aws
- aws - add support for 'aws-iso' partition (#9103)
- aws - support python3.11 in lambda policy schema (#9047)
- aws - account service-limit filter - handle non-refreshable checks (#9072)
- aws - add bedrock custom model resource (#9161)
- aws - add support for opensearch serverless (#9058)
- aws - add support for workspaces web (#9121)
- aws - ami - fix ou/org regex patterns in set-permissions (#9032)
- aws - arn parse explicit value error on invalid (#9071)
- aws - asg - suspend includes InstanceRefresh process (#9142)
- aws - check-cloudtrail filter - fix (#9066)
- aws - check-cloudtrail filter - update/expand matching logic (#8968)
- aws - dynamodb-table - delete protection config and force delete (#9125)
- aws - ec2 - fix query parser should be scoped to describe source only (#9167)
- aws - ec2 - security-group filter - get from sg ids from all interfaces on an instance (#9126)
- aws - ec2 capacity reservation resource (#9147)
- aws - ec2-reservation - fix typo in field (#9155)
- aws - ecs - security-group/network-location filter for ecs-service and ecs-task (#8892)
- aws - elasticsearch - fix tag operation error handling (#9070)
- aws - fix import path for workspaces-web (#9136)
- aws - glue - fix toggle-metrics filter (#9051)
- aws - glue connection - handle broken vpc/subnet references (#9163)
- aws - iam-oidc-provider - add delete action (#9063)
- aws - internet-gateway - warn on dependency errors during delete (#9059)
- aws - make wafv1 global, r53domains is not global (#9094)
- aws - modify-sgs by tags - vpc id check (#9092)
- aws - rds cluster pending maintenance filter (#9099)
- aws - secrets manager tag, ignore reserved tags (#9110)
awscc
- awscc - update test for new access config properties on test resource (#9146)
- awscc - update test to use a more stable resource for attribute checking (#9165)
azure
- azure - add additional defender resources (#9061)
- azure - add azure.event-grid-domain (#9000)
- azure - add desktop virtualization session-host and host-pool resources and filters (#8992)
- azure - app-configuration (#8997)
- azure - datalake-analytics (#8966)
- azure - event-grid-topic resource (#9035)
- azure - kusho log analytics resource (#8971)
- azure - machine-learning-workspace (#9039)
- azure - mariadb-server (#9040)
- azure - mysql-server security-alert-policy filter (#9042)
- azure - network watcher resource name alias (#8970)
- azure - replace deprecated mktemp function with mkstemp (#9171)
- azure - signalr resource (#9062)
- azure - sql-database.filters.data-encryption (#9098)
- azure - update dependencies (#9096)
- azure - waf resource and waf filter for app gateway (#8641)
gcp
- gcp - adding effective-firewall filter to gke cluster (#9030)
- gcp - firewall - augment rules with port ranges (#9046)
- gcp - fix workload identity federation access (#9069)
oci
- oci - support instance principal auth (#8998)
openstack
- openstack - add storage-container resource (#9145)
- openstack - image resource (#9140)
- openstack - secrets resource (#9143)
- openstack - security-group resource (#9064)
- openstack - server.filters.security-group (#9119)
- openstack - user extended-info filler (#9123)
core
- core - json dump support bytes (#9135)
docs
- docs - clarify tag compliance and policy structure examples (#8990)
- docs - update mailer readme docker instructions (#9105)
releng
- releng - bump github.com/docker/docker in /tools/cask (#9122)
- releng - golang.org/x/net from 0.7.0 to 0.17.0 in /tools/cask (#9050)
- releng - golang.org/x/net from 0.7.0 to 0.17.0 in /tools/omnissm (#9049)
- releng - prep for 0.9.33.0 release (#9178)
- releng - update dependencies - 2023-10 (#9090)
- releng - update deps and restore azure lock file (#9108)
- releng - vendor selections of distutils (#9104)
shift-left
- c7n-left - support policy filtering for warn on (#9029)
tools
- tools/policystream - add limits to avoid/fix possible DoS attack (#9176)
schema changes
aws.bedrock-custom-modeladdedaws.ec2-capacity-reservationaddedaws.opensearch-serverlessaddedaws.workspaces-webaddedazure.app-configurationaddedazure.datalake-analyticsaddedazure.defender-assessmentaddedazure.defender-contactaddedazure.defender-jit-policyaddedazure.event-grid-domainaddedazure.event-grid-topicaddedazure.host-pooladdedazure.kustoaddedazure.machine-learning-workspaceaddedazure.mariadb-serveraddedazure.session-hostaddedazure.signalraddedazure.wafaddedopenstack.imageaddedopenstack.secretaddedopenstack.security-groupaddedopenstack.storage-containeraddedaws.ecs-service- added filters:
network-location,security-group
- added filters:
aws.ecs-task- added filters:
network-location,security-group
- added filters:
aws.iam-oidc-provider- added actions:
delete
- added actions:
aws.rds-cluster- added filters:
pending-maintenance
- added filters:
azure.application-gateway- added filters:
waf
- added filters:
azure.mysql- added filters:
security-alert-policy
- added filters:
azure.sql-database- added filters:
data-encryption
- added filters:
gcp.gke-cluster- added filters:
effective-firewall
- added filters:
openstack.server- added filters:
security-group
- added filters:
openstack.user- added filters:
extended-info
- added filters:
New Contributors
- @dmytro-afanasiev made their first contribution in #9000
- @lwr20 made their first contribution in #9059
- @tomsmallwood made their first contribution in #9063
- @arthurscchan made their first contribution in #9071
- @rackerbenoit made their first contribution in #9105
- @jbgcarnes made their first contribution in #9103
- @scaldarola made their first contribution in #9072
- @alberttwong made their first contribution in #8990
- @dschro-1993 made their first contribution in #9032
- @rubenandre made their first contribution in #9135
- @rymancl made their first contribution in #9142
- @dehamzah made their first contribution in #9147