►
From YouTube: Cloud Custodian Community Meeting 2023-05-30
Description
Our community meeting is public and we encourage users and contributors of Cloud Custodian to attend! You can find the notes for this meeting on our github repo: https://github.com/orgs/cloud-custodian/discussions
Check out our Slack for more info! http://slack.cloudcustodian.io
A
Foreign
recording
started:
welcome
everybody,
some
new
phases,
some
old
faces
to
the
May
30th
community
meeting
for
cloud
custodian,
got
a
link
with
the
agenda
and
some
notes
in
heckmd
and
trying
to
catch
up
on
some
of
the
the
pre-game
discussion.
Thanks
prasanna
joined
us
and
had
some
questions
about
gcp
audit
mode
I'm
going
to
try
to
get
some
notes
in
there
and
anyone
else
who
was
listening
can
try
to
keep
me
honest,
make
any
additions
or
Corrections.
A
Since
we
do
have
some
new
faces.
Does
anyone
want
to
formally
introduce
themselves
on
camera?
No
pressure.
A
A
And
just
later,
this
was
the
discussion.
It
was
about
some
gcp,
a
gcp
audit,
Mode
Policy
that
was
matching
instances
and
then
not
stopping
them.
We
just
talked
about
checking
the
logs
to
make
sure
where
that
issue
is
coming
from
and
and
look
into
some
ways
around
that
going
forward.
A
Other
opening
issue
opening
items
here
we're
still
moving
on
from
python37
this
year.
We've
got
a
tips
and
tricks
section
in
discussions.
Github
discussions
I
actually
saw
a
little
bit
of
activity
there
recently
I
need
to
go
check
in
on
that
and
then
for
the
report.
Since
last
time
we
did
have
a
new
release.
A
B
Mean
girl,
laces
out
I,
was
hoping
to
try
to
work
on
some
of
the
release,
automation,
maybe
for
the
next
release.
Realistically,
it's
not
gonna
I'm,
not
gonna,
be
we're
not
going
to
have
automated
releases
till
July,
but
you
know
helpful
to
make
some
some
progress
on
that
front.
B
It
was
I
think
we
went
a
little
bit
late
this
month,
just
because
we
we
were
trying
to
also
work
together
on
some
fixes
for
the
freeze,
export
which
AJ
worked
on
just
because
we
I
think
the
mailer
last
on
the
last
release
basically
ended
up
pulling
in
all
the
providers,
even
though
it
was
intended
to
be
optional
by
which
provider
you're
using
but
other
police
itself,
nothing
particularly
of
note
sort
of
standard
release
per
sec,
otherwise.
A
Oh
I
think
you're
right
about
the
release.
Number
two
sunny
I,
think
that
was
27,
not
28..
Yep
I
get
ahead
of
the
game
here:
okay,.
A
B
On
the
next
release,
there
was
one
thing:
I
was:
there
was
one
issue
about
memory
usage
that
I've
been
trying,
because
I
did
Mark
it
down
as
sort
of
like
a
release
blocker,
but
I
I'm
was
hoping
to
meet
with
the
reporter
on
this
week.
They
handed
me
their
policies,
but
there
was
nothing
I.
Think
there's
a
general
question
here
of
like
do.
We
need
some
sort
of
memory
smoke
test
of
something
just
to
you
know
validate
as
far
as
regressions
but
I
it
wasn't.
B
There
wasn't
anything
obvious
and
going
through
their
policies
and
looking
at
the
particular
filters
and
actions
that
were
being
used,
we
could
incorporate
a
memory
which
is
a
memory.
Tester
I
was
also
wondering
about
like
if
we
did
a
functional
test
where
we
created,
like
a
thousand
law
groups
or
a
thousand
resources
of
some
kind
and
like
ran
a
few
policies
on
it
just
to
see
if
we're
getting
full
effect.
B
That
might
be
interesting,
so
I'm
sort
of
like
stuck
on
like
how
do
we
a?
Can
we
reproduce
this
B?
What
do
we?
What
are
we
doing
to
make
sure
that
it
doesn't
happen
because,
like
these
questions
come
up
and
it's
like?
How
do
how
do
we
tell
and
it
it
gets
tricky
so
I'd
like
to
house
some
sort
of
Entry
functional
test
capability
that
that
allows
us
to
simulate
and
measure
on
track.
B
Yeah
I
mean
he
was
able
to
track
it
back
to
I,
mean
he's
identifying
his
Euro
925
as
the
place
where
it
started,
but
I
went
through
like
every
lined
up
from
924
to
9
25,
but
I
don't
see
nothing
really
came
out
at
me.
That
was
like
you
know.
This
might
do
something
yeah,
so
I'm
I'm
a
a
little
unclear.
It
is
the
place
where
we
moved
client
construction
and
that's
augment
from
worker
threads
back
to
main
thread,
but
that's
actually
a
reduced
memory.
Consumption
and
reduce
API
calls.
B
So
like
that
part,
it
wasn't.
There
wasn't
a
whole
lot
up
of
anything
that
would
cause
systemic
across
a
larger
set
of
policies.
So
that's
a
I
think
the
the
right
answer
is
probably
come
up
with
some
smoke
test,
and
maybe
we
can
run
it
through
some
of
the
older
Docker
images
just
to
see
if
we
identify
it
ourselves
and
if
we
can
then
maybe
do
some
bisecting
within
the
commit
history
but
I
think
even
just
having
that
as
a
having
a
smoke
test.
A
True
I
guess
it's
even
conceivable:
it
could
be
something
on
the
dependency
side
too
I
mean
it
seems
It's.
You
know,
you
never
know.
Yeah
I.
B
Did
drop
a
comment
in
but
it
was
like
it
was
I.
Think
my
first
comment:
I
was
like
that
it
could
be
a
dependency
change,
but
you
know,
obviously
we
that's.
B
You
know
it's
a
little
bit
early
to
say.
Well,
it
was
early
at
that
time,
but
I
think
that
that
could
be.
That
could
be
true
in
this
context.
They
definitely
had
all
the
resources
all
providers
installed
in
this
context.
So
in
terms
of
looking
at
the
their
full
package
list,
so
don't
have
a
great
answer.
B
I
think
I
think
but
I
think
there's
a
reasonable
game
plan
on
sort
of
going
forward
like
let's,
let's
write
a
memory
smoke
test
that
it
deals
with
some
real
world
account
card
research
cardinalities
in
just
measure,
and
have
that
as
a
regression
test.
A
That
sounds
good
all
right,
so
that
was
the
memory
issue.
Are
there
other
anyone
else
on
the
call
any
other,
pressing
issues,
issues
related
to
release
or
or
any
open
issues
here
that
could
use
some
extra
discussion.
C
I
figured
I
I
have
been
distracted
with
something
else,
so
I
was
not
at
all
prepared.
I
just
thought
I
would
join
and
see
what
this
was
like.
Oh.
B
Cool
wait.
We
were
going
through
an
issue
about
gcp
audit
mode
and
then
we're
talking
about
the
release
and
tracking
down
potential
old
memory
usage
thing,
but
we're
and
I
saw
you
joined
and
thought
I'd
come
into
the
PRS.
It
looks
like
Patricia
dropped,
one
in
you,
wanna.
D
Talk
about
that
yeah.
That
was
an
issue
that
I
had
opened
up
a
few
weeks
back.
Do
you
mind
elaborating
a
bit
more
on
manually,
assembling
them
into.
B
This
yeah
context
for
people
like
when
we
go
to
drop
a
notification.
We,
the
transports
for
notifications,
all
have
different
size
limits
like
AWS
is
256.
B
Azure
is
like
that's
depends
on
your
service
level
like
40
to
like
80
and,
of
course,
40
or
64,
and
then
I
think
gcp
actually
supports
a
few
megabytes,
and
currently
we
statically
size
based
on
some
arbitrary
number
and
obviously
some
resources
are
bigger
than
others,
and
so
the
notion
here
was
instead
of
statically
sizing,
let's
serialize
each
resource,
one
of
the
times
that
was
cellularizing
the
batch
and
keep
track
of
the
size.
B
So
if
we
serialize
one
resource,
we
know
how
that
is
so
as
a
next
resource,
and
then
we
do
that
so
so
forth
till
we
get
to
you
know
we
we
know
we're
approaching
our
transport
limit
and
then
we
stop.
So
now
we're
not
we're.
Instead
of
statically
sizing,
the
batch
we're
dynamically
sizing
the
batch.
B
Now
this
gets
a
little
more
complicated
because
we're
also
compressing
it
and
we're
also
basically
forwarding
it,
but
those
are
typically
constants
like,
and
so
we
typically
get
you
get
typically
a
constant
compression
ratio.
So
we
just
use
that
as
like
a
multiply
by
zero
point,
you
know
seven
or
you
know
et
cetera
and
that
that
will
effectively.
That
would
be
some
notion
of
design,
let's,
let's
dynamically,
that
do.
B
Dynamic
batch
sizing
based
on
individualization
individually,
serializing,
getting
the
size
calculation
and
then
mainly
assembling
the
serialized
resources
together
in
an
array.
Okay,.
B
Yeah
there
might
be
a
little
bit
more
there,
but
I'm
having
a.
If
you
want.
A
Okay,
so
that
would
be
more
Dynamic
than
than
the
option
where
with
something
like
the
web
hook:
action
where
we
have
a
default.
That's
overrideable,
okay,.
A
Okay
or
other
I
know
there
were
from
the
the
last
meeting.
I
know
there
was
a
this
issue
was
reopened.
I
haven't
had
a
chance
to
look
at
it,
I
don't
know.
If
other
folks
have
the
the
copy
related
tag.
I
know
this
was
where
there
was
the
the
error,
the
scalar
error,
showing
up
with
with
copy
related
tag.
D
D
I
I
tried
to
replicate
it,
but
yeah
I
couldn't
like
pre-produce
this
error:
okay,
yeah
it's
on
my
radar,
but
potentially
this
week,
I'll
try
to
work
on
it.
D
A
D
D
A
Yeah
I
I
have
not
I
haven't
been
able
to
do
anything,
but
if
yeah.
A
Oh,
so
nothing
else
for
that
one
now
any
other
issues
or
PRS
who
else
Kapil
is
and
the
stuff
that
you're
talking
about
with
gcp.
Is
that
worth
worth
pointing
out
here?
Oh.
B
Yeah
I
mean
so
somebody
like
I
have
never
done
it
before,
but
apparently
it's
a
thing
to
do
and
you
speak,
they
call
it
impersonation
and
it
like
AWS.
We
call
it
roll
soon,
and
so
somebody
contributed
support,
for
it
admit,
did
a
minor
change
just
so
that
you
can
actually
pass
the
impersonation
role
via
on
the
command
line.
Is
dash
dash
roll,
sorry
assumed
past
the
identity.
You
want
to
rolls
in
sorry,
impersonate,
two
and
and
then
I
was
also
just
testing
workload.
B
Identity
Federation
in
this
context
of
going
from
AWS
into
gcp
without
set
of
credentials,
and
if
you
get
the
client
credential
config
file
and
you
just
set
that
up
as
your
application
credentials,
environment
variable
it
just
works.
So
I
just
wanted
to
point
that
out
and
I
got
up
here
up,
I
think
to
sort
of
add
that
to
the
docs,
no
no
static.
A
Sweet
you
know
something
I
meant
to
put
on
the
the
earlier
part
of
the
agenda
was
I
saw
along
with
the
last
release
that
we
also
have
a
new
maintainer
who's,
not
on
the
call
but
Kent
Kent
Anderson.
B
He's
done
a
bunch
of
PR's
over
the
years
he
was
working.
I
forgot
what
he
I
think
he
was
working
at
a
bank
before
and
he's
working
at
a
different
place
now
and
he's
looking
forward
to
potentially
using
Houston's
new
job.
But
it's
been
something
I
wanted
to
want
to
do
for
a
little
while,
just
because
he's
had
some
really
good
enduring
contributions,
actually,
maybe
it's
for
a
while.
Maybe
it's
worthwhile
pulling
up
his
PR
first
yeah.
It's.
D
B
He's
on
slack
but
he's
not
doesn't
use
a
slack
that
much
I
think
because
maybe
it's
doesn't
is
it
but
yeah.
He
also
did
some
of
the
emperor
cost
Integrations
as
well,
but
those
are
some
of
his
PRS
that
already
been
merged
teachers.
Nice.
B
It
did
make
me
wonder
if
we
need
to,
or
we
should
look
at
other
kind
like
a
time
oh
they're,
like
switching
having
alternating
meeting
times,
just
to
have
some
TZ
friendliness.
B
We
also
have
some
folks
in
Eastern
Europe
that
have
been
doing
some
contributions,
and
you
know
just
an
idea
right
now.
I
think
we
would
keep
this
and
potentially
just
add
one
once
a
month
in
a
different
time
zone
and
just
to
make
sure
that
we're
being
Global
and
our
community
outreach
and
collaboration.
B
Think
I
think
it's
mostly
been
time
zone
and
then
just
like
he
like
he
typically
picks
up
messages,
I
drop
to
him
like
in
a
few
days.
That's
just
you
know,
I,
don't
and
you
don't
actually
technically,
you
need
to
use
slack
as
a
client.
We
because
we're
mirrored
into
that
index
site
which,
whose
name
I
forget
linen.
B
You
can
actually
Lennon's
full
read
write,
so
you
can
just
log
into
Lenin
and
directly
chat
from
it
as
well.
A
B
A
That's
like
I'm
gonna
make
a
note
of
that
and
see
if
we
need
to
put
it
in
the
community
or
the
readme
somewhere,
because
it
is
I've,
certainly
used
it
for
once
once
messages
age
out
of
Slack
and
we
still
need
a
permanent
link
to
them.
It's
pretty
handy,
although
this
this
is
showing
April.
So
maybe
oh,
okay,
you
got
something
else.
D
A
Cool
welcome
Michael.
A
Okay,
so
talking
about
issues
talking
about
linen
any
other
issues
or
PR's
that
are
worth
the
chat.
A
E
Yeah
I
was
just
curious
if
this
is
something
that
Community
has
thought
about
and
considered
of
having
some
sort
of
crowdsource
or
open
source
contribution
model
for
different
kind
of
policies.
The
interview
we
have
lots
and
lots
of
AWS
policies,
you
know,
would
love
to
contribute
and,
at
the
same
time
as
we
venture
into
gcp,
we
hate
to
have
to
write
everything
from
scratch
and
then
also
as
we
venture
into
kubernetes
too,
for
policy.
E
There
would
love
to
have
some
sort
of
crowdsourcing
work
in
place
where
I
didn't
do
everything
from
scratch.
I.
B
Was
just
talking
to
another
organization
that
is
actually
in
the
process
of
conserving
their
policies
and
I
was
trying
to
figure
out
what
the
right
so
like
like
a
separate
repo
for
each
provider,
type
of
thing
makes
sense.
Okay,
that's
what
I'm
thinking
yeah
okay,
I'm
good
for
that
we
can
just
I
guess,
create
a
repos
in
staticclock
student
org
ghetto
Borg!
B
Does
that
sound
reasonable
unless
you
create
like
I,
don't
know
what
to
call
them
renaming's
always
hard,
but
any
any
suggestions
or
welcome?
Maybe
we
started
a
GitHub
issue
in
the
existing
repo
just
to
as
a
proposal
just
to
sort
of
kick
off.
B
E
And
I
think
it
will
help
a
lot
of
new
people
coming
to
who
just
wanna
see
examples
of
policies.
I
think
a
lot
of
questions
that
people
ran
into
is
how
do
I
do
things
having
documentation
is
good,
but
having
some
more,
you
know
thorough
setup
example
of
critical
policy.
I
think
that
will
help
people
a
lot
yeah.
B
A
I,
remember,
I,
know:
we've
got
so
I
know
there
are
some
open
repos
out
there
with
kind
of
a
you
know,
it's
a
mishmash
of
policies
that
folks
have
contributed
between
blog
posts
and
other
repos
and
I
know.
I've
done
some
work
with
scraping
doc
string
like
policies
out
of
our
docs
and
sending
those.
But
that
seems
like
that's,
that's
not
quite
sufficient
either.
That
would
be.
This
would
be
I'm
guessing
it's
an
entirely
separate
effort.
A
B
Yeah,
like
I,
figured
let's,
let's
start
jump
starting
this
stuff,
especially
like
looking
at,
like
even
on
the
ship
left
side
like
there's
just
so
many
tools
out
there
that
have
like
I,
think
policies
are
there's.
B
Know
CIS
benchmarks
or
something
like
that:
they're
like
becoming
commoditized
and
I,
think
it's
also
helpful
to
getting
people
started.
I
mean
I.
Think
it's
an
open
question
on
to
what
degree
it's
like
supported
versus,
like
you
know,
standard
open
source.
You
know,
use
your
unrest
type
of
thing,
but
yeah
I
think
it
sounds
good
to
sort
of
help
grow.
The
community.
E
A
All
right,
other
other
topics
doesn't
even
have
to
be
issue
or
PR
related
at
this
point,
I
think,
unless
we've
got
specific
PRS
to
dig
in
and
group
review.