►
From YouTube: Cloud Custodian Community Meeting 2022-05-24
Description
Our community meeting is public and we encourage users and contributors of Cloud Custodian to attend! You can find the notes for this meeting on our github repo: https://github.com/cloud-custodian/community/discussions
To get an invite to the meeting join the google group and you'll receive one via email: https://groups.google.com/g/cloud-custodian
A
Recording,
let's
just
give
it
a
second
and
welcome
everyone,
it
is
may
24th
2022.
This
is
the
cloud
custodian
bi-weekly
community
meeting.
Welcome
I'm
your
host
george
castro.
As
always,
these
meetings
are
recorded
and
on
youtube,
so
be
cognizant
of
that
and,
as
usual,
it
is
under
the
cncf
code
of
conduct.
So
please
be
excellent
to
each
other.
With
that
I've
got
the
url
to
the
notes
in
chat.
Does
anyone
not
see
that
I
don't
know
if,
like
it
shows
up
after
like
if.
A
B
C
Two
different
things:
one
got
to
meet
some
of
our
talk,
folk,
sorry,
technical
operations,
committee.
Now,
isn't
it
oversight
yeah.
A
C
Yeah
technical
oversight
committee,
sorry
and
one
of
them
is
our
sponsor.
As
far
as
taking
us
through
an
incubation
effectively,
most
paperwork's
done
we're
just
waiting
for
waiting
for
the
submit,
I'm
hopeful
the
fingers
crossed
that
happens
in
june
and
the
other
one
yeah
it
does
require
additional
finding
votes
from
the
tokens
that
we
were
out
talking
to
other
folks
and
then
separately.
C
C
Github
is
warehouse
project
around
trying
to
incorporate
that
there,
I'm
that
that's
been
on
a
multi-year
almost.
C
Long
time
frame,
so
I'm
not
necessarily
going
to
put
any
time
or
attention
to
that,
but
I
think
at
a
minimum
we
should
start
at
least
signing
our
docker
images
and
then,
additionally,
with
regards
to
that,
getting
to
a
fully
automated
release,
apparently
driven
through
did
have
actions
is
another
goal
that
I
think
plays
into
supply
and
security
as
well
with
with
with
additional
sign-offs
as
well
all
right.
So
beyond
that
at
kubecon
I
mean
it
was,
it
was
crazy
because
it
was
cold.
C
Seeing
the
conference
come
together.
It's
my
first
international
trip
since
kevit,
which
is
still
a
bit
of
a
headache.
You
check
every
country
you're
transiting
through
for
their
entry
requirements,
etc,
etc.
But
you
know
it
was
so
good
to
see
people
in
person
per
se.
So
on
that
note,
I
will
pass
the
mic
back
to
george.
A
A
Oh
awesome:
well,
the
way
it
works.
I
I
paste
it
in
the
notes
and
we
do
an
open
agenda.
So
what
we
do
is
we
have
the
agenda
there.
So
if
there's
something
questions
that
you
want
to
ask
or
something
feel
free
to
tack
it
on
there
and
then
just
as
the
discussion
goes,
we'll
we'll
get
to
it
and
then
we.
C
A
Already
took
care
of
that
now
that
I
know
that
yeah
all
right,
the
next
one
is
we're
going
to
scale.
So
that's
the
southern
california
linux
expo
one
of
my
favorite
shows
I
haven't
been
in
a
long
time.
I
will
be
there.
We're
gonna,
have
a
booth
and
all
the
goodness.
So
if
you're
planning
on
going
and
use
custodian
ping
me
I'll,
take
you
to
dinner
or
we'll
do
something
fun.
It's.
C
A
fantastic
for
anyone
who
hasn't
been
before
it's
a
fantastic
conference:
very
developer,
oriented
developer,
centric
lots
of
interesting
projects
from
you
know:
postgresql
robotics!
Take
your
pick
and
lots
of
things
in
between.
So
thank
you.
Here's
what
I.
C
For
those
that
are
traveling
this
summer,
it
is
right
next
to
reinforce
and
for
cloud
sec
in
boston.
You
know
it's
coast
coast.
We
will
also
be
at
ford
cloudset,
which
is
also
very
practitioner,
developer,
oriented,
but
not
libertarian
towards
security
yeah.
So.
A
We'll
be
at
both
coasts
that
week,
so
that
should
be
a
lot
of
fun
all
right
next,
with
kapil
being
knocked
out
with
kovid
and
going
away
to
kubecon.
I
I
went
ahead
and
started
to
rush
something
here.
Well
rush
is
probably
the
wrong
word,
but
a
membership
proposal.
Sorry,
oh
my
goodness
hold
on.
I
forgot
how
to
we
forgot
how
to
browse
one.
Second.
A
There
we
go
so
lots
of
open
source
projects
have
like
a
governance.md,
and
this
was
an
issue
that
was
filed
that
we
need
to
have,
which
is
what
does
your
membership
structure
in
the
project
looks
like
look
like,
and
if
you
see
something
like
kubernetes,
it
has
like
six
levels:
everything
from
like
a
drive-by
contributor
to
like
a
maintainer
k-native
has
tech
lead
roles,
and
things
like
that.
A
So
I
looked
at
the
k-native
one,
mostly
because
that
one
I
felt
was
just
enough
structure
without
having
like
big
city,
kubernetes
stuff-
and
I
know
you're
you're
gonna
have
opinions
on
this.
You.
C
Know
I
just
also
wanted
to
state
up
front
just
as
a
top
level
thing
that
cncf
doesn't
does
not
dictate
governance
structure
for
a
project.
It
merely
requires
that
each
project
have
one
that
stopped.
A
Yes,
so
you
know
being
familiar
with
a
bunch.
I
already
had
some
in
in
mind
that
I
I
thought
was
gonna.
Do
I
knew
kubernetes
would
definitely
be
like
too
much
it's
just
too
much
right.
It's
like
a
new
york
city
and
we
live
in
a
suburb
k-native.
I
like,
because
it
kind
of
had
those
primitives
but
really
really
chiseled
down,
but
I
also
didn't
want
to
have
just
something
like
you
know:
do
what
you
want
vote.
A
You
know
and
all
these
kind
of
things,
so
I
basically
kind
of
lowered
it
down
to
two
levels,
a
member
which
would
be
like
a
contributor
who's,
actively
contributing
and
then
a
maintainer
which
would
be
someone
who
can
actually
merge
code
and
then
I
kind
of
outlined
what
each
of
these
positions
would
look
like.
So.
C
Two
thoughts,
one,
you
know
we
haven't
discussed
how
we're
adding
new
maintainers
since
we've
been
doing
this
and
I
think
darren
have.
B
C
Yes,
qualified
through
enduring
contribution
to
the
project
to
to
be
a
new
maintainer
so
like
to
make
sure
we
cover
off
on
that
at
some
point.
Secondarily,
you
know
have
to
go
through
the
details
of
the
native.
I
would
say
that
this
history
has
in
their
origin
and
some
of
the
the
politics
around
it
for
either
cncf
et
cetera,
are
interesting
and
maybe
isn't
the
best
example
for
us
to
use
from
a
governance
structure,
but.
A
Yeah,
so
the
structure
will
be
very
similar.
I
think
you
know
I
I
I
don't
want
anyone
to
have
any
preconceptions,
because
most
of
the
text
comes
from
what
is
currently
k-native,
so,
hopefully
none
of
the
drama
or
whatever
that
that
the
origin
story
comes
from.
Basically,
the
gist
is
there
are
two
levels
and
we're
defining
what
they
are
and
if
you
look
at,
if
like,
if
we
looked
at
prometheus
or
any
of
the
other
ones,
they
all
kind
of
are
using
the
same
language.
A
You
know
I
just
wanted
to
basically
say:
k
native
was
the
one
that
I
kind
of
started
to
as
kind
of
the
master
template
and
then
cut
out
a
bunch
of
stuff.
Cncf
does
not
care
how
our
governance
model
is.
We
could
keep
it.
You
know
bdfl-ish
as
as
long
as
what
we
enforce,
what
we
define
so
notice.
This
is
not
a
pull
request,
because
that
would
be,
I
think,
going
we'd
be
nitpicking
too
early.
A
I
think
what
we
want
to
maybe
consider
is
having
this
as
the
start
of
the
discussion
of
what
do
we
want
that
membership
to
look
like?
Do
we
want
it
to
be
very
bottom
heavy
with
like
a
lot
of
people
with
spread
tests,
or
do
we
want
it?
I
think
we
probably
want
a
little
bit
less
bus
factor
b
definitelyism,
but
I
did
stop
short
of
doing
things
like
defining
a
committee
or
a
talk
or
anything
like
that,
because
a
lot
of
that
stuff
felt
too
big
city.
A
C
C
At
the
envoy
one
and
thinking
it
was
interesting
as
well
but
again,
but
but
thank
you
for
kicking
it
off.
So
do.
A
C
Yeah,
I
I
I
just
have
I
I
don't
know.
Canada
has
some
interesting
history.
It
just
causes
a
reflexive
reaction,
a
little
bit
the.
C
But
I
think
it's
still
useful,
I
think
there's
so
the
other
thing
we
need
from
a
government's
perspective
is.
We
also
have
a
lot
of
emergence.
Maintainers
yeah,
we
haven't
defined
a
formal
process
as
far
as
archiving
or
moving
to
entertain
us.
I've
done
it
in
the
past,
based
on
it's
been
a
year
or
two,
since
persons
committed
yeah
and
so
would
also
be.
C
A
Process
are
you
leaning
more
towards
six
months
or
like
a
year,
because
I
feel
like.
A
Know
you
haven't,
read
it
yeah,
so
once
we
kind
of
decide
like
what
we're
looking
at,
then
I
think
we're
going
to
be
nitpicking
over.
You
know
the
little
numbers
or
you
know
what
is
it?
I
think
it's
important
in
a
lot
of
these
governance
structures.
They
do
do
strict
kind
of
like
you
know.
You
need
to
do
x,
y
or
z
for
like
30
60
90
days
and
in
a
lot
of
these
places,
I've
added
provisions
due
to
staffing.
A
You
know
that,
like
these
are
generally
a
guide
right
so
like,
like,
I
think,
it'd
be
terrible
if
it
was
like
well,
aj
is
doing
a
pretty
good
job,
but
they've
only
been
participating
for
59
pull
requests
and
we
want
60.
right
like
we're.
Looking
at
like
a
guide
to
kind
of
define
what
work
would
look
like,
but
then
give
the
existing
maintainers
the
ability
to
just
say
you
know
what
they've
been
around
long
enough
and
I
trust
them.
C
I
mean
when
I
looked
at
enduring
contribution
in
the
past.
It
has
been
something
that
is
effectively
sustained
over
time,
so
done
over
multiple
months
and
like
ideally
up
to
six
months
and
is
inclusive
of
both
engaging
like
and
there's
many
different
forms
of
contribution
like
from
just
helping
people
in
chat
to
doing
documentation.
Like
you
know,
there
are
many
different
forms
that
as
a
project,
we
are
we
value
and
support
and
appreciate
and
want
your
reward
from
a
meritocracy
basis
in
terms
of
making
decisions.
A
Yeah,
okay,
gotcha
moving
on
all
right.
I
will
leave
that
and
we
will
come
back
to
that
when
we
get
there
all
right
kapil.
You
were
mentioning
this
before
we
actually
started
the
meeting
about
using
github
discussions
for
questions.
C
Worse,
yeah,
you
know
we're
on
github,
I
don't
see
that
really
changing
out
and
the
fact
that-
and
I
I've
been
using
more
and
more
of
their
services
more
heavily,
and
you
know
it
is
it's
where
our
compute
contributors
are.
So
you
know
supporting
additional
capabilities
as
far
as
deeper
integrations,
using
more
of
the
capabilities
of
github
as
a
platform
and
so
to
isolating
ourselves
from
the
platform
seems
worthwhile
and
then
that
context
we're
looking
at.
C
I
think
discussions
increased
use
of
github
actions,
including
for
our
functional
tests
and
potentially
other
things
as
well.
They're,
I
mean
I'd
like
to
see
coates.
Basically,
support
for
developing
on
custodian
as
well
would
be
nice,
but
okay
there's
a
long
list
of
things
there.
I
think
that
we
will
continue
to
drive
towards,
but
I
think
enabling
discussions
has
inherent
value.
We
see
a
lot
of
the
same
question
over
on
chat
and,
unfortunately,
just
chat.
C
Isn't
that
great
at
being
searchable
so
yeah
being
on
the
surface
out
of
common
questions
off
the
main
repo,
I,
I
would
probably
say,
probably
needed
providers,
you
know
provider,
separate
sections
and
then
maybe
a
developer
section
as
far
as
the
the
broad
groups,
but
also
you
know
looking
for
discussion
on
if
there's
anything
else
that
we're.
C
Yes,
we'll
keep
mailing
lists
and
we
will
keep
chat,
which
I
just
want
to
explore
additional
as
far
as
things
that
are
forum
based
and
in
that
context
you
know,
there's
no
point
not
to
use
that
capability
when
it's
there
either.
I
think
the
reality
is
knowingless
or
dead.
Chat's
active,
but
it
is
non-searchable.
Non-Discovery
searchable
was
not
aj.
A
You
know,
maybe
maybe
there's
like
a
bot
or
something
we
can
make
where
you
could
just
click
and
auto
copy
stuff,
over
or
literally
anything,
I
think
would
would
be
useful
there.
Okay,
so
I
I
took
an
item
I'll
go
ahead
and
fire
that
up
set
it
up.
Dude,
I
don't
know
if
I
have
the
github
permissions
to
do
that,
but
sunny
would
right.
A
All
right
next
we're
going
to
go
into
some
hot
prs
that
we
are
going
into
if
you
want
to
discuss
any
of
these
just
in
the
list
here.
What
what
is
the
fire
explosion
symbol?
The
colon
boom
is
when
we're
going
to
discuss
something.
So
what
I
do
is
I
write
a
script
that
looks
at
everything
that's
been
opened
since
our
last
community
meeting
and
closed.
A
Then
I
post
that
to
the
getter
channel
or
if
people
ping
me
throughout
the
week,
hey,
I
need
to
make
sure
we
discuss
this
or
whatever,
and
then
I
put
a
colon
boom
on
it,
so
the
first
one's
a
big
one
which
is
aj
you're
driving
this
one
and
it
it
a
bunch
of
these-
are
related
to
this
one.
So.
F
Yeah
and
that's
that's
going
to
change
a
bit.
I
have
followed
some
discussion
with
kapil
and
sunny
yesterday,
sunny
submitted
a
separate
fix,
so
a
high
level
recap
is:
we
had
some
pin
dependencies,
one
for
gcp,
one
for
azure,
some
pin
dependencies
that
weren't
playing
nicely
with
other
projects.
So
if
we
tried
to
install
them,
there
would
be
some
dependency
conflicts
and
that
led
to
a
bunch
of
issues.
F
We've
had
a
few
come
in
some
you've,
you've
boomed
here
george
and
there
was
one
with
the
it
affected
our
docker
install
it
affected
some.
There
are
some
other
issues
that
all
look
related
at
least
partially
to
this
dependency
conflict.
So
the
initial
thought
the
minimal
change.
I
was
thinking
well,
we
we
could
take
this
pin
and
just
loosen
the
pins
so
for
gcp
and
azure
for
the
pi,
tz
and
jamespath
modules,
so
that
everything
would
play
nicely
together.
F
But
then
talking
through
with
kapil
and
sunny
we're
saying
well
pi
tz.
We
don't
really
need
this
anyway.
Let's
just
make
this
this
one
line,
change,
refactor
a
gcp
metrics
filter,
so
we
don't
need
the
dependency
in
the
first
place
and
it's
going
to
be
a
similar
situation
with
james
path,
where
we'll
get
it
as
a
like
a
transitive
dependency.
So
we
don't
need
to
pin
something
at
the
top
level.
We're
going
to
we're
going
to
pull
it
in
kapil
has
thoughts.
C
Yeah,
sorry,
I
didn't
bring
this
up
in
our
or
the
previous
discussion,
but
I
think
part
of
the
reason
for
pi
to
z.
So
if
you
ignore
pi
tz,
then
you're
effectively,
looking
looking
at
local
timezone
information
from
the
operating
system
insult
and
that's
not
potentially
normalized
for
in
the
same
way
that
pitz
is
across
all
times
in
and
we're
tracking
back
from
gcp.
So
just
an
awareness
thing
as
far
as
one
reason
why
pi
tz
would
make
sense,
and
this
the
thing
of
least
risk
is
just
removing
the
pen.
C
In
that
context,
the
question
about
removing
pi
cz,
I
think,
needs
additional
validation
to
make
sure
that
the
time
zones
that
gcp
reports
correspond
to
like
to
standard
time
zones
like
because
you
get
you
run
into
os
client.
C
You
are
in
the
client
side
issues
with
regards
to
osx,
like
windows,
different
versions
of
linux
and
which
time
zones
do
they
have
local,
because
in
the
context
where
you
don't
have
say,
tz
local,
when
you're
using
like
just
straight
utc
or
you
know-
you
don't-
have
there's
no
there's,
not
a
full
timeline
database
installed.
Then
that
can
be
problematic.
Now,
in
the
context
of
docker,
we
don't
worry
about
that.
It's
mostly
just
in
context
of
client
side
installs,
whereas
pacqui
z,
effectively
normalizes
that
across
his
client-side
installations,
interesting.
F
C
C
Because
in
this
context,
it's
actually
gcp
sending
the
tz
getting
that
map
to
point,
maybe
maybe
different.
Let's
say.
F
F
Yeah,
I'm
sorry
put
it
back,
put
a
have
a
top
level
dependency
on
pi
dz,
again
put
that
back
in,
because
that
was
just
the
the
pr
from
from
sunny,
took
out
the
pitz
for
metrics
filter
and
check
it
out.
I'll
put
it
back
in,
but
not
pinned
to
2021
just
pin
two
just
so.
C
In
that
context,
I
think
we
would
need
just
to
validate
some
gpu
metric
filters
from
across
a
few
different
os's.
I
don't.
Ideally
we
would
actually
be
doing
this
in
ci
via
unit
tests.
I
don't
know
if
we,
if
there
removed
that
change,
had
an
initial
functional
test
or
sorry
additional
unit
tests
with
flight
reporting,
but
that
would
also
be
interesting.
F
C
F
Yeah:
okay,
okay,.
C
Oh,
it
looks
like
that
party
z
thing
was
pretty
shallow,
okay,
never
mind,
I
I
I
think
I
think
what
it's
not
equivalent,
though
yeah
it
would
be
nice
for
the
interest
for
this
change.
Okay,
all
right!
Let
me
just
put
this
back.
C
Now
returns
an
I.e
update
time
and
now
the
tz
returns
a
daytime
at
a
daytime
with
the
tz.
So
this
probably
shouldn't
have
been
merged
just
because
those
aren't
equivalent.
In
this
context,.
F
F
Okay,
the
plan
to
so
then
the
pi
pz
plan
has
gone
back
and
forth
a
couple
times
then,
but
we
should
still
include
it
as
a
top-level
dependency.
Just
without
the
diversion
pin.
I
guess
so
that
poetry
will
lock
it
and
it'll
be
in
sync
across
our
projects.
F
The
james
pathpin
we're
still
okay,
taking
that
out
as
a
top
level
azure
dependency,
so
that
we'll
pull
it
in
the
it'll
just
get
pulled
in
as
it
transitive
dependency
underneath
and
that
still
sounds
good
cool,
okay,
so
small
changes
a
lot
of
complexity
hidden
under
those.
If
that's
not
clear
from
this
whole
discussion,
but
we'll
try
to
get
that
sorted
out
and
get
a
new
release
out
sometime
this
week
to
help
people
be
able
to
install
things
again.
F
Yeah
and
the
initial
idea
I
had
was
to
try
to
make
a
release
of
just
tcp
in
azure,
but
talking
through.
That
sounds
like
that's
a
little
too
one-offi
and
we
don't
necessarily
want
to
do
that.
So
we'll
just
try
to
get
everything
to
a
good
state
and
then
do
a
release
of
just
do
a
full
increment
of
all
the
all
the
packages.
F
F
F
Yeah
this
and
while
we're
talking
about
you,
know,
roles
of
people
taking
on
some
form
of
maintainership
thing.
I
should
just
say
that
I
merged
this
and
should
not
have
merged
this.
So
I'll
just
say
like
publicly
acknowledge
this.
I
merged
this
prematurely
and
we'll
need
to
make
some
fixes
to
it
before
we
do
another
release.
F
There
were
it's
a
it's,
it
was
a
new
resource,
is
adding
and
was
adding
an
arm
type,
and
that
was
going
to
break
some
things.
The
resource
name
wasn't
quite
specific
enough
because,
like
formation
is
a
whole
family
of
of
resources,
potentially,
and
just
if
we
release
that,
then
it's
going
to
cause
problems
later
backward
and
compatible
changes
and
all
that
so
just
want
to
make
sure.
That's.
C
Happy
yeah
no
worries,
like
you
know,
putting
out
some
of
these
in
a
different
conversation,
but
I
think
there's
always
going
to
be
some
degree
of
just
getting
up
to
you,
I'm
being
a
maintainer
like
no
per
se
concerns.
We
just
want
to
make
sure.
C
I
I
think,
as
we
are
looking
at
moving
towards
more
automated
releases,
we
should
always
have
some
degree
of
manual
review
and
what's
coming
up
in
the
release
just
so,
we
can
make
sure
we
catch
stuff
before
it
affects
users,
but
yeah
again,
no
worries.
That's.
F
F
I
think
my
latest
I've
got
a
pr
open
to
try
to
to
make
this
release
ready
this
lake
formation,
and
it's
basically
just
saying
that
it
that
that
resource
type
doesn't
have
an
arm.
We're
saying,
aren't
type
false.
It
doesn't
have
any
tagging
support
for
tagging
filters
or
actions,
because
the
actual
resource
that
would
be
tagged
is
an
underlying
s3
bucket
anyway.
F
So
that
seems
like
a
reasonable,
a
reasonable
way
to
to
fix
this
before
we
release,
but
kapilsani
may
have
other
other
ideas.
Sunday's
already
done
some
review
on
it.
So
that's
helpful.
F
A
All
right
next,
we
have
7252
who's.
This
fsx
backup
checks.
B
Yeah
this
one
is
from
one
of
my
team
members
into
it.
I
have
already
done
the
review
on
it,
but
can
always
get
additional
eyes
on
it.
This
is
to
add,
in
a
filter,
to
fsx
so
to
support
a
compliance
check.
That
say,
you
need
to
have
x
number.
F
B
Daily
backup
for
fsx,
I
think
that
was
a
similar
appear
before
for
database
rds,
and
this
is
just
something
similar,
but
for
fsx.
C
So
darren,
I
curiosity.
What
is
do
you
know
what
on
tap
is
referencing
here.
B
Depending
on
the
type
they
they
have
different
ways
to
handle
backup,
let's
see.
C
Luster
see
it
opens
cfs,
one
is
a
samba.
Yes,.
D
A
B
F
A
F
C
Copy
both
correct
yeah,
yeah,
so
yeah,
the
actual
websites
for
vetted
s3
and
there's
a
lambda
that
does
the
the
get
syncing
to
s3
every
hour.
F
F
Many
docks
it
got
bigger
than
the
lambda
was
expecting
and.
C
It
was
a
new
reference
stock
to
the
cloud
control
provider
that
pushed
over
the
the
512
limit
and
lambda.
C
I
mean
frankly,
I
wouldn't
the
fact
that
it
increased
that
much
is
a
bit
of
a
surprise.
I
do
like
we
four
exit
to
two
gigabytes
per
se.
If
our
repo
checkout
is
more
than
two
gigabytes,
then
I
think
we
should
be
looking
at
how
we
slim
that
down
be
quite
fair.
C
C
C
It
won't
actually
send
the
repo
size
down
once
we
do.
Some
sort
of
something
else
like
slimming
down
to
get
repost
size
would
require
it.
Those
those
objects
not
being
reachable,
which
would
potentially
probably
be
writing
the
history
on
the
branch
or
using
something
like
various
github
filtering
tools
to
remove
the
excess
but
retain
the
rendered
output
as
part
of
the
log
on
the
github
pages
branch.
E
C
Okay
with
it
right
now,
like
500
megs,.
C
A
Celebrate
working
docs,
finally,
yay
all
right
and,
as
I've
said
on
this
meeting
many
times
my
end
state
goal
there
is
to
do
the
usual
netlify
per
pr
preview
and
all
that
all
that
good
stuff,
so
I've
applied
for
those
programs
for
their
open
source
projects.
That
is
a
cool
thing
that
would
be
neat
to
have
all
right.
The
last
big
one
for
today
is
7227
aws
workspaces.
A
I
think
this
is
this
is
something
you
reviewed
aj
and
I
just
thought
it
was
interesting.
Yeah
yeah.
F
Yeah
we
had
some
back
and
forth
there.
It's
good.
I
have
left
peter
hanging
a
little
bit
because
of
there's
just
he
had
added
some
retry
functionality
and
it
looked
like
it
was.
It
was
kind
of
a
new
roll,
your
own,
like
locally
defined
recry,
and
we
already
we
have
a
like
a.
We
have
defined
retry
behavior,
that's
kind
of
shared
across
resources.
So
I
was
looking
to
pull
that
in
oh
and
there's
a
comic
book.
C
We
have
a
cool
comic
book,
I've
been
retconned
to
joe
and
but
it
talks
about
cloud
governance
and
various
different
use
cases
that
people
do
with
pakistani
as
far
as
cost
optimization
security
governance
operations.
But
I
don't
know
how
to
get
one
of
these
to
people,
but
we,
we
are
gonna,
have
more
of
these
at
different
events.
So
I
don't
know
that
we
can
do
direct
mailing,
but
we'll.
A
We'll
figure
something
out
so
all
right,
then
I
think
the
action
for
you
aj,
then,
is
just
point
point
time
to
an
existing
one.
Yeah.
F
Just
it's
just
a
rather
that
I
mean
peter's
been
really
cool,
really
patient,
going
back
and
forth,
making
some
changes.
I
I'll
probably
just
go
in
there
and
try
to
update
that
retry
behavior
and
and
send
them
a
ping
after
that
yeah.
But
I.
A
A
F
F
Yeah
yeah,
but
but
we
can
mention
that
so
thanks
for
joining
cause,
it's
guy
I've
seen
your
name
all
over
github
and
now
he's
amazing.
A
Great
that's
great.
We
we
we
like
to
hear
when
we
have
problems
so
that
pretty
much
handles
all
the
booms.
A
All
these
all
these
related
issues,
I
think,
whereas
was
from
the
broken
thing,
resulted
in
a
lot
of
fouled
issues,
which
is
which
is
good
to
see,
and
then
there
are
a
few
issues
here
in
the
notes
that
are
actually
questions
that
might
be
useful
and
for
you
to
I
I
like
to
I
like
to
browse
when
people
watch
post
questions,
so
I
can
learn
a
little
bit
more
every
day,
so
I
took
an
item
to
start
to
funnel
all
that
stuff
towards
actions
or
towards
github
discussions
I'll
go
ahead
and
set
up
a
board
and
do
all
that
good
stuff
and
announce
in
all
the
right
places.
A
So
hopefully
that
won't
be
too
disruptive.
That
is
all
I
have
as
soon
as
I
figure
out
how
to
unshare
there
we
go.
Does
anybody
have
anything
else,
they'd
like
to
say
or
feedback
or
anything.
B
Since
I,
since
I
have
compiled
here,
I
just
reminded
I
still
have
those
two
pr's
we'll
use,
really
old
pr's.
If
you
can't
yeah.
B
C
A
B
I
think
aj
actually
has
this.
Some
has
left
some
comment
and
trying
to
do
something
for
71
29.
That's
the
one
with
the
cider
how
to
do
filter
with
less.
B
B
One
70
29
yeah
yeah,
70
29,
the
other
one
has
to
do
with
adding
support
for
manage
conflict
rule.
C
So
70
29's
been
the
discussion
item
seriously.
I
think
the
only
thing
that
was
like,
I
think
it's
functional,
it's
fine.
I
think
the
only
question
was
just
this
like
if
we
turn
something
like
that:
config
manager,
world
class,
into
like
a
daily
class,
but
like
I.
F
C
Know
that
there's
any
real
reason
to
to
to
to
like
it's,
it's
you've
been
very
patient,
and
maybe
we
should
just
move
it
in,
as
is
because
I
think
we've
already
addressed
the
feedback
that
was
present
for
it.
C
Maybe
so
well,
actually
one
question
on
enable,
and
so
currently
we
have
it
as
enable
config
manager
role,
it's
an
account
action.
What
if
it
was
set,
so
we
can
actually
also
remove
some
actions.
We've
been.
C
B
C
B
C
B
C
With
the
default
enable
and
then
doing,
self.manager.retry
around
the
api
calls
to
make
sure
that
those
are
so
if
you're
processing
a
set
of
well,
I
actually
never
mind.
I
think
that
back,
it's
still
nice
to
have
like
we're
not
necessarily
doing
the
same
degree
of
volume
here,
because
we're
operating
the
account
signals
in
like
the
actions
one
to
one
to
his
own
operating
on
one
resource.
C
C
Yeah,
whenever
you're
doing
a
a
put
or
like
any
of
the
1935
and
1939
or
the
two
ones
that
I
see,
I
can
put
a
comment
on
that
but,
like
I
think.
C
To
have,
as
I
don't
think,
it's
a
hard
requirement,
but
it
would
be
nice
and
yeah
outside,
like,
I
think
that's
I
think
the
the
the
set
versus
enables
the
only
thing.
That's
a
hard
thing,
the
rest
of
it,
I
think,
is
fine,
okay,
just
to
make
sure
like
so
the
when
we
were
just
talking
about
the
length
formation
resource.
C
You
know
it
was
part
of
it,
as
is
that
it's
a
non-issue
because
we
never
actually
had
a
release
with
it
in
it,
which
I
don't
think
we
actually
explicitly
stated,
but
we
did
have
release.
Then
we
have
to
deal
with
the
backwards
compatibility
aspects,
which
is
the
only
thing
something
that
I
always
want
to
be
conscious
of.
B
For
71
29
that
pr
that
one
is
a
little
bit
tough
in
terms
of
what
we
want
to
do,
I
think
it's.
B
I
think
we're
unsure
what
we
want
to
do.
You
know
as
a
community
right
now
what
aj
and-
and
I
try
to
do-
is
just
handle
it
very.
Like
a
small,
I
guess,
a
simple
implementation
just
to
support
less
ciders
for
filtering,
but
I
think
was
it
todd.
He
has
some
grand
ideas
of
hey
just
if
we
were
to
do
it.
B
If
we
were
to
add
support
for
a
list
of
ciders,
then
we
should
do
it
right,
not
not
sure
if
it's
new,
that's
the
right
or
wrong
way
to
do
it,
but
his
idea
is
to
actually
convert
everything
into.
Is
it
ip
networks
rather
than
ip
addresses,
yeah.
F
Yeah,
I
think
he
makes
a
valid
point
there
about
trying
to
collapse
the
addresses,
and
he
called
out
some
cases
that
I
understand
where
he's
coming
from,
I
don't
know
I
was
nervous
to
try
to
add
more
wrinkles
to
I
tried
to
combine
71,
29
and
59.71
like
roll.
Some
of
the
changes
back
so
5971
ended
up
becoming
kind
of
the
the
both
of
them.
The
best
of
both
would
be
the
idea.
F
It
it
just
dropped
it
in
chat,
so
the
there
were
two
kind
of
competing
implementations
of
how
we
handle
lists
of
ciders.
5971
came
first
and
kind
of
stalled.
71
29
came
later.
It
sounded
like
we.
We
had
some
discussions
in
a
previous
meeting.
People
generally
seem
to
agree
that
the
approach
from
5971
was
was
like
the
better
way
to
go,
but
71
29
had
some
useful
stuff,
too
tests
and
docs
things
like
that.
So
I
tried
to
pull
that
stuff
in
and
kind
of
beef
up
5971..
F
The
two
issues
left
are
that
it
was
an
old
pr
that
was
pre,
easy
cla,
so
austin
had
opened
it
and
we
don't
have
his
sign
off
and
then
the
second,
the
only
other
open
issue,
I'm
aware
of,
is
todd's
comment
about
wanting
to
collapse,
networks
before
doing
the
evaluation.
C
We
could
definitely
reach
out
to
austin.
I
I
think
that
in
general,
looking
at
value
class
value
filter,
it
could
use
a
breakout
refactor,
I
think,
by
body
type
as
a
positive.
It's
getting
complex
complex
to
look
at
so
putting.
F
F
C
Can
I
do
that
it
looks
pretty
good
as
a
solution
for
this
as
well.
C
E
C
C
Yeah,
actually,
that's
pretty
reasonable.
That's
what.
C
Yeah
I
mean,
whichever
one
I
don't
know
like
if
one
of
our
issues
that
we're
seeing
as
we
grow,
the
valley
filter
is
just
the
size
of
that
class
and
we
need
to
break
it
out.
Then
this
is
out
of
band
and
fairly
transparent.
F
C
B
Yeah
one
question
for
the
group:
I
don't
know
how
people
are
doing
it,
but
how
do
we
handle
exceptions?
So
we
have
policies
that
remediate
or
report.
You
know
non-compliances
and
then
people
want
to
ask
for
exceptions.
B
I
think
I
asked
this
in
the
past
and
I
think
the
the
direction
that
was
given
was
to
use
the
I
think,
filter
value
where
you
can
specify.
B
C
So
it's
a
great
question,
and
yes,
that
is
our
historical
answer,
value
from
from
some
file
in
s3.
I
think
we
do
want
to
also
support
download
db,
but
as
an
additional
thing
with,
but
we
want
to
use.
C
Oh
gosh,
I've
forgotten
all
these
things.
They
have
a
query.
They
have
like
a
sql
query
language
they
want
to
use.
We
want
to
make
sure
that
the
query
from
on
the
reason
the
table
is
limited
to
that
expression
language,
so
that,
because
otherwise,
if
you
have
to
go,
look
at
the
full
query
language
on
an
operator
basis
that
you
typically
use
with
the
dynamodb
api.
It's
it's
inscrutable.
Let's
say
it's
not
it's
not
readable
per
se
and
one
of
our
core
tenets.
C
I
think,
with
regards
to
policies,
is
hopefully
they're
very
readable.
It
may
not
always
happen
but
like
the
goal
in
the
hope,
is
that
they're
readable,
so
that
lots
of
different
parts
of
the
of
an
organization
and
different
roles
within
the
organization
can
read
a
policy
and
feel
confident
in
what
it's
doing,
and
so
in
that
context,
like
simply
embedding
a
query
against
dynamodb
gets
into.
It
almost
looks
like
programming,
you
know,
inside
of
yaml,
and
that
that's
that
doesn't
feel
right,
but
with.
B
B
C
Ql
is
what
it
is,
which
is
like
a
sql
like
syntax.
I
think
that
that
is
fairly
readable
and
we
should,
if
we
want
to
expose
that
as
additional
capability.
I
don't
know
if
that
would
solve
all
some
of
the
use
cases
that
you're
thinking
about
darren
versus
simply
having
the
s3
bucket.
Oh
sorry,
the
s3
object
as
a
referenceable
thing.
You
know
I
think
s3
is
grand.
B
C
One
of
the
other
challenges
we've
had
in
this
context
is
specifically
the
value
filter
is
not
customized
per
se
per
per
provider,
so
that
is
the
other
consideration.
Here
is
making
sure
that
that
you
don't
have
to,
and
it's.
C
How
how
hard
of
the
boundary
you
want
to
make
this,
but
that
between
providers,
but
that
you
don't
necessarily
want
to
be
in
gcp,
looking
at
dynamodb,
query
language,
let's
say,
and
so,
making
the
value
filter
customized
per
per
provider.
For
these
additional
specific
extensions
also
feels
like
something
we
should
do
as
part
of
this
land.
C
So
then
you
have
the
so
in
a
rest
style
or
even
in
so
you
have
the
built
native
variables
so
to
speak.
Sorry,
the
auto
injected
variables
that
we
do
in
the
policies
at
runtime.
B
C
A
microservice
or
instrument
thing
or
even
customize
on
the
you
know
an
s3
object
that
you
want
to
reference,
so
I
mean
that's
already
possible
per
se
today.
B
I
think
the
main
main
thing-
that's
stopping
us
from
using
a
rest
api
right
now
is
actually
kind
of
relate
to
the
web
hook.
Call
as
well.
As
you
know,
it's
pretty
much
expect
everything
to
be
wide
open
and
we
need
to
be
able
to
lock
down
our
rest
api
and
with
that
I
don't
think,
there's
any
way
for
us
to
drop.
C
I
mean
this
is
again
potentially
why
so
yeah?
I
I
think
I
think
we're
coming
to
the
crux
of
the
problem
like
yes,
you
can
do
that
necessary.
It
requires
fragmenting
lots
of
different
objects
out,
whereas
in
diamond
db
this
would
be
native
and
authenticated.
So
so
with
s3.
B
We
were
able
to
use
like
organization
in
aws
to
allow
intuit.
Let's
say
envious
account
to
query
it's
for
rest
api.
We
cannot
do
the
same.
C
Correct
so
I
think
in
that
context,
diamond
db
would
allow
less
I
mean
so
I
mean
if
you
wanted
to
have
like
per
account
like
or
per
count
region.
Let's
say
exceptionless.
C
You
can
do
that
in
a
straight,
but
the
the
fan
out
on
the
number
of
objects
for
that
permutation.
That
combination
is
larger
doing
it.
I
would
be
able
to
offer
a
single
table
aspect
and
still
be
parameterizing,
the
query
out,
so
I
I
think
that
that's
the
value
upside,
I
think,
on
doing
something
like
damage
to
be.
In
this
context,
it's
just.
C
Deal
with
less
objects
and
necessary
that
you
have
to
manage,
as
sync
integrations,
let's
say
on
data
vocabularies.
C
C
Like
I
knew
we
were
working
on
one,
but
until
I
got
to
gone,
I
had
no
idea
what
the
storyline
was
yeah.
What
is
this?
Let
me
read
it,
but
now
it
was
funding
that
we
also
had
the
comic
book
artists
there
as
well,
so
lots
of
interesting
things
and
definitely
valencia.
A
A
All
right
and
with
that
we
will
see
everybody
in
two
weeks
same
time.
Last
call
three
two
one
all
right:
everybody
have
a
great
week
and
looking
forward
to
seeing
that
release,
cheers
everyone
sounds
good.
Bye.