Add a meeting Rate this page

A

All right welcome everybody. It is september 13th 2022, and this is the bi-weekly cloud-custodian community meeting a few announcements before we get started. um These meetings are public and recorded and put on youtube. So please be cognizant of that and, as always, the cncf code of conduct is in effect, so please be excellent to each other. If you've joined the meeting here, um the google meet doesn't preserve our link history, so I'm tossing the url for the um notes uh there in chat. uh Basically, I put together an agenda and it's an open agenda.

A

So if there's something that you'd like to see us discuss, feel free to attack it on at the end of the agenda section and um we will get to it and after we get through the agenda, we uh do a little pr party and go through some outstanding pr's that people want reviews in or feedback from the community that kind of stuff. um Anybody first timers here that want to say hello, no pressure, but if it's your first time uh welcome.

B

Hey um this is no hito from into a first time uh work with daryn and steven. um I will be yeah it's the first time, so I will be maybe presenting one pr later, but yeah ooh.

A

Awesome all right welcome. Anyone else want to say hi.

A

All right, so I can ever see the agenda I'll, usually stream, whatever we it is we're talking about. um So uh governance updates uh really uh no changes here. We just have to sit down and still discuss this. I just keep this here.

A

uh Tomorrowish um expect to see the cncf announce uh custodian, moving into uh the incubation phase of a project, so tomorrow's gonna be a great day um if you've been around for the project for a while, it's taken a long slog to get there so uh I'll spoil the surprise, but the rest of the internet we'll find out tomorrow. So uh thanks, everyone who's been helping. Making that happen, um we're gonna do a governance is code day.

A

uh That's gonna be the day before or the week before, kubecon I'm gonna try to have it somewhere in the washington dc area the week of uh october. 18Th is the day we're going to have to do it and it will be a hybrid event, so we'll be doing uh streaming and all that stuff. The cfp actually closed. However, we have a full schedule, but we have enough interest that we might be able to pull off another track.

A

So if any of you out, there are still debating whether you submit a cfp or whatever um the other people on the side of the cfp forum is basically me and umer. So if there's more content that you want to present for the community, it's always useful because we are recording all of the talks and putting them on youtube. uh So, if anything, uh the more talks that we can get uh in there uh will probably give us a year's worth of content that we could refer to uh to ourselves in the future.

A

So if you haven't submitted yet um I'd like to encourage you to do that, any questions on that one.

A

All right uh I mentioned this last time um we are. We are testing slack I've linked a uh link to the uh invite page there we're using a service that will send someone an invite they just go to that link and then put in their email address. There's a pr in flight in the cloud custodian uh repo uh for me to update the website and the readme.md.

A

So if anyone has a chance to look at that and merge it um theoretically, well, no, not theoretically, because I've seen the the change logs, uh but when you accept that the docs should just auto rebuild the home page, I remember right. Yeah.

B

Okay,.

A

Cool yeah.

B

That's.

A

Right yeah, I want to follow along when it does at this time. This is like the first time. I've made a change since you, you did all that so um yeah we're in slack right now, I'm kind of posting both in getter and slack, but I suspect uh most of you will um just end up on slack because that's overwhelmingly what people ask for um so in the meantime, what you know we're not doing a hard cut off date for getter or anything like that.

A

We're just going to kind of point people towards the slack and then see what happens so um spread the word out there there's a new repo wayne. You you want to mention this or you want me to handle it.

C

uh No yeah sure so um the uh tf parse repo was published, uh I think a couple weeks ago. uh It is there to help support some of the efforts uh around shift, left and uh validation of terraform.

C

So the the idea is that this this wraps, uh the defsec hcl parser, which has some context aware uh terraform, parsing uh and just provides us with uh the the output of this- is essentially a json representation of that of that terraform and provides us with the ability to introspect into there and and do neat and interesting things. So.

A

Okay, your first question comes from kapil.

D

uh I was just gonna elaborate on what wayne's just saying like what this is. It's a going extension uh for python that versus terraform, and I think we had looked previously at. We have c7 terraform as a package and tools that will probably deprecate that's based off of trying to parse, terraform and python. I think a lot of the realization was that it's really hard to parse terraform in python well um and uh wayne built this out and as using the devsec library, because it actually does modular resolution it uses.

D

I mean the only way to parse terraform, because it's idiosyncratic and changes pretty.

E

Much.

D

Every terraform.

E

Version.

D

Is to use the library, so that's what this does and I'll pass them up.

A

Any other questions on this one.

A

All right check it out thanks wayne. uh Next, we have sunny you want to do image signing or give us the kubernetes update, um uh chef's choice for order.

F

Sure uh yeah I'll talk about the signing first so that I just went in for the new arm. 64 images that we're building, as well as the existing x86 images. So uh this is using the cosine experimental features. So if you do a cosine verify, clockwise c7n uh with the dev tag you'll be able to see that it's uh it's signed.

F

Not sure if anyone is actively looking to verify image signatures right now, but that is there and then once we do the uh latest release that will be available on the latest tag, as well as the uh the release uh version tag so 9.19.0, which should be coming out. I think later this week.

D

uh Kapil, I just wanted to talk through some of our next steps as well on this um uh supply chain security- road, which is, I think, something that affects the entire industry. um I think we know uh sonny's done some great work on getting us signed images here and we, uh as well as on uh arm64 as far as the distribution channels. As far as next works in supply chain security.

D

I think we're looking at both pinning all of our github actions um uh so that uh as as well as uh and the purpose of doing that, pinning is because right now, uh everything's, throwing in ci is effectively operating some context and reducing that to non-versions by get shots and then, additionally, um looking at doing s-bombs, I'm curious from the people that are here if they even care about s-bombs or they actually use those pumps in any way or consume them.

D

Okay, so future stuff. But we'll do it now.

F

um And then I guess one last bit on ci uh that isn't here the aws functional tests um bit of action stuff was merged. It's pending a little bit of internal aws configuration. We've got to do to get the um the I am role set up, but the functional test should be available inside of github actions. Now previously it was running on code build which wasn't really accessible to the community.

F

The functional tests for aws are going to be running uh 6 a.m. Pacific time I believe it's 6 a.m, pacific time um or it might be eastern time um or 3 a.m. Eastern, I forget which one it was, but that's running the follow-up items for that are gcp and azure, which both support the federated like oidc off flow there's just a little bit of a hiccup on uh it seems, like custodian, doesn't like to pick up the credentials uh with gcp on that flow.

F

um But it's just something I gotta I gotta hammer away on um and then I can yeah. I can talk briefly about the uh kubernetes emission controller stuff. um So let me share my screen. Real quick.

F

It's been a good amount of work done uh so right now, if you were to um run the server and uh just hit the just run a get on any endpoint, you get your list of policies back. So in this case we have one that says um for all deployments, uh we're going to patch the image pull policy to say, if not present, um and then just run a really quick demo here. So we have a manifest here that has image pull policy equals to always on both of these um and then so.

F

We apply our manifest.

F

We get a warning here. I think the description is is uh not correct, but um it says all images must always be pulled, and so then, if we run a if we get our deployment here, we see that on this line, our imageable policies now, if not present, and previously in the manifest it was always and same thing here, um there's some additional actions here for uh labeling um on an event so like just just like how we have a tag: action for the aws azure gcp providers, you can tag um when there's an event.

F

uh Additionally, there's a auto label users so inspects the event, grabs the um user that created the event and then adds the add to adds it as a label, and you can specify the label key as well. So by default, it's owner contact like we have for the other providers, and that way makes a lot easier to actually track down. Who owns uh what resources in your kubernetes cluster there's a whole bunch of other stuff as well.

F

I don't want to take up all the time, though, so, if anyone else, if anyone has any specific questions or stuff that they want to see, feel free to, let me know.

A

Any questions, and if this is a first seen the kubernetes stuff, um I had a link to the notes. The pull request is 76.97.

F

And then also, um if anyone has any use cases or policy examples, they would like to see. Definitely let me know um you don't have to write policy. Just give me ideas like what problems that you're facing in terms of uh sort of governance on your cluster and I'll. Try to see if I can make a policy out of that.

A

All right, thanks any other questions for sunny before we move on.

A

All right, the next one um I happen to be hanging out with aj and sunny, and we started to talk about uh changelog and the conventional commits verbs and things like that that people are putting um and I kind of round about when uh maybe it's time I should start doing a skeleton for a contributor guy. That starts mentioning these things, um so I thought I would just mention that uh it seems pretty obvious like what our verbs and stuff would be.

A

We just need to define that conventional commits doesn't really like enforce anything like per project it'd, be up to us to determine what those are, and um so I just saying: hey, I'm gonna start to work on this. Does anybody have any feedback or if anybody has any like style guides that they like or or anything like that? Obviously you know I don't. I don't think we'd want to. uh uh You know, make any statements about a thing we just document. What we have now uh would be a better start.

A

So does anyone have any strong opinions about that? um Please, let me know either now or at the time um and aj's tossed a link to conventional commits.

A

um That's kind of like the little spec I don't know if the project has always like done that I was just kind of following what the person ahead of me did. So I don't know um uh what's up with that, but I'm gonna start defining that and I'll pr, obviously, in chunks, so it'll be obvious. uh What I'm working on um cool anything else, any other agenda items before we get to prs that need attention or issues or bugs.

F

um We are targeting a release for this week, right kapil.

F

I think he said wednesday.

D

Yeah, I think we're we're trying to get a voice out this week. um We don't do fridays, so uh I think we're still waiting on like one or two last pr's, but um yeah so ideally wednesday, but possibly slipping to thursday.

A

um You just reminded me: have we um have we talked about release automation in a while or or is that currently on hold due to case and docker? I I know we need you. We wanted the docker images sorted as part of this as like a.

F

Yeah, so the work is in um all the stuff is, is sort of like in an effort to get to release automation, so the docker part was was part of it. The.

C

Problem.

F

Is the other part of it um once I think, once the functional tests are done, that's really when we could start banging on it. um Okay and getting? Can you work done on that uh yeah? So I I'm anticipating it might be a thing. That's like after governance's code day, slash kubecon, um just because there's some prep I need to do for the the kubernetes mode stuff. So.

A

Gotcha cool any other questions on release. Then.

F

And then tencent cloud will be releasing as well. This release.

A

Really, okay, cool all right! We'll talk about that when we get to 77 35 um now hito, it's your first meeting, so you get first dibs which one's yours.

B

Okay, I'm actually representing the my my team, it's not exactly mine, but it's.

A

um

B

26.96.

A

Okay got it here, we go.

B

Yeah, so that's for the support for um description, this little misleading, but basically support uh it's called pre-query filter uh for rds code in the when we use the config pull uh rule and a pre-query filter defined by the filter that uh you know it carries over. This uh described db uh call as opposed to the post query. Filter is when we get the result and then we we apply the custodian filter.

B

uh Two changes uh made. uh One is to simply support the the pre query: filter attribute uh example in the yaml file, so that when, when we use the uh just a in rds resource- and we want to apply filters there, uh there you know will be used. um The second change will be when um we use this for the config row.

B

um The config rule makes uh two api calls and the first one actually carries the um you know the query filter the data there, but the second query does not so the change basically made it to uh to have that.

B

So that's that's! The change is about.

D

Yeah so um definitely appreciate the pr, I think, there's definitely something that seems odd in some of the conversation about using a class-based attribute here that um sunny was highlighting in the the running db, incense shouldn't per say, be running twice at runtime, so it's a little bit unclear where this will make there's something odd here. We generally would never use um class data for this type of um instance attribute, and so um there feels like something's out here, and someone uh wants some maintainers to have to dig into it to try to understand.

D

Why are you seeing that behavior.

E

Yeah, I I I got a ping. I didn't notice this one when it came in but uh steve gunn. uh I got a ping from there and I started to look at it and I also noticed that the way that the way that it's written right now, it's it, has a filter, block and we're doing name value pairs, and it seemed like it's kind of mirroring what we've done with the ec2 uh on the ec2 resource. But in that case it's more key value.

E

So, instead of having a filter block with name engine value, mariadb you'd have a query block and then like engine colon maria db, uh just for consistency, so I'll have a look at it too. I know sunny's already taken a crack at it, but I mean it seems useful to have we'll just have to go through it again and try to make sure it's consistent and- uh and the second call does seem weird- I haven't looked in enough to see uh why that's doing that yet but worth saying.

B

Yeah, this po is pretty much for the when it's used combined with uh the configural. uh If we simply making the rds the prequel filter is not really useful um for for many cases. uh It's just that when we have a config rule- and let's say you want to audit the oracle instances uh where your account will you have a hundreds of mario tv in the postgres, everything will show up in the config, which you don't you don't care about. So that's for that.

F

Shouldn't that be done on the uh config source, then.

D

No, it's not it's config poll mode, so it's no different than a regular mode, so it's not actually event based and it effectively configures the clock and is recording results. But it's not config as a data set or source.

G

I think, for me, what's confusing is why are there two calls to describe db instance.

G

Do we know why I have a look at the code to understand, but to me it seems weird. There are two calls.

B

Yeah I dig down um and.

B

Yeah I couldn't yeah, I couldn't really figure out why why there's two two calls happening and uh there was a choice between like making the change in the configural uh uh code itself or or resource, and this.

D

You should be able to get the filter. Behavior should be the exact same, so you can run a pdb or something on it. um You don't necessarily have to deploy it as well. But sorry, let me rephrase, how are you observing the second api call if it's deployed on lambda.

D

When.

G

You say: there's a second.

D

Api called, how are you observing the second api call, is that the cloud trail is that the uh logging.

B

Oh yeah, I just modified the code, enabled uh more. You know, logging and see what's exactly happening behind the scenes.

D

So that may be called more than once, if you're doing, but.

B

Yeah definitely scrolling twice yeah.

D

But annette isn't shouldn't be doing an api calls. We generally do calls in process and when we're actually processing like the policy, instantiation itself is supposed to be a flywheel, um but it's not so we're actually processing that we should do any api calls because you may want to do a policy validation. Let's say as an example um without doing api calls inside of ci.

D

So if you're trying to do this in a net, that's probably the one place to do the apex. Also, it's a little bit again, some of what you're saying doesn't match up to some more common, the common patterns that we use um and just trying to understand that.

B

Okay, okay,.

H

Yeah uh we can take this back with kalai as well and then just kind of relook at the way things are being done. If you guys have some um yeah uh juicy comments or feedback um yeah feel free to add it in there and then we can. We can go from there.

G

Can we do uh the top two now? I think that should be easy, which one uh the first two yeah. So this one, I believe appeal has already uh commented on the uh at the high level. This is adding support to wealth filter, I believe, but for file managers uh firewall manager.

G

With this we need the ability to not just do matching on the exact string. So I think the question here is, you know: do we want to go full regex support or just glob wild card matching kind of thing? The implementation here is uh to uh use full reject, support computers. As saying uh you know, maybe we can just do glob. Instead, um I think for our use case. It doesn't really matter uh either way works. Fine. I think it's just a decision we have to make here to uh to move forward.

G

For me, I prefer regex, it's just more flexible and more powerful.

D

Jwz quote: um you have a problem, I use red x's and then you've got two problems um like just in the context of what's simpler, to read in the policy context um if like uh complicated regexes are not necessarily easiest for or to read, and so um the question is really is um is: are all these cases actually satisfied by just doing a glove, and at least in this context it did seem.

F

That way, so.

D

I'm just curious to see what there are other use cases that do need the full power of greg axes. Then I'm definitely. You know yeah curious to understand that more.

D

Otherwise, I think doing a similar thing is probably easier for both authors and readers, so policies.

G

Okay, yeah, okay, I'll talk to you, okay, um but, like I said, I think the use case for what we need here. Wildcard I mean club matching, should be good enough for us yeah. Okay, we can modify that.

H

Caden kind of gave some examples of the use case we have for it um is basically what kaden said. I think in response to kapil um scrolled down a little bit here.

G

Yeah, I think I come I I commented on it too. I mean it's pretty simple right there, okay.

H

So.

G

Basically,.

H

Okay, we could do this with glob yeah.

G

It will match more than it might match more than what we want, because it cannot be as precise as regex right uh here. We just start a wild card, but it will match what we need.

D

Is there any context where it would be more confusing? Like sorry, you said it might over match.

G

I don't think it's, I don't think it's more confusing, it just might, but I think it's fine.

H

Basically, as.

G

Long as we have enough, I guess unique characters in there to really distinguish it. Yeah in.

D

This example, I think it's.

G

Good enough here.

D

Yeah I mean you can also directly do the policy names literal here. If you wanted, um you say that again, you could also do the policy name here, the literal, if you wanted, even with blob like if you feel like it might match more. I like it, I'm very curious for the use cases where and I'm sorry- I haven't read this uh uh recently, so I see some comments from last day, um but if there's a use case where the glob is going to match more.

D

As far as I can tell you, the descript, the how you discriminate between the two firewall uh laugh pulses associated with the firewall would be the same in regex versus blob, and then it's really just a question of not needing to do a leading dot star so to speak.

D

Right requires more syntax, as far as I can see, it.

H

So we're kind of exchanging precision for readability. If we go glob.

D

Well,.

H

I'm.

D

Questioning the precision part, because I don't it's not clear that there's any precision loss for a use case. That's.

F

And if there is that.

D

That's exactly what I'm trying to understand more.

D

Like is it just because reg x's are more flexible or is there an actual use case where one would be fishing, but not the other.

H

I don't know, I think, we're mostly familiar with yeah regex. We can start looking into glob stuff, though, if you have yeah um some some thoughts on it, too um would be appreciated in the comments.

G

Sounds like it comes down to preferences here, um but I do know for a fact that hey with regex things can get gnarly and out of hands right.

G

So I can see where, where um yeah who's going coming from yeah.

A

All right, your next one is this one: yes got you.

G

I think this one is a follow-up question of best practice when it comes to recorded data, so here sunny was suggesting that hey, we just having too many uh files for the recorded data he's suggesting to trimming it down.

G

So I guess this question for the team is: is it recommended to her to to mess around with recorded data files? um For for me, I tried to not to do that before uh simply because you know hey, that's the record data, I try not to modify test and test data just so that things will pass. I try to get things as close to. I guess, what's out there as possible.

F

Yeah, we're not, I mean the to ask here, isn't to modify the test, the the data, so the test will pass um anytime. You have a significant line, diff like here. It's like 16 000 lines. um Most of the data there is redundant um really like we do this. In other cases like with the service quota stuff, like that one was, it was like over a hundred thousand line div um which we cut down.

F

So I think, for the sake of um brevity and just usefulness like we don't we don't need the entire um described, call on on all the parameters.

D

Put the other separate way darren like when you record test data, you're, recording your environment. If you have a thousand ec2 instances and you're only fine trying to find one and deal with that, one, the rest of its extraneous and pure line noise.

G

It's not like we're having thousands of instances. This is parameters of a database um parameter group, so you create one uh parameter group by default. It has hundreds of uh parameters.

D

Right all which are extraneous data per se as well in the same way.

F

Yeah, I think the question is basically: is the data relevant to the test that you're you're making right like if, if your filter for some reason is expecting, is like a count filter on the number of parameters and you're expecting a thousand, I mean, I guess, there's you could maybe start to make a case, but in this case it's simply a value filter.

G

And then do you know how the recording data works in terms of file naming because you know you know how it has the suffix like one, two, three, four five, the way that I understand it is for each api call that it make that's that's the the suffix that will then get added to the file um pretty much it yeah.

G

My! I don't think we can um do what you're suggesting assignment we just collapse it all into one file. I think we're going to check you know.

D

You also need to collapse into one file, it's just about getting rid of the unnecessary parameters that you don't care about just to, because if there's, if you're only here, if you only care about one that you're matching in the test, then the other hundreds don't matter, okay, yeah. I.

F

I probably could have clarified there. It's not a single file for like across all the api calls like each time you make the api call just to try to trim it down to yeah the minimum.

G

Set yeah, I think right now, is that having pagination, and so that's, why there's like a bunch of them so yeah? I think we can collapse the one that got passionate into yeah. Okay,.

F

um Typically for the the paginated stuff, uh the api is looking for a the sdk or the client, typically looking for a next token. um So if the next token's not there, it's not going to try to pull the next file.

G

Okay,.

E

You can see it looks like they have. The existing tests for rds parameter groups are are like trimmed up in a similar way, so they might be useful in iteration. Okay.

E

um Actually, on that note, I I took a very quick look at this one, and I was just I noticed that there was some manual caching going on and an api calls for describing those parameters where we have a top level resource for rds cluster parameters, and I didn't know if we could use that like in a resources call so that we didn't have to make those explicit calls and and manually handle the caching, um not that I want to jump in and say rewrite your pr after 30 seconds. Look look at it.

E

um I just didn't know sunny. Does that make any sense uh like at a glance or is it was? uh Are the manual calls necessary here based on what you saw.

D

So we have an rds parameter group resource, but I don't recall if we had the rds cluster parameter, yeah.

E

I.

D

Looked at looks like we do.

E

um There's yeah aws rds cluster param group is, um is a resource.

G

Aj, I believe the caching code is in the existing code. uh I don't think it's something new appear introduced.

E

Okay, okay, yeah! That is a I bring it up. That's why I haven't commented yet because I didn't it was very likely that I just hadn't looked deeply enough yet, but we're on a call. So as we'll talk about it,.

A

All right anything else on this one.

G

No okay.

A

All right uh who's, this it got merged.

A

uh Why did we boom this.

D

I think we're just waiting on the muncher. It is a bug.

A

All right: well, thanks kevin I've forgotten why we uh wanted to do this. One uh this one's yours, sonny, uh valueless, filter, yeah,.

D

All.

F

Right I.

D

Remember.

F

This one did we, I guess, did we talk about this last meeting, probably not right. That was two weeks ago.

F

um This uh addresses a common ask that we've had in the issues for a long time, which is to be able to do a multi-attribute match over a list of objects for a more concrete way to say that uh people that ask, can I do regex over list, or can I, in this case aj gave an example where you wanted to match on multiple attributes on the dictionary um before you would have to do some weird james path, expression, but now, with the uh the bottom example, it's much more legible and clear what what the intent is uh without having to um do the james path expression in your head.

F

There are some uh questions on naming. I think right now. It's item list into the valueless um or list item I forget which one, um but if anyone has any uh concerns or questions or whatever feel free to drop a comment in the pr.

A

All right, uh 10th cent cloud kapil. You want to give us the tl dr on this one.

D

um 10 cents been contributing, uh I think we still need a readme just uh uh and especially just the base provider, and I think some vms, but uh it's been making progress, and um all that's looking also be doing that as part of this, uh that thanks just provider as part of this release, um but it's still pretty basic. uh It's mostly just pull-based evaluation architecturally. We can do uh serverless account response in this provider as well, um whether or not that's in scope.

D

uh They would have to refer to what uh that team's true like where they want to go with their contributions.

A

Cool cool all right, any other questions on this one.

A

All right, two: more uh output to try to determine bucket region without a client. This looks like yours, aj.

E

Yeah this address is an issue that came up in the last release. Where we have we just. We need to be able to determine a bucket region and specify that for our output buckets and in certain cases, cross-account cross-region stuff- that account no matter how many permissions you try to add that that action is going to get denied.

E

So um so here we took some inspiration from comments and other uh other issues and try to pull that determine that region through http headers, and then we still fall back to get bucket location calls, but that should that should prevent some some issues with writing to s3 across regions across accounts, and we may try to use this uh this functionality elsewhere.

E

Just because of other- and I know a producer- isn't on the call, but uh he mentioned that there's there is some confusion, sometimes working with s3 because being a global namespace, but needing to do some operations with within the region where the bucket lives we run into some weird issues. So this may be helpful in other places.

A

All right any questions on this one.

A

uh And this last one I just wanted to point out. This is where you can follow the kubernetes provider uh work here, and I link to the pr in the show notes, um and that's all that we have for our agenda. Does anybody um have anything they'd like to give to the group? Are we giving people time back.

H

Quick question um so for um just coming back to that uh raf v2 um uh support, um or you know, regex or glob filtering, um so we have that for uh that'll support cloud formation and also um alds. um We want to also add support for um appsync and uh api gateway. So, like the rest stage resource, we did notice an issue with the rest stage resource the way it's showing up in config like uh basically the way the state stage arn is getting generated or something so we'll have something else in for that.

H

But has there been any? um Have you guys seen anything for like appsync like as far as people requesting or wanting that, or is that something that you guys have looked at or anything um we're probably going to be trying to add that resource here in the next couple weeks.

D

It hasn't come up, I think app runner was okay, something that was on the list that it seemed, but um I don't recall appsync specifically okay, but.

H

We're happy.

D

To you know for a resource on that sounds great, and I don't believe that partner has um laffy to support either. But um I know um adding resource for app. Sync sounds great.

H

Okay, awesome um and then the other thing was on the um sorry to circle back on these those pr's, but the um rds cluster one uh that's kind of checking uh for tls. um I think we also want to make sure that document db and uh neptune are supported. I believe it.

D

Should just happen automatically? Okay, I mean they're just a different type of engine and for from an artist cluster perspective. They they they should.

H

Be in the direct their apis.

D

But they all show up underneath that same obviously,.

H

Okay, cool, um I don't think that's something we fully tested, but okay, cool yeah sounds good um yeah. Basically, we're wanting to consolidate and kind of yeah just use rds cluster instead of having multiple policies for different engines: okay, cool yeah! Thank you.

D

uh You may still need to do different policies for the by engine type, just because the parameters are maybe different for each one, but we're.

H

Hoping.

D

We can just have.

H

You can do a one big block.

D

Of orders around it: yes, as well: okay, sweet thank.

H

You.

A

All right anything else.

A

All right, awesome, we'll see everyone in two weeks and thanks for attending thanksgiving.

E

Minutes.

A

Back all right get in the groove cheers.

H

You.
youtube image
From YouTube: Cloud Custodian Community Meeting 20220913

Description

Our community meeting is public and we encourage users and contributors of Cloud Custodian to attend! You can find the notes for this meeting on our github repo: https://github.com/orgs/cloud-custodian/discussions

To get an invite to the meeting join the google group and you'll receive one via email: https://groups.google.com/g/cloud-custodian