aws
- aws - ami - allow no 'add' in set-permissions action (#8327)
- aws - apigw - generate domain name arns (#8366)
- aws - asg - let valid/invalid filters work in explicit pull mode (#8308)
- aws - efs-mount-point - network-location filter (#8347)
- aws - eks - add network-location filter (#8377)
- aws - elasticsearch - enable support for server-side query filtering (#8337)
- aws - elasticsearch - new action to enable audit logs to cloudwatch (#8232)
- aws - enhance modify-security-groups action to support add groups by tag (#8356)
- aws - hosted zone - explicit config_id for config-rule support (#8269)
- aws - lambda - filter for lambda@edge (#8382)
- aws - rds - bug fix in consecutive-snapshots filter (#8357)
- aws - route53 ARC - control panel: add resource and tagging (#8352)
- aws - route53.recovery-cluster - add resource and tagging support (#8301)
- aws - s3 - check-public-filter handle access denied errors (#8374)
- aws - s3 output bucket region determination refactor (#8289)
- aws - security-group unused filter - add batch compute envs (#8297)
- aws - tag variable interpolation fix (#8383)
- aws - vpc - bug fix security-groups-used on in-use eni with no attachment (#8099) (#8390)
- aws - wafv2 - add scope param to list call in lambda modes (#8120)
- feat: fix marked-for-op filter bug (#8313)
c7n_azure
- c7n_azure - adding new resource for mysql flexibleserver and a new filter (#8241)
core
- core - filters - add headers to value_from url (#8307)
- core - offhours filter - fixing typo on fallback-schedule schema (#7929)
- core - pass validate to load_data so intent to validate policies or not is fully respected (#8305)
- core - query - have resource manager init args match the base class (#8310)
gcp
- gcp - bq-table - add augment to table for encryption config (#7952)
kubernetes
- kubernetes - fix test via k8s registry url update (#8290)
shift-left
- c7n-left - test handling of terraform local modules (#8286)
- c7n-left - traverse filter supports non value type filters (#8299)
tools
- tools/c7n-mailer - replay - support for slack (#5653)
- tools/c7n-mailer - unique email list (#8370)
- tools/c7n-mailer -replay - support mimicking sqs (#5655)
- tools/c7n_mailer - handle lambda container images (#8329)
- tools/c7n_mailer - option to assume role to send via centralized account SES (#6707)
- tools/dev - fix devcontainer poetry installation (#8317)
- tools/omni-ssm bump golang.org/x/sys (#8320)
- tools/omnissm - bump golang.org/x/text (#8311)
releng
- releng - address some linting found by new bandit release (#8365)
- releng - cask dep updates (#8322)
- releng - change docker :dev tag to daily build (#8342)
- releng - ci - add 3.11 remove 3.7 python versions to matrix (#8294)
- releng - explicitly define bash as the makefile shell (#8343)
- releng - functional aws tests and slack results (#8359)
- releng - get rid of generated setup.py/requirements.txt files, use poetry to publish wheels (#8348)
- releng - omnissm - bump golang.org/x/net (#8340)
- releng - refactor ci and makefile (#8332)
- releng - rev version, sphinx fixes, and rebase dependencies (#8341)
- releng - use layer cache when building images (#8331)
schema changes
aws.recovery-clusteraddedaws.recovery-control-paneladdedaws.apigw-domain-name- added filters:
finding
- added filters:
aws.efs-mount-target- added filters:
network-location
- added filters:
aws.eks- added filters:
network-location
- added filters:
aws.elasticsearch- added actions:
enable-auditlog
- added actions:
aws.lambda- added filters:
lambda-edge
- added filters: