►
From YouTube: Cloud Custodian Community Meeting 20221207
Description
Our community meeting is public and we encourage users and contributors of Cloud Custodian to attend! You can find the notes for this meeting on our github repo: https://github.com/orgs/cloud-custodian/discussions
To get an invite to the meeting join the google group and you'll receive one via email: https://groups.google.com/g/cloud-custodian
A
Figure
yeah
once
with
slacks,
once
you
reach
that
that
critical
mass
yeah
yeah
all
right
I've
started
the
recording,
welcome
everybody,
it
is
December
6th
2022,
and
this
is
the
custodian
community
meeting
I'm
a
little
bit
under
the
weather
today.
So
hopefully
we
have
lots
of
things
to
talk
about.
A
bunch
of
us
are
coming
back
from
AWS
re
invent.
A
So
a
lot
of
sniffles
and
sickness
going
around,
but
we'll
power
through
I
am
sticking
the
notes
from
hack
and
D
in
chat
if
you're
watching
this
on
YouTube
it'll
be
with
the
show
notes
which
we
attached
to
every
episode
and
published
to
the
GitHub
discussions
in
the
cloud
custodian
at
repo.
So
with
that.
A
Can
y'all
see
that
all
right,
good
yeah,
so
the
this
is
your
meeting
just
a
quick
reminder
of
the
format.
We
basically
have
an
open
Agenda
at
any
time.
You
can
add
things
to
this
agenda.
Usually
I
try
to
get
the
agenda
out
as
early
as
like
the
day
before
I
wasn't
able
to
get
that
out
until
earlier
this
afternoon.
So
if
you
have
something
in
here,
just
go
to
hackmd
that
URL
that
I
pasted
in
chat
log
in
with
your
GitHub
or
your
Google
or
whatever
feel
free
to
add
something
foreign.
A
What
I
do
is
we
have
a
script
that
gives
us
the
activity
over
the
last
two
weeks
and
then
you
could
stick
a
boom
on
there
like
people
are
doing,
and
that's
what
we'll
discuss
when
we
get
to
that
section
in
the
meeting.
In
the
meantime,
quick
update,
we're
still
doing
slack
things.
A
I
was
surprised
at
the
amount
of
people
who
were
very
familiar
with
custodians
that
didn't
know
about
the
website
or
the
slack
channel.
So
that's
something
that
will
continue
to
keep
pushing
and
advocating
for
and
trying
to
be
as
vocal
about
it
to
get
as
many
people
as
we
can.
First
up
is
release.
Update
is
sunny
here,
I
saw
Kapil
post,
something
about
release.
B
How
about
now
yeah
yay
yeah
I
think
we
talked
there
was
a
couple
PR's
we
wanted
to
get
in
and
I
think.
We
also
wanted
to
rebase
with
the
latest
sdka
before
the
event.
B
As
far
as
and
there's
targeting
next
week,
I
think
my
swords
are
already
in
feature
freeze,
so
speak
for
the
end
of
the
year,
so
I'm
not
sure
how
how
relevant
will
be.
But
that
was
the
desire
which
questions
to
you.
B
This
next
Wednesday
12
12
14.
A
12
14.,
okay
and
then
you
you
had
mentioned
earlier
as
well.
You
wanted
8011
and
it
looks
like
that
got
merged.
Is
there
anything
else
that
people
were
looking
for
in
this
release?
I?
Think
that's
going
to
end
up
being
our
last
of
2022.
C
A
quick
question:
it
sounds
like
we're:
pushing
out
the
release,
but
it's
gonna
have
oh,
the
latest
and
greatest
prss
has
been
merged
right
compel
and
not
using
the
old
release
branch
that
was
create
a
while
ago
right.
C
Have
everything
that's
been
watched?
Oh
okay,
okay,
that's
enough!
All
right,
then
that's
fine
yeah!
We
have
a
lot
of
PR
that
was
merged
and
we'll
wait
waiting
patiently
for
the
release.
D
B
Right
now,
I
think
we're
I
think
we're
still
good
cutting
off
trunk
so
and
noted
on
lots
of
PR
great
work
for
your
team.
That
will
be
in
that
release.
Awesome.
A
All
right,
any
other
questions
are
on
release.
A
Or
comments
all
right,
we're
back
from
RE
invent.
It
was
great
to
see
so
many
users
there
I
think
Steve
and
I
hung
out
for
a
bit.
We
had
a
party
and
stuff,
so
I
did
spend
a
lot
of
time
trying
to
tell
people
about
the
website
and
the
slack
and
this
meeting
so
hopefully
we'll
see
a
bunch
of
new
people
join.
A
All
right
and
then
one
thing
in
two
weeks,
it'll
be
close
to
the
holidays
here
in
the
U.S,
so
I'm
just
going
to
go
ahead
and
table
that
last
meeting.
So
let's
call
this
one,
the
last
meeting
of
the
Year
2022
any
anyone
have
objections
to
that.
A
Because,
like
there
won't
be
yeah,
we'll
just
be
trying
to
catch
up
all
right,
January
10th,
then.
A
George
to
adjust
the
calendar
and
I'll
adjust
the
calendar.
So
it's
right
so
that
when
you
come
back
I,
don't
we
don't
mess
that
up?
Okay,
anything
else,
meeting
related
for
the
rest
of
2022,
all
right.
It's
been
a
great
year.
B
So
what
is
Cask
Cask
is
basically
a
tool
that
was
written
for
custodian.
That
makes
it
really
easy
to
use
our
Docker
images
as
though,
in
the
same
way
that
you
use
a
regular
CLI.
It's
like
it's
a
really
thin
go
like
binary.
So
that
way
you
can
like
pull
from
like.
If
you
use
the
Cohen
Dev
tagged
image,
you
can
pull
from
trunk
and
you
don't
have
to
worry
about
dependencies
or
any.
A
B
The
stuff
it'll
just
sort
of
work,
if
you
want
to
pull
from
release,
I,
still
know
anyone's
actually
using
it.
There
was
definitely
like,
because
we've
kind
of
been
a
little
bit
longer
in
this
release
cycle
for
the
current
release,
I've
been
pointing
you
know,
trying
to
get
it
resurrected,
because
I've
had
some
queries
from
from
from
different
users
about
like
wanting
to
post
stuff,
that's
being
just
got
merged
and
they
don't
want
I,
don't
want
us.
B
I
want
to
tell
their
entire
team
or
or
to
be
like
just
pull
from
trunk
is
not
necessarily
the
easiest
thing
and
so
I'm
just
curious
if
anyone's
used
it.
If
anyone
cares
like
it,
it
basically
is
designed
to
like
it
does
all
the
volume
mounting
and
the
environment
variable,
passing
for
all
the
different
providers
and
the
config
directory
movement,
and
you
know
Maps,
whatever
output
directory,
you
are
into
the
Container
as
well
as
your
policy
files.
So
it
doesn't.
You
know
it's
mostly
just
trying
to
automate
the
otherwise.
B
What
would
otherwise
be
like
you
know,
a
20,
you
know
a
fairly
esoteric
Docker
run
command,
let's
say
and
as
well
as
automatically
pulling
in
updating
images.
I
just
don't
know
if
anyone's
used
it
everyone's
seen
it.
If
we
do
decide
to
go
back
and
publish
it,
I
believe
we
were
just
dropping
binaries
into
onto
the
website.
I
think
try
to
move
those
to
like
release
artifacts.
B
They
would
just
be
online.
Binaries,
I
think
there's
a
separate
question:
do
we
sign
those
now
that
we're
signing
at
least
the
rest
of
our
document,
which
is
so
mostly
churches?
If,
if
anyone's
ever
used
it
or
is
even
aware
of
it,
and
if
not,
then
that's
that's
enough
of
an
answer
for
me
that
it's
pretty
low-key,
it
isn't
documented
on
the
website
and
all
that.
But
you
know
what
the
upside
is
for.
People
like
I
mean
I.
Think
as
we.
If
we
move.
B
If
we
move
our
based
on
Docker
image
to
python
311,
which
has
significant
performance
improvements
just
on
the
face
core
python,
then
this
might
be
an
easier
way
for
people
to
get
those
performance
improvements.
Okay,
irregardless
of
what
Enterprise
distributed
they're
on,
let's
just
show
they're
on
311,
is
about
I.
Think
20
of
the
35
Pastor
I'm,
most
on
most
things.
If
it's
doing
any
significant
processing
in
Python.
B
To
be,
I
o
bound
so
the
hand
wave
there
if
that's
actually
going
to
be
meaningful
for
it
for
users,
but
it's
it's
still
I
think
it'll,
probably
I
have
actually
done
a
lot
of
measurements
for
custodian
yet,
but
of
the
the
word
amount
that
I've
seen
for
the
rest
of
the
Python
ecosystem
has
been
pretty
strong.
A
B
It
used
to
default
for
one
hour.
It
could
appear
up
that
moves
it
to
like
every
six
or
twelve
hours,
because,
like
okay,
like
it,
it
defaults
to
release
images.
You
can
pass
a
environment
variable
for
setting
setting
your
own
image.
I've.
Also,
actually
I
changed
that
temperature
stuff
to
be
in
your
home
directory
at
the
phone.
Temp
gives
me
the
woolies,
and
so.
B
C
F
A
E
A
Because
what
we
do
now
in
the
instructions,
as
we
say
you
know,
and
if
you're
on
an
older
distro
with
older
python,
use
the
docker
container
and
then
that's
it
I
volunteer
to
document
its
usage,
though.
B
As
defaults
in
our
Docker
and
be
able
to
point
people
to
it,
but
it
it,
there
is
a
bit
of
a
logic
that
it's
also
a
solution
for
a
problem
that
is
solved
by
more
frequent
releases
as
well.
B
Should
probably
yeah
so
miss
killing?
You
know
it's
really
easy
to
generate
all
the
cross
Arch
stuff
for
the
signing
on
this,
so
we're
using
the
six
door.
B
Tech
stack
for
signing
our
Docker
images
for
this
particular
one
I
I'm
six
door,
though,
really
wants
to
push
signature
Docker
registry
for
the
stupid
one
I
was
just
looking
at
using
the
simple
thing
which
is
open,
bsds
signify
tool
as
a
simple
way
that
it
doesn't
require
looking
at
gpg
or
other
things
and
has
equivalent
like
one
line
installs
and
go
and
rest
in
addition
to
the
original,
C
Port,
but
open
suggestions
on
that
and
I.
Think
in
general.
B
We
want
to
be
in
the
habit
of
trying
to
sign
stuff
as
yeah
out
of
release.
Let's
say:
yeah.
E
All
right,
I
mean
I
I
would
have
used
Cask
about
two
years
ago,
before
stacklet
and
stuff,
when
I
had
my
own
kind
of
container
infrastructure.
Now
we
just
pay
stackler.
A
Well,
thanks
all
right
that
is
it
for
the
agenda,
then
anything
else
before
we
get
on
to
the
the
pr
party.
C
Just
a
reminder:
if
someone
can
hit
the
merge
button
for
us,
I
think
it
has
been
approved,
swing
for
for
merge.
You
can
get
this
in
for
the
upcoming
release.
That'd
be
great.
D
Yeah
so
I'm
gonna
try
to
update
that
one.
There
were
a
few
things
that
were
kind
of
approved
or
just
pending
approval
and
I
know.
A
few
of
us
have
been
pushing
them
through
code.
Cove
was
hanging
for
a
little
while,
but
I
think
that's
that's
cool,
so
we
should
be
able
to
get
this
in.
A
A
All
right,
all
right,
so
you're
gonna,
look
at
this
one
AJ
yeah.
D
C
This
one
was
too
again
waiting
for
final
approval.
I
guess
we
make
a
our
update
according
to
the
review,
this
one
is
high
priority
for
us.
We
have
I
think
close
to
10
policies
that
we
plan
to
use
with
this
with
this
PR
here.
C
F
This
one
would
be
would
be
great
to
get
integrated
before
the
next
release,
so
we
can
consume
it.
Asap.
E
D
D
Yeah
yeah
I
had
a
I
had
a
couple.
A
couple
of
comments.
I
mean
this
one.
This
one
looks
good
to
me.
It
looks
like
you
can
see
that
it
was
I
guess
it
was
adapted
from
a
resource.
Oh
no
adapted
from
a
run
mode
to
an
action.
That's
cool,
it
all
looked
fine.
What
was
oh
yeah,
the
one,
the
one
knit
there
about
the
the
action
having
that
like
taco
config
manage
rule.
It's
like.
D
Oh,
it's
on
a
config
role,
maybe
Taco
manager
rule
is
fine,
but
the
rest
of
it.
I
did
just
want
to
call
out
your
use
of
the
yaml
anchors
and
Alias
I
know
we.
We
talk
about
those
in
in
different
spots,
but.
D
C
D
I
didn't
know
so
I
know
you
had
you
know,
Kapil
you
and
Kapil
had
some
back
and
forth
on
that
that
looked
like
that
was
all
resolved
yeah.
Nothing
else
jumped
out
at
me.
I
do
have
I'm
pulling
it
pulling
it
down
only
because
we
merged
in
another
change
on
SES
statistics
that
are
also
so
there's
a
merge
conflict
from
that
I'm
just
going
to
resolve
that
and
push
that
back
up,
and
then
you
can
make
any
other
changes.
D
C
D
A
A
So
I
didn't
have
any
discussion
on
this
one.
Unless
anyone
has
an
opinion
on
it,.
A
Or
wants
to
discuss
it,
so
that
really
leaves
just
these
three
then
so
I
got
an
act
from
sunny
on
one
and
AJ.
You
got
an
act
from
two
and
I
can't
it's.
This
is
probably
anything
should
I
say
anything
else
on
fire
before
release
next
week
that
we
should
look
at
here.
I,
don't.
A
10
cent
looks
like
it's
still
moving,
capil
I,
don't
know
if
you
have
any.
B
A
B
I
think
Sonny
approved
a
cam
PR
that
so
it
needs
to
be
merged
and
there's
a
cost
one
that
I
want
to
try
to
get
through,
but
yeah
how
the
framework
is
still
like.
So
I'll
do
for
the
release
per
se.
A
If,
if
you
have
a
number
handy,
I
haven't
I
have
him
on
chatter.
If
you
want
to
reach
out
to
him,
you
could
do
that
as
well.
Either
way
it
works
for
me,
anyone
boom
any
issues,
anything
burning
for
anyone
actually.
B
I
did
have
a
random
other
topic.
Let's
do
it.
We
were
I
was
deep
down
just
a
piece
stuff
and
I
realized.
There's
no
consistent
identifier
across
resources.
So
I
was
looking
at
adding
a
get
urine
effectively
interview
introducing
an
armed
format
for
GSP.
They
have
like
self-link,
ID
and
parents,
and
consistently
used
all
over
the
place.
B
I,
don't
know
that
we
would
necessarily
put
it
directly
into
output,
but
would
definitely
can
be
open
to
consider
it.
But
I
was
at
least
good
to
try
to
drops
of
normalized
DUI.
You
know
urm
for
GSP
resources
so
that
they
can
be
unambiguously
integrated,
use
with
custodian
I.
Don't
have
a.
B
Strong
direct
use
case
outside
of
it's
been
problematic
with
gcp.
It
does
bring
up
two
of
the
things
that
I'm
looking
it
does
bring
out.
Well,
it's
one
of
the
things
that
I
was
looking
at
at
adding
a
certain
place
on
gcp,
where
this
has
been
problematic,
has
been
around
the
org
management
tree,
which
is
outside
of
the
project
and
represents,
like
you,
got
folders
and
projects
outside
of
it.
B
I'm
going
to
open
up
a
PR,
I.
Think
I,
don't
know
if
it'll
be
before
the
release
around
or
AWS
org
accounts
as
well,
and
these
are
or
accounts
or
at
AWS
are
a
little
bit
better
in
the
sense
that
they
they're
still
rooted
to
the
root
account.
Gcp
projects
have
been
folder.
Hierarchy
are
not
related
to
a
route
outside
of
the
org
ID,
whereas
an
AWS
they're
still
rooted
to
the
the
root
account
being
the
the
owner
of
the
org,
but
that
will
come
I
won't.
B
You
know,
I.
Imagine
that
a
long
lock
lots
of
other
things
we
can
do
as
far
as
multi-org
stuff,
it's
gonna,
be
a
little
bit
weird
with
orgy
counts
because
can
only
discover.
C
B
If
you're
already
have
a
read-only
roll
into
the
root
type
thing
versus
being
in
a
leaked
node
with
Azure,
we
currently
have
subscriptions
set
up.
We
have
a
subscription
resource,
but
it's
like
our
AWS
resource
in
the
sense
that
it's
only
self-descriptive
I
think
we
want
to
have
like
an
org
subscription
thing
there
too,
but
this
is
trying
to
just
bring
notification
and
common
addressability
to
this
notion
of
accounts
as
a
first
class
resource.
Let's
say
through
discovery,
foreign.
B
It's
above
accounts,
but
the
Arn
format,
income
says
it
pretty
well,
and
the
Arn
still
has
the
root
account
as
the
the
route
there
yeah
the
context
of
gcp.
It's
weird
because
service
principles,
gonna
cross
project
boundaries
and
attempting
in
Azure
like
in
that
context
of
in.
C
B
Crosses
org
boundaries
outside
of
interacting
with
a
resource
that
has
like
a
embedded
ion
policy
that
allows
for
in
this
context
and
so
and
the
work
Discovery
context.
B
The
orange
always
point
back
to
the
root
and
the
context
of
doing
it
and
in
Azure
is
actually
really
good
about
being
very
consistent
about
everything.
Having
URL
gcp
is
not
like.
Some
things
have
selt,
like
some
things,
have
ID
something's
apparent,
Etc,
et
cetera,
so
I
feel
like
just
to
be
consistent
there.
B
It
makes
sense
to
have
some
notion
of
urine
or
URI
I'm
thinking
where
you,
where
you
diverge
from
semantic
web,
an
rdf
land
but
just
to
be
able
to
universally
address
these
resources
and
or
account
idea
of
that
context
for
projects
in
folder
hierarchy
would
actually
reference
back
to
the
logical
parent
for
scope,
which
is
the
org,
because
those
those
apis
or
like
word
I,.
F
B
Putting
the
org
ID
there
for
these
resources
is
how
we
go
find
these
things
so
to
speak.
Foreign.
B
So
we
I
mean
DSP
that
has
no
partitions
decided
that
there
is
no
gun
Cloud
there.
The
default's
good
enough
for
everyone,
yeah
yeah
I've,
heard
that
before.
F
B
At
Germany,
China
and
and
Commercial,
let's
say
one
of
the
primary
ones
for
for
Azure,
but
those
are
all
self-evident
from
the
they
effectively
use.
Azure
uses
do
it's
everywhere
and
so
ends
up
being
the
unique
thing
for
them.
F
A
All
right
anything
else,
I
didn't
go
into
the
meeting,
meaning
this
will
be
the
last
one
of
the
year,
but
I
did
just
pay
attention
to
the
calendar
and
it
seems
to
make
the
most
sense
the
the
dates
and
stuff
for
next
year
we're
all
wrong.
So
I
just
sent
that
correction.
So
you
should
see
the
calendar
invites
update
in
your
inbox.
Sorry
for
that
spam
and
with
that
anything
else,.
A
All
right
notes
and
vid
will
probably
first
thing
tomorrow
morning,
there
after
I
get
it
to
render
and
all
that
good
stuff.
Last
call
going
once.
A
All
right
thanks
everyone,
it's
been
a
great
year,
I,
just
yeah.
It
feels
pretty
good.
You
know,
I
will
see
everybody
in
2023
and
rest
up
and
spend
time
on
things
that
are
important.
Cheers
everyone
stay
safe
out.
There.