►
From YouTube: Cloud Custodian Community Meeting 20230307
Description
Our community meeting is public and we encourage users and contributors of Cloud Custodian to attend! You can find the notes for this meeting on our github repo: https://github.com/orgs/cloud-custodian/discussions
Check out our Slack for more info! http://slack.cloudcustodian.io
A
All
right
welcome
everybody,
it
is
March
7
2023,
and
this
is
the
bi-weekly
custodian
community
meeting
I'll
be
your
host
today.
Please
remember
that
we
are
under
the
cncf
code
of
conduct,
so
that's
in
effect
and
please
be
excellent
to
each
other.
Also,
please
remember
that
we
do
record
these
meetings
and
put
them
up
on
YouTube
for
the
community
to
be
able
to
look
up
stuff
with
that
I've
put
the
link
to
the
notes
in
chat
and
I'll
go
ahead
and
share
it.
A
A
Today,
we're
Kapil
has
some
release
updates
and
he
has
so
many
that
we're
going
to
do
a
bunch
that
are
important
to
probably
a
lot
of
people
and
then
we're
gonna.
Do
the
pull
requests
and
things
like
that
and
then
afterwards
go
through
the
minutia
of
the
release
stuff
that
some
people
might
not
be
interested
in.
So
we'll
do
that
tips
and
tricks,
sections
and
discussions
AJ!
You
did
this.
You
want
to
give
everyone
a
quick
sure
idea
on
how
you
ended
up
with
this
yeah.
B
This
was
based
on
some
some
earlier
community
meeting
talks
and
some
discussion
in
the
slack
and
the
slack
Community
about
trying
to
pull
out
some
some
usage
patterns
that
people
find
helpful,
but
that
are
a
little
bit
more
Niche
than
would
than
would
justify
an
inclusion
in
the
docs.
So
I
I
sort
of
seated
the
thread
with
a
couple
discussions
about
just
lesser
used
things
that
I
do
like
looking
at
the
inspecting
the
custodian
cash
or
trying
to
test
policies
by
running
against
local
stack,
but
in
general
I
guess.
B
The
call
to
the
community
is,
if
there's
something
that
you
do,
that's
not
in
the
documentation,
maybe
a
way
that
custodian
combines
usefully
with
another
tool
or
something
like
that.
James
path,
expression,
specific
specific
policy,
authoring
tips
that
you
think
are
handy,
we
can
put
them
in
here
feel
free
to
start
threads
there
and
and
just
kind
of
share
the
knowledge.
If
something
is
generally
useful
enough,
it's
always
possible
for
us
to
promote
something
from
a
tips
and
tricks
section
into
an
actual
docs
page.
B
B
Actually,
that
is
a
good
call
back
to
some
workshops
that
we
that
we
used
to
run.
We
did
stuff
like
that,
where
we
would
have
a
set
of
a
set
of
terraform
templates
that
we're
also
pointing
at
local
stack
provisioned.
Some
resources
run
custodian
them
against
them,
and
it
would
all
it
would
all
operate
against
local
stack.
That
might
be
worth
Reviving
good
call,
yeah.
B
B
Yeah
that
that's
good
well
and
that's
actually
a
good
call,
while
we're
looking
for
links
to
follow
up
with
Community
folks.
If
anyone
goes
to
look
at
the
tips
and
tricks
discussion
and
they
think
oh
well,
this
is
kind
of
cool,
but
it
would
be
way
better.
If,
then,
that's
an
excellent
reply,
yeah
so
yeah
for
the
local
stack
thing,
adding
terraform
support
or
getting
rid
of
a
plug-in
dependency
would
be
neat.
C
D
B
B
B
A
C
You
know
the
easiest
thing
to
do
is
accumulate
corrupt
over
time
in
any
software
project
and
our
release
engineering
stuff
had
accumulated
a
bunch
of
it.
This
is
a
really
boring
topic.
I
want
to
also
preface
that,
like
it
doesn't
it
shouldn't
affect
anyone
on
a
day-to-day
it
should
it
will
affect
contributors
and
I'll,
try
to
call
those
out.
C
So
we
had
we
for
a
while
have
been
carrying
around
like
python,
poetry,
setup
tools,
requirements.txt
files,
all
that's
going
to
go
and
we
had
like
multiple
ways
of
installing.
We
still
were
carrying
a
bunch
of
talks,
Legacy
stuff,
that
you
know
we
weren't
actually
using,
but
we
were
trying
not
to
break
existing
workflows
like
we,
we
prized
compatibility,
so
we
accumulated
additional
layers
of
compatibility,
let's
say,
but
that
there's
you
had
a
certain
point:
complexity
and
you're
like
we
gotta,
simplify
this
and
so
right.
Now
that's
a
couple
different
things.
C
C
In
the
process,
we
added
a
new
plugin
to
the
GitHub
org
as
a
repository
python,
sorry,
poetry,
plug-in
freeze,
which
preserves
our
existing
semantics
as
far
as
having
repeatable
installs
on
the
application,
as
well
as
operating
well
in
a
mono
repo.
It's
independently
usable
of
custodian
for
those
that
are
interested
in
it,
and
the
read
me
on
that.
Repo
explains
why
it
might
be
useful,
as
also
part
of
preserving
our
we.
We
there
was
also
a
revamp
on
all
of
these
CI
infrastructure.
C
I
will
chart
to
an
overall
theme
on
this
as
a
simplification
and
speed
is
generally
like
we're.
Looking
I
got
pre-informed
that
there
might
be
a
bunch
of
incoming
pull
requests
from
an
organization.
That's
been
waiting
attribute
back,
so
there
there
could
be
some
volume
so
just
trying
to
get
prepped
around
that,
and
this
is
that
would
be
across
multiple
providers.
C
The
the
other
part
of
that
was
also
simpling
to
make
is
set
up,
so
it's
not
just
making
subtle
make
tests
like
things
you
would
expect
if
you
have
a
makethal
sort
of
just
work
out
of
the
box,
and
one
of
the
consequences
of
that
is
also
trying
to
preserve
are
our
image.
Sorry,
our
CI
resources.
We
get
about
20,
concurrent
at
a
GitHub.
We
only
get
to
spin
up.
We
spent
up
about
seven
per
pull,
request
and
I
think
about
12
per
merch
domain.
C
C
Do
we
go
find
some
additional
compute
and
there's
different
places
that
optimize
for
different
experiences,
both
on
multi-arch
Docker
image,
builds
and
depot.dev
or
or
we
can
use
other
tools
that
allow
us
to
run
CI
in
our
own
compute,
but
still
hooked
up
to
GitHub
actions.
Nothing's
decided
on
that
front.
I
think
we're
going
to
continue
to
run
with
what
we've
got
for
now.
C
Just
try
to
figure
out
how
to
decrease
the
pain
points,
but
we
were
dealing
with
worker
exhaustion
issues,
partly
because
the
cross,
Arch
Docker,
builds
and
get
up
actions
are
dog
slow
and
to
resolve
that,
instead
of
trying
to
build
a
separate
Dev
image
on
every
commit
to
main
we're
now
going
to
get
moves
just
doing
which
was
building
out
the
day
of
Alias.
We're
now
just
going
to
move
that
to
a
nightly
that
allows
us
to.
C
You
know,
merge
relatively
fast
onto
Master
without
you
know,
causing
multi-hour
backups
or
failed
jobs
so
and
that,
of
course,
those
those
emerges
to
master
are
also
competing
for
resources
across
the
entire
org
of
GitHub
repos
there.
So
it
also
affected
other
PRS
against
custodian
yeah.
That's
kind
of
about
it
I
feel
like
this
is
a
wanting
topic
down
down
down
around
the
goo,
that
that
is
key
in
crucial
referral
projects,
but
isn't
really
relevant
for
for
most
so
I'll
take
a
pause
there
thanks.
C
B
A
B
B
Looks
legit
too,
it
looked
fine
to
me
we're
just
trying
to
figure
out
the
just
make
sure
we're
covering
the
the
edge
cases
of
this
one
in
a
in
a
way
that
is
that
makes
sense,
and
in
this
case
that's
topics
subscriptions
that
are
that
are
going
cross
account
just
trying
to
feel
just
think
out.
This
has
gone
from
more
of
an
unused
filter
to
kind
of
a
related
resource
topic.
C
B
All
right,
cool,
yeah,
I
I,
think
I
had
some
sort
of
discussion
with
with
enough
about
that.
So
maybe
we'll
look
to
help
get
a
unit
test
in
there
and
then
for
the
case
where
we
want
to
just
focus
on
subscriptions
that
are
pointing
to
topics
on
the
same
account.
We
could
just
add
another
filter
and
use
that
as
an
example
policy,
then
so
it's
so
it's
being
really
explicit
yeah.
That
seems
very
simple.
Then.
C
Yeah,
oh
actually,
sorry
one
thing:
I
I
got
in
my
little.
If
anyone
else
wants
to
come
on
this
issue
on
the
the
release
engineering,
so
we
currently
be
doing
AWS
release
testing
in
corporate
account,
but
we're
trying
to
we
just
got
thanks
to
efforts
of
George.
We
now
have
a
cncf
AWS
account
and
we're
going
to
be
doing
the
functional
tests
there
and
also
running
them
out
of
GitHub
action
so
that
they
are
fully
transparent
to
the
community.
So.
B
F
C
C
I
think
it
makes
sense
for
particular
use
cases.
I
mostly
just
had
a
question
about
like
the
double
negative
logic
inside
of
it.
I
also
want
to
double
check
that
we
are
primarily
using
underscores
in
that
provider
for
configuration,
options
versus
doing
a
hyphen,
and
also
can
we
serve.
Can
we
shorten
that
name
or
that
configuration
value,
because
it
feels
like
super
long
like
do
we
need
the
rule?
No
probably
not
include
Azure.
Services
is
probably
enough,
but
yeah
I
mean
the
overall
on
it.
C
B
Well,
the
thing
is
that
I
I
have
been
trying
to
be
upfront
in
that
thread
that
I
do
not
use
Azure
regularly,
so
I
have
AWS
instincts
and
I'm
speaking
like
Azure
was
a
with
an
AWS
accent,
but
yeah
I
could
see
shortening
that
option
to
like
skip
bypass
rules
false
or
something
where
maybe
it
defaults
to
true,
because
we
have
the
docs
that
call
this
out.
The
whole
idea
is
that
they
use
some
of
the
Azure
Services.
Have
this
this
special
firewall
bypass
option
and
then
the
ones
the
the
database
ones?
B
B
D
C
In
this
context,
on
things
that
are
hosted
in
Azure,
I'm
gonna
set
magic
ID
like,
but
the
logic
on
it
seems
the
reason
why
you
want.
It
is
relatively
clear
for
particular
standards
groups,
yep
I,
think
it's
just
like
the
spelling
and
there's
a
weird
like
it
ends
up
being
like
not
against
the
value
with
the
default.
That
falls
to
like
it
like
that.
That
was
more
it's
more.
B
Yeah
I
mean
the
only
other
thing
that
I
was
thinking
about
suggesting
on.
That
thread
was
like,
if
you
put,
that,
doesn't
really
make
sense.
I
was
thinking
if
you,
if
you
put
that
range
in
that
magic
range
in,
is
something
that
you
were
trying
to
filter
on.
Then
it
would
just
kind
of
like
silently
enable
that,
but
that
it
would
stop
hiding
it
on
the
back
end
from
the
filter
logic.
B
But
that's
I,
don't
think
that
covers
all
cases
and
the
double
negative,
I
guess
kind
of
shows
that
yeah
there's
probably
a
better
way.
That's
why
I
was
trying
to
put
some
sample
policies
in
like.
Is
this
the
kind
of
thing
we're
trying
to
do
so
we
can
make
sure
we're
actually
solving
it,
but
okay
needs
a
little
bit
more
work,
but
it's
like
you
said
the
the
motivation
makes
sense.
B
B
A
B
We
had
now
in
braces
and,
and
it
was
replacing
it
with
a
with
the
policy
runtime,
but
we're
doing
a
pass-through
of
the
variable
type
now
so,
if
we
say
just
braces
now,
it
goes
and
and
fills
in
not
the
date
string,
but
an
actual
date
object
and
then,
when
you
go
to
do
tag,
tag
is
trying
to
do
another
interpolation
path
and
it
tries
to
do
like
a
string
format
on
this
thing.
That's
the
date
objects,
and
it
goes
this
it's
not
well.
Maybe
we
should
consider
a
release
block
group.
This.
B
Yeah
I
think
this
is
something
that
has
been
I,
gotta
look
and
see.
I
saw
it
looks
like
it
would
have
started
around
whenever
those
both
of
those
PRS
went
live
but
as
far
as
ways
to
avoid
it,
we
could
have.
When
we
interpolate.
Now
we
can
have
that
explicitly
produce
like
an
isoformat
string
or
something
but
I,
don't
think
that
works,
because
people
need
to
do
some
kind
of
munching
on
the.
C
B
Yeah,
that
seems
fair
as
far
as
the
way
to
fix
it.
I
I'm.
It
seems
like
special
casing
now
and
making
sure
that
we
produce
a
string.
It
seems
like
the
most
straightforward
fix.
I
just
don't
know
if
that's,
if
that's
like
a
flawed
assumption,
if
I'm
missing
something
there
Kapil
or
anyone
else
on
the
call
might
have
some
instincts
about
the
way
that's
used.
C
B
B
B
There
we
go
okay,
yeah,
it's
like
a
specific
combination
like
you
needed
a
couple,
different
PRS
to
be
merged,
and
you
needed
to
be
used
in
now,
and
you
needed
to
be
using
the
tag
action.
So
it's
like
a
it's
a
Confluence
of
factors
that
may
just
go
up.
I
mean
still
valid
case,
though
I
mean.
Obviously
it
is.
It
is
a
bug.
E
C
Yeah
I
mean
we
do
monthly,
and
generally
we
try
to
aim
for
the
first
half
of
the
month.
Sometimes
we
fall
onto
the
third
week.
It's
just
an
thing.
There's
a
couple
PR's
up
that
increment
the
versions
and
like
do
some
of
the
pre-work
and
upgrade
the
dependencies,
and
all
that,
like
I,
said
there,
there's
been
a
lot
of
release
engineering
work
to
try
to
make
that
process
a
little
bit
simpler
and
more
straightforward,
but
yeah
like
generally
speaking.
C
We
want
it
we're
we're
aiming
for
monthly
releases
and
if
we
can't
even
get
it
to
be
fully
automated
monthly
releases,
that
is
also
gold.
Most
of
the
other
repos
in
the
Ori
actually
have
like
push
button
like
prank
and
releases
that
we
can
put
on
our
schedule.
If
we
wanted
to
but
custodian's
only
repo
is
the
only
one
that
has
enough
volume
velocity
around
PR's
worth.
That's
actually.
Why
why
we
want
to
do.
C
It
is
like
there's
enough
changes
every
month
and
just
give
people
regular
Cadence
around
it,
but
we
want
to
make
sure
that
we
have
functional
testing
fully
visible
in
the
open.
Like
you
know,
working
through
the
laundry
list
to
make
that
that
ideal
goal,
let's
say
a
reality,
get
get
the
humans
out
of
the
loop.
Let's
say.
A
C
E
C
B
C
A
Yeah,
that's
what
that's!
What
we
shoot
for
is
the
second
Tuesday,
but
a
few
times
there
was
one
where
we
didn't
release
and
we
went
into
the
holidays
and
if
we
would
have
done
a
release,
there
would
have
been
like
a
handful
of
changes
in
it.
So
I
think
we
skipped
one
at
one
point:
if
I
remember
right.
A
C
E
F
I
got
a
general
one
question:
ECS
task
definition
delete
is
actually
a
thing
now
you
have
to
have
your
s
definition
revisions
be
inactive,
which
custodian
won't
see
them.
Is
there
any?
Is
there
any
consideration
or
thought
of
how
we
could
use
custodian
to
actually
delete
test
definitions,
or
is
that
the
bridge
too
far
right
now?
No.
C
F
F
F
Well
or
or
delete
revisions
that
are
we're
we're
in
the
middle
of
of
we
had
to
build
our
own
life
cycle
with
custodian
to
delete
off
older
Visions,
because
there
were
just
too
many
to
get
through
or
sorry
deregister
old
revisions,
and
then
custodian
doesn't
see
them,
which
makes
it
all
all
great.
But
now
we
can
delete
stuff
as
well.
So
there's
this
you
know
we
call
it
the
lead
in
custodian,
it's
actually
deregistered,
now
they've
offered
to
lead,
and
now
what
do
we
do
with
just
seriously?
That's.
C
Engagement
on
that
would
actually
be
following
an
issue
like
around
the
use
cases
and
what
the
possibilities
are
and
what
you'd
like
what
you'd
like
to
custodian
do
I
think
it
does
require
a
little
bit
of
spit
up
on
that
particular
context,
but
I
mean
yeah.
That's
totally
aware
that
there
are
missions
and
their
versions
are
a
pain
Point
and
if
we
can
help
manage
them
better.
That
sounds
great
yeah.
Well,.
C
C
F
F
G
Yeah
I
I,
want
to
put
some
faces
to
the
names,
have
been
a
little
chatter
chatty
on
your
slack
Channel,
mostly
bothering
AJ,
with
noobish
store
stories
and
stuff
that
to
use
the
tool
in
general,
but
really
impressive.
That
I
wanted
to
use
it
for
years
and
I
finally
had
a
really
awesome
use
case
to
put
it
to
work
here,
so
I've
been
using
a
C7
and
org
quite
a
bit
because
we
run
like
multiple
mpas
and
hundreds
of
accounts.
G
C
Do
you
do
like
one
of
these
Community
meetings
is
around
that
thing
sometime
yeah,
fair
enough?
Well,
that's
awesome!
Thanks
for
for
joining
and
and
yeah,
if
you
have
any
questions,
obviously
it
seems
like
slack
I've
been
dropping
in
it
on
slack,
but
yeah
always
always
happy
to
have
another
happy
user
and
hopefully
contribute
her
in
the
future.
Yeah.
B
G
C
C
Are
pretty
straightforward
and
they
don't
have
a
huge,
the
generation
scripts.
Don't
technically
have
the
best
emerging
on
them
right
now,
maybe
in
the
future,
but
no
that's.
That
would
be
that's
actually
a
pretty
solid
first
issue
to
contribute
on.
You
have
direct
me
and,
and
that's
those
scripts
are
appreciated
for.