►
From YouTube: Cloud Custodian Community Meeting 20220927
Description
Our community meeting is public and we encourage users and contributors of Cloud Custodian to attend! You can find the notes for this meeting on our github repo: https://github.com/orgs/cloud-custodian/discussions
To get an invite to the meeting join the google group and you'll receive one via email: https://groups.google.com/g/cloud-custodian
A
All
right,
we
are
recording,
welcome
everybody
the
day
to
September
27th
2022,
and
this
is
the
bi-weekly
custodian
community
meeting
I
will
be
your
host
today,
George
Castro,
a
few
things.
This
meeting
is
recorded
and
posted
on
YouTube,
so
please
be
cognizant
of
that
and,
as
always,
we
are
under
the
cncf's
code
of
conduct.
So
please
be
excellent
to
each
other.
We
gotta
pack
the
agenda
for
today,
so
I'm
going
to
go
ahead
and
get
started.
A
lot
of
PR's
people
are
looking
for
feedback
on
that.
A
We're
going
to
talk
about,
but
first
a
few
things
here
can
y'all
see
that
there.
A
Yeah
all
right,
the
first
thing
is
governance
at
code
day
is
a
go
and
we've
got
the
schedule
posted
thanks
to
all
of
you
that
submitted
cfps
I
know.
Some
of
you
are
in
this
call.
A
We
put
together
an
entire
day
of
amazing
content
here
and
happy
to
announce
that
Ashley,
the
director
of
operations
from
the
Finos
foundation
will
be
doing
our
keynote
talk,
and
we
have
the
schedule
posted
here
and
I'll
make
sure
that
the
URLs
in
the
show,
notes
and
I
will
also
send
this
out
as
a
separate
email
today
to
the
Google
group.
So
this
will
be
a
virtual
event.
A
It's
100
free,
so
just
click
through
and
then,
as
like.
We
did
last
year,
Kapil
and
I
will
do
a
Cloud
custodian
State
of
the
Union.
If
you've
been
coming
to
these
meetings
on
the
regular,
it's
basically
just
going
to
be
a
yearly
version,
a
summary
of
what
we've
been
working
on
for
the
past
year
and
with
many
submitted
talks
from
the
community
with
lots
of
good
stuff
just
like
last
year,
we're
going
to
make
sure
that
every
single
one
is
available
on
YouTube
for
everyone
to
see.
A
But
if
you
can
come
show
up
doing
the
actual
event
that
will
be
fantastic,
so
umair's
put
together
an
awesome
little
show
for
us
and
happy
to
do
that.
That
is
October
18th.
It's
kind
of
an
all-day
thing,
so
check
that
out
next
thing
we
are
testing
slack.
A
You
might
have
seen
the
pull
request
where
I'm
changing
the
links
in
the
readme
and
some
of
our
resources
to
point
people
to
slack
they'll
get
it'll,
send
them
to
this
page
they'll
get
an
invite
and
I'm
hoping
to
get
get
people
there.
I
know.
A
Steve
is
happy
that
that
we're
doing
some
slack
so
yeah
come
check
it
out
Marco
at
some
point,
not
today,
because
he's
kind
of
feeling
under
the
weather,
we'll
talk
a
little
about
how
we're
gonna
archive
and
have
useful
Bots
that
that
we
can
use
to
make
our
lives
easier
for
lots
of
stuff.
I
do
have
a
separate
channel
for
maintainers.
A
I
would
like
to
see
one
of
the
the
things
that's
been
kind
of
a
bummer
is
sometimes
we
need
reviews
and
things
like
that,
and
then
you
have
to
wait
for
this
meeting
to
ask
you
know:
hey.
Could
someone
check
this
out
so
I'm,
hoping
that
with
that
maintainers
or
that
that
development
channel
in
slack,
we
can
kind
of
do
a
little
bit
more
ad
hoc
hey?
Can
someone
take
a
look
at
this
PR?
What
do
you
think
about
this
issue
that
kind
of
thing
and
get
that
get
that
roll
in?
A
So
if
you've
got
time
to
hang
out
there?
That
would
be
amazing
with
that
we
got
a
few
updates
from
people
and
then
we'll
go
on
to
the
pr
party.
A
Sunny
we've
got
two
or
three
weeks
until
kubecon.
Do
you
want
to
give
us
a
quick
tldr
on
where
kubernetes
is
sitting
I
think
this
is
76.97?
Is
this.
C
C
Feel
free
to
stop
by
the
I
guess
it's
a
stack
of
Booth
right
and
there's
technically
Two.
E
Boots,
we
also
have
a
custodian
Booth
as
well:
okay,
not
at
all
times,
but
I-
think
we're
doing
continuing
this
in
the
evenings,
but
you'll
find
us
at
both
places
yeah.
If.
E
Are
interested
in
helping
man,
the
custodian
Booth,
definitely
interested
in
game
for
people
that
are
going
to
kubecon
ping
George
offline
and
we'll
do
that
too.
A
Because
I'll
have
custodian
swag,
so
if
you
want
the
shirt
you
got
to
come,
find
me
so
yeah.
Let
me
know
if
you're
going
to
kubecon
there,
anybody
kick
the
tires
on
the
kubernetes
provider,
yet
I
know
all
right
anything
to
talk
about
image.
Signing
I
think
this
is
pretty
much
or
do
you
want
to
talk
about
this
down
here
when
we
get
to
the.
C
A
All
right
next
I
think
we
should
move
this
one
to
the
when
we
actually
get
to
the
pr
I
think
for
some
of
the
release
stuff,
so
I'm
gonna
skip
that
one
for
now.
Next,
next,
bit
of
thing
of
on
the
agenda
is
Kapil
and
I
have
been
working
on
a
survey
to
ask
where
people
are
hosting
doing
their
code
hosting
their
CI
CD
stuff.
We
would
love
if
people
would
give
this
a
shot.
Has
anybody
filled
this
out?
A
I
posted
this
on
slack
and
stuff
earlier
and
I
will
be
sending
this
separately
out
into
the
mail.
So
we
would
love
to
get
your
feedback
there
on
how
you're
using
custodian
and
how
it
ties
into
your
pipelines
and
stuff
like
that,
any
color
to
add
to
this.
E
Yes,
sir
I
just
had
to
get
Siri
to
pause,
so
this
is
basically
an
investigation
as
we
go
into
ship
left
like
and
like
terraform
parsing
confirmation
parsing
like
how
do
we
enable
things
in
people's
pipelines
and
understanding
like
what
sort
of
capabilities
we
should
offer
is
based
on
where
people
are
so
to
speak,
and
so
this
is
really
just
understanding
hey.
E
Can
you
install
a
web
hook
if
it's
in
GitHub
or
can
do
you
already
have
the
ability
to
access
the
pipeline
or
what
Integrations,
with
what
source
systems
do
you
need,
and
it's
really
just
trying
to
understand
where
people
are
like
hey?
Do
you
use
terraform?
Do
you
use
cloudformation?
Is
it
shell
scripts?
A
All
right
great
so
follow
that
link.
That
would
be
amazing.
We
do
have
an
open
Agenda.
Does
anybody
have
anything
else
they'd
like
to
discuss
before
we
move
on
to
pull
request
issues
and
the
working
meeting
part
of
the
meeting.
A
All
right
moving
on
all
right,
as
you
can
see
here
when
we
put
a
little
boom
next
to
something
that's
something
that
we'd
like
to
discuss.
The
way
this
works
is
I,
I
run
a
script
that
shows
us
activity
over
the
last
two
weeks,
and
then
we
pick
the
ones
that
are
best
served
by
high
bandwidth
discussion.
The
first
one
I
got
here
was
actually
from
someone
in
the
cloud
custodian
on
the
finops.
A
Slack
was
saying
that
they
were
dealing
an
issue
with
this
one
here
to
finding
use
of
integer
variables,
and
there
was
a
previous
issue
that
had
been
closed.
A
F
E
E
This
coming
up
before
I
think
this
may
have
been
another
issue
in
another
issue.
Prior.
A
And
then
they
kind
of
go
through
this
and
then
eventually
someone
asked
if
we
could
reopen
the
issue,
so
it
does
feel
like
someone
is
running
into
this
and
the
person
in
the
finops,
like
definitely
is
so
I,
just
mostly
wanted
to
put
this
on
the
radar
for
you
all
to
just
take
a
look.
Obviously
we
don't
need
to
do
a
resolution
now,
so
there's
that
one
that
will
be
in
the
notes
as
well
all
right
who's.
This
add
fms.waf
V2
support.
D
D
Yeah
so
yeah
that
use
case
is
documented
right
there.
If
we
use,
if
we
use
crop
matching,
it
would
be
over
matching
and
I
talked
to
I.
Guess
the
I
guess
the
stakeholder
of
our
tool
here
that
we
use
into
it
and
they
do
not
want
at
all
over
matching.
When
it
comes
to
this,
this
policy
yeah
well.
E
No
one
wants
over
matching.
The
question
is:
is
it
actually
a
a.
A
All
right
so
basically
a
thumbs
up
on
this
one.
All
right.
Moving
on
redshift,
add
consecutive
daily
snapshot,
count
filter.
D
Yeah
I
think
this
is
the
thing
she
sunny
and
the
pill.
This.
D
E
Yeah
yeah,
it's
worth
a
conversation
like
we
started
getting
a
couple
of
these
and
I
think
it's
super
cool
to
have
this
notion
on,
like
counting
the
backup
filters.
The
reality,
though,
is
that
most
organizations
have
multiple
missions
of
what
they
want
to
track
on
a
backward
spaces.
E
Another
thing
I
discuss
this
prior,
maybe
it
was
sunny
is
that
like
I
worked
with
organizations
before
not
in
financials
that
were
like
hey,
we
want
to
have
six
months
of
backups,
eight
weeks
of
backups
and
the
last
30
days
of
backups
and
like
be
able
to
do
that
group
by
notion
here
like
and
that's
extremely
common
I
want
to
say
like
and
so
like
you
want
some
hot
backups.
E
You
want
some
call
backups,
you
want
some
archival
backups,
and
this
is
really
only
for
consecutive
daily,
but
with
a
little
bit
of
tweaking
like
we
can
get
and
I
understand.
This
was
based
on
a
prior
implementation
that
we
already
had
got
like
gone
through
but
like
as
we
expand
this
out.
I
think
it
makes
sense
for
us
to
be
incorporated
incorporating
additional
use
cases,
so
we
don't
have
to
deal
with
compatibility
constraints.
D
D
E
Been
implemented,
if,
if
you,
if
your
team
would
like
to
be
active
on
this
I,
think
that
directionally
is
where
we
want
to
go
and
if
you're
game,
for
it
definitely
would
appreciate
it,
and
if
not,
then
we
can
so.
E
D
A
look
at
the
the
sample
spec
right
here
for
this
policy
just
trying
to
understand
it
a
little
bit
more
then
looks
like
now
the
period
for
us,
the
implementation
that
we
had
before
it
was
just
only
for
days,
but
now
it
looks
like
we
can
pass
in.
You
know
different
types
of
days,
yeah
weeks
years,
yeah,
because.
E
D
That's
pretty
straightforward:
I
think
that
the
one
that
was
uncreated
was
the
backup
type.
E
So
to
think
about,
like
RDS
as
an
example,
AWS
RDS
like
if
I
have
automatic
backups,
then
when
I
delete
the
database,
the
automatic
backups
automatically
go
away,
but
the
entire
reason
I
had
the
backups
was
to
prevent
that
from
happening.
So
I
could
restore.
So
in
that
context,
I
want
to
do
some
degree
of
attributed
filtering
on
the
backups
of
cells
to
be
able
to
ensure
that,
prior
to
the
group
being
on
by
date,
that
I'm
only
I'm
looking
at
the
appropriate
sets.
B
So
a
question
on
this,
so
there's
this
was
already
implemented
for
RDS,
RDS,
cluster
and
I
believe
FSX,
where
it
doesn't
have
this
kind
of
enhanced
functionality
with
the
filters.
B
So
how
are
we
thinking
that
should
work?
It's
going
to
be
backward
compatible
with
just
yeah.
F
E
I'm
happy
either
way
like
in
the
day.
Like
you
know,
a
mother's
Choice
like
if
we
just
do
one
like
we
can
do
backlog
on
retrofitting
into
the
others
like
there's
some
degree
of
like
we
want
PR
to
be
targeted
and
focused
if
we
have
a
common
base.
Implementation
across
these
I
think
that
is
helpful
to
ensuring
that
commonality
and
as
part
of
that,
it
doesn't
necessarily
need
to
be
like.
Ideally,
you
know,
as
we
add
this
to
redshift,
or
is
this
wretch
of
EVS
or
we
have
the
standing
PR.
E
That
will
have
that
as
a
common
Base
Class
that
has
a
group
by
functionality
and
then
an
additional
Base
Class
that
deals
with
some
of
the
compatibility
and
defaults,
and
then
we
can
roll
it
through
piecemeal
through
the
extent
as
well
as
adding
new.
E
Comfortable
implementer's
choice,
but
we
want
to.
We
want
to
drive
to
this
and
I.
The
pr
feedback
will
be
to
try
to
separate
out
the
base
like
a
base
class.
Just
so
we
can
start
to
add
on
and
then
roll
back
into
compatibility
for
the
others.
D
D
I
I
believe
papill
already
look
at
this,
and
it's
not
capturing
here,
but
during
one
of
the
meetings,
the
the
feedback
was
that
it
looks
good,
but
the
action
right
now
is
only
supporting
enable
and
my
convention
with
confisodium.
We
typically
do
it
like
toggle
style,
where
you
can
enable
or
disable.
So
then,
the
update
here
I
finally
did
what
I
was
to
make
it
such
that
you
know
you
can
pass
it
and
enable
or
disable.
Actually
it's
enabled
and
then
it's
such
a
true
or
false.
E
It
again
super
cool
and
I
didn't
have
a
look.
I
just
saw
that
you
had
commented
earlier
today
and
I
wanted
eight
dollars
that
that
there
have
been
progression
on
this.
A
Awesome
all
right,
oh,
this
is
the
one
from
before
all
right.
Next
sets.
F
Yeah
this
is
this
is
part
of
a
number
of
of
changes,
and
there
was
one
from
John
Anderson
there's
one
that's
still
open,
actually,
which
let
me
make
sure
I
get
the
right
number
for
you,
one
that
I
need
to
look
at
still
online
radar.
F
It's
7
800
unifying
the
Box
building
process,
yeah.
B
F
F
We
could
run
a
poetry,
update
and
it
would
it
would
roll
back
that
lock
dependency,
which
is
what
we
wanted,
but
the
previous
version
wasn't
doing
that
the
way
we
expected
so
since
we
were
doing
that
on
the
release
side
on
the
on
the
generating
the
requirements
locking.
We
also
capile
made
the
good
point
that
we
should
actually
have
that
updated
poetry
version
all
through
CI,
so
that
we're
using
the
same
same
tools
everywhere.
F
So
we're
doing
that
and
that's
cool.
But
a
related
issue
is
that
we've
been
slowly
ripping
talks
out
anyway,
and
so
what
John's
trying
to
do
here
is
make
sure
that
we're
using
the
same
poetry,
poetry,
driven,
build
process
and
we're
not
still
relying
on
talks
under
the
hood
somewhere.
E
I
I,
it's
an
interesting
conversation,
I
think
because
we're
trying
to
rip
out
poetry,
oh
sorry,
talks
in
this
context.
We
we
insert
compatibility
with
talks
and
then
we
saw
a
kept
moving
to
poetry
because
it
was
just
better
experience
for
all
the
things,
but
we
never
actually
deprecated
it.
It
talks.
Let's
say
in
this
context,
so
it
was.
F
Yeah
I
believe
we
updated
CI,
we've
updated
the
developer
docs
for
most
of
it
and
then
I
think
the
the
last
lingering
bit
of
it
was.
This
was
the
doc
builds
here,
so
hopefully
I
mean
well
I'm
sure
we'll
find
something
wearing
references
somewhere.
F
But
that
seems
like
a
good
thing.
Yeah.
E
F
A
Exactly
what
my
item
says,
it
says,
run
rip
grip
for
text
on
the
thing,
because,
because
I
did
the
initial
removal
in
the
docs,
but
it
was
only
in
the
one
developer
section
and
I
didn't
think
to
just
search
everything
to
it.
So
I
wanted
to
make
sure
that
we
had.
We
talked
about
this
any
anything.
This
is
I'm
kind
of
lumping
this
all
under
release
engineering.
A
Do
we
want
to
talk
a
little
bit
about
these
release
issues
and
where
we're
sitting
I
know
that
we
did
not
do
a
release
in
August
and
our
last
one
was
in
July
so
who
wants
to.
F
C
E
So
so
maybe
we
should
look
at
this
as
an
opportunity
to
do
a
quick
retrospective
on
the
last
few
months
and
trying
to
do
releases
for
the
last
two
months
where,
where
we
felt
the
pain
per
se,.
C
Yeah
I
think
the
biggest
part
is
automating,
some
of
the
the
steps
where
it
can
go
wrong
mostly
around
you
know,
there's
like
a
sort
of
specific
set
of
commands.
You
have
to
run
to
get
the
repository
in
a
publishable
state
which
right
now
is
documented.
Basically
in
a
GitHub
discussion.
It's
in
here.
C
For
it,
yeah
I
think
at
the
very
least,
getting
like
the
pull
request
automated
so
that
it's
not
you
know
there
there
isn't
any
sort
of
chance
for
manually.
Failing
is,
is
a
big
part
of
it
and,
of
course,
working
towards
full
automation
as
well
after
that
I
I,
don't
I,
don't
know
if
there's
a
way
to
really
like
programmatically
fix
these
sort
of
like
package
issues
where
we
have
yanked
stuff
or
conflicts
and
stuff
like
that.
F
We
had
already
locked
the
yanked
version,
so
I
think
it
would
have
just
silently
worked.
I
think
we,
after
we
saw
John,
had
the
earlier
PR
for
the
the
talk
stock,
build
to
just
change
the
requirements
file
and
and
get
rid
of
the
dependency
on
that
yank
version,
and
then
seeing
that
we
thought
all
right.
Well,
let's,
let's
downgrade
that
locked
version,
so
we're
not
depending
on
a
young
version
that
was,
that
was
just
a
manual
determination.
F
It
was
not
because
some
because
of
an
error,
so
I
think
if
we
were
still
depending
on
that
yank
version,
it
would
have
just
it
would
have
pulled
in
fine,
it
would
have
worked
I,
don't
know
why
it
was
yanked
offhand
I,
don't
recall:
whygrpc
had
a
had
a
yanked
version.
F
But
yeah
there
are
other
issues.
We
know
some
of
the
things
that
we
we
have
seen
blow
up
in
the
past
are
some
of
the
the
conflicting
dependencies
across
sub-projects,
where
you've
got
like
C7
and
mail.
It
requires
one
version
of
something
and
gcp
requires
something
else,
and
then
we
have
a
clash
there
and
I
think
there's
some
work.
We
can
do
there
with
with
trying
to
resolve
that
dependency
tree
at
a
different
level.
I
know
I've
had
some
effort
in
that
direction.
F
E
And
I
would
say
that
effort
and
to
speak
there
with
that
effort
was
it
was
basically
inward
inverting
the
dependency
tree
from
having
having
the
top
level
project
have
all
the
dependencies
in
a
single
solvable
graph
versus.
E
Currently
we
all
the
plug-in,
all
the
providers
and
plugins
are
effectively
a
different
dependency
graph
that
we
carry
common
metadata
through
so
a
little
more
error
prune
when
there
is
this
conflict
or
there
is
non-repeatability,
but
at
least
on
the
non-requitability
aspect
does
make
me
wonder
if
we
need
like
a
meta
test
or
some
capability
to
actually
determine,
if
that's
the
case
and
and
block
that
in
CI
in
terms
of
having
churning
dealing
installs
for
a
better
phrase.
C
I
think
the
the
other
issue
that
we
see
frequently
is
that,
when,
even
if
we're
bumping
a
revision
of
a
dependency,
that's
not
conflicting
with
anything
else,
specifically
with
Bodo.
You
get
a
lot
of
the
policy
meta
tests
that
end
up
failing
as
a
result
of
like,
for
example,
config
support
or
security
Hub
support
that
comes
in
and.
C
E
It
is
a
manual
fix
and
like
the
intent
with
the
with
those
meta
checks.
There's
meta
tests
was
basically
to
make
sure
that
hey
you
just
updated
to
an
SDK.
That's
like
a
one-liner
for
you
to
go
effect
like
to
fix
an
ad
support
because
we're
on
top
of
I
mean
the
underlying
providers
are
constantly
changing,
and
it's
mostly
there
to
make
sure
that
we
keep
up
with
it
as
a
project
but
nationally.
E
Kill
the
source
modifications,
but
the
data
modification
it's
a
little
bit
hard
to
fully
automate.
But
it's
worth
thinking
about
and
saying,
hey
well
should
we
derive
more
things
from
data
so
that
we
can
do
automated
update
processes
around
it
perhaps
or
what
have
you
but
came
to
explore
other
thoughts
in
this
direction,
but
yeah
noted
I
think
everyone
who's
ever
updated.
The
sdks
has
felt
that
those
meta
test
pain.
C
C
It's
something
that
I
don't
see
a
really
easy
or
elegant
way
to
to
address
via
automation,
because
even
if
we
automate
like
the
sort
of
like
allow
listing
of
like
config
types-
and
we
just
ignore
it,
you
know
the
project
itself
will
get
stale
because
we
don't
have
config
support,
for
you
know
stuff,
that's
already
in
the
AWS
registry
and
on
the
other
hand,
if
we
I
mean
you
probably
want
to
just
try
to
figure
out
a
way
to
fully
just
automate
the
mapping
between
the
config
types
to
custodian
resources
and
security.
E
I
was
just
wondering
about
I
believe
there
actually
are
examples
of
where
the
CFM
type
and
the
convict
type
are
different.
Yeah
right.
C
Yeah
yeah
I
mean
in
that
case
it
yeah.
Maybe
we
start
coding
for
that.
You
know
that
Delta
there,
instead
of
the
way
we
do
it
now.
E
Yeah
I'm,
just
thinking
like
the
only
way
we
can
I
don't
have
the
any
automated
system
deal
with.
This
is
if
it's
out
of
a
data
store
I
suppose
like
if
we're
editing
and
I,
don't
know
that
I
trust,
oh
well,
code,
rewriting
tools
are
that
are
actually
changing.
Semantics
are
a
little
bit,
always
a
little
bit
iffy
and
dynamic.
Like
just.
Let
me
rephrase.
C
Yeah
I
think
the
the
security
Hub
one
is
a
little
bit
more
complex
because
that
does
require
like
actual
implementation
of
like
producing
the
proper.
You
know
payload
to
send
to
the
security,
Hub
reporting,
stuff
reporting
service.
E
So
yeah
I
mean
security.
Hub
is
always
going
to
be
an
adaptation
there.
There
is
no
that
is
always
manual
like
and
that
you
know
there's
a
reason
why
that
backless
is
growing
is
because
it
requires
the
requires
thought
and
time
and
attention
and
testing-
and
it
is
I
mean
security.
Hub,
underneath
the
hood
and
it
shows
through
on
their
schema,
is
effectively
going
to
elasticsearch,
and
this
is
why
they
have
to
remap
a
bunch
of
keys
and
it's
pretty
arbitrary
yeah.
C
Yeah
but
I
I
think
that
at
the
very
least
like
we
could
start
with,
you
know
understanding
accepting
that
there
are
going
to
be
these
manual
fixes
that
come
up
at
least
automating.
The
parts
that
you
know
can
be
prone
to
error
like
for
this
last
one
I
did
the
package
increment
after
the
package
rebase,
which
caused
headaches
down
the
line
like
that
could
very
easily
just
be
a
simple.
C
You
know
good
of
action
that
creates
the
pr
and
then
people
you
know
contributors
community
members
can
come
in
and
clean
it
up
before
it
gets
merged
in
and
I
think
that
would
solve
a
good
amount
of
the
or
at
least
some
of
the
headache.
For
now
it
also
would
put
us
on
a
it
would
make
the
Cadence
a
lot
easier
to
understand,
because
the
pr
would
just
show
up
one
day,
as
opposed
to
having
one
of
us
remember
to
start
the
release
process.
E
It's
good
gold
to
draw
too
it's
good
to
know
what
the
pain
points
are.
Thank
you
for
going
through
that
turtle
head
back
to
hand
back
to
you.
A
Back
up
here,
you
had
mentioned
something
about
sorry.
I
had
to
step
out
to
bio
there
getting
rid
of
test
Pi
Pi.
Did
you
cover
that,
while.
E
Yeah,
so
it's
there's,
so
our
goal
I
think,
is
to
fully
automate
if
our
goal
is
to
fully
automate
release.
That
means
we
need
to
fully
automate
functionally
installing
custodian
and
learning
it
and
test.
Pi
Pi
has
a
number
of
different
pain
points
in
that
regard,
and
primarily
is
that
it
is
a
mirror
to
prod
pipe
pi
and
has
the
same
access
management
as
product
Pi,
which
is
not
scriptable
not
so
effectively.
We
have
to
any
time,
there's
a.
F
E
Mid-Hander
or
new
releaser,
we
have
to
go,
add
them
to
a
bunch
of
repos
times
two
and
that's
a
bit
silly.
What
would
be
ideal
I
think
is,
for
us
to
I
mean
there's
a
lots
of
Pi
Pi
repositories
from
the
cloud
providers
or
third-party
at
artifactory
that
we
can
utilize
for
this
purpose,
and
then
we
can
actually
build
like
a
functional,
a
release,
a
functional
release,
testing
process.
Let's
say
where
we're
actually
publishing
to
a
a
artifact
repository
that
is
clean,
that
has
those
things
and
that
we
publish
to
them.
E
E
Yeah,
so
I
would
say
that
it's
probably
easier
for
us.
It's
mostly
a
pain
point
on
the
access
management
to
it.
I
would
say
part
one
of
the
end
goals
of
fully
automated
releases
and
the
secure
supply
chain
context
is
just
getting
humans
out
of
the
loop
actually
removing
access
from
humans
from
release
processes.
A
All
right
next
up,
the
10
cent
folks
have
been
showing
up.
Do
you
want
to
give
us
the
quick
tldr
on
this.
E
Yeah
so
they're
not
in
the
time
zone,
aligned
to
come
to
this
meeting
and
not
all
are
our
native
English
speakers,
which
we
should
always
be
conscious
of
whenever
we're
doing
a
community
meeting,
because
I
know
we've
had
folks
here
from
all
over
the
world,
but
that
career
in
particular
I
think
would
be
well
served
with
being
cognizant
per
se,
but
they've
done
a
lot
of
great
work
and
the
tencent
provider
has
is
available
it's.
It
is
certainly
pull
mode.
E
There's
very
few
resources
right
now,
but
it's
you
know
this
is
shiny
new.
This
is
the
last
two
weeks
and
it
has
been
coming
along
pretty
well.
A
Right,
infra
cost
integration,
act,
cost
filter,
77.89.
E
Yeah,
so,
if
across
is
to
start
up
with
a
couple
open
source
components,
they're
initially
targeted
towards
shift
left
for
cost,
which
is
a
little
bit
not
actually
sure,
makes
any
a
whole
lot
of
sense.
Given
most
costlings
are
based
on
utilization,
but
I'll
leave
that
aside,
it's
still
interesting
for
folks
I
think
to
get
a
slice
and
dice
on
their
infrastructure
based
on
cost
I.
Think
there's
a
probably
some
other
things
we
can
do
with
on
a
more
Cloud
specific
basis
right
now.
E
E
It
is
something
that's
relatively
straightforward
to
sign
up
for
self-host
and
I.
Think
the
question
to
me
is
well
like
when
we
use
AWS
budgets
or
like
a
budget
forecasts
which
are
another
option,
I
think
on
this
in
this
space
they're
on
an
aggregate
basis
which
sometimes
you
just
want
to
know.
Sometimes
you
want
other
things
like
someone's
just
want
to
know
hey
what
ac2
instances
are
costing
me
more
than
a
grand
a
month,
or
you
know
rds's
that
are
costing
more
than
five
grand
and
I
thought,
and
this
that
context.
E
This
is
more
better
purpose
it
suited
to
that
use
case,
whereas
if
you
want
to
do
a
slice
and
dice
across
budget
filtering
tags,
there
are
budget
filtering
capabilities,
then
budgets
are
a
better
use
case,
better
implementation,
fit
and
I
think
we
should
do
both.
Frankly,
given
the
macroeconomics
of
our
times,
we
should
we
should
help
people.
However,
we
can.
E
So
infra
cost
is
it's
worth
taking
a
minute
just
to
explain
what
it
is
and
for
cost
is
effectively
a
service
and
that's
open
source
software
they're
in
a
long
component.
In
this
context
that
we're
interacting
with
is
what
we
call
is
their
pricing
API.
The
pricing
API
is
effectively
it's
a
node.js
in
a
Docker
container
that
you
can
sell
test.
E
If
you
want,
when
you
self-host,
you
have
two
options
effectively
if
you
download
the
raw
price
book
across
the
clouds
you're
talking
about
multiple
gigabytes
of
data,
yeah
yeah,
and
so
what
this
is
trying
to
do
is
effectively
just
give
you
a
unified.
E
Yeah,
it's
gigabytes,
and
so,
if
you
look
at
how
actually
George,
if
you're
driving,
can
you
go
up
another
level
in
the
repo
to
actually
look
at
now
in
the
repo?
Because
we're
not
looking
at
that
and
if
you
click
on
repositories
at
the
top
and
do
API
our
price.
Actually
through
price
I
mean
yeah
there
you
go.
E
Also,
it's
gigabytes
of
data,
so
this
has
two
options:
George,
if
you
scroll
down
to
that
diagram,
yeah,
there's
tons
of
variations
so
effectively.
If
you
run
this
you're
on
itself
hosted,
you
can
use
the
extent
one
so
that
portion
where
that's
them,
you
can
also
just-
and
you
can
also
you-
also
have
the
option
of
pulling
that
directly.
E
So
cool
I
think
it
preserves
optionality
and
the
the
the
the
challenge
with
most
of
the
cosmic
forest
and
budget
stuff
is
that
you've
got
a
it.
It's
designed
for
Aggregates
and
it's
not
designed
for
individual
resources,
and
this
is
just
because
of
you
know
the
reality
when
you're
coming
from
that
size
that
you're
dealing
with
arrogates
or
and.
B
E
To
slice
and
dice
things
based
on
cost,
Dimensions,
Etc
and
Explorer
or
in
budgets,
but
in
the
custodian
context,
where
you
can
actually
do
actions
on
individual
resources,
then
it
makes
sense.
This
actually
has
a
lot
more.
It
has
a
good
degree
additional
utility.
C
F
E
That's
you
asked
the
person
next
year
how
much
they
pay
for
their
ticket,
but.
E
Not
not
in
the
open
source
as
far
as
the
API
notion,
you're
getting
those
prices,
so
it
is
a
good
relative
basis.
It's
a
relative
basis
comparison.
It
is
not
book
price.
Let's
say
sorry,
it
is
not
Financial
CFO,
Book
pricing.
E
C
A
All
right
so
77.89
is
the
pr
to
check
out.
Do.
E
You
want
I've
dropped,
some
review
comments
on
it.
It's
still,
it's
still
a
work
in
progress.
If
it
gets
you.
B
E
E
So,
like
would
like
to
like
to
expand
in
both
directions,
but
this
is
useful
just
because
most
of
the
building
apis
or
Aggregates
against
the
Aggregates
and
slicing
and
dicing
you
can
see
at
the
distance
can
give
us
individual
resource,
which
is
also
useful
individually
as
a
because
it
Maps
I,
think
just
as
well
native
electricity.
G
Hey
everybody,
hello,
hey,
so
this
is
the
pr
for
The
Connect
resources
like
to
have
the
tagging
functionality
so
I
think
like
Peter
has
this
PR
in
and
since
he
is
out
of
office
now,
like
I'm
I'm
kind
of
like
you
know,
taking
his
role
so
yeah
before,
like
he
had
like
180
files,
and
then
we
reduced
it
to
like
84..
So
if
you
want
to
give
me
like
a
quick
overview
on
what
resources
resource
types
we
have
here,
we
can
go
through
it.
G
Yeah,
most
of
them
are
like
the
files
that
we
created,
like
most
of
the
files
in
those
84
files,
are
like
the
test
files
that
come
as
result
of
the
test
because,
like
we,
there
are
like
eight
new
resources
that
were
created
and
then
like.
We
do
have
like
tests
for
all
the
resource
types
that
we
have
there,
so
it
by
default,
generates
like
three
to
four
files
like
for
each
test.
So
that's
the
reason
like
why
we
had
like
a
lot
of
files
created
here.
G
Yeah,
the
main
file
is
like
connect,
dot
pi.
There
we
go
so
we
already
have
like
a
connect
instance
resource
that
has
been
like
created
like
unmerged,
and
we
have
it
available
in
Cloud
custodian.
G
But
on
top
of
that,
like
we
have
like
different
resource
types
that
we
are
creating
now
like
the
connect
user,
so
the
how
we
went
about
this
is
like
the
approach
we
have
taken
is
like
we
are
taking
the
parent
child
kind
of
relation,
because
there
are
like
so
many
attributes
that
a
single
resource
type
can
have
like.
For
example,
if
you
take
the
user,
can
you
scroll
a
little
bit
down
like
like
where
the
new
yeah
yeah
here
like
the
right
side
yeah?
G
So
we
are
having
a
parent-child
relation
like
and
we
have
like
connect
user
resource
and
that
user
has
the
address
like
phone
number,
all
this
kind
of
attributes
that
are
associated
with
the
user,
and
we
are
using
the
a
map
here
like
like
parent
child
map,
and
we
are
gathering
all
the
information
and.
E
So
could
you
clarify
what
resources
like
I
mean
connect?
Is
you
know
a
call
center
application?
Yes,
dot.
You've
got
high
level
constructs,
but
you
have
a
lot
of
like
so
generally
speaking,
we
don't
considering,
tries
not
to
deal
with
data
versus
control,
Point
configuration.
So
if
you're
talking
about
like
customer
contacts
were
employed,
like
you
know,
call
center
contracts
that
that's
almost
feels
data
plain,
but
it's
and
well.
The
latter
is
maybe
manageable.
As
a
large
control
point,
the
the
former
is
not
per
se
and
I'm.
E
Just
trying
to
understand
like
what
resources
are
you
trying
to?
What
are
your
use
cases
per
se
and
and
in
terms
of,
are
you
trying
to
expand
into
the
control
plan
of
calls
that
go
from
the
control
plan
of
connect
to
the
data
plane
connect?
Or
is
it
what?
What
is
the
scoping
of
the
use
cases?
If
you
either
one
that
you're
comfortable
sharing.
G
E
F
E
But
you
know
like
when
your
EBS
volumes
or
snapshots
we
have
to
deal
with
the
volume,
potentially
in
the
millions
and
so
they're
certain
control
playing
use
cases
that
we
just
have
to
deal
with.
Cardinality
I
I
just
want
to
be
clear.
E
What
are
what
are
the
children
in
this?
Let's.
G
Say,
oh
got
it
so
the
children
in
these
are
like
you
know,
for
example,
like
you,
have
the
connect
agent
status
right,
so
we
are
mostly
talking
about
the
you
know.
The
Connect
contact
flow
connect
agent
status
and
hours
of
operation
and
contact
connect
phone
number.
G
B
I,
don't
believe
we
should
be
personally
I,
don't
think
we
should
be
touching
anything
in
that
data
plane.
That
data
plane
scares
me
because
that
data
plane
includes
stuff,
that's
all
covered
under
pii.
We
most
certainly
don't
want
to
have
that
stuff
floating
into
custodian
data
sets
my
opinion
I
think.
That's,
that's
not
a
that's,
not
something
we
should
be
doing.
I
know
we
don't
have
a
control.
That
says
we
need
to
collect
that
data
I'm,
not
sure
why
custodian
would
ever
care
about
an
end
user.
You
know
a
user
connects
information,
I.
E
Guess
is
my
concern.
Yeah
I
think
that's
totally
100
reasonable
because,
like
now
we're
out
of
looking
at
VMS
into
humans
contact
info
and
that
that
it's
a
100
where
what
I
was
trying
to
get
and
control
and
connect
itself
as
a
services
bridging
into
many
different
apis.
E
So
if
I
heard
it
correctly,
it
was
mostly
the
question
as
far
as
the
use
cases
underlying
is
actually
tagging.
Yes,.
B
Yeah
so
I
think
this
use
case
should
be
limited
down
to.
We
need
to
tag
the
resource
types
to
make
sure
that
they
meet
our
tagging
requirements,
but
but
none
of
this
data
plane
data
needs
to
be
none
of
the
data
plane.
The
sensitive
data
plane
data
we're
talking
about
needs
to
be
in
there.
I
just
need
to
know
their
their
resource,
identifier,
R
and
if
that's
the
case
or
whatever
it
is,
and
then
can
I
put
a
place,
a
tag
on
it
and
can
I
can
I
evaluate
that
tag.
G
Yeah
I
think
I
can
answer
that
question
David
here
like
we
are
not
collecting
the
like.
You
know,
for
example
like
if
you
take
the
phone
number
right,
we
are
not
directly
taking
the
phone
number
as
in,
like
you
know,
I
think
we
had
what
we
are
concerned
about
and
what
we
want
to
collect
here
is
the
arm
of
that
resource
and
then
like
we
are
checking
if
that
is
having
the
tags
that
we
want
to
have
so
that
that's
all
like
we
are
collecting
here.
B
G
Yeah,
all
we
are
con
like
in
interested
in
is
like
the
on
of
the
you
know
the
resource
type
here,
and
we
are
checking
for
that.
Okay,
yeah.
B
E
G
So
what
would
be
our
like
next
steps
like
to
get
this
in,
like
if
you
are
concerned
about
how
do
we
address
that
concern
like.
B
E
I
think
I
think
this
is
your
required.
Something
outline
of
this
conversation
to
go
dig
a
little
bit
deeper
George.
If
he
could
make
a
note
that
I
and
I'll
go
look
at
it.
I
just
want
to
make
sure
that
we're
all
speaking
the
same
language
and.
C
E
We've
got
the
same
constraints
and
concerns
in
line
as
we
look
at
this
and
and
and
noted
and
appreciated
for
bringing
it
up
like
much
appreciate
for
bringing
it
up
and
I
have
not
seen
this
particular
PR.
A
Let
me
just
check
that's
more
Reliance
stuff,
more
talk
stuff.
We
already
covered
that
all
right
that
pretty
much
covers
the
agenda.
A
Anything
else
people
would
like
to
bring
up
I
will
post
the
notes,
as
usual
to
the
usual
places,
including
slack
the
list,
and
if
someone
can
look
just
a
reminder,
if
anyone
has
time
to
look
at
7553,
that
would
be
amazing
anything
else
going
once
going
twice
all
right,
awesome,
everybody
have
a
good
day
and
reminder
if
you're
going
to
kubecon,
let
me
know
so
you
can
get
your
your
T-shirt
and
I
will
sort
out
a
t-shirt.
Swag
thing
here
at
some
point:
we're
almost
there
cheers
everyone
thanks.