aws
- aws - ami deregister exception when snapshot in use (#6706)
- aws - asg - add update action to set max lifetime and other settings (#6612)
- aws - batch - fix subnet and sg filters related resource expressions (#6644)
- aws - cloud watch alarms - tag augment (#6598)
- aws - config support for ecs service & eks cluster (#6605)
- aws - dax fix tagging action (#6754)
- aws - ebs - modify action - add gp3 ebs type to schema (#6753)
- aws - ec2 svc id prefix for more resources (#6566)
- aws - ecs-task-definition - config support (#6561)
- aws - ecs-task-definition - fix get_resources exception due to double augment (#6705)
- aws - eks - node group resources and delete action (#6737)
- aws - fix datapipeline id field (#6746)
- aws - glue connections - default describe parameters for omitting password (#6733)
- aws - handle deprecated services and mark additional global resources (#6592)
- aws - kafka kms-key filter for data-volume encryption (#6769)
- aws - kinesis Analytics V2, subnet filter and delete action (#6689)
- aws - kms - doc unification (#6626)
- aws - kms - more resilient key lookups, fix for keyarn/arn behaviors, fix for config source (#6624)
- aws - log metrics resource (#6694)
- aws - network firewall resource (#6463)
- aws - partition name available for substitution in policies and mailer templates (#6726)
- aws - s3 toggle-logging error handling and region variables (#6610)
- aws - sagemaker-model - fix augment (#6772)
- aws - secrets manager - tag augmentation fix (#6663)
- aws - ssm - document resource and filters/actions (#6574)
- aws - support phd mode sans detail (#6639)
- aws - swf resource (#6687)
- aws - emr - use cluster state query from policy, if provided (#6675)
azure
- azure - Ensure subscription override for all cases (#6629)
- azure - custodian and c7n-org azure multi cloud bug fixes (#6614)
- azure - data mask policy filter (#6665)
- azure - fix delete action for resource groups (#6730)
- azure - identity upgrade fixes (#6773)
- azure - new resources (#6759)
- azure - remove jsonpickle (#6632)
- azure - review wrong schema_alias (#6569)
- azure - sql filters (#6640)
- azure - sql vulnerability scan filter (#6651)
- azure - vm extensions filter (#6702)
- azure - revert API version change in favor of resource graph (#6655)
core
- cli - report - strip date portion from s3 output dir (#6593)
- core - offhours support for fallback schedule when missing tag (#6603)
- core - fix annotation merges inside
or
blocks (#6757) - core - fix value filters that specify a value type but no op (#6682)
- core - log policy exceptions before closing log stream (#6698)
docs
- docs - add example to aws tag action (#6653)
- docs - aws - use detail.awsRegion as a key to access the region data (#6674)
gcp
- gcp - dataflow - augment per api changes (#6652)
- gcp - filter - scc findings (#6630)
- gcp - instance effective firewall filter (#6586)
- gcp - metric filter - custom resource mappings (#6647)
- gcp - metrics filter (#6595)
- gcp - pass project id into credentials constructor (#6608)
- gcp - scc - post finding severity field (#6731)
- gcp - security-center execution mode (#6568)
- gcp - service account key resource (#6591)
- gcp - adding disable,enable,delete service account actions (#6650)
releng
- releng - dockerpkg - work around azure pipeline regression and docker client bug (#6695)
- releng - github actions docker build fix (#6697)
- releng - include license in generated setup and dep update (#6648)
- releng - prep 0.9.12, rebase deps (#6606)
- releng - static analyzers in ci (#6649)
- releng - update dependencies (#6755)
tools
- tools/c7n_mailer - add formatting for rds-cluster resources (#6700)
- tools/c8m_prg - name templates for azure script (#6661)
schema changes
aws.eks-nodegroup
addedaws.firewall
addedaws.kinesis-analyticsv2
addedaws.log-metric
addedaws.ssm-document
addedaws.swf-domain
addedazure.application-gateway
addedazure.container-registry
addedazure.containerregistry
removedazure.front-door
addedazure.logic-app-workflow
addedazure.mysql
addedazure.service-fabric-cluster
addedazure.service-fabric-cluster-managed
addedazure.traffic-manager-profile
addedgcp.service-account-key
addedaws.alarm
- added actions:
auto-tag-user
,copy-related-tag
,mark-for-op
,remove-tag
,tag
- added filters:
marked-for-op
- added actions:
aws.asg
- added actions:
update
- added actions:
aws.ecs-service
- added filters:
json-diff
- added filters:
aws.ecs-task-definition
- added filters:
json-diff
- added filters:
aws.eks
- added filters:
json-diff
- added filters:
aws.kafka
- added filters:
kms-key
- added filters:
azure.sql-database
- added filters:
data-masking-policy
,transparent-data-encryption
- added filters:
azure.sql-server
- added filters:
azure-ad-administrators
,vulnerability-assessment
- added filters:
azure.vm
- added filters:
vm-extensions
- added filters:
gcp.app-engine
- added filters:
metrics
,scc-findings
- added filters:
gcp.app-engine-certificate
- added filters:
metrics
,scc-findings
- added filters:
gcp.app-engine-domain
- added filters:
metrics
,scc-findings
- added filters:
gcp.app-engine-domain-mapping
- added filters:
metrics
,scc-findings
- added filters:
gcp.app-engine-firewall-ingress-rule
- added filters:
metrics
,scc-findings
- added filters:
gcp.autoscaler
- added filters:
metrics
,scc-findings
- added filters:
gcp.bq-dataset
- added filters:
metrics
,scc-findings
- added filters:
gcp.bq-job
- added filters:
metrics
,scc-findings
- added filters:
gcp.bq-table
- added filters:
metrics
,scc-findings
- added filters:
gcp.bucket
- added filters:
metrics
,scc-findings
- added filters:
gcp.build
- added filters:
metrics
,scc-findings
- added filters:
gcp.cloudbilling-account
- added filters:
metrics
,scc-findings
- added filters:
gcp.dataflow-job
- added filters:
metrics
,scc-findings
- added filters:
gcp.disk
- added filters:
metrics
,scc-findings
- added filters:
gcp.dm-deployment
- added filters:
metrics
,scc-findings
- added filters:
gcp.dns-managed-zone
- added filters:
metrics
,scc-findings
- added filters:
gcp.dns-policy
- added filters:
metrics
,scc-findings
- added filters:
gcp.firewall
- added filters:
metrics
,scc-findings
- added filters:
gcp.folder
- added filters:
metrics
,scc-findings
- added filters:
gcp.function
- added filters:
metrics
,scc-findings
- added filters:
gcp.gke-cluster
- added filters:
metrics
,scc-findings
- added filters:
gcp.gke-nodepool
- added filters:
metrics
,scc-findings
- added filters:
gcp.iam-role
- added filters:
metrics
,scc-findings
- added filters:
gcp.image
- added filters:
metrics
,scc-findings
- added filters:
gcp.instance
- added filters:
effective-firewall
,metrics
,scc-findings
- added filters:
gcp.instance-template
- added filters:
metrics
,scc-findings
- added filters:
gcp.interconnect
- added filters:
metrics
,scc-findings
- added filters:
gcp.interconnect-attachment
- added filters:
metrics
,scc-findings
- added filters:
gcp.kms-cryptokey
- added filters:
metrics
,scc-findings
- added filters:
gcp.kms-cryptokey-version
- added filters:
metrics
,scc-findings
- added filters:
gcp.kms-keyring
- added filters:
metrics
,scc-findings
- added filters:
gcp.loadbalancer-address
- added filters:
metrics
,scc-findings
- added filters:
gcp.loadbalancer-backend-bucket
- added filters:
metrics
,scc-findings
- added filters:
gcp.loadbalancer-backend-service
- added filters:
metrics
,scc-findings
- added filters:
gcp.loadbalancer-forwarding-rule
- added filters:
metrics
,scc-findings
- added filters:
gcp.loadbalancer-global-address
- added filters:
metrics
,scc-findings
- added filters:
gcp.loadbalancer-global-forwarding-rule
- added filters:
metrics
,scc-findings
- added filters:
gcp.loadbalancer-health-check
- added filters:
metrics
,scc-findings
- added filters:
gcp.loadbalancer-http-health-check
- added filters:
metrics
,scc-findings
- added filters:
gcp.loadbalancer-https-health-check
- added filters:
metrics
,scc-findings
- added filters:
gcp.loadbalancer-ssl-certificate
- added filters:
metrics
,scc-findings
- added filters:
gcp.loadbalancer-ssl-policy
- added filters:
metrics
,scc-findings
- added filters:
gcp.loadbalancer-target-http-proxy
- added filters:
metrics
,scc-findings
- added filters:
gcp.loadbalancer-target-https-proxy
- added filters:
metrics
,scc-findings
- added filters:
gcp.loadbalancer-target-instance
- added filters:
metrics
,scc-findings
- added filters:
gcp.loadbalancer-target-pool
- added filters:
metrics
,scc-findings
- added filters:
gcp.loadbalancer-target-ssl-proxy
- added filters:
metrics
,scc-findings
- added filters:
gcp.loadbalancer-target-tcp-proxy
- added filters:
metrics
,scc-findings
- added filters:
gcp.loadbalancer-url-map
- added filters:
metrics
,scc-findings
- added filters:
gcp.log-exclusion
- added filters:
metrics
,scc-findings
- added filters:
gcp.log-project-metric
- added filters:
metrics
,scc-findings
- added filters:
gcp.log-project-sink
- added filters:
metrics
,scc-findings
- added filters:
gcp.ml-job
- added filters:
metrics
,scc-findings
- added filters:
gcp.ml-model
- added filters:
metrics
,scc-findings
- added filters:
gcp.organization
- added filters:
metrics
,scc-findings
- added filters:
gcp.project
- added filters:
metrics
,scc-findings
- added filters:
gcp.project-role
- added filters:
metrics
,scc-findings
- added filters:
gcp.pubsub-snapshot
- added filters:
metrics
,scc-findings
- added filters:
gcp.pubsub-subscription
- added filters:
metrics
,scc-findings
- added filters:
gcp.pubsub-topic
- added filters:
metrics
,scc-findings
- added filters:
gcp.route
- added filters:
metrics
,scc-findings
- added filters:
gcp.router
- added filters:
metrics
,scc-findings
- added filters:
gcp.service
- added filters:
metrics
,scc-findings
- added filters:
gcp.service-account
- added actions:
delete
,disable
,enable
- added filters:
metrics
,scc-findings
- added actions:
gcp.snapshot
- added filters:
metrics
,scc-findings
- added filters:
gcp.sourcerepo
- added filters:
metrics
,scc-findings
- added filters:
gcp.spanner-database-instance
- added filters:
metrics
,scc-findings
- added filters:
gcp.spanner-instance
- added filters:
metrics
,scc-findings
- added filters:
gcp.sql-backup-run
- added filters:
metrics
,scc-findings
- added filters:
gcp.sql-instance
- added filters:
metrics
,scc-findings
- added filters:
gcp.sql-ssl-cert
- added filters:
metrics
,scc-findings
- added filters:
gcp.sql-user
- added filters:
metrics
,scc-findings
- added filters:
gcp.subnet
- added filters:
metrics
,scc-findings
- added filters:
gcp.vpc
- added filters:
metrics
,scc-findings
- added filters: