►
From YouTube: Cloud Custodian Community Meeting 20221108
Description
Our community meeting is public and we encourage users and contributors of Cloud Custodian to attend! You can find the notes for this meeting on our github repo: https://github.com/orgs/cloud-custodian/discussions
To get an invite to the meeting join the google group and you'll receive one via email: https://groups.google.com/g/cloud-custodian
A
All
right
welcome
everybody.
The
date
is
November
8th
2022,
and
this
is
the
bi-weekly
Cloud
custodian
community
meeting
we
canceled
last
not
last
week
we
canceled
the
last
meeting
two
weeks
ago
due
to
kubecon,
and
we
could
talk
about
that
a
little
bit
if
people
are
interested,
so
we
we
have
four
weeks
worth
of
stuff
to
go
through.
A
A
You
can
also
do
it
during
the
meeting
itself,
depending
on
how
the
discussion
is
going
and
then
I
have
a
script
that
goes
through
the
pull
requests
that
have
been
coming
in
over
the
past
normally
two
weeks,
but
it's
going
to
be
four
weeks
this
time,
and
these
are
items
that
you'd
like
to
see
a
greater
discussion
in
the
community
like
during
this
call.
So
the
way
that
works
is
I
have
a
huge
list.
A
If
something
is
interesting
to
you
or
you
want
to
talk
about
or
you're
an
author
or
you're
waiting
for
a
review
or
something
stick,
a
colon
boom
there
and
that's
what
makes
makes
this
little
boom
mix
thing
here
in
the
rendered
notes
and
that's
what
we'll
after
we
get
the
agenda,
we
kind
of
do
a
little
PR
party
there
and
review
those
how's
everyone
feeling
today
in
a
good
mood.
A
Hopefully,
okay,
the
the
first
thing
I'd
like
to
address
is
we're
still
migrating
to
slack
so
far.
We
have
about
200
people
on
there
and
on
the
website
and
stuff.
We've
now
pointed
the
links
and
everything
to
point
people
for
to
Slack,
and
all
of
that
is
going
pretty
well
we're
getting
decent
activity.
However,
I
would
like
to
get
more
of
the
people
over
from
getter
over
actively.
So
if
you
have
friends
or
something
on
there,
you
see
activity
on
there.
A
If
you
can
encourage
them
to
join
the
slack
that'd,
be
fantastic,
we're
almost
done
with
the
archives,
so
we
have
a
bot
that
will
as
an
open
source
project.
We
can't
really
afford
the
paid
plan,
so
there
are
open
source
tools
out
there.
That
will
allow
us
to
maintain
a
history
and
Marco.
Chippy
is
working
on
that
and
we're
just
going
to
stick
those
on
the
website
as
a
full
text.
Searchable
archive
he's
got
it
all
working
he's,
just
unfamiliar
with
certain
aspects
of
npm
that
are
driving
him
crazy.
A
So
we
were
supposed
to
get
that
done
earlier,
but
he's
he's
saying
he's
making
good
progress
there
and
then
the
first
one.
The
first
item
that
someone
has
put
on
the
agenda
is
this:
one
AWS
security
group,
AD,
ALB,
Waf
V2,
enabled
filter
loses
this
all
right.
I'm
gonna
move
some
windows
around
here.
While
we
get
to
the.
B
B
Of
the
PRS
from
into
it,
although
I
have
oh
yeah,
I'm,
not
sure.
A
C
Yeah
I
put
it
up
for
discussion
because
I
had
commented
on
that
one
and
I
I
figured.
It
was
good
for
discussion
because
I
didn't
have
a
it
felt
like
it
was
a
really
specific.
It
was
answering
a
very
specific
question
and
I
wasn't
sure.
C
If
we
could
answer
a
more
general
question
like
if
there's
a
security
group
is
it
can
we
can,
we
try
to
have
some
way
to
filter
on
Security
Group
usage,
that
isn't
specifically,
let's
query
elbs
and
let's
look
at
if
there's
V2
enabled
on
them,
but
some
something
like
a
I
guess
adjacent
to
the
existing
existing
related
resource
filters
or
like
a
sub
policy.
I
couldn't
figure
out
how
to
do
it,
but
that's
why
it
seemed
like
a
good
discussion
for
a
community
meeting
or
a
more
focused
discussion
separately.
C
B
I
can
talk
about
it
a
little
bit,
I,
don't
know
if
Stephen
you
can
talk
more
about
it
too.
But
my
understanding
here
is
that
with
security
group
we
want
to
be
flexible
and
and
and
allow
let's
say,
quite
zero,
meaning
allow
like
0.0.0,
that's
zero.
B
This
is
pretty
much
for
the
use
days
of
us,
moving
away
from
I'll,
say,
doing
White
listing
based
off
IPS
at
the
security
group
level
and
more
at
the
web
level,
because
the
security
group
is
is
not
flexible
in
terms
of
hey,
things
are
more
static.
D
So
I
think
it's
it's
interesting
case.
Thank
you
for
for
giving
some
details
on
it.
I
I
do
Wonder
from
a
policy
expression
perspective.
If
we
broke
it
apart,
a
little
bit
more
like.
E
D
Security
group
filter
for
most
network
attached
resources
and
a
sub
map,
one
as
well
If.
Instead,
we
added
Ingress
egress
on
those
Security
Group
filters
that
would
allow
for
saying
what
does
this
resource
have
a
does
this
resource
using
a
security
group
that
has
a
zero
zero
X
zero
on
Ingress?
D
D
Give
decompose
it
so
that's
more
useful
for
other
use
cases
as
well.
C
You
could
do
that
at
the
ALB
resource.
I
I
was
going
to
suggest
something
like
that,
and
the
re
is
the
reason
where
I
think
I
think
that
is
a
really
useful
enhancement
to
the
security
group
filter
on
resources
anyway,
I
know:
we've
gotten
questions
similar
for
easy.
Two,
like
let's
find
easy,
two
instances
that
have
a
security
group
which
allows
Ingress
from
this
and,
like
that
sort
of
combo
filter
I,
think
that's
helpful.
C
What
I
think
it
wouldn't
cover
is
if
you
were
looking
for
security
groups
and
all
of
the
albs
that
it
was
attached
to
like
had
webs
enabled,
but
then
that
security
group
was
also
being
used
with
an
ec2
instance
directly
or
something,
and
it
seems
like
that's
the
case
that
they'd
want
to
catch
from
the
security
group
level
rather
than
being
able
to
handle
it
all
from
the
ALB
side.
Yeah.
C
C
F
So
here's
another
thought:
why
does
it?
Why
does
it
matter
if
the
security
group
has
0.0.0?
F
Well,
let
me
rephrase
this
so
if
you
have
an
internet
facing
ALB,
don't
you
just
require
that
it
have
the
weft,
or
are
you
only
requiring
the
weft
if
it's
0.0.0.0,
because
we
have
a
similar
use
case
and
we're
just
thinking
the
tact
of
you
simply
put
the
wife
rule
on
it
regardless
and
that
way
I
don't
care?
What's
inside
your
Security
Group,
because
we
know
we've
got
the
web.
G
Yeah
I
think
you
summarize
the
use
case
correctly
Darren
like
basically,
if
something
is
opened
up.
G
And
for
albs
we
want
to
make
sure
that
it's
using
this
whack
V2
yeah.
D
So
then
you
could
be
like
is
or
is,
do
I
have
any
C2
instance
as
zero
wax
zero
and
also
public
facing,
because
some
of
the
network
potential
researchers
are
just
don't
don't
have
the
public
facing
endpoint.
D
D
Effectively,
you
would
be
flagging
resources
that
are
using
bad
security
groups
or
bad
security
groups,
so
to
speak
as
opposed
to
plugging
the
security
groups
which
are
being
used
by
bad
things.
There
is
a
way
for
us
to
generically
dereference.
D
G
So
we're
seeing
that
it's
okay
for
a
security
group
to
have
quad
zero.
As
long
as
you
know
we're
talking
about
albs
that
have
that
a
specific
V2
WAFF
attachment
so.
C
F
D
One
other
thought
is:
if
you
ensure
that
all
public-facing
aobs
have
a
lab,
then
you
effectively
at
that
point
we
could
potentially
have
a
generic
filter
here.
That
is
what
resource
types
is.
The
security
group
a
lot
like
flag,
a
security
group
based
on
which
resource
types
are
attached
to
it
that
decomposes
the
problem
a
little
bit
better
and
makes
it
a
little
bit
more
useful.
So
I
could
be
like
hey
anything
with
0x0
I
only
want
ALB
and
I,
don't
know
ecq
to
have
it.
D
Let's
say
or,
and
at
that
point
we're,
it
would
look
a
little
different
effectively.
We
would
describe
all
the
emis
that
have
a
particular
Security
Group
and
you
could
do
the
Ingress
Ultra
on
0x0
we'd
find
all
these
two
all
the
Enis
that
are
attached,
that
the
security
groups
attached
to.
We
would
Parks
out
there
just
their
description
to
map
them
back
to
Resource
types,
and
then
the
filter
works
best
by
well
I,
just
specify
which
resource
types
you
want
to
allow
to
use
this.
C
We
just
merged
a
PR
from
narjito
recently
that
adds
an
interface
type
annotation
from
the
used
filter
on
security
groups,
so
interface.
D
Type
is
relatively
new:
I,
don't
know
that
I
know
this
is
relatively
in
the
last
year
or
so
I
know
it
does
get
to
it.
I
don't
know
how
well
it's
adhered
to
before
what
I've
had
to
like.
Do
this
type
of
analysis,
like
particularly
for
flow
logs,
a
raw
flow
log
analysis
that
we'd
have
to
like
it
was
like
this
weird
description
of
or
like
for
everything.
It's
actually
any
custodian
in
this
I'll
find
a
link,
I'll
drop
it
in,
but
you're
right.
C
D
Like
I
have
an
attack
for
DPC
attached
terraform
lambdas
to
do,
tear
down
which
uses
interface
type
so
like
there's
definitely
services
that
are
using
it
pretty
regularly.
But
it's
unclear
if
it's
being
universally
adopted
I
guess
we
could
check
on
that.
But
that
feels
like
a
better
pass
for
than
trying
to
do
the
triple
logic
or
do
the
multi-hop
inside
of
a
single
filter.
C
At
least
drop
a
comment
on
that
I
shouldn't
want
to
take
the
whole,
but
thanks
this
is.
This
is
helpful.
Stuff
I'll
have
to
come
back
to
this
I.
B
C
C
B
C
Yeah
I'm
gonna
log
and
feel
free
Darren
Steven.
If
anybody
jump
in
if
I
misrepresent
what
you're
saying
on
this
meeting,
I
don't
want
to
derail.
But
but
it
seems
like
a
sensible
thing
and
a
good
discussion
to
have.
B
G
A
Okay,
moving
on
while
you,
while
you
type
because
we've
got
a
bunch
bunch
to
go
through
here,
Patricia
found
some
cash
error.
Yeah.
E
Yeah
this
one
showed
up
in
one
of
our
accounts
that
had
like
hundred
thousand
plus
resources,
so
I'm
not
sure
if
this
is
something
we
should
look
at,
but
we
are
trying
to
figure
out
if
we
can
get
this
resolved
by
doing
some
cleanups
with
cash
disabled.
E
Yeah
decrease
back
should
be
on
the
issue
related
to
AJ's
PR
on
caching.
The
bucket
location
I
think
that
definitely
has
performance
enhancements
on
on
long
run,
policies
with
regards
to
S3.
C
Yeah
Kapil
had
a
suggestion,
a
much
simpler
suggestion,
as
he
often
does,
and
I
love
that,
instead
of
going
through
caching
gymnastics
to
try
to
share
a
worker
State
across
c7n
workers-
and
we
might
just
let
folks
specify
an
output
bucket
region.
So
we
don't
have
to
look
it
up
in
the
first
place.
So
if.
C
Reasonable
thing
to
you,
then
we
can
say
all
right:
let's,
let's
not
do
this
other
stuff
I,
think
if
there's
any
risk
to
that.
Instead
of
people
don't
specify
it,
it
might
not
be
like
you
can
run
into
those
weird
issues
at
scale
and
it
might
not
be
obvious
how
to
get
out
of
them,
but
but
having
that
as
an
option
would
help
you
and
Christian
as
well.
E
C
Hey
thanks
for
commenting
and
including
the
timing
numbers
that's
helpful
for
that
sort
of
the
large
scale.
C
A
Two
for
two:
so
let's
try
to
get
one.
That's
not
yours!
C7
and
left
I
asked
John
to
join,
but
he
was
not
able
to
make
it
sunny.
Were
you
able
to
make
it
sorry?
I
can't
see
my
screen
very
well.
Yeah.
H
I'm
here,
yeah
yeah,
so
the
C7
left
stuff
big,
shout
out
to
John
Wayne
and
Kapil
I've
been
working
on
that,
but
basically
the
initial
cut
on
some
useful
functionality
around
doing
policies
against
your
infrastructure,
as
code
specifically
terraform
here
has
been
released,
so
you
should
be
able
to
pip
install
C7
unlocked
right
now.
It
does
require
python
310
or,
above
mostly
for
I,
think
the
TF
parcel
wheel,
I
think
we're
only
publishing
in
310.
H
H
H
It
also
will
show
the
description
of
the
policy
I
think
this
readme
is
a
little
bit
out
of
date,
and
then
we
also
have
a
demo
from
the
kubecon
presentation
that
we
did
as
well
as
from
the
governances
code
Day
stuff,
that
that
could
feel
good.
A
H
Yeah,
so
this
is
more
so
like
this
is
a
static
analysis
of
the
actual
terraform
code
itself,
as
well
as
the
modules,
if
I
recall
correctly,
the
TF
parse
module
basically
does
all
the
stuff,
in
the
background
to
pull
down
your
stuff
pull
down
your
modules
thanks.
A
Great
thanks,
tencent,
Cloud,
Kapil
I
think
that
work
is
just
continually
being
merged.
Anything
of
consequence,
I,
don't
think
so.
E
A
Awesome-
and
this
brings
us
up
for
a
release
Sonny,
we
we
had
said
that
we're
going
to
try
to
the
second
Tuesday
of
every
month
and
that's
next
Tuesday,
and
but
we
also
did
a
release
during
kubecon,
as
we
were
trying
to
get
all
that
stuff
landed.
So
where,
where
are
we
standing
at
right?
Now?.
H
Yeah
I
think
there's
there's
a
few
things
or
if
there's
a
regression
that
came
up
that
was
fixed
around
like
date,
time
Json,
output,
stuff,
so
that's
gone
in.
Maybe
we
want
to
take
a
look
at
the
caching
and
the
S3
output
stuff.
We
want
to
get
that
in
before
the
next
release.
H
A
Okay,
did
we
Taryn?
Did
we
get
that
bottle
thing
that
you
had
pointed.
B
A
Yeah
I
wanted
to
make
sure
we
get
that
because
we're
a
kubecon
when
you're
asking
about
it
and
I
was
like.
Oh
all,
right.
Anything
else,
release
related
all
right,
cool,
good
luck.
Next
week,
then
Sonny
all
right,
any
other
items
before
we
get
on
to
PRS
or
any
other
announcements
or
major
deals.
Anyone
have
anything
on
fire
or
something
that
they've
been
that
they
need
help
with
All
Right
Moving
On.
B
Too
easy
to
resource
type
I
believe
Sony
already
did
an
initial
review,
but
it
was
a
little
bit
unclear
to
us
on
the
direction
you
wanted
us
to
update
or
fix
it.
So
hopefully
you
can
yeah.
H
H
Yeah,
unfortunately,
I
had
written
a
comment
and
then
accidentally
refreshed
and
lost
all
of
my
stuff
and
then,
after
that,
without
sick
for
a
week,
so
yeah
the
basic
gist
here,
is
that
one
I
think
we
want
this
on.
The
I
am
profile
Resource
as
well
and
there's
an
existing
class.
So
we
could
subclass
for
that
to
basically
make
it
so
we're
not
really
adding
too
much
code
here
and
then
based
off
of
that,
you
could
subclass
that
for
the
ec2
filter
as
well,
yeah
I.
B
Figured
that's
what
you
wanted
to
do
so
I
actually
have
some
co-written
up
that
that
I
think
that's
what
you
are
asking
for
too.
So
we
should
be
able
to
get
this
PR
updated
funny
quickly.
Then,
okay,
yeah.
G
All
right,
yep
makes
sense
a
quick
question
on
that
one
so
Darren
do
we
do
we
kind
of
want
to
call
out
the
general
direction
that
we
want
to
go
with
this
like?
Basically,
we
want
to
add
an
action
to
this
as
well.
Right
now
the
filter
is
supporting.
B
Our
resources,
yeah
yeah,
I,
think
that's
what
discussing
that
here
too.
So
this
I
would
say
just
the
first
part
of
what
we
want
to
do,
which
is
to
detect
if
an
ec2
has
a
managed
policy
or
not,
and
then
after
that,
it
would
detect
that
it
doesn't.
We
need
to
take
some
action
mainly
here.
We
want
to
then
attach
that
manage
policy
to
it.
B
So
that's
the
action
that
we
need
to
do
so
it's
given.
What
is
the
exact
question
you
want
to
do
with
respect
to
that
I
think
it's
the
question
that
do
we
want
to
have
an
action
that
is
smart
and
know
that
oh
okay,
this
this
ec2,
doesn't
have
an
IMR
profile,
I'll
go
ahead
and
create
it
or
it
has
in
my
profile,
but
it
doesn't
have
any
associate
who
bro
yeah,
yeah,
okay,
that
row
and
then
I'll
attach
the
the
or
managed
policy
to
it.
G
Right,
yeah
yeah.
Ultimately
we
we
care
about.
You
know
a
specific
policy
being
attached
to
an
instance
profile
of
an
ec2
instance,
but
in
the
action
we
were,
we
wanted
to
go
the
route
of
having
a
default
instance
profile
or
a
default
role.
If
none
exists
and
that
would
be
included
in
the
you
know,
set
policy
action,
basically,
so
basically
yeah
we
wanted
to
have
it
smart
enough
to
be
able
to
handle.
You
know
the
use
cases
of
what
happens
when
there's
no
role
and
there's
no
instance
profile.
G
G
So
it
does,
but
it
needs
to
be
added
in
the
context
of
setting
the
policy
so
like.
If
you
are
allowing
people
to
have
their
own
instance
profile,
we
still
want
to
be
able
to
check
if
there
is
say
a
policy
attached
to
that
role.
That's
attached
to
the
instance
profile.
If
there
is
no
profile,
then
in
that
same
action,
we'd
like
to
be
able
to
add
it
by
having
a
default
instance
profile.
F
G
C
F
Ec2S
that
have
no
instance
profile
into
our
default
and
then
I
had
a
second
one
that
just
looks
for
ec2
in
the
assumed
role,
trust
policy
and
attaches
and
managed
policy,
whether
you
want
it
or
not.
Even
if
it's
not
being
used
I,
don't
care
if
there's
a
there's,
a
role
with
ec2
in
the
trust
policy.
We
we
attach
our
managed
policy.
C
D
To
this
incentive,
because
it's
really
really
doing
the
action
on
the
role
so
being
able
to
filter
the
role
based
on
either
cross
policy
potentially
add
another
filter
for
having
an
instance
profile
feels
like
the
right
way
to
do
the
mandatory
attachment
of
the
policy
for
things.
Their
title
needs
to
do.
Foreign.
F
D
Just
so,
we
can
even
Target
a
little
bit
more
narrowly
if
we
want
to
add
code
for
it.
We
could
do
some
form
of
easy
to
roll
with
a
filter
for
has
an
Essence
profile
to
be
more
explicit
beyond
the
trust
document.
Although
the
trust
document
is
viable
and
works,
but
if
you
wanted
to
have
an
additional
layer.
F
F
G
Right
there
may
be
some
gaps
in
that
we
can
take
it
back
and
look
at
it.
I
think
what
we
wanted
to
do
is
also
be
able
to
default
to
a
specific
role
when
no
role
exists,
which
would
also
be
part
of
the
action
so
like.
D
F
B
F
B
So
it
sounds
like
the
recommendation
is,
is
not
to
have
that
one
Uber
action
that
can
do
all
those
things
that
just
fit
into
different
actions
and
different
policies.
D
G
We
also
had
a
requirement
on
the
to
report
it
on
the
config
side,
something
I'm
not
sure
how
applicable
this
is,
but
we
noticed
that
I
am
instance
profile
is
not
it's
not
a
supported,
config
resource.
G
So
we
right
now
we're
reporting
from
the
ec2
side
we're
saying:
hey,
here's
all
your
ec2
instances
that
have
you
know
an
issue
type
thing
and
there
wasn't
an
easy
way
for
us
to
determine
how
do
we?
How
do
we
report
that
you
know
differently
so.
F
I
think
we
had
a
custom
config
rule
AWS
Professional
Services
originally
gave
us
a
config
rule
for
this
and
I
think
it
was
a
custom
one
and
what
I
found
is
it's
kind
of
random
when
it
worked
or
not
and
how
long
it
took
for
it
to
work,
which
is
why
I
ditched
it
but
I
suppose
if
you're
not
using
it
as
remediation,
if
you're
just
using
it
for
reporting,
then
you
don't
care
so
much.
I
might
be
able
to
dig
that
up
for
you.
D
I
mean
you're,
the
I
am
like
you
could
do
it
on
the
iron
roll
per
se,
as
well
like,
which
is
directly
that
we
supported.
So
you.
E
C
D
F
G
Yeah,
the
problem
is
you
just
want
to
show
the
roles
where
that
have
ec2
trust
policies
and
I?
Don't
think
query
right
now
is
supported.
I
think
we
actually
have
a
PR
out
for
that,
but
we
want
to
just
have
a
sub
if
we
were
just
to
report
the
roles
and
just
be
like
here's
all
the
roles
that
you
know
are
related
to.
You
can't.
D
Do
that
right,
you
can't
do
that
right
now,
like
if
you
had
a
custodian
policy
that
just
says
that's
in
configurable
mode,
sorry,
config,
yeah,
configurable
mode
and
just
says:
Hey
doesn't
have
a
trust
policies.
First,
two:
okay!
Then
it
flags
for
this
configurable
and
then
you
can
look
at
that
directly
in
the
big
hole.
Ui.
Sorry
to
take
you
on.
D
G
D
G
I
believe
so
yeah
you
need
to
be
able
to
report
yeah.
Basically,
we
need
right
now
we're
reporting
from
the
ec2
side.
We
need
to
be
able
to
report
this
somehow
to
say
like
hey.
These
are
the
incense
profiles
that
have
an
issue
instance.
Profile
is
not
supported
by
config,
so
then
I
guess
we
would
have
to
do
it
from
the
roll
side
and
then
yeah.
We
would
need
to
basically
be
talking
about
the
subset
of
rules,
the
ones
that
you
know
are
able
to
to
have
that
trust
policy
with
ec2
and
right
now.
G
That
would
probably
have
to
be
done
by
query,
which
is
not
supported
by
config
poll
rule
at
the
moment.
I
believe.
D
Sorry
bye,
well,
hey
you
don't
have
to
do
config
call
mode,
because
that,
because
you're
doing
an
IM
role
in
an
IM
role,
natively
supports
this,
and
the
trust
document
is
the
cross
documents
that
should
be
in
the
constignative
description.
So
foreign.
G
So
pretty
much
all
of
our
configurals
use,
config
poll
rule.
We
just
have
a
requirement
for
a
daily
check
on
that,
instead
of
using
kind
of
like
I
guess,
the
native
like
mode
type,
we're
using
that
for
all
our
all
of
our
config
reporting
policies.
D
D
Yeah
I
mean
you
could,
if
you
want
to
do
a
complete
call
rule
mode
you
could
like
it
doesn't
put
the
string
on
the
emerald
and
I
mean
it
works
the
same
way
per
se.
D
We're
not
it's
a
big
pull
rule
mode,
we're
not
querying
from
config,
because
config
config,
Paul
rule
mode
is
effectively
for
resources.
They
can
pick,
doesn't
support,
so
it
hasn't
no
actual
like
it
doesn't
use
config
at
all,
except
to
report
results.
G
G
Yeah,
so
this
one
I
believe
it's
pretty
straightforward.
We've
added
this
for
some
of
the
other
ones,
added
this
to
elasticsearch,
most
recently,
we're
just
trying
to
add
it
to
EFS.
G
I
think
Sunny
check
this
one
out
for
elasticsearch
and
before
that
I
think
we
added
it
to
sqs
AJ
I
think
you
had
to
look
at
that.
One.
H
G
H
G
B
I
believe
this
one
Kawaii
originally
did
it
as
as
the
new
resource
type
I,
believe
and
Kapil
has
given
the
feedback
that
it
should
really
be
a
filter
of
the
account
resource
type
so
because
I
has
went
ahead
and
updated
to
to
do
that
so
Kapil.
If
you
can
take
a
look
at
it
again,
great.
A
A
After
kubecon
Kapil
had
to
physically
move
like
his
house,
so
any
help
getting
emerges
in
and
reviews
would
be
appreciated.
A
B
B
A
B
Yeah
this
one's
for
me
a
while
ago,
I
think
I
brought
about
brought
it
up
last
time,
I
think
last
month
or
so
yeah
just
need
someone
to
review
it.
A
A
Do
we
I
guess
I
I
missed
the
question
of
the
group?
Should
we
be
having
a
discussion
on
having
people
merge
their
own
PRS,
or
would
you
like
if
we
verbally
in
this
meeting,
say,
go
ahead
and
do
it?
Is
that
something
you
want
to
see
or
do
you
want
to
do?
We
want
to
continue
to.
C
B
A
G
G
Was
actually
a
comment
from
someone
on
our
team
recently
on
this
Caden
who
submitted
Waf
stuff
for
cloudfront
and
ALB,
as
well
as
appsync.
A
And
then
this
one
looks
like
it
was
merged
to
fix
issue
dumping.
For
me,
wait
all
right.
I
was
just
saying
if
it
got
merged
since
I
opened
the
tab.
Okay,
that
gives
us
a
few
more
odd.
Doc's
work
is
ongoing.
Tldr
I
fixed
the
edit
button.
So
if
you
see
stuff
on
the
website
that
you
want
fixed,
we
make
it
really
easy
to
just
click
edit
and
that
will
Auto
fork
for
you
fix
Pi
version.
Oh
I,
don't
think
we
care
about
this.
F
D
I
think
I've
needed
that,
but
also
I
think
this
is
a
super
cool
functionality.
I
want
to
say
thanks
for
working
on
it.
C
Yeah
Mike
I
think
we
had
talked
a
little
bit
about
that
one
about
possibly
trying
to
use
could
because
we
sort
of
have
support
for
deprecating
features
and
I.
Think
you,
you
said
that
you
had
taken
a
look
at
that
and
said
all
right.
We
don't
really
have
that
in
practice.
Not
sure
I
want
a
guinea
pig
that
yeah.
C
Okay,
but
oh
you
did
you
did
make
that
change.
Oh
okay,
cool.
D
Yeah,
like
you,
don't
really
have
to
make
it
work,
you
can
you
can
testing
if
you
want
to
test
it,
you
don't
doesn't
need
a
unit
tests,
but
you
can
have
a
policy
with
the
old
filter
and
then
run
validate
on
it,
and
it
should
show
a
deportation
warning.
C
F
Another
bug
invalidate
to
fix
I
told
AJ
about
it.
I'll
do
that
there's
there's
a
nested
yaml
anchor
problem
with
with
it
that
I'll
fix
and
push
that.
A
E
Yeah,
that
was
me-
this
is
just
open
for
reveal,
but
it's
a
big
change,
so
no
rush
on
this
one,
but
I
just
want
to
make
sure
we
get
this
right.
E
The
other
fear
that
I
had
Sunny
went
ahead
and
approved
it
yesterday.
So.
H
The
graviton
one
overall
looked
fine
to
me:
I
just
don't
have
an
arm
64.
machine
to
test
on
so.
A
A
G
B
Session,
you
need
to
mark
that
out,
so
we
have
updated
the
code
to
mark
that
out.
A
D
Mean
this
one's
pretty
straightforward,
I,
don't
know
if
it
also
wants
to
take
a
look
like
it's
I
can
go
ahead
and
create,
like
everything
is
just
I.
C
Just
gonna
update
it
and
approve
it
through.
You
just
did
cool
nice.
A
A
All
right
and
with
that
recordings
and
notes
will
be
published
out
either
later
today
or
first
thing
tomorrow,
thanks
everyone
and
have
a
good
day
appreciate
you
showing
up,
see
y'all
next
time,
cheers.