- AWS - SES - Create new resource type configuration-set for SES (#8457)
- aws - add support for 'aws-iso' partition (#9103)
- aws - rest-stage - add regex match support for wafv2-enabled filter and set-wafv2 action (#7946)
- aws - route53 recovery readiness-check - add resource and tagging support (#8112)
- aws - support python3.11 in lambda policy schema (#9047)
- aws - access analyzer finding resource (#8895)
- aws - account - add ses send metric filters (#7874)
- aws - account - add support for bedrock model invocation logging configuration (#9259)
- aws - account - check-cloudtrail filter: add include-management-events and log-metric-filter-pattern (#7851)
- aws - account - check-cloudtrail sns subscription lookup refactor (#8020)
- aws - account - managed config rule (#7029)
- aws - account - organization filter (#8113)
- aws - account service-limit filter - handle non-refreshable checks (#9072)
- aws - actions - fix typo in documentation for invoke-lambda (#9180)
- aws - add bedrock custom model resource (#9161)
- aws - add connect-campaign resource and kms-key filter (#8681)
- aws - add delete action to directory and cloud-directory (#8610)
- aws - add emr-serverless-app resource and delete, tag, mark actions (#8197)
- aws - add eni detach and eip disassociate actions, fix check-permissions filter (#9100)
- aws - add in operator to vpc network-location filter (#9160)
- aws - add more resource types (#8799)
- aws - add pinpoint resource (#8514)
- aws - add python3.12 runtime support, default to python3.11 (#9231)
- aws - add ses-receipt-rule resource and delete action (#8671)
- aws - add set-policy action for iam-profile resource (#9257)
- aws - add support for opensearch serverless (#9058)
- aws - add support for workspaces web (#9121)
- aws - add value filter logic to waf-enabled and wafv2-enabled filters (#8407)
- aws - airflow - update-environment and delete-environment (#8866)
- aws - alb - delete - handle ResourceInUseException (#8705)
- aws - allow excluding specific processes when resuming ASGs (#9252)
- aws - ami - add cancel-launch-permission action (#8728)
- aws - ami - add image-attribute filter (#8091)
- aws - ami - add set-permissions and set-deprecation actions, org support for cross-account filter (#7974)
- aws - ami - allow no 'add' in set-permissions action (#8327)
- aws - ami - fix ou/org regex patterns in set-permissions (#9032)
- aws - apigw - generate domain name arns (#8366)
- aws - app-elb-target-group - retry wrapper for describe_target_group_attributes (#8916)
- aws - appelb - added filter and action for target group attributes (#8037)
- aws - appmesh support (#9260)
- aws - arn parse explicit value error on invalid (#9071)
- aws - asg - fix propagate-tags for asgs with no tags (#8612)
- aws - asg - ignore UnsupportedOperation on asg suspend (#8076)
- aws - asg - image filter - fix warning when image not found (#8473)
- aws - asg - let valid/invalid filters work in explicit pull mode (#8308)
- aws - asg - suspend includes InstanceRefresh process (#9142)
- aws - asg rename-tag - don't propagate tags when there are no instances (#8762)
- aws - asp-sync - delete action (#8419)
- aws - autotag - fix none userinfo exception (#7984)
- aws - autotag action - add principalId as option for value field (#8244)
- aws - autotag action - autotag user with value (#7959)
- aws - backup - add consecutive backups filter (#8030)
- aws - batch - add tagging support and update/delete job queue actions (#9182)
- aws - check-cloudtrail filter - fix (#9066)
- aws - check-cloudtrail filter - update/expand matching logic (#8968)
- aws - cloudfront - fix wafv2-enabled filter to find waf-classic associations (#7986)
- aws - cloudfront - updating s3 regexes for mismatch-s3-origin filter (#8045)
- aws - cloudhsm-cluster, augment and serverless mode (#7996)
- aws - cloudwatch logs - added attribute to allow passing role arn to put-subscription-filter call (#8246)
- aws - codecommit - add universal_augment to pull tags (#8576)
- aws - composite-alarm - add resource and delete action (#7953)
- aws - config - remediation filter: add rule_prefix to schema (#8171)
- aws - connect - add set-attribute action (#8095)
- aws - core - fix fetching resources by id for types with scalar server-side filters (#8614)
- aws - cost optimization filter (#9209)
- aws - cross-account filter - use case-insensitive checks for allowed condition keys (#7889)
- aws - custodian lambda policy - arm64 / graviton support (#7917)
- aws - dlm - use native arn attribute (#8027)
- aws - docs - network-addr moved to elastic-ip resource (#8170)
- aws - docs - add example policies for the
finding
filter (#8201) - aws - dynamodb - add update table action (#8023)
- aws - dynamodb-table - avoid key errors in continuous-backup filter (#9266)
- aws - dynamodb-table - delete protection config and force delete (#9125)
- aws - ebs - EBS CreateDate should be CreateTime in docs example (#8153)
- aws - ebs - encrypt-instance-volumes handle missing tags (#8683)
- aws - ebs modify - support io2 (#8717)
- aws - ebs-snapshot - cross-account filter - enable everyone_only (#8552)
- aws - ec2 - fix query parser should be scoped to describe source only (#9167)
- aws - ec2 - force stop override stop protection (#8007)
- aws - ec2 - security-group filter - get from sg ids from all interfaces on an instance (#9126)
- aws - ec2 - use a list instead of tuple for empty tag set (#8957)
- aws - ec2 capacity reservation resource (#9147)
- aws - ec2-reservation - fix typo in field (#9155)
- aws - ecr - modify-policy update action schema validation (#8254)
- aws - ecs - security-group/network-location filter for ecs-service and ecs-task (#8892)
- aws - ecs cluster - including settings to check for container insights (#8380)
- aws - ecs-cluster - ebs-storage filter (#8446)
- aws - ecs-task-definition - support permanent deletion via force option (#8406)
- aws - efs - add has-statement filter (#7884)
- aws - efs-mount-point - network-location filter (#8347)
- aws - efs-mount-target - support cloudtrail mode (#8631)
- aws - eip - release - handle InvalidAddress.PtrSet and InvalidAddress.Locked exception (#8924)
- aws - eks - add network-location filter (#8377)
- aws - eks - adding associate-encryption-config action (#8426)
- aws - elasticache - skip del replication group if not empty (#8025)
- aws - elasticache and rg skip deletion when linked with global ds (#8876)
- aws - elasticsearch - cross-account bug fix handle no access policy (#8403)
- aws - elasticsearch - enable support for server-side query filtering (#8337)
- aws - elasticsearch - fix tag operation error handling (#9070)
- aws - elasticsearch - new action to enable audit logs to cloudwatch (#8232)
- aws - emr - security configuration filter (#8268)
- aws - enhance modify-security-groups action to support add groups by tag (#8356)
- aws - event bus delete action (#8598)
- aws - event-rule - add set-rule-state action (#7954)
- aws - fis - adding aws.fis-experiment resource (#8470)
- aws - fix ASG config resource id (#9248)
- aws - fix import path for workspaces-web (#9136)
- aws - fix transit-user resource type metadata (#8134)
- aws - flow-log filter & action - refactor for kinesis/parquet support (#8757)
- aws - fsx - rds - register aws_backup count filter (#8494)
- aws - glue - fix toggle-metrics filter (#9051)
- aws - glue catalog - kms-key filter and set-encryption refactor (#8833)
- aws - glue connection - handle broken vpc/subnet references (#9163)
- aws - glue-connection - tag read/write support (#8049)
- aws - graphql-api - add api-cache filter (#8056)
- aws - hosted zone - explicit config_id for config-rule support (#8269)
- aws - hosted-zone - query-logging-enabled: add subscription filter details (#7988)
- aws - iam-instance-profile - set-role action (#7999)
- aws - iam-oidc-provider - add delete action (#9063)
- aws - iam-profile, ec2 - add has-specific-managed-policy filter (#8006)
- aws - iam-profile, ec2 - add value filter logic to has-specific-managed-policy filter (#8104)
- aws - iam-user - add include-via option to policy filter for group inherited policies (#8372)
- aws - iam-user - add set-policy action (#8125)
- aws - identity-pool - include resource details from parent augment (#8692)
- aws - inspector-v2 finding resource (#8934)
- aws - internet-gateway - warn on dependency errors during delete (#9059)
- aws - invoke-lambda action - support for assume role prior to invoke (#7904)
- aws - kafka - migrate to list_clusters_v2 (#8077)
- aws - key-pair unused filter - check autoscaling groups (#8755)
- aws - kinesis-video add tag/remove tag action (#8454)
- aws - kms related filter - resolve key alias to id before cache lookup (#8505)
- aws - lambda - add has-specific-managed-policy filter (#8477)
- aws - lambda - adjust kms key arn casing for securityhub finding (#7998)
- aws - lambda - filter for lambda@edge (#8382)
- aws - lambda mode - support python3.10 in schema (#8502)
- aws - lambda mode - validate description length (#8497)
- aws - launch-template-version - add cloudformation type (#8724)
- aws - launch-template-version - include version number in synthetic arn (#8972)
- aws - make wafv1 global, r53domains is not global (#9094)
- aws - metrics filter - support client side evaluation across multiple periods (#8930)
- aws - modify-sgs by tags - vpc id check (#9092)
- aws - notify - prepare iam-saml-provider for notify (#8022)
- aws - org unit filter (#9224)
- aws - org unit resource (#9223)
- aws - org-account and org-policy resources (#8194)
- aws - output - metrics - allow enabling specific metrics and ignore zero values via query params (#8929)
- aws - output - set region when using lambda exec options (#8471)
- aws - output - strip trailing slashes from s3 output url paths (#8559)
- aws - policy filter & action for ou & account (#9232)
- aws - policy modify - handle statements without sids (#6943)
- aws - post-finding - document usage of the title parameter (#8527)
- aws - quota - fix usage-metric exceeds the limit of 1440 data points (cont.) (#7140)
- aws - quotas - add a special filter in query section to reduce API calls (#9193)
- aws - rds - add db-option-groups filter (#7807)
- aws - rds - add pending-maintenance filter (#8793)
- aws - rds - bug fix in consecutive-snapshots filter (#8357)
- aws - rds - delete - filter aurora cluster members - use a cluster policy instead (#8713)
- aws - rds - fix delete action filtering (#8891)
- aws - rds - fix option group filter (#8433)
- aws - rds - include db instance option values (#8236)
- aws - rds - switch from other to db instance for post-finding action (#8183)
- aws - rds cluster pending maintenance filter (#9099)
- aws - rds, config-poll-rule - add server-side filter query support (#7696)
- aws - rds, rds-cluster - add annotation to pending-maintenance filter (#9183)
- aws - rds-cluster - add db-cluster-parameter filter (#7729)
- aws - rds-cluster - use DbClusterResourceId as the config id (#8285)
- aws - rds-proxy - delete action (#8751)
- aws - rds-proxy fix cfn type (#9267)
- aws - rds-snapshot - fix rds-snapshot multi retrieval w/ server side scalar filter (#8135)
- aws - rds-snapshot - instance filter (#8764)
- aws - rds-snapshot - skip automated snapshots during delete action (#7938)
- aws - rdscluster - modified_db_cluster handle serverless v1 behavior (#8806)
- aws - redshift - efs - add consecutive daily snapshot count filter (#7749)
- aws - redshift - fix consecutive-snapshots date filtering (#8129)
- aws - rest-stage - Scope down apigw ids with arn:aws:apigateway (#8111)
- aws - reuse client for augment thread workers (#8456)
- aws - route53 - define rrset and healthcheck as global resources (#8042)
- aws - route53 - fix arn handling in query-logging-enabled filter (#8988)
- aws - route53 - recovery-control-panel - add a safety-rule filter (#8381)
- aws - route53 ARC - control panel: add resource and tagging (#8352)
- aws - route53-arc - readiness-check cross-account filter (#8235)
- aws - route53.recovery-cluster - add resource and tagging support (#8301)
- aws - route53resolver - add resolver-logs resource and associate-vpc action (#7939)
- aws - s3 - add bucket-replication filter (#8686)
- aws - s3 - add support for intelligent tiering (#8712)
- aws - s3 - adding bucket_key_enabled to bucket-encryption filter (#8868)
- aws - s3 - check-public-filter handle access denied errors (#8374)
- aws - s3 - lifecycle - add schema for newer rule options (#8564)
- aws - s3 - only check account-local trails in data-events filter (#8960)
- aws - s3 express directory resource (#9185)
- aws - s3 output bucket region determination refactor (#8289)
- aws - secrets manager delete and remove-statements action (#8152)
- aws - secrets manager tag, ignore reserved tags (#9110)
- aws - secrets-manager - add has-statement filter (#7930)
- aws - secretsmanager - add set-encryption action (#8168)
- aws - security-group - used filter - add interface usage annotation (#8028)
- aws - security-group - used filter - handle ram vpc sharing eni when run in vpc owner (#8604)
- aws - security-group unused filter - add batch compute envs (#8297)
- aws - service-quotas - request-increase fix (#8939)
- aws - ses - add ses-email-identity resource type (#8616)
- aws - ses - add set-delivery-options action (#8635)
- aws - ses - identity has-statement filter (#8640)
- aws - sg - unused/used filter don't consider self references as usage (#8821)
- aws - shield - handle elastic ip arn type delta (#8272)
- aws - sns - fix metrics filter get_dimensions for topics (#8951)
- aws - sns - migrate to universal augment (#8075)
- aws - sns subscription - topic filter for unused and other use cases #8316 (#8336)
- aws - ssm session manager (#8823)
- aws - subnet - add ip-address-usage filter (#8521)
- aws - tag rename action via universal/resource group tag api (#8878)
- aws - tag variable interpolation fix (#8383)
- aws - tags - copy-related-tag load resources during validation (#8219)
- aws - tags - copy-related-tag using resourcegroupstaggingapi, support tags as key (#7223)
- aws - timestream-table, timestream-database - add resources (#8159)
- aws - transfer - add transfer resources (#6927)
- aws - transit-attachment - Support CloudTrail mode (#7983)
- aws - user-pool - include resource details from parent augment (#8684)
- aws - userpool - register universal taggable (#8158)
- aws - validate arn types on resources (#8143)
- aws - vpc - bug fix security-groups-used on in-use eni with no attachment (#8099) (#8390)
- aws - vpc - delete-empty action (#8854)
- aws - vpc modify and network usage metrics (#8628)
- aws - vpc-endpoint - add has-statement filter (#8463)
- aws - waf and vpc - reduce noise from deprecated field validation (#8919)
- aws - wafv2 - add logging filter (#8072)
- aws - wafv2 - add scope param to list call in lambda modes (#8120)
- aws - rds-proxy - add subnet, security-group and vpc filters (#8734)
- aws - vpc metrics filter for vpce and tgw attachment (#8674)
- awscc - update test for new access config properties on test resource (#9146)
- awscc - update test to use a more stable resource for attribute checking (#9165)
- awscc - use build step to fetch data files (#8840)
- azure - add CIDR support for network security group (#8798)
- azure - add additional defender resources (#9061)
- azure - add alert-logs resource (#8167)
- azure - add azure.defender-alert resource (#8097)
- azure - add azure.event-grid-domain (#9000)
- azure - add cdn-custom-domain and cdn-endpoint resources (#8554)
- azure - add desktop virtualization session-host and host-pool resources and filters (#8992)
- azure - add mariadb resource (#8498)
- azure - add open-shift resource (#8469)
- azure - add recovery services vault resource (#8599)
- azure - adding filter for subscription diagnostic settings (#8401)
- azure - app-configuration (#8997)
- azure - application insights resource (#8837)
- azure - automation-account variable filter (#8999)
- azure - azure.vm.filters.backup-status (#9242)
- azure - bastion host resource (#8827)
- azure - cdn - update package version (#8979)
- azure - cdn - waf enabled filter (#8672)
- azure - datalake-analytics (#8966)
- azure - event mode - fix functions via include boto3 module #8203 (#8465)
- azure - event-grid-topic resource (#9035)
- azure - filter for the SQL Server TDE (#8652)
- azure - filters - azure advisor recommendation filter (#8770)
- azure - firewall filter - add option to include azure service 'magic' ip range (#8309)
- azure - front-door waf filter (#9038)
- azure - front-door-policy waf resource (#8811)
- azure - frontdoor - waf enabled filter (#8662)
- azure - key vault - filter to check rotation policy (#8905)
- azure - key vault secret resource (#8184)
- azure - kusho log analytics resource (#8971)
- azure - machine-learning-workspace (#9039)
- azure - mariadb-server (#9040)
- azure - monitor logs profile storage filter (#8870)
- azure - monitor-log-profile resource (#8580)
- azure - mysql server - configuration filter (#8805)
- azure - mysql-server security-alert-policy filter (#9042)
- azure - network security group - add explicit icmp to filter vocab (#8438)
- azure - network security group - fix filter bug. destinationPortRange field is always present (#8883)
- azure - network watcher resource (#8230)
- azure - network watcher resource name alias (#8970)
- azure - network-security group - flow log filter (#8312)
- azure - output - blob upload fix closes #8885 (#8884)
- azure - postgresql-server - add configuration-parameter filter (#7876)
- azure - redis firewall filter (#9045)
- azure - replace deprecated mktemp function with mkstemp (#9171)
- azure - resource servicebus namespace authrules (#8541)
- azure - servicebus-namespace resource (#8536)
- azure - servicebus-namespace-networkruleset (#8546)
- azure - session - add _run_command timeout parameter (#8632)
- azure - signalr resource (#9062)
- azure - spring app resources (#8558)
- azure - sql server auditing filter (#9097)
- azure - sql-database.filters.data-encryption (#9098)
- azure - sql-server - add value filter logic to the
vulnerability-assessment
filter (#7864) - azure - sql-server - add value filter logic to the auditing filter (#8314)
- azure - sqlserver - add auditing filter (#7664)
- azure - storage - add blob-services filter (#8082)
- azure - storage - fix blob-services docs (#8086)
- azure - storage container - fix public access (#8797)
- azure - synapse resource (#9240)
- azure - tests - trim cassette data (#8466)
- azure - update azure dependencies / poetry lock (#9117)
- azure - update azure poetry lock / dependencies (#9241)
- azure - update dependencies (#9096)
- azure - waf resource and waf filter for app gateway (#8641)
- azure - webapp - add authentication filter (#7840)
- c7n_azure - adding new resource for mysql flexibleserver and a new filter (#8241)
- c7n-org - cli - support not-accounts option (#8036)
- c7n-org - support org level vars in config file (#8033)
- c7n_left - github action output annotation fixes (#8011)
- core - add ability to add custom functions to jmespath (#8533)
- core - cli entry point allows function parameters (#8464)
- core - don't expand {now} placeholder during provisioning (#8509)
- core - filters - add headers to value_from url (#8307)
- core - filters - add list-item filter (#7739)
- core - fix issue dumping FormatDate objects as json. (#7975)
- core - handle non importable resources (#8199)
- core - json dump support bytes (#9135)
- core - notify use a dynamically sized buffer for notify (#8742)
- core - offhours allow escaped
-
via ordinal hex (#8808) - core - offhours filter - fixing typo on fallback-schedule schema (#7929)
- core - pass validate to load_data so intent to validate policies or not is fully respected (#8305)
- core - policy - fix conditions.env_vars for c7n-org (#8434)
- core - policy - have conditions support vars (#8014)
- core - policy load - fix naming conflict between validate argument and import (#8265)
- core - query - have resource manager init args match the base class (#8310)
- core - utils reduce backoff_delays jitter (#8029)
- core - validate - report errors per file (#8565)
- core - value - support float value_type (#8927)
- core - value filter - add jmespath value_path as option for supplying values (#8350)
- resolver - support decompression when using value_from with s3 (#8851)
- docs - fix indentation on advanced example (#8405)
- docs - add Pratyush Mishra as a maintainer (#8206)
- docs - add example policy to add lifecycle policy on bucket delete (#8196)
- docs - add governance-as-code day orgs (#7957)
- docs - add policy example for rds reserved instances (#8835)
- docs - add shift-left to main readme, flesh out c7n-left readme (#8412)
- docs - aws - fix event filter example to use op: contains (#8959)
- docs - clarify conditions behavior on serverless policies (#8933)
- docs - clarify tag compliance and policy structure examples (#8990)
- docs - cover list-item under generic filters (#9005)
- docs - document gcp env vars explicitly along with noting workload federated identity support (#8606)
- docs - fix c7n-left check encryption policy (#8874)
- docs - fix sidebar formatting for c7n_kube (#8523)
- docs - flesh out mailer config, plus various formatting/clarity fixes (#8944)
- docs - minor gcp and c7n left fixes (#9129)
- docs - oci corrected some documentation typos (#8871)
- docs - readme - add Slack badge, add YouTube channel (#8229)
- docs - readme update (#8516)
- docs - remove extraneous quotes from example notify action (#8694)
- docs - tencentcloud resource reference docs build (#8002)
- docs - tencentcloud resources docs with examples (#8052)
- docs - update mailer readme docker instructions (#9105)
- docs - update tencent cloud object storage example (#8600)
- docs - value filter - add subheadings and expanded examples (#8476)
- docs - value filter - list in/not-in/contains under comparison and list operators (#8784)
- gcp - add artifact-repository resource (#8444)
- gcp - add big table asset types metadata (#8615)
- gcp - add compute-project (#8461)
- gcp - add datafusion resource (#8676)
- gcp - add get_urns for gcp resource managers (#8061)
- gcp - add more bigtable resources (instance, cluster, table, backup) (#8519)
- gcp - add secret resource (#8421)
- gcp - add support for impersonated credentials (#8571)
- gcp - added notebook resource (#8680)
- gcp - added redis instance (#8679)
- gcp - adding effective-firewall filter to gke cluster (#9030)
- gcp - api-key - Add gcp resource api key (#8094)
- gcp - bq-job - update enum_spec (#8994)
- gcp - bq-table - add augment to table for encryption config (#7952)
- gcp - cloud armor-policy aka waf (#8666)
- gcp - cloud run revision resource (#8697)
- gcp - cloud-run iam-policy filter (#8978)
- gcp - cloud-run service and job (#8452)
- gcp - compute - add suspend and pause actions (#8877)
- gcp - dataproc clusters (#8677)
- gcp - deployment-manager normalize label format (#8540)
- gcp - dns zone - records filter (#8829)
- gcp - enabling 'missing' filter (#8234)
- gcp - firewall - augment rules with port ranges (#9046)
- gcp - fix metadata on a few resource types (#8569)
- gcp - fix report fields metadata (#8573)
- gcp - fix workload identity federation access (#9069)
- gcp - gke cluster - label handling for zonal GKE clusters (#8802)
- gcp - gke-cluster - fix augment when gke is not enabled (#8073)
- gcp - iam filters (#8792)
- gcp - instance-group-manager, zone (#8825)
- gcp - kms keyring filter (#8903)
- gcp - label action support w/ fingerprint refetch on gke, instance, image (#8557)
- gcp - log sink - bucket filter (#8462)
- gcp - log-project-metric - add metric alert filter (#8155)
- gcp - mu - include boto3 in cloudfunctions requirements (#8242)
- gcp - mu - update function runtime, update for new env variables, use struct logging (#8711)
- gcp - new resources app service and app service version (#8425)
- gcp - node pool and cluster - server-config filter (#8880)
- gcp - org - policy filter (#8982)
- gcp - organization - essential-contacts filter (#8303)
- gcp - organization and folder iam policy filter (#9006)
- gcp - patch-deployment resource (#8698)
- gcp - project - access-approval filter (#8361)
- gcp - project - add compute-meta filter (#7971)
- gcp - recommender - handle empty recommend set (#8714)
- gcp - recommender filter (#8544)
- gcp - region psuedo resource from static data, and makefile data update target (#8517)
- gcp - remove email addresses from image label test data (#8718)
- gcp - replace ratelimiter with pyrate-limiter (#8060)
- gcp - service-account - iam-policy filter (#8404)
- gcp - spanner-backup: iam filter (#8938)
- gcp - spanner-instance-backup (#8699)
- gcp - sql - force option on delete and set-deletion-protection action (#8735)
- gcp - sql instance - set ha action for zonal/regional configuration (#8967)
- gcp - vpc-firewall-filter (#8901)
- k8s - chore - black c7n_kube package (#8786)
- k8s - tests - clean up threads, dont write to current directory (#8782)
- c7n_kube - k8s-admission - add label and auto-label-user actions for k8s-admission mode (#7925)
- kubernetes - add canonical_group for better matching in admission controller mode (#9207)
- kubernetes - fix test via k8s registry url update (#8290)
- kubernetes - report cli - fix reporting for k8s resources (#7942)
- oci - session factory & test refactor (#8700)
- oci - bucket - fix metadata id field (#8768)
- oci - cleanup extraneous data on user tests (#8785)
- oci - filter and action name refactor (#8740)
- oci - implement resource caching (#8869)
- oci - metrics query compartment fix (#8809)
- oci - metrics query optimization (#8754)
- oci - multi-region and c7n-org support (#8748)
- oci - native output support for logging and blob/object storage (#8810)
- oci - new provider (#8620)
- oci - remove extraneous test data from VCN cassette files (#8839)
- oci - remove extraneous test data from group cassette files (#8845)
- oci - remove extraneous test data on compartment cassette files (#8844)
- oci - removed extraneous test data from the bucket cassette files (#8807)
- oci - removed extraneous test data from the subnet cassette files (#8834)
- oci - removed the extraneous test data from zone cassette files (#8801)
- oci - support instance principal auth (#8998)
- oci - update test session creation and flight recorder options (#8846)
- openstack - add storage-container resource (#9145)
- openstack - image resource (#9140)
- openstack - secrets resource (#9143)
- openstack - security-group resource (#9064)
- openstack - server.filters.security-group (#9119)
- openstack - user extended-info filler (#9123)
- c7n-left - allow for policy and resource pre execution filtering on cli (#8190)
- c7n-left - cli entrypoint point reporter parameter (#9002)
- c7n-left - cli output on module shows matching resource refs (#8906)
- c7n-left - cli summary output (#8180)
- c7n-left - data resource types are now prefixed w/ "data." (#8861)
- c7n-left - default provider tags augment, handle empty resource tags (#8954)
- c7n-left - dump cli command to show graph and input variables (#8974)
- c7n-left - ensure tfmeta.type has value for all block types (#8904)
- c7n-left - fix default tags with module resources (#8894)
- c7n-left - fix handling of relative source dir (#8993)
- c7n-left - fix matches resources on the cli and docs related to traverse (#8088)
- c7n-left - fix multi resource using lists (#8447)
- c7n-left - fix policy severity level filtering for --warn-on (#9261)
- c7n-left - gitlab sast output (#8923)
- c7n-left - graph traversal filter (#7943)
- c7n-left - handle null provider tags when augmenting (#8984)
- c7n-left - initialize variables with default value if none provided (#8958)
- c7n-left - junit xml output (#8931)
- c7n-left - only consider root module variables when injecting uninitialized defaults (#8995)
- c7n-left - output - add description to console output (#7949)
- c7n-left - policy testing (#8428)
- c7n-left - policy testing allow filters (#8460)
- c7n-left - support --var-file parameters (#8841)
- c7n-left - support policy filtering for warn on (#9029)
- c7n-left - support taggable filter and default provider tags (#8852)
- c7n-left - terraform module resources now display instead the invoking module block (#8855)
- c7n-left - test handling of terraform local modules (#8286)
- c7n-left - traverse filter supports non value type filters (#8299)
- c7n-left - value_from fix, env var interpolation support, and docs on data resources plus a tag test (#8882)
- c7n_tencentcloud - better vcr test options (#7992)
- c7n_tencentcloud - cam - add resources (#7865)
- c7n_tencentcloud - cls, es, vpc, tcr - add resources (#7905)
- c7n_tencentcloud - resources - cdb & cdb_backup (#7908)
- c7n_tencentcloud - resources - cos (#8044)
- c7n_tencentcloud - security-group used filter (#8399)
- tencentcloud - cbs-snapshot, security-group - fix service in resource_type (#8127)
- tencentcloud - client - support for assume role (#8043)
- tencentcloud - mysql-backup - fix for casting date when status is not SUCCESS (#8126)
- tencentcloud - refactor metrics filter to support multi dimensions (#7994)
- tencentcloud - security group filter - fix for empty port string (#9253)
- mailer - fix - multi emails in tag for gcp (#8074)
- mailer - fix module not found error for azure mailer (#8182)
- mailer - skip empty email address and filter out invalid cc email addresses (#8051)
- tools/c7n-mailer - replay - support for slack (#5653)
- tools/c7n-mailer - unique email list (#8370)
- tools/c7n-mailer -replay - support mimicking sqs (#5655)
- tools/c7n_mailer - add ms graph api delivery for email (#8687)
- tools/c7n_mailer - handle empty execution_start in utils.py (#8260)
- tools/c7n_mailer - handle lambda container images (#8329)
- tools/c7n_mailer - option to assume role to send via centralized account SES (#6707)
- tools/c7n_mailer - refactoring and fix SendGrid duplicated emails (#8642)
- tools/c7n_mailer - strip newlines from slack token (#8645)
- tools/c7n_org - exit early on an empty list of accounts or policies (#8515)
- tools/c7n_policystream - bump pygit2 dependency (#8058)
- tools/cask - support tencent cloud (#8047)
- tools/dev - aws csm observability using vector.dev (#8556)
- tools/dev - fix devcontainer poetry installation (#8317)
- tools/dev - prcheck - add required fields and arg help (#8430)
- tools/dev - prcheck can tag prs and recheck them (#8376)
- tools/mugc - remove functions from regions where region is not set in policy (#6989)
- tools/omni-ssm bump golang.org/x/sys (#8320)
- tools/omnissm - bump github.com/aws/aws-sdk-go from 1.33.0 to 1.34.0 (#8273)
- tools/omnissm - bump golang.org/x/text (#8311)
- tools/ops - fix mugc.py policy filtering (#8670)
- tools/ops - policy lambda cfn - allow specifying just role name instead of arn (#8448)
- tools/policystream - add limits to avoid/fix possible DoS attack (#9176)
aws.access-analyzer-finding
addedaws.advisor-check
addedaws.apigwv2-stage
addedaws.appdiscovery-agent
addedaws.appmesh-mesh
addedaws.appmesh-virtual-gateway
addedaws.appstream-fleet
addedaws.appstream-stack
addedaws.athena-named-query
addedaws.bedrock-custom-model
addedaws.budget
addedaws.cloudwatch-dashboard
addedaws.composite-alarm
addedaws.connect-campaign
addedaws.datasync-agent
addedaws.datasync-task
addedaws.devicefarm-project
addedaws.dms-replication-task
addedaws.ec2-capacity-reservation
addedaws.emr-serverless-app
addedaws.fis-experiment
addedaws.flow-log
addedaws.guardduty-finding
addedaws.inspector2-finding
addedaws.lex-bot
addedaws.opensearch-serverless
addedaws.org-account
addedaws.org-policy
addedaws.org-unit
addedaws.pinpoint-app
addedaws.quicksight-group
addedaws.quicksight-user
addedaws.readiness-check
addedaws.recovery-cluster
addedaws.recovery-control-panel
addedaws.resolver-logs
addedaws.s3-directory
addedaws.securityhub-finding
addedaws.ses-configuration-set
addedaws.ses-email-identity
addedaws.ses-receipt-rule-set
addedaws.ssm-patch-group
addedaws.ssm-session-manager
addedaws.timestream-database
addedaws.timestream-table
addedaws.transfer-server
addedaws.transfer-user
addedaws.workspaces-web
addedaws.xray-group
addedaws.xray-rule
addedazure.alert-logs
addedazure.app-configuration
addedazure.app-insights
addedazure.automation-account
addedazure.bastion-host
addedazure.cdn-custom-domain
addedazure.cdn-endpoint
addedazure.datalake-analytics
addedazure.defender-alert
addedazure.defender-assessment
addedazure.defender-contact
addedazure.defender-jit-policy
addedazure.event-grid-domain
addedazure.event-grid-topic
addedazure.front-door-policy
addedazure.host-pool
addedazure.keyvault-secret
addedazure.kusto
addedazure.machine-learning-workspace
addedazure.mariadb
addedazure.mariadb-server
addedazure.monitor-log-profile
addedazure.mysql-flexibleserver
addedazure.networkwatcher
addedazure.open-shift
addedazure.recovery-services
addedazure.servicebus-namespace
addedazure.servicebus-namespace-authrules
addedazure.servicebus-namespace-networkrules
addedazure.session-host
addedazure.signalr
addedazure.spring-app
addedazure.spring-service-instance
addedazure.synapse
addedazure.waf
addedgcp.api-key
addedgcp.app-engine-service
addedgcp.app-engine-service-version
addedgcp.armor-policy
addedgcp.artifact-repository
addedgcp.bigtable-instance
addedgcp.bigtable-instance-cluster
addedgcp.bigtable-instance-cluster-backup
addedgcp.bigtable-instance-table
addedgcp.cloud-run-job
addedgcp.cloud-run-revision
addedgcp.cloud-run-service
addedgcp.compute-project
addedgcp.datafusion-instance
addedgcp.dataproc-clusters
addedgcp.instance-group-manager
addedgcp.kms-location
addedgcp.notebook
addedgcp.patch-deployment
addedgcp.redis
addedgcp.region
addedgcp.secret
addedgcp.spanner-backup
addedgcp.zone
addedoci.bucket
addedoci.compartment
addedoci.cross_connect
addedoci.group
addedoci.instance
addedoci.subnet
addedoci.user
addedoci.vcn
addedoci.zone
addedopenstack.image
addedopenstack.secret
addedopenstack.security-group
addedopenstack.storage-container
addedtencentcloud.cam-policy
addedtencentcloud.cam-user
addedtencentcloud.cls
addedtencentcloud.cos
addedtencentcloud.elasticsearch
addedtencentcloud.mysql
addedtencentcloud.mysql-backup
addedtencentcloud.tcr
addedtencentcloud.vpc
added- added common filters:
list-item
aws.account
- added actions:
set-bedrock-model-invocation-logging
,toggle-config-managed-rule
- added filters:
bedrock-model-invocation-logging
,organization
,ses-agg-send-stats
,ses-send-stats
- added actions:
aws.acm-certificate
- added actions:
rename-tag
- added actions:
aws.airflow
- added actions:
delete-environment
,update-environment
- added actions:
aws.alarm
- added actions:
rename-tag
- added actions:
aws.ami
- added actions:
cancel-launch-permission
,set-deprecation
,set-permissions
- added filters:
image-attribute
- added actions:
aws.apigw-domain-name
- added actions:
rename-tag
- added filters:
finding
- added actions:
aws.apigwv2
- added actions:
rename-tag
- added actions:
aws.app-elb-target-group
- added actions:
modify-attributes
- added filters:
attributes
- added actions:
aws.artifact-repo
- added filters:
json-diff
- added filters:
aws.asg
- added filters:
cost-optimization
- added filters:
aws.backup-plan
- added actions:
rename-tag
- added actions:
aws.backup-vault
- added actions:
rename-tag
- added actions:
aws.batch-compute
- added actions:
auto-tag-user
,copy-related-tag
,mark-for-op
,remove-tag
,rename-tag
,tag
- added filters:
marked-for-op
- added actions:
aws.batch-definition
- added actions:
auto-tag-user
,copy-related-tag
,mark-for-op
,remove-tag
,rename-tag
,tag
- added filters:
marked-for-op
- added actions:
aws.batch-queue
- added actions:
auto-tag-user
,copy-related-tag
,delete
,mark-for-op
,remove-tag
,rename-tag
,tag
,update
- added filters:
marked-for-op
- added actions:
aws.cache-cluster
- added actions:
rename-tag
- added actions:
aws.cache-snapshot
- added actions:
rename-tag
- added actions:
aws.catalog-portfolio
- added actions:
rename-tag
- added actions:
aws.catalog-product
- added actions:
rename-tag
- added actions:
aws.cloud-directory
- added actions:
delete
,disable
,rename-tag
- added actions:
aws.cloudhsm-cluster
- added actions:
rename-tag
- added actions:
aws.cloudtrail
- added actions:
rename-tag
- added actions:
aws.codebuild
- added actions:
rename-tag
- added actions:
aws.codecommit
- added actions:
rename-tag
- added actions:
aws.codedeploy-app
- added actions:
rename-tag
- added actions:
aws.codedeploy-group
- added actions:
rename-tag
- added actions:
aws.codepipeline
- added actions:
rename-tag
- added actions:
aws.config-rule
- added actions:
rename-tag
- added filters:
remediation
- added actions:
aws.connect-instance
- added actions:
set-attributes
- added actions:
aws.directconnect
- added actions:
rename-tag
- added actions:
aws.directory
- added actions:
delete
- added actions:
aws.distribution
- added actions:
rename-tag
- added actions:
aws.dms-endpoint
- added actions:
rename-tag
- added actions:
aws.dynamodb-table
- added actions:
rename-tag
,update
- added filters:
consecutive-aws-backups
- added actions:
aws.ebs
- added filters:
cost-optimization
- added filters:
aws.ec2
- added filters:
cost-optimization
,has-specific-managed-policy
- added filters:
aws.ec2-spot-fleet-request
- added filters:
json-diff
- added filters:
aws.ecs
- added filters:
ebs-storage
- added filters:
aws.ecs-service
- added filters:
cost-optimization
,network-location
,security-group
- added filters:
aws.ecs-task
- added filters:
network-location
,security-group
- added filters:
aws.efs
- added actions:
rename-tag
- added filters:
consecutive-aws-backups
,has-statement
- added actions:
aws.efs-mount-target
- added filters:
network-location
- added filters:
aws.eks
- added actions:
associate-encryption-config
- added filters:
network-location
- added actions:
aws.elastic-ip
- added actions:
disassociate
- added actions:
aws.elasticache-group
- added actions:
rename-tag
- added actions:
aws.elasticsearch
- added actions:
enable-auditlog
- added actions:
aws.emr
- added filters:
security-configuration
- added filters:
aws.eni
- added actions:
detach
- added actions:
aws.event-bus
- added actions:
delete
,rename-tag
- added filters:
config-compliance
,json-diff
- added actions:
aws.event-rule
- added actions:
rename-tag
,set-rule-state
- added actions:
aws.firehose
- added actions:
rename-tag
- added filters:
json-diff
- added actions:
aws.firewall
- added actions:
rename-tag
- added actions:
aws.fis-template
- added filters:
json-diff
- added filters:
aws.fsx
- added filters:
consecutive-aws-backups
- added filters:
aws.glacier
- added actions:
rename-tag
- added actions:
aws.glue-catalog
- added filters:
kms-key
- added filters:
aws.glue-classifier
- added filters:
json-diff
- added filters:
aws.glue-connection
- added actions:
auto-tag-user
,copy-related-tag
,mark-for-op
,remove-tag
,rename-tag
,tag
- added filters:
marked-for-op
- added actions:
aws.glue-crawler
- added actions:
rename-tag
- added actions:
aws.glue-dev-endpoint
- added actions:
rename-tag
- added actions:
aws.glue-job
- added actions:
rename-tag
- added actions:
aws.glue-ml-transform
- added actions:
rename-tag
- added filters:
json-diff
- added actions:
aws.glue-trigger
- added actions:
rename-tag
- added actions:
aws.glue-workflow
- added actions:
rename-tag
- added actions:
aws.graphql-api
- added actions:
delete
,rename-tag
- added filters:
api-cache
- added actions:
aws.healthcheck
- added actions:
rename-tag
- added actions:
aws.hostedzone
- added actions:
rename-tag
- added actions:
aws.iam-certificate
- added filters:
config-compliance
,json-diff
- added filters:
aws.iam-oidc-provider
- added actions:
delete
- added actions:
aws.iam-policy
- added actions:
rename-tag
- added actions:
aws.iam-profile
- added actions:
set-policy
,set-role
- added filters:
config-compliance
,has-specific-managed-policy
- added actions:
aws.iam-saml-provider
- added filters:
config-compliance
,json-diff
- added filters:
aws.iam-user
- added actions:
set-policy
- added actions:
aws.identity-pool
- added actions:
rename-tag
- added actions:
aws.insight-rule
- added actions:
rename-tag
- added actions:
aws.kafka
- added actions:
rename-tag
- added actions:
aws.kinesis
- added actions:
rename-tag
- added actions:
aws.kinesis-analytics
- added actions:
rename-tag
- added actions:
aws.kinesis-analyticsv2
- added actions:
rename-tag
- added filters:
json-diff
- added actions:
aws.kinesis-video
- removed actions:
mark
,unmark
,untag
- removed filters:
tag-count
- removed actions:
aws.kms
- added filters:
json-diff
- added filters:
aws.kms-key
- added actions:
rename-tag
- added actions:
aws.lambda
- added actions:
rename-tag
- added filters:
cost-optimization
,has-specific-managed-policy
,lambda-edge
- added actions:
aws.launch-template-version
- added filters:
config-compliance
- added filters:
aws.log-group
- added actions:
rename-tag
- added actions:
aws.message-broker
- added filters:
json-diff
- added filters:
aws.message-config
- added actions:
rename-tag
- added actions:
aws.mirror-session
- added filters:
json-diff
- added filters:
aws.mirror-target
- added filters:
json-diff
- added filters:
aws.prefix-list
- added filters:
config-compliance
,json-diff
- added filters:
aws.qldb
- added actions:
rename-tag
- added actions:
aws.rds
- added actions:
rename-tag
- added filters:
consecutive-aws-backups
,db-option-groups
,pending-maintenance
- added actions:
aws.rds-cluster
- added actions:
rename-tag
- added filters:
consecutive-aws-backups
,db-cluster-parameter
,pending-maintenance
- added actions:
aws.rds-cluster-param-group
- added actions:
rename-tag
- added actions:
aws.rds-cluster-snapshot
- added actions:
rename-tag
- added actions:
aws.rds-param-group
- added actions:
rename-tag
- added actions:
aws.rds-proxy
- added actions:
delete
,rename-tag
- added filters:
security-group
,subnet
,vpc
- removed filters:
json-diff
- added actions:
aws.rds-reserved
- added actions:
rename-tag
- added actions:
aws.rds-snapshot
- added actions:
rename-tag
- added filters:
instance
- added actions:
aws.rds-subnet-group
- added actions:
rename-tag
- added actions:
aws.rds-subscription
- added actions:
rename-tag
- added actions:
aws.redshift
- added filters:
consecutive-aws-backups
,consecutive-snapshots
- added filters:
aws.redshift-snapshot
- added actions:
rename-tag
- added actions:
aws.redshift-subnet-group
- added actions:
rename-tag
- added actions:
aws.rest-api
- added actions:
rename-tag
- added actions:
aws.rest-stage
- added actions:
rename-tag
- added actions:
aws.s3
- added actions:
set-intelligent-tiering
- added filters:
bucket-replication
,intelligent-tiering
- added actions:
aws.secrets-manager
- added actions:
delete
,remove-statements
,set-encryption
- added filters:
has-statement
- added actions:
aws.sns
- added actions:
mark
,rename-tag
,unmark
,untag
- added filters:
tag-count
- added actions:
aws.sns-subscription
- added filters:
topic
- added filters:
aws.sqs
- added actions:
rename-tag
- added actions:
aws.ssm-document
- added filters:
config-compliance
,json-diff
- added filters:
aws.ssm-parameter
- added actions:
rename-tag
- added actions:
aws.streaming-distribution
- added actions:
rename-tag
- added actions:
aws.subnet
- added filters:
ip-address-usage
- added filters:
aws.swf-domain
- added actions:
rename-tag
- added actions:
aws.transit-attachment
- added actions:
set-flow-log
- added filters:
metrics
- added actions:
aws.transit-gateway
- added actions:
set-flow-log
- added filters:
flow-logs
- added actions:
aws.user-pool
- added actions:
auto-tag-user
,copy-related-tag
,mark-for-op
,remove-tag
,rename-tag
,tag
- added filters:
json-diff
,marked-for-op
,wafv2-enabled
- added actions:
aws.vpc
- added actions:
delete-empty
,modify
- added filters:
metrics
- added actions:
aws.vpc-endpoint
- added filters:
has-statement
,metrics
- added filters:
aws.waf-regional
- added actions:
rename-tag
- added actions:
aws.wafv2
- added actions:
rename-tag
- added filters:
logging
- added actions:
aws.workspaces
- added actions:
rename-tag
- added actions:
aws.workspaces-directory
- added actions:
rename-tag
- added actions:
aws.workspaces-image
- added actions:
rename-tag
- added actions:
azure.advisor-recommendation
- added filters:
advisor-recommendation
- added filters:
azure.aks
- added filters:
advisor-recommendation
- added filters:
azure.api-management
- added filters:
advisor-recommendation
- added filters:
azure.application-gateway
- added filters:
advisor-recommendation
,waf
- added filters:
azure.appserviceplan
- added filters:
advisor-recommendation
- added filters:
azure.armresource
- added filters:
advisor-recommendation
- added filters:
azure.batch
- added filters:
advisor-recommendation
- added filters:
azure.cdnprofile
- added filters:
advisor-recommendation
,waf
- added filters:
azure.cognitiveservice
- added filters:
advisor-recommendation
- added filters:
azure.container-group
- added filters:
advisor-recommendation
- added filters:
azure.container-registry
- added filters:
advisor-recommendation
- added filters:
azure.containerservice
- added filters:
advisor-recommendation
- added filters:
azure.cosmosdb
- added filters:
advisor-recommendation
- added filters:
azure.cosmosdb-collection
- added filters:
advisor-recommendation
- added filters:
azure.cosmosdb-database
- added filters:
advisor-recommendation
- added filters:
azure.cost-management-export
- added filters:
advisor-recommendation
- added filters:
azure.databricks
- added filters:
advisor-recommendation
- added filters:
azure.datafactory
- added filters:
advisor-recommendation
- added filters:
azure.datalake
- added filters:
advisor-recommendation
- added filters:
azure.defender-autoprovisioning
- added filters:
advisor-recommendation
- added filters:
azure.defender-pricing
- added filters:
advisor-recommendation
- added filters:
azure.defender-setting
- added filters:
advisor-recommendation
- added filters:
azure.disk
- added filters:
advisor-recommendation
- added filters:
azure.dnszone
- added filters:
advisor-recommendation
- added filters:
azure.eventhub
- added filters:
advisor-recommendation
- added filters:
azure.eventsubscription
- added filters:
advisor-recommendation
- added filters:
azure.front-door
- added filters:
advisor-recommendation
,firewall-policy
,waf
- added filters:
azure.hdinsight
- added filters:
advisor-recommendation
- added filters:
azure.image
- added filters:
advisor-recommendation
- added filters:
azure.iothub
- added filters:
advisor-recommendation
- added filters:
azure.keyvault
- added filters:
advisor-recommendation
- added filters:
azure.keyvault-certificate
- added filters:
advisor-recommendation
- added filters:
azure.keyvault-key
- added filters:
advisor-recommendation
,rotation-policy
- added filters:
azure.loadbalancer
- added filters:
advisor-recommendation
- added filters:
azure.logic-app-workflow
- added filters:
advisor-recommendation
- added filters:
azure.mysql
- added filters:
advisor-recommendation
,security-alert-policy
,server-configuration
- added filters:
azure.networkinterface
- added filters:
advisor-recommendation
- added filters:
azure.networksecuritygroup
- added filters:
advisor-recommendation
,flow-logs
- added filters:
azure.policyassignments
- added filters:
advisor-recommendation
- added filters:
azure.postgresql-database
- added filters:
advisor-recommendation
- added filters:
azure.postgresql-server
- added filters:
advisor-recommendation
,configuration-parameter
- added filters:
azure.publicip
- added filters:
advisor-recommendation
- added filters:
azure.recordset
- added filters:
advisor-recommendation
- added filters:
azure.redis
- added filters:
advisor-recommendation
,firewall
- added filters:
azure.resourcegroup
- added filters:
advisor-recommendation
- added filters:
azure.roleassignment
- added filters:
advisor-recommendation
- added filters:
azure.roledefinition
- added filters:
advisor-recommendation
- added filters:
azure.routetable
- added filters:
advisor-recommendation
- added filters:
azure.search
- added filters:
advisor-recommendation
- added filters:
azure.service-fabric-cluster
- added filters:
advisor-recommendation
- added filters:
azure.service-fabric-cluster-managed
- added filters:
advisor-recommendation
- added filters:
azure.sql-database
- added filters:
advisor-recommendation
,data-encryption
- added filters:
azure.sql-server
- added filters:
advisor-recommendation
,auditing
,auditing-policies
,transparent-data-encryption
- added filters:
azure.storage
- added filters:
advisor-recommendation
,blob-services
- added filters:
azure.storage-container
- added filters:
advisor-recommendation
- added filters:
azure.subscription
- added filters:
advisor-recommendation
,diagnostic-settings
- added filters:
azure.traffic-manager-profile
- added filters:
advisor-recommendation
- added filters:
azure.vm
- added filters:
advisor-recommendation
,backup-status
- added filters:
azure.vmss
- added filters:
advisor-recommendation
- added filters:
azure.vnet
- added filters:
advisor-recommendation
- added filters:
azure.webapp
- added filters:
advisor-recommendation
,authentication
- added filters:
gcp.disk
- added filters:
recommend
- added filters:
gcp.dns-managed-zone
- added filters:
records-sets
- added filters:
gcp.folder
- added filters:
iam-policy
- added filters:
gcp.function
- added filters:
iam-policy
,recommend
- added filters:
gcp.gke-cluster
- added actions:
mark-for-op
,set-labels
- added filters:
effective-firewall
,marked-for-op
,recommend
,server-config
- added actions:
gcp.gke-nodepool
- added filters:
server-config
- added filters:
gcp.image
- added actions:
mark-for-op
,set-labels
- added filters:
iam-policy
,marked-for-op
,recommend
- added actions:
gcp.instance
gcp.kms-keyring
- added filters:
iam-policy
- added filters:
gcp.log-project-metric
- added filters:
alerts
- added filters:
gcp.log-project-sink
- added filters:
bucket
- added filters:
gcp.organization
- added filters:
essential-contacts
,iam-policy
,org-policy
- added filters:
gcp.project
- added filters:
access-approval
,compute-meta
,missing
,recommend
- added filters:
gcp.pubsub-topic
- added filters:
iam-policy
- added filters:
gcp.service-account
- added filters:
iam-policy
,recommend
- added filters:
gcp.spanner-database-instance
- added filters:
iam-policy
- added filters:
gcp.spanner-instance
- added filters:
iam-policy
- added filters:
gcp.sql-instance
- added actions:
set-deletion-protection
,set-high-availability
- added filters:
recommend
- added actions:
gcp.vpc
- added filters:
firewall
- added filters:
k8s.cluster-role
- added actions:
auto-label-user
,event-label
- added actions:
k8s.config-map
- added actions:
auto-label-user
,event-label
- added actions:
k8s.custom-cluster-resource
- added actions:
auto-label-user
,event-label
- added actions:
k8s.custom-namespaced-resource
- added actions:
auto-label-user
,event-label
- added actions:
k8s.daemon-set
- added actions:
auto-label-user
,event-label
- added actions:
k8s.deployment
- added actions:
auto-label-user
,event-label
- added actions:
k8s.namespace
- added actions:
auto-label-user
,event-label
- added actions:
k8s.node
- added actions:
auto-label-user
,event-label
- added actions:
k8s.pod
- added actions:
auto-label-user
,event-label
- added actions:
k8s.replica-set
- added actions:
auto-label-user
,event-label
- added actions:
k8s.replication-controller
- added actions:
auto-label-user
,event-label
- added actions:
k8s.role
- added actions:
auto-label-user
,event-label
- added actions:
k8s.secret
- added actions:
auto-label-user
,event-label
- added actions:
k8s.service
- added actions:
auto-label-user
,event-label
- added actions:
k8s.service-account
- added actions:
auto-label-user
,event-label
- added actions:
k8s.stateful-set
- added actions:
auto-label-user
,event-label
- added actions:
k8s.volume
- added actions:
auto-label-user
,event-label
- added actions:
k8s.volume-claim
- added actions:
auto-label-user
,event-label
- added actions:
openstack.server
- added filters:
security-group
- added filters:
openstack.user
- added filters:
extended-info
- added filters:
tencentcloud.ami
- removed filters:
metrics
- removed filters:
tencentcloud.cbs-snapshot
- removed filters:
metrics
- removed filters:
tencentcloud.security-group
- added filters:
used
- removed filters:
metrics
- added filters: