IMPORTANT
AWS users should upgrade prior to dec 6th, 2021 to accomodate for a behavior change in lambda provisioning, which will otherwise cause errors when updating policies. See https://aws.amazon.com/blogs/compute/coming-soon-expansion-of-aws-lambda-states-to-all-functions/ for details.
aws
- aws - apache airflow support and kms filter (#6823)
- aws - check-permissions - gracefully handle non-existent iam entities (#6986)
- aws - codedeploy - map resource type id applicationName (#6949)
- aws - datapipeline - fix pipeline id capture (#6983)
- aws - ebs - force result pagination (#6875)
- aws - ebs snapshot - action allow copies within the same region (#6898)
- aws - elasticache replication group - tagging support (#6858)
- aws - iam - add validation for check-permissions filter (#6955)
- aws - kms - support security hub bespoke format on creation date (#6895)
- aws - log-group - subscription filter (#6865)
- aws - mu - lambda policy deployment - handle required lambda state waiting (#6969)
- aws - mu - support different event name vs policy name (#6840)
- aws - notify action - sns transport return messageid for logging (#6916)
- aws - prefix list resource (#6942)
- aws - rds-cluster and fsx - add ability to filter by arns (#6889)
- aws - s3 - kms fixes for bucket encryption filter/action (#6937)
- aws - s3 access point resource (#5983)
- aws - ssm - set id field for ssm document (#6868)
- aws - tag copy exclude aws: prefixed tags (#6953)
- aws - workspace image and cross-account filter (#6835)
- aws - workspaces - add terminate action and delete image (#6902)
- aws - workspaces directory, subnet, sg and client-properties filters and actions (#6929)
- aws - codedeploy - application, deployment-group and deployment resources (#6806)
azure
- azure - ci - session tests fix (#6892)
- azure - Change ACI image name (#6888)
- azure - advisor (#6836) (#6866)
- azure - update mysql version used for tests (#6879)
core
- core - reduce filter - fix value_regex validation (#6899)
docs
- docs - clarify default tag mark-for-op tag in aws (#6885)
- docs - clarify execution mode wording and add cross references. (#6861)
- docs - fix broken external link to point to mailer README instead (#6897)
- docs - issue template - adopt feedback from community meeting on 2021-08-31 (#6880)
- docs - readme - add a link to community events to aid with discovery (#6886)
- docs - remove remaining $ from prompts in the docs (#6842)
- docs - switch event id for AuthorizeSecurityGroup examples (#6939)
gcp
- gcp - subnet - fix get re match string (#6933)
- gcp - resource iam policy filter (#6771)
- gcp - subnet - set-flow-log action pass fingerprint parameter (#6934)
releng
- releng - docker functional tests sans terraform dependency (#6905)
- releng - exempt sendgrid from frozen dep when releasing (#6996)
- releng - migrate to github forms for issues (#6864)
- releng - update deps (#6904)
- releng - use poetry instead of tox in ci for better cache usage (#6883)
- releng - version increment and dependency upgrade (#6856)
- releng - dependency updates 2021-11 (#6984)
- ci - aws - iam permission meta test - handle shared service names across resources (#6841)
tools
- tools/c7n-logexporter - fix: run cli parameters into export mismatch (#6930)
- tools/c7n-logexporter - fixes and update readme (#6871)
- tools/c7n-org - support reporting against s3 outputs (Fixes: #4029) (#6912)
- tools/c7n_sphinxext - fix typo in changed content comparision for reference doc gen (#6938)
- tools/mugc - only include enabled regions for region=all (#6870)
schema changes
aws.airflow
addedaws.codedeploy-app
addedaws.codedeploy-deployment
addedaws.codedeploy-group
addedaws.prefix-list
addedaws.s3-access-point
addedaws.s3-access-point-multi
addedaws.workspaces-directory
addedaws.workspaces-image
addedazure.advisor-recommendation
addedaws.backup-plan
- added filters:
json-diff
- added filters:
aws.backup-vault
- added filters:
json-diff
- added filters:
aws.ecr
- added filters:
json-diff
- added filters:
aws.ecs
- added filters:
json-diff
- added filters:
aws.efs
- added filters:
json-diff
- added filters:
aws.elasticache-group
- added actions:
auto-tag-user
,copy-related-tag
,mark-for-op
,remove-tag
,tag
- added filters:
marked-for-op
- added actions:
aws.log-group
- added filters:
subscription-filter
- added filters:
aws.workspaces
- added actions:
terminate
- added actions:
gcp.bucket
- added filters:
iam-policy
- added filters:
gcp.kms-cryptokey
- added filters:
iam-policy
- added filters:
gcp.project
- added filters:
iam-policy
- added filters: