Rules engine for cloud security, cost optimization, and governance, DSL in yaml for policies to query, filter, and take actions on resources
Fixes a package upload issue caused using poetry to upload our frozen wheels that affected (0.9.25.0), in favor of using twine to. upload, which results in proper frozen metadata.
Full Changelog: https://github.com/cloud-custodian/cloud-custodian/compare/0.9.25.0...0.9.26.0
gcp.secret
addedlist-item
aws.event-bus
config-compliance
, json-diff
aws.fis-template
json-diff
aws.glue-classifier
json-diff
aws.glue-ml-transform
json-diff
aws.graphql-api
delete
aws.kinesis-analyticsv2
json-diff
aws.kinesis-video
mark
, unmark
, untag
tag-count
aws.message-broker
json-diff
aws.mirror-session
json-diff
aws.mirror-target
json-diff
aws.readiness-check
config-compliance
, json-diff
aws.recovery-cluster
config-compliance
, json-diff
aws.recovery-control-panel
config-compliance
, json-diff
, safety-rule
aws.sns-subscription
topic
azure.networksecuritygroup
flow-logs
azure.subscription
diagnostic-settings
gcp.organization
essential-contacts
gcp.project
access-approval
gcp.service-account
iam-policy
tencentcloud.security-group
used
aws.recovery-cluster
addedaws.recovery-control-panel
addedaws.apigw-domain-name
finding
aws.efs-mount-target
network-location
aws.eks
network-location
aws.elasticsearch
enable-auditlog
aws.lambda
lambda-edge
vulnerability-assessment
filter (#7864)assertTrue
with assertEqual
(#7914)aws.composite-alarm
addedaws.resolver-logs
addedaws.transfer-server
addedaws.transfer-user
addedtencentcloud.cam-policy
addedtencentcloud.cam-user
addedtencentcloud.cls
addedtencentcloud.cos
addedtencentcloud.elasticsearch
addedtencentcloud.mysql
addedtencentcloud.mysql-backup
addedtencentcloud.tcr
addedtencentcloud.vpc
addedaws.account
toggle-config-managed-rule
ses-agg-send-stats
, ses-send-stats
aws.ami
set-deprecation
, set-permissions
aws.config-rule
remediation
aws.dynamodb-table
consecutive-aws-backups
aws.ec2
has-specific-managed-policy
aws.efs
consecutive-aws-backups
, has-statement
aws.event-rule
set-rule-state
aws.glue-connection
auto-tag-user
, copy-related-tag
, mark-for-op
, remove-tag
, tag
marked-for-op
aws.graphql-api
api-cache
aws.iam-profile
set-role
config-compliance
, has-specific-managed-policy
aws.rds
db-option-groups
aws.redshift
consecutive-aws-backups
, consecutive-snapshots
aws.secrets-manager
has-statement
aws.sns
aws.wafv2
logging
azure.postgresql-server
configuration-parameter
azure.sql-server
auditing
azure.storage
blob-services
azure.webapp
authentication
tencentcloud.ami
metrics
tencentcloud.cbs-snapshot
metrics
tencentcloud.security-group
metrics
Full Changelog: https://github.com/cloud-custodian/cloud-custodian/compare/0.9.20.0...0.9.21.0
put-subscription-filter
action (#7817)aws.apigwv2
addedaws.graphql-api
addedaws.rds-proxy
addedaws.elasticsearch
update-tls-config
aws.iam-user
login-profile
aws.log-group
put-subscription-filter
This release includes a change that requires the GetBucketLocation
permission on the output bucket when using the s3 output. If you are missing this permission and are doing cross account outputs to s3, ensure that your custodian role has GetBucketLocation
permission for the target bucket.
aws:SourceAccount
support to cross-account filter (#7611)to
in notify action (#7586)aws.connect-instance
addedaws.artifact-repo
config-compliance
aws.batch-compute
json-diff
aws.batch-queue
json-diff
aws.fsx
consecutive-backups
, subnet
aws.kafka
json-diff
aws.rest-stage
set-waf
waf-enabled
aws.sagemaker-model
json-diff
aws.sns
has-statement
aws.sqs
has-statement
aws.step-machine
json-diff
aws.workspaces
json-diff
aws.workspaces-directory
connection-aliases
gcp.sql-instance
mark-for-op
, set-labels
marked-for-op
aws.fis-template
addedaws.wafv2
addedaws.account
config-compliance
aws.app-elb
set-wafv2
wafv2-enabled
aws.cloudsearch
enable-https
domain-options
aws.distribution
set-wafv2
wafv2-enabled
aws.iam-group
set-policy
aws.rds
engine
aws.rest-stage
set-wafv2
wafv2-enabled
aws.sqs
dead-letter
aws.workspaces-directory
deregister