►
From YouTube: C7n Community Meeting 20220816
Description
Our community meeting is public and we encourage users and contributors of Cloud Custodian to attend! You can find the notes for this meeting on our github repo: https://github.com/orgs/cloud-custodian/discussions
To get an invite to the meeting join the google group and you'll receive one via email: https://groups.google.com/g/cloud-custodian
A
The
recording
is
on
welcome
everybody.
It's
august
16
2022,
and
this
is
the
bi-weekly
cloud
custodian
community
meeting
thanks
everyone
for
showing
up
today
I'll
be
your
host
george
castro,
some
preliminaries
before
we
get
started
the
show
notes
which
I'll
be
linking
in
the
description
if
you're
watching
this
on
youtube,
I'm
putting
there
in
the
chat
feel
free
to
add
agenda
items
or,
if
you
see
any
of
the
pr's
that
have
opened
in
the
past
two
weeks
or
something,
and
you
want
to
bring
attention
to
it.
A
Just
let
me
know-
or
just
you
could
just
mentioning
at
the
meeting
when
we
do
for
call
for
open
agenda,
quick
reminder
that
these
meetings
are
recorded
and
archived
on
youtube.
So
we
do
have
those
if
you
ever
need
any
of
the
backlog.
We
do
that
and
then
the
notes
of
this
we
do
publish
to
the
mailing
list
and
to
the
github
discussions
area.
If
you
ever
want
to
look
at
any
of
these
items
for
cross-reference
purposes.
A
B
A
All
right,
here's
what
I
got
for
the
agenda
so
far.
We
we've
done
intros.
Anybody
is
their
first
meeting.
Welcome.
If
you
want
to
say
hello,
you
can
say
hello,
but
don't
don't
feel
pressured
to
not
say
hello
if
you
don't
want
to
so
feel
free
to
say
hi
in
chat
or
in
the
matrix
chat,
some
governance
updates.
I
just
wanted
to
put
this
on
the
radar
again.
We
do
have
our
draftgovernance.md,
which
is
here
in
draft.
A
I
have
not
pr'd
it
yet
and
I'm
just
basically
taking
feedback
on
how
the
governance
of
the
project
is
looking.
So
if
you
want
to
check
that
out,
I
basically
keep
this
linked
in
the
show
notes
at
the
top
every
time,
because
it's
kind
of
an
ongoing
process
and
things
like
that.
But
it
looks
like
we
don't
with
kapil,
isn't
here
probably
worth
skipping
talking
about
this
one
for
today
we're
gonna
do
another.
Go
governance
is
code
day,
so
we
did.
A
A
If
you
want
to
attend,
however,
specifically
for
this
group,
we
are
taking
cfps.
So
what
we'd
like
for
you
to
do,
and
these
ex
closes
at
the
end
of
this
month,
so
you've
got
about
two
weeks.
We
would
really
really
love
to
have
as
many
diverse
talks
from
as
many
people
as
possible
from
as
many
organizations,
so
usually
when
we're
having
the
meetings
it's
like
aj
and
jamison,
and
sunny
showing
like
some
of
their
stuff
this
time.
A
What
we'd
like
to
do
is
kind
of
flip
it
and
see
if
we
can
get
content
from
the
people
that
are
using
custodian
it's
a
good
day.
I
hope
to
give
out
t-shirts
and
all
that
kind
of
fun
stuff.
This
will
also
be
a
hybrid
event,
so
it
will
be
virtual,
but
if
you're
in
the
washington
dc
area
somewhere
around
there,
we
haven't,
we
haven't
finalized
the
venue,
yet
so
no
promises,
but
it
will
be
in
the
washington
dc
area
on
the
18th
of
october.
A
That
is
the
week
before
kubecon
and
cloudnativecon.
So
we
made
sure
we're
not
conflicting
with
that.
So
if
you're
in
the
area
or
you,
your
organization
has
an
office
in
the
area
and
you
want
to
send
people
we're
hoping
to
do
those
high
bandwidth
conversations
and,
of
course,
we'll
make
sure
that
all
the
content
is
also
available
online.
A
And
if
that
is
interesting
to
you
from
last
year,
if
you
in
this
discussion
link
in
the
notes,
I
have
the
playlist
of
all
of
the
talks
that
we
did
from
last
year.
So
those
are
all
available.
If
you
want
to
spin
yourself
up
and
kind
of
see
the
content
that
we're
looking
for.
If
you
talked
last
year,
I'd
like
to
encourage
you
to
do
it
again.
A
If
you've
never
talked
before,
then
I
really
want
you
to
submit
a
talk
and,
of
course
feel
free
to
ask
if
you
want
to
partner
up
or
if
you
want
to,
if
you
worked
on
something
really
gnarly
and
want
to
share
with
the
community
something
you've
learned
all
everything's
on
the
table
as
far
as
custodian
content.
Anyone
any
questions
about
governance's
code
day
before
I
move
on.
A
D
Yeah,
for
me,
it
was
an
interesting
experience,
got
a
lot
of
help
from
aj
and
sunny.
There
was
a
you
know,
good
documentation
with
the
checklist,
and
I
was
able
to
follow
it.
I
think
there
were
some
missing
steps
as
we
discovered
as
we
go
along,
but
as
we
figure
out
those
missing
steps,
we
were
to
crank
through
it
and
hopefully
the
that
documentation
now
should
have
all
of
this
stuff
that
is
needed
for
whoever
the
next
person
that
wants
you
to
do
it.
D
Yes,
and-
and
I
would
say
the
only
other
hiccup
that
we
ran
into
was-
has
nothing
to
do
with
the
the
release
process.
It's
more
of
when
we
freeze
the
dependency.
We
were
picking
up
a
new
version
of
both
of
three
which
broke
some
of
the
unit
tests,
and
so
you
know
it's
just
additional
hiccup
that
we
ran
into
but
yeah.
Hopefully,
all
the
the
steps
that
we
have
in
the
release.
D
Checklist
notes
should
get
the
next
person
to
go
through
it
much
easier
and
one
of
the
interesting
that
came
up
that
keep
on
coming
up,
though,
is
maybe
we
should
have
some
kind
of
container
on
way
to
do
the
release,
because,
as
we
find
out,
oh
one
of
the
issue
was
my
pip
version
was
not.
I
know,
as
of
today,
or
the
poetry
was
not
up
to
date,
or
maybe
I'm
running
on
mac
versus
running
on
linux,
and
things
like
that
so
yeah,
I
thought
that
was
interesting.
A
Yeah
and
if
you're
interested
that
I
put
the
links
of
the
release
checklist
that
we
followed
through
to
make
that
happen,
so
things
are
working
because
kapil
was
on
holiday
when
we,
when
we
released
this,
so
we're
definitely
making
progress
there
as
far
as
spreading
the
work
out
evenly
between
folks.
So
thanks
everyone
that
got
that
was
involved
in
that
and
hope
you
enjoy
the
release
all
right.
Does
anybody
have
any
anything
that
they'd
like
to
discuss
or
bring
forth
of
the
community?
A
A
E
E
Don't
that's
one
of
those
things
we
gotta
we
gotta
test
and
I
think,
to
to
really
see
it.
We're
gonna
have
to
I
mean
we
can
try,
we
can
try
doing
things
like
I
don't
know
running
with
a
memory
profile
or
just
just
profile.
A
c7
org
run
it's
going
to
help
if
you've
got
a
lot
of
accounts
in
regions
and
you're
running
across
like
a
large
state,
but.
C
A
C
A
E
E
C
E
E
Release
discussions:
we
can
just
look
at
trends
from
one
release
to
another
who's,
contributing
just
yell
out
and
say
thanks
to
a
bunch
of
folks,
so
I
think
that
stuff's
going
to
be
on
the
way
and
having
these
release
discussions
will
be
good
for
things
that
are,
I
mean
people
have
comments
or
questions
that
are
specifically
related
to
elise
release.
This
is
a
release
discussion
so
right.
E
If
anyone
has
anything,
that's
specific,
we
may,
I
know
sonny
put
the
note
up
at
the
top
of
the
release,
notes
about
that
get
bucket
location
change
and
that
we've
already
gotten
some
questions
in
getter.
So
I
think
some
high-level
concerns
that
are
specifically
related
to
a
release
we
can.
We
can
have
here,
so
I'm
actually
not
sure
where
we're
going
to
take
discussions,
release
level
discussions,
but
that's
it's
just
a
good
thing
to
have
available.
E
A
Makes
it
a
lot
easier
to
see
what
exactly
if
something
affects
you
as
opposed
to
just
the
title,
and
then,
if
you
haven't
seen
before
and
every
release,
we
always
add
the
schema
changes
at
the
bottom.
I've
always
thought
that
was
cool.
Oh
cool
people
are
already
asking
questions.
Oh
that's,
not
a
good
one.
E
A
A
C
C
A
A
C
A
F
Yeah,
I
think
I
wanted
to
chat
if
people
here
it
looks
like
he's
not
today
I
don't
know
it's.
I
guess
my
question
would
be
the.
It
seems
like
the
use
cases
integrating
with
the
data
dog
entry
point,
which
case
I
don't
really
know
if
we
need
to
expose
this
as
a
as
a
parameter
as
opposed
to
just
contributing
an
upstream,
maybe
environment,.
F
Flag
to
set
it
because
otherwise
it's
it
just
basically
opens
up
the
the
ability
to
do
a
whole
bunch
of
crazy
stuff
that
I
don't
know
as
a
community.
We
want
to
necessarily
do
support
for,
like
if
you
said,
a
custom
handler
and
you
come
in
asking
for
help.
I'm
like
I
I
mean
that's,
that's
sort
of
your
own
customization.
I
don't
know
like
what
you
expect
us
to
do
for
you,
but
yeah
mostly.
We
just
wanted
to
hear
if
what
was
thinking
about
this.
A
E
Yeah,
that's
a
nice
yeah,
that's
a
nice
little
tweak!
So
in
in
the
last
release,
we
had
a
bit
of
a
fix
to
the
metrics
filter
that
was
losing
data.
If
you
were
looking
back
at
a
looking
far
back
into
the
past
beyond
two
months
or
so,
you
would
potentially
lose
data
and
not
be
able
to
see
the
full.
This
would
come
up
if
someone
was
trying
to
look
at
90
days
or
a
year
worth
of
activity
and
just
see
typically
checking
for
long
unused
resources.
E
So
we
had
a
fix
for
that,
but
it
was
looking
at
it.
So
I
was
looking
rolling
back
the
end
period
so
that
it
would
stop
like
the
if
it's
say,
11
15.
It
might
have
to
back
up
to
an
even
even
five
minute
block
or
an
even
hour,
even
minute,
and
then
ken
said,
like
hey,
I
see
what
you're
doing,
but
let's
just
move
this
ahead
into
a
fictitious
future.
That's
that's
just
a
little
bit
ahead
of
time
so
that
we
make
sure
we
catch
those.
C
E
C
A
E
No,
I
I
think
the
main
er,
the
main
call
out
here
was
just
because
so
darren
mentioned
earlier.
There
was
a
that
we
found
during
our
release
calls
we
found
some
missing
steps
and
one
of
the
steps
that
we
found
that
was
missing
was
when
we
were
kind
of
preparing
for
a
release.
We
go
through
a
whole
dependency
update.
We
just
look
at
all
the
dependencies.
E
So
it
was
not
in
the
release
checklist,
because
initially
the
release
checklist
was
coming
in,
assuming
that
all
that
work
was
already
done
so
part
of
talking
through
these
things
in
public
and
stumbling
around
together
is
that
we
we
find
those
hidden
things
that
we
assumed
were
happening
and
we
document
them.
So
thanks
again,
darren
steve
everyone
who's
on
these
on
these
calls
for,
for
figuring
those
things
out.
We
can't
automate
them
if
they're
not
documented
in
the
first
place.
A
A
I
feel
like
the
list
of
open
pr's
in
two
weeks
keeps
getting
longer
and
the
closed
one
is
just
as
long
so
it'll
be
interesting
when
we
actually
like
go
and
measure
our
velocity,
which
I
hope
to
give
a
talk
about
at
governance's
code
day
all
right.
This
was
an
interesting
one.
Clock
custodian
not
able
to
find
our
policy
file
in
the
container
was
this.
Was
this
a
bind
mounting
issue
like
a
volley
mounting
issue,
or
was
it.
E
Not
sure
yet
to
me,
I
I'm
really
curious
to
see
what
we
what
we
hear
back
about
this
one
I
mean
I
and
I
would
be
curious.
Anyone
on
the
call
who
happens
to
run
custodian
through
docker
I'd
be
curious
to
see
if
anyone
else
is
hitting
issues,
I'm
really
not
sure
what
would
cause
the
previous
release
to
work,
fine
and
the
current
release
to
fail,
because
it
can't
find
on
something
related
to
a
bind
mount.
I
just
super
curious
because
I
don't
know.
A
A
A
C
B
So
I
was
kind
of
curious
if
it
would
make
sense
to
add
a
link
formation
registered
location
resource
type
and
make
sure
that
the
rules
are
not
like
service
link
rules,
because,
apparently
you
cannot
like
lock
down
the
service
link,
rules
to
or
guide
you,
but
they
do
have
the
capability
to
lock
down
custom
rules
too
or
guide
you.
So
if,
if
you
lock
down
your
rules,
you
won't
have
the
capability
to
read
or
write
into
non-or
guided
resources,
so
sunny
aj.
Any
thoughts
on
this.
E
C
Your
soul,
yeah,
we
also
talked
to
becky
weiss
on
the
iem
team.
Yeah
I
mean
they
weren't,
they
weren't
playing,
they
were
bringing
the
big
guns
and
we
still
got
almost
nowhere
other
than
yeah.
You
can
do
this
this
special
way.
Don't
do
what
we
told
you
to
do.
Do
it
different?
Basically,
what
we
heard.
A
A
Everyone's
like
end
of
summer,
let's
go
home
all
right.
Well,
thanks
everyone
for
coming.
We
appreciate
it.
I've
got
I've
got
a
few
items
here.
I
will
follow
up
and
do
please
consider
submitting
cfps.
It
would
be
great,
especially
if,
if
you
can
make
it
to
washington
dc
first
to
hang
out.
I
know
I
joined
the
project
in
the
middle
of
the
pandemic
and
it's
been
difficult
to
actually
to
get
to
know
each
other
outside
of
that
little
video
in
the
corner.
So
george.
A
F
Yeah,
there's,
I
don't
know
about
specific
documentation,
but
a
lot
of
people
rely
on
cloudwatch
dashboards
as
well
as
the
cloudwatch
metrics.
So
if
you
run
a
custodian
policy
with
the
m
flag
that
will
output
metrics
into
your
into
cloudwatch
so
include
stuff
like
resource
count,
any
failures
and
it'll
add
additional
dimensions
by
accounts,
regions,
policy,
names,
etc.
C
So
we
run
custodian
via
code
build,
and
so
then
we
basically
shunt
all
of
our
custodian
logs
over
to
sumo
logic
and
then
build
dashboards
based
on
all
the
logs
coming
in,
like
the
raw
logs
that
are
coming
in
just
straight
from
each
of
our
our
runs.
It's
kind
of
a
very
manual
process
in
that
sense,
but
it's
another
alternative
way
of
handling
this
kind
of
scenario.
C
C
A
F
The
I
just
put
it
in
the
chat:
that's
that's
the
docker
image,
I'm
working
on
automating,
the
building
of
the
image
from
moving
from
our
custom
tooling,
to
the
github
actions
build
x
stuff.
So
if
you
do
a
docker
poll
from
there,
all
four
of
the
existing
images
are
there
and
then,
if
you
want
to
take
a
look
at
how
they're
being
built
they're
on
my
there's
a
pull
request
on
my
fork,
this
will
eventually
be
a
pull
request
onto
all
right
through
the
upstream.
F
F
Yeah
we're
using
build
x
briefly
looked
at
doing
like
a
manual
like
manifest
building
and
basically
came
to
the
conclusion
that
it's
like
way
too
much
work
to
just
just.
Do
gold
x
instead,
especially
since
build
x,
just
does
all
that
stuff
for
you.
So
right,
right,
yeah,
there's,
there's
a
few
things
left
on
that,
so
the
images
are
building
hitting
a
few
test
issues,
not
specifically
on
like
running
the
container
there's
just
like
for
some
reason
unable
to
like
when
you
run
like
docker
images.
C
Oh
cool
yeah,
no,
I
was
gonna.
I
was
look.
I
just
wrote
that
issue
where
the
guy
was
couldn't
read
his
file
and
I've
had
that
problem
on
different
docker
binary
like
docker
on
mac,
for
some
reason
can't
read
the
home
directory
something
to
do
with
the
file
system.
Something
and
maybe
just
have
something
weird.
C
A
F
F
F
B
B
F
A
A
A
A
C
C
A
Because
I
feel
when
we're
on
slack
kapil
was
like
man,
we
can
have
a
bot
that
showed
you
all
the
incoming
pr's
and
then
we
could
have
all
the
business
and
we
could
do
all.
We
could
do
all
that
stuff
and
I'd
be
happy
to
set
all
that
up.
I
know
how
to
do
that.
It's
just
in
the
past,
when
I
asked
people
were
like
slack
at
work.
You
know
getters,
like
my
only
option
so
I
know
people
had
reservations
around
that.
But
if
people
want
to
give
slack
a
real
actual
go.
A
A
F
F
A
All
right
so
good
feedback,
I'll
I'll
I'll,
put
some
thought
into
that,
and
then
we
might
kick
the
tires
on
something
all
right.
Anything
else
going
once
point
twice:
have
your
21
minutes
back
thanks
everybody
and
we'll
see
everybody
in
two
weeks.
Don't
forget
cfp's
closed
at
the
end
of
this
month
and
if
I'm
coming
after
you,
it
means
you
haven't
submitted
enough,
so
hopefully
find
something
cool
to
submit
all
right
cheers.
Everyone
have
a
great
day
thanks
for
coming
thanks.