0.9.18.0
aws
This release includes a change that requires the GetBucketLocation permission on the output bucket when using the s3 output. If you are missing this permission and are doing cross account outputs to s3, ensure that your custodian role has GetBucketLocation permission for the target bucket.
aws
- aws - account - check-macie filter - return empty list if doesn't match (#7536)
- aws - artifact - fix cfn type metadata (#7560)
- aws - asg - fix tagging interpolate values (#7543)
- aws - cloudfront - post-finding fix webacl attribute (#7576)
- aws - cloudfront - support fetching with arns for trail mode (#7588)
- aws - config poll rule fix - remove evals for deleted resources (#7500)
- aws - connect-instance - new resource and instance-attribute filter (#7561)
- aws - ec2 - terminate - fix usage of batch (#7607)
- aws - ec2 - terminate - minimize api calls with force option re disabling stop/termination protection (#7627)
- aws - ec2 - terminate with force also disables stop protection (#7598)
- aws - event-rule - invalid target filter - handle unknown arns and add event-bus as a valid target (#7622)
- aws - filters - add
aws:SourceAccountsupport to cross-account filter (#7611) - aws - fsx - add consecutive-backups filter (#7252)
- aws - fsx subnet filter (#7552)
- aws - kinesis - config source attribute adaptation fix (#7575)
- aws - metrics - align metric window with cloudwatch retention schedule (#7307)
- aws - mu - add waiter to lambda creation to support aws lamdba states (#7539)
- aws - output - read bucket region prior to creating session (#7524)
- aws - quotas - include aws default service quotas (#7572)
- aws - quotas - update quotas onto the default quotas (#7645)
- aws - rest-api - cross-account filter - handle policy mangling and use correct default (#7632)
- aws - s3 - fix bucket-encryption filter for when encrypt config present but absent a kms key (#7592)
- aws - skip invalid tags dates instead of failing policy also flake8 fixes (#7594)
- aws - sns and sqs - add "has-statement" filter (#7525)
- aws - vpc - flow-logs - fix LogDestination key error (#7569)
- aws - waf/wafv2 - set-waf action for apigateway, cloudfront and elb resources (#7519)
- aws - workspaces - Create filter for workspaces directory connection aliases (#7460)
core
- c7n-org - report - don't overwrite when merging account tags to resource (#7642)
- core - output - refactor to move write_file to blob handlers. (#7579)
- core - offhour - support escaped tag restricted values with translation map (#7631)
- core - structural validate handle explicit null filters or actions (#7570)
docs
- docs - add Darren Dao as a maintainer (#7565)
- docs - add castrojo as an additional admin contact for the project (#7613)
- docs - remove references to Python 3.6 and point to upstream python support schedule instead (#7537)
- docs - update developer install docs (#7522)
- docs - update example to use policy conditions instead of region top level key (#7517)
gcp
- gcp - gcp-periodic - trigger type is http, fix for delta_resource, require service-account (#7498)
- gcp - gke - support resourceLabels as labels (#7534)
- gcp - marked-for-op - fix to support actions and templates with hyphens (#7637)
- gcp - metrics - fix start/end time now need to end with Z (#7629)
- gcp - sql - Add labels filters and actions to the GCP SQL (#7556)
- gcp - sql - fix augment labels (#7624)
- gcp - support GCP_PROJECT env var (#7630)
releng
- releng - 0.9.18.0 - prep for release (#7602)
- releng - bump package versions for 0.9.18.0 (#7636)
- releng - docker update poetry version and update ubuntu base image (#7619)
- releng - docs build - update cache keys to address stale cache issue (#7621)
- releng - update policystream to use 22.04 and remove libgit compilation (#7605)
tools
- mailer - fix - change default value to {} for dict (#7518)
- tools/c7n-mailer - fix exception with null
toin notify action (#7586) - tools/c7n_mailer - jinja get_date_age support seconds (#7643)
- tools/c7n_mailer - slack delivery - allow using email address in tag's value (#7221)
schema changes
aws.connect-instanceaddedaws.artifact-repo- added filters:
config-compliance
- added filters:
aws.batch-compute- added filters:
json-diff
- added filters:
aws.batch-queue- added filters:
json-diff
- added filters:
aws.fsx- added filters:
consecutive-backups,subnet
- added filters:
aws.kafka- added filters:
json-diff
- added filters:
aws.rest-stage- added actions:
set-waf - added filters:
waf-enabled
- added actions:
aws.sagemaker-model- added filters:
json-diff
- added filters:
aws.sns- added filters:
has-statement
- added filters:
aws.sqs- added filters:
has-statement
- added filters:
aws.step-machine- added filters:
json-diff
- added filters:
aws.workspaces- added filters:
json-diff
- added filters:
aws.workspaces-directory- added filters:
connection-aliases
- added filters:
gcp.sql-instance- added actions:
mark-for-op,set-labels - added filters:
marked-for-op
- added actions: