IMPORTANT

AWS users should upgrade prior to dec 6th, 2021 to accomodate for a behavior change in lambda provisioning, which will otherwise cause errors when updating policies. See https://aws.amazon.com/blogs/compute/coming-soon-expansion-of-aws-lambda-states-to-all-functions/ for details.

aws

aws - apache airflow support and kms filter (#6823)
aws - check-permissions - gracefully handle non-existent iam entities (#6986)
aws - codedeploy - map resource type id applicationName (#6949)
aws - datapipeline - fix pipeline id capture (#6983)
aws - ebs - force result pagination (#6875)
aws - ebs snapshot - action allow copies within the same region (#6898)
aws - elasticache replication group - tagging support (#6858)
aws - iam - add validation for check-permissions filter (#6955)
aws - kms - support security hub bespoke format on creation date (#6895)
aws - log-group - subscription filter (#6865)
aws - mu - lambda policy deployment - handle required lambda state waiting (#6969)
aws - mu - support different event name vs policy name (#6840)
aws - notify action - sns transport return messageid for logging (#6916)
aws - prefix list resource (#6942)
aws - rds-cluster and fsx - add ability to filter by arns (#6889)
aws - s3 - kms fixes for bucket encryption filter/action (#6937)
aws - s3 access point resource (#5983)
aws - ssm - set id field for ssm document (#6868)
aws - tag copy exclude aws: prefixed tags (#6953)
aws - workspace image and cross-account filter (#6835)
aws - workspaces - add terminate action and delete image (#6902)
aws - workspaces directory, subnet, sg and client-properties filters and actions (#6929)
aws - codedeploy - application, deployment-group and deployment resources (#6806)

docs - clarify default tag mark-for-op tag in aws (#6885)
docs - clarify execution mode wording and add cross references. (#6861)
docs - fix broken external link to point to mailer README instead (#6897)
docs - issue template - adopt feedback from community meeting on 2021-08-31 (#6880)
docs - readme - add a link to community events to aid with discovery (#6886)
docs - remove remaining $ from prompts in the docs (#6842)
docs - switch event id for AuthorizeSecurityGroup examples (#6939)

releng - docker functional tests sans terraform dependency (#6905)
releng - exempt sendgrid from frozen dep when releasing (#6996)
releng - migrate to github forms for issues (#6864)
releng - update deps (#6904)
releng - use poetry instead of tox in ci for better cache usage (#6883)
releng - version increment and dependency upgrade (#6856)
releng - dependency updates 2021-11 (#6984)
ci - aws - iam permission meta test - handle shared service names across resources (#6841)

tools/c7n-logexporter - fix: run cli parameters into export mismatch (#6930)
tools/c7n-logexporter - fixes and update readme (#6871)
tools/c7n-org - support reporting against s3 outputs (Fixes: #4029) (#6912)
tools/c7n_sphinxext - fix typo in changed content comparision for reference doc gen (#6938)
tools/mugc - only include enabled regions for region=all (#6870)

aws.airflow added
aws.codedeploy-app added
aws.codedeploy-deployment added
aws.codedeploy-group added
aws.prefix-list added
aws.s3-access-point added
aws.s3-access-point-multi added
aws.workspaces-directory added
aws.workspaces-image added
azure.advisor-recommendation added
aws.backup-plan
- added filters: json-diff
aws.backup-vault
- added filters: json-diff
aws.ecr
- added filters: json-diff
aws.ecs
- added filters: json-diff
aws.efs
- added filters: json-diff
aws.elasticache-group
- added actions: auto-tag-user, copy-related-tag, mark-for-op, remove-tag, tag
- added filters: marked-for-op
aws.log-group
- added filters: subscription-filter
aws.workspaces
- added actions: terminate
gcp.bucket
- added filters: iam-policy
gcp.kms-cryptokey
- added filters: iam-policy
gcp.project
- added filters: iam-policy