►
From YouTube: Cloud Custodian Community Meeting 20220705
Description
Our community meeting is public and we encourage users and contributors of Cloud Custodian to attend! You can find the notes for this meeting on our github repo: https://github.com/orgs/cloud-custodian/discussions
To get an invite to the meeting join the google group and you'll receive one via email: https://groups.google.com/g/cloud-custodian
A
A
Welcome
back
if
you're
coming
back
from
holiday,
if
not,
I
hope
you
have
a
holiday
in
your
future.
I
got
a
few
announcements
here
that
I
would
like
to
start.
Clack
custodian
workshop
at
scale.
19X,
that's
a
southern
california,
linux,
fest,
myself
and
sonny
will
be
there
to
do
a
workshop
on
that
thursday
july
28th
and
I've
added
the
link
there.
A
If
you
go,
if
you're
in
the
area
scale's
like
a
really
great
show,
very
cheap
community
run,
so
you
get
a
lot
of
just
people
who
are
like
nerds,
they're,
doing
cool
cloud
stuff
and
things
like
that.
So,
if
you're
in
the
area,
let
us
know
similarly
we're
also
go
to
aws
reinforce.
I
just
added
this
link
here,
that's
going
to
be
kapil!
A
Umair.
Are
you
going?
Did
you
mention
you
were
going?
I
think
you're
going
yes
I'll
be
there!
Kapil
will
be
there
and
sarah
would
be
there
too.
Okay
awesome!
So,
if
you're
going
to
that
holler
at
us,
so
we
can
hang
out
and
lastly,
cloud
custodian
after
applying
for
like
a
very
long
time,
the
cncf
talk
is
now
taking
votes
to
move
custodian
from
sandbox
to
incubation.
This
has
been
a
long,
long
multi-year
process
and
after
that
comes
the
process
for
graduation.
A
If
you're
interested
in
helping
out
with
that,
let
me
know,
but
mostly
very
good
news
here
is
not
a
lot
of
minus
ones
yet
so
we're
pretty
happy
I
bought.
I
bought
a
bottle
of
really
cheap
champagne
last
week
and
celebrated
so
lots
of
good
stuff
there.
A
All
right
and
we've
got
prs.
So
any
anything
else
to
add
to
the
agenda.
We've
got
about
two
weeks
of
activity
to
go
through.
How
long
did
that
take
kapil?
When
was
your
first
pr
for
incubation,
I
want
to
say
june
of.
B
Last
year
I
mean:
when
did
you
first
start?
The
process
for
cncf
can
start
our
security
review,
which
was
an
incubation
for
blocking
for
incubation,
that
is
probably
summer
of
20
or
20.
No
2019
start
going
one
and
cncf.
That
was
always
our
goal
from
the
start.
A
B
As
when
the
actual
pr
was
fired
for
the
talk
when
post
review,
I
believe
that
was
2021
early
april
27th
here
it
is.
A
A
I
know
some
of
these
are
aj
and
he's
not
here
today,
he's
on
holiday,
so
we'll
just
get
through.
What
we
can.
The
first
one
I
want
to
bring
up
is
75
38
this
one
I
want
to
bring.
Is
it
this
one
yeah
yeah,
yeah
yeah?
C
Yeah,
I
just
saw
that
mike
gray
just
commented
that
everything
seems
to
be
working.
There
was
a.
A
A
C
Yeah
that
one
I'll
take
a
look
at.
I
don't
know
if
that's
like
he
says
if
it's
related
to
this
pr-
or
it
seems
like
he
was
saying
this
in
prior
installs,
but
if
anyone
else
has
any
interest
in
gcp
mailer
to
definitely
check
it
out,
it
refactors
a
bit
of
the
the
way
that
we
send
the
messages
to
various
targets,
like
slack
datadog,
sort
of
centralizes
it
so
yeah,
if
also,
if
you're,
just
running
the
aws
mailer
or
azure
mailer.
This
does
touch
those
other
two
melees
a
little
bit.
B
Yeah,
that's
why
the
second
paragraph
was
the
only
real
concern
just
awesome
to
get
this
landed,
which
is
we
shouldn't,
see
messages
per
resources
in
aws,
either
showing
c
messages
best
on
an
execution
context
of
an
aws
or
a
regional
account
pair.
B
A
All
right,
some
good
work
here,
really
excited
to
have
this
feature
anything
else
on
mailer
support
mike
if
you're
listening.
Thank
you.
A
B
I
think
he
found
some
other
issues
and
it's
currently
not
passing
ci,
so
I
think
it's
a
whole
moment
and
still
in
drought
status,
yep.
A
Cool
all
right-
and
I
remember
this
one
as
well-
waff
off
two.
B
This
should
probably
be
good
to
go.
I
was
it
was
just
adding
additional
functionality
to
the
initial
contribution
around
last
v2
and
adding
in
the
mutation
for
associations
to
extend
resources,
but
yeah.
A
Yeah
and
those
were
the
ones
I
specifically
wanted
to
call
out
since
we
covered
a
bunch
of
these
two
weeks
ago,
and
we
just
kind
of
came
off
a
week's
worth
of
holiday.
Does
anybody
have
else
have
any
of
these
jumping
out
at
you
or
any
in
process
issues
or
bugs
or
pr's?
Let
me
just
look
at
issues
real,
quick.
B
Of
reviews-
that's
just
one
right
before
the
meeting
almost
just
the
effort.
The
original
subnet
public
capability
wanted
as
a
general
capability
but
subject
filter.
It's
not
fallen
pr
and
then
I
think,
there's
a
config
whole
rule
fix
as
well
yeah.
So
this
it
was
initially
contributed
as
a
gateway,
rocktable
checking
for
an
igw
against
fsx,
but
it
was
more
useful
to
add
that
capability,
generically
to
all
network
attached
resources,
so
that
was
done.
B
This
is
just
backfilling
the
last
part
of
that
pr
capability,
which
is
adding
in
the
fs
the
subnet
filter
for
fsx,
but
then,
looking
on
the
other
significant
one
is
7500,
which
is
config,
pull
roll
fix,
which
is
effectively
deleting
evaluations
for
resources
that
are
now
older,
excellent
darren.
I
don't
know
if
you
had
anything
else
on
this
one.
It
is.
B
It
looks
good
on
the
code.
The
only
challenge,
I
think
is
getting
one
of
the
tests
around
poll.
I
can
take
polls
to
to
pass
on
ci.
D
Yeah
I'll
have
my
team
member
take
a
look
at
it
and
get
that
test
passing.
Thank
you.
A
Okay,
gotcha:
let's
see
what
else
have
we
got
anything
jumping
out
here.
E
A
B
So
yeah
one
three
four
again:
well,
okay,
so
a
couple
things
here,
we've
gotten
a
lot
more
experience.
I
think
about
building
arm64
images
we
don't
actually
have
any
yet
as
part
of
the
stadium
build
process,
definitely
want
to
add
those.
I
think
the
concern
as
part
of
the
oh
well.
Let
me
give
you
this
pr.
So
what
does
this
pr
do?
So
this
pr
effectively
lets
you
configure
the
architecture
for
policy.
B
Lambda
functions
represents
a
decent
savings
on
total
end,
the
cost
for
a
custodian,
the
24
at
20
per
day.
I
think
the
question
here
is
is
the
way
custodian
typically
does
provisioning
is
that
it's
directly
uploading
the
packages
and
files
on
disk?
I
don't
believe
we
it's
unclear.
It
needs
to
be
just
valid,
that
we
don't
do
any
architecture-specific
files
in
that
context.
B
If
we
do,
then
we
probably
want
to
do
something.
That's
more
reflexive,
as
the
default
like
if
you're
uploading
from
arm
then
prison
arm
per
se,
but
yeah
outside
of
that,
I
think
that's
probably
the
only
concern
to
beat
for
me
is
just
making
sure
that
we're
not
accidentally
uploading
things
that
won't
work
in
that
environment.
B
Kind
of
nature,
at
the
moment
I
mean
the
considering
default,
is
to
effectively
upload
the
dependency
set.
A
B
Is
currently
specified,
we
have
a
couple
pr's
exam
as
far
as
print
making
it
into
a
layer,
so
the
actual
policy
functions
get
smaller,
so
I
want
to
try
to
you
know,
would
still
love
to
see
progress
on
those
as
well,
and
but
in
this
context
you
know,
if
we're
uploading,
the
full
dependency
set
from
the
local
disk.
What
we
have,
then
we
don't
necessarily
know,
but
we
just
need
to
validate
that.
So
if
anyone
can
is
willing
to
try
this
out,
that
can
give
feedback
on
pr.
E
C
D
Here
have
an
older
pr.
I
post
it
in
chat.
B
D
D
I
think
this
is
from
austin
from
capital
one
looking
at
the
bill
status.
I
believe
he
has
signed
it
like
using
his
current.
I
would
assume
current
github
username,
but
the
original.
B
Yeah,
so
this
is
a
longer
discussion.
I
appreciate
you
bringing
this
up
by
the
way.
This
is
a
good
topic.
I
want
to
extrapolate
into
a
whole
category
of
things
that
we
need
to
resolve,
and
that
is
effectively
when
we
did
that
the
transfer
to
cncf
in
you
know,
august
july,
2019
that
or
capital
one
did
then
effectively
we
switched
out
technically
it
wasn't
on
that
date.
B
I
think
we
did
a
few
more
pr's
for
for
maybe
a
month
or
two
with
the
old
cla
in
place,
but
effectively
with
that
switch
out
comes
with
a
new
cla
enforcement
in
cncf
itself
from
a
contributor
sign-off
perspective
can
support
either
developer
certificate,
origin
or
a
cli.
B
Unfortunately,
their
cli
setup
is
sub-optimal,
I
think,
is
probably
the
right
degree
of
phrasing
and
as
far
as
the
complexity
for
both
and
usability
and
and
ux
for
both
an
individual
as
well
as
for
an
organization,
I
think
I've
heard
from
the
numerous
times
about
it
and
at
the
same
time,
that
is
what
we
have.
I
think
the
the
real
question
to
raise
is
what
we
have
in
the
moment
to
rephrase
the
real
question
to
rephrase
is
we
have
a
lot.
B
A
B
B
B
A
lot
of
those
prs
are
people
that
may
not
no
longer
be
accent
in
our
community,
but
they
were
fully
authorized
at
the
time
of
the
transfer,
and
the
question
is
is
just
making
sure
that
that
transferred
from
days
without
doing
additional
sign-offs.
D
So
is
this
a
question
for
the
cncf
committee?
Yes,.
B
B
Effectively,
we
like
it,
because
this
issue
doesn't
apply
just
as
spr
yeah
we
have
like
adpr's.
Probably
this
applies
to
and
just
making
sure
that
we
get
that
we're
doing
the
right
thing
as
far
as
what
protections
and
assistants
are
afforded
by
cncf.
A
A
B
From
that
perspective,
it
actually
would
need
his
own
players
sign
off
at
the
time
as
well
would
be
a
problem
per
se.
But
okay.
A
A
Yeah,
that's
a
bummer
anything
else.
A
A
Yeah
awesome
all
right,
great
and,
as
usual,
the
notes
will
follow
up
here
shortly:
cheers
everyone.