Kapil Thangavelu
Kapil Thangavelu
Using GitHub attestations to sign docker images and artifacts (currently using co-sign, but there’s a number of problematic issues with it imho).
Publishing directly to pypi via trusted publishing https://docs.pypi.org/trusted-publishers/
good first issues might be adding in support for a resource https://github.com/cloud-custodian/cloud-custodian/issues/10074 or an additional filter/action on an existing resource https://github.com/cloud-custodian/cloud-custodian/issues/10073 the process for this is documented in the developer...
this should definitely be a separate filter, we're trying to slim augment table not add to it for s3, re not forcing api calls when they aren't explicitly needed for...
odd, it seems to validate albeit with warnings ``` ❯ custodian validate foo.yaml 2024-08-16 12:01:48,282: custodian.commands:WARNING deprecated usage found in policy policy 'aws-flowlogs-auto-enable-flowlogs' (foo.yaml:2) filters: field 'flow-logs.enabled' has been deprecated...
thanks for updating with a policy sketch, was about to ask about that. re filter i was thinking ami age seems to match up on the requirements. ```yaml policies: -...
where's the version string / matching coming from.. the tag? is the tag being hot swapped out of band to reflect the latest ami? for reference do you have an...
thanks for the context, so those golden amis are typically hosted in different accounts as well? we'll need to include owners as well in the filter to accomodate that (default...
yeah.. i dig that latest version, i think ami-search might be good as a straight passthrough to the ami api filters, afaics that matches what the terraform ami data source...
the data changes can be dropped on this one