/cloud-custodian/cloud-custodian/pull/7964): Fix/py version * [#7963](https://github.com/cloud-custodian/cloud-custodian/pull/7963): fix - gh action for website publishing * [#7962](https://github.com/cloud-custodian/cloud-custodian/pull/7962): M.Hogg - Suggested fix for KMSKeyArn Parameter validation failed for … * [#7959](https://github.com/cloud-custodian/cloud-custodian/pull/7959): aws - autotag action - autotag user with value * [#7957](https://github.com/cloud-custodian/cloud-custodian/pull/7957): Add governance-as-code day orgs * [#7954](https://github.com/cloud-custodian/cloud-custodian/pull/7954): AWS - Events added new action set-rule-state * [#7953](https://github.com/cloud-custodian/cloud-custodian/pull/7953): aws - composite-alarm - add resource and delete action * [#7952](https://github.com/cloud-custodian/cloud-custodian/pull/7952): c7n_gcp-add-augment-to-big-query-resource-bq-table-to-extract-encryptionconfiguration * [#7951](https://github.com/cloud-custodian/cloud-custodian/pull/7951): C7n gcp add augment to big query resource bq table to extract encryption configuration * [#7949](https://github.com/cloud-custodian/cloud-custodian/pull/7949): c7n-left - output - add description to console output * [#7948](https://github.com/cloud-custodian/cloud-custodian/pull/7948): update version to 0.9.20 * [#7947](https://github.com/cloud-custodian/cloud-custodian/pull/7947): aws - ec2 - add managed-policy filter * [#7946](https://github.com/cloud-custodian/cloud-custodian/pull/7946): Apigwwaf * [#7945](https://github.com/cloud-custodian/cloud-custodian/pull/7945): releng - tencentcentcloud fix pyproject.toml project urls * [#7943](https://github.com/cloud-custodian/cloud-custodian/pull/7943): c7n-left - graph traversal filter * [#7942](https://github.com/cloud-custodian/cloud-custodian/pull/7942): c7n_kube - reports - fix reporting for k8s provider * [#7941](https://github.com/cloud-custodian/cloud-custodian/pull/7941): website - update text and css * [#7940](https://github.com/cloud-custodian/cloud-custodian/pull/7940): c7n-left - exit 1 when resources match policies * [#7939](https://github.com/cloud-custodian/cloud-custodian/pull/7939): aws - route53resolver - Add new resource for resolver query log config and action to associate vpcs * [#7938](https://github.com/cloud-custodian/cloud-custodian/pull/7938): aws - rds-snapshot - skip automated snapshots in delete action * [#7937](https://github.com/cloud-custodian/cloud-custodian/pull/7937): feat: new website * [#7934](https://github.com/cloud-custodian/cloud-custodian/pull/7934): c7n_tencentcloud - resources - new cos * :boom:[#7917](https://github.com/cloud-custodian/cloud-custodian/pull/7917): graviton support for serverless ## PR's Closed * [#7970](https://github.com/cloud-custodian/cloud-custodian/pull/7970): Update website banner for reinvent * [#7969](https://github.com/cloud-custodian/cloud-custodian/pull/7969): docs - enable the edit button for website * [#7968](https://github.com/cloud-custodian/cloud-custodian/pull/7968): fix - don't use gh-deploy command as it's destructive * [#7966](https://github.com/cloud-custodian/cloud-custodian/pull/7966): fix - wrap mkdocs in poetry run * [#7964](https://github.com/cloud-custodian/cloud-custodian/pull/7964): Fix/py version * [#7963](https://github.com/cloud-custodian/cloud-custodian/pull/7963): fix - gh action for website publishing * [#7951](https://github.com/cloud-custodian/cloud-custodian/pull/7951): C7n gcp add augment to big query resource bq table to extract encryption configuration * [#7949](https://github.com/cloud-custodian/cloud-custodian/pull/7949): c7n-left - output - add description to console output * [#7948](https://github.com/cloud-custodian/cloud-custodian/pull/7948): update version to 0.9.20 * [#7945](https://github.com/cloud-custodian/cloud-custodian/pull/7945): releng - tencentcentcloud fix pyproject.toml project urls * [#7943](https://github.com/cloud-custodian/cloud-custodian/pull/7943): c7n-left - graph traversal filter * [#7942](https://github.com/cloud-custodian/cloud-custodian/pull/7942): c7n_kube - reports - fix reporting for k8s provider * [#7941](https://github.com/cloud-custodian/cloud-custodian/pull/7941): website - update text and css * [#7940](https://github.com/cloud-custodian/cloud-custodian/pull/7940): c7n-left - exit 1 when resources match policies * [#7938](https://github.com/cloud-custodian/cloud-custodian/pull/7938): aws - rds-snapshot - skip automated snapshots in delete action * [#7937](https://github.com/cloud-custodian/cloud-custodian/pull/7937): feat: new website * [#7932](https://github.com/cloud-custodian/cloud-custodian/pull/7932): c7n_kube - role/cluster-role - add role and cluster role resources * [#7930](https://github.com/cloud-custodian/cloud-custodian/pull/7930): aws - secrets-manager - add has-statement filter * [#7928](https://github.com/cloud-custodian/cloud-custodian/pull/7928): c7n-left - update tfparse, json output includes resource, also jmespath query for json output * [#7914](https://github.com/cloud-custodian/cloud-custodian/pull/7914): Using assertEqual instead of assertTrue in unit tests * [#7905](https://github.com/cloud-custodian/cloud-custodian/pull/7905): c7n_tencentcloud - cls, es, vpc, tcr - add resources * [#7900](https://github.com/cloud-custodian/cloud-custodian/pull/7900): releng - c7n-left update tfparse version * [#7882](https://github.com/cloud-custodian/cloud-custodian/pull/7882): c7n_tencentcloud - resources - cos * [#7871](https://github.com/cloud-custodian/cloud-custodian/pull/7871): updating the KeyVault resource to use the list_by_subscription API * [#7864](https://github.com/cloud-custodian/cloud-custodian/pull/7864): Update azure sql va filter * [#7861](https://github.com/cloud-custodian/cloud-custodian/pull/7861): aws - security-group - used filter - enrich attribute * [#7813](https://github.com/cloud-custodian/cloud-custodian/pull/7813): aws - dynamodb - enhancement recommended for the consecuitive-backups filter * [#7670](https://github.com/cloud-custodian/cloud-custodian/pull/7670): azure-blob-soft-delete * [#7143](https://github.com/cloud-custodian/cloud-custodian/pull/7143): add GitHub URL for PyPi * [#5876](https://github.com/cloud-custodian/cloud-custodian/pull/5876): aws - s3 - reduce time complexity of merging lifecycle rules * [#5739](https://github.com/cloud-custodian/cloud-custodian/pull/5739): POC for Not Found exceptions in resource_type * [#5699](https://github.com/cloud-custodian/cloud-custodian/pull/5699): aws - cli - add exclude-region option ## Issues Opened * [#7976](https://github.com/cloud-custodian/cloud-custodian/issues/7976): Policies using AWS resource "security-group" logging wrong c7n version in CloudWatch logs. * [#7973](https://github.com/cloud-custodian/cloud-custodian/issues/7973): AWS EC2 - exception when processing ENI that is in-use but has no attachment * [#7972](https://github.com/cloud-custodian/cloud-custodian/issues/7972): Add more flexible 'set-permissions' action to aws.ami to manage AMI sharing policies * [#7967](https://github.com/cloud-custodian/cloud-custodian/issues/7967): "account.*" policy conditions prevent lambda based policies from executing. * [#7965](https://github.com/cloud-custodian/cloud-custodian/issues/7965): Update request: IAM Role's cross-account filter * [#7961](https://github.com/cloud-custodian/cloud-custodian/issues/7961): route 53 resources are all global * [#7960](https://github.com/cloud-custodian/cloud-custodian/issues/7960): resources/awslambda.py using KMSKeyArn instead of KmsKeyArn * [#7958](https://github.com/cloud-custodian/cloud-custodian/issues/7958): aws - ability to modify security group cidr without modifying the port(s) * [#7956](https://github.com/cloud-custodian/cloud-custodian/issues/7956): CodeCommit tags missing * [#7950](https://github.com/cloud-custodian/cloud-custodian/issues/7950): aws - 'auto-tag-user' values for more universal use. * [#7944](https://github.com/cloud-custodian/cloud-custodian/issues/7944): AttributeError: 'GlueDataCatalog' object has no attribute 'get_arns' * [#7935](https://github.com/cloud-custodian/cloud-custodian/issues/7935): Filter based on account number and tag ## Issues Closed * [#7634](https://github.com/cloud-custodian/cloud-custodian/issues/7634): UnitTests using assertTrue(x, y) instead of assertEqual(x, y) ### Chat Logs 00:20:37.630,00:20:40.630 Kapil Thangavelu: Re resource type from eni description/attributes.. https://github.com/cloud-custodian/cloud-custodian/blob/master/tools/sandbox/zerodark/zerodark/ipdb.py#L101 Interface type is much better. 00:23:13.062,00:23:16.062 Kapil Thangavelu: Re supported interface types supported.. for filtering.. api_gateway_managed | aws_codestar_connections_managed | branch | efa | gateway_load_balancer | gateway_load_balancer_endpoint | global_accelerator_managed | interface | iot_rules_managed | lambda | load_balancer | nat_gateway | network_load_balancer | quicksight | transit_gateway | trunk | vpc_endpoint 00:25:30.808,00:25:33.808 Kapil Thangavelu: So missing a few, re rds, elasticache, efs, hsm, dms, dax. 00:41:29.844,00:41:32.844 Kapil Thangavelu: I just moved in the last week, so limited time in on reviews this week as well 00:48:16.213,00:48:19.213 Darren Dao: one more https://github.com/cloud-custodian/cloud-custodian/pull/7904