Description
# c7n-org: Multi Account Custodian Execution % [comment]: # ( !!! IMPORTANT !!! ) % [comment]: # (This file is moved during document generation.) % [comment]: # (Only edit the original document at ./tools/c7n_org/README.md) c7n-org is a tool to run Custodian against multiple AWS accounts, Azure subscriptions, GCP projects, or OCI tenancies in parallel. ## Installation ```shell pip install c7n-org ``` c7n-org has 3 run modes: ```shell Usage: c7n-org [OPTIONS] COMMAND [ARGS]... custodian organization multi-account runner. Options: --help Show this message and exit. Commands: aws-accounts generate c7n-org aws accounts config file report report on an AWS cross account policy execution run run a custodian policy across accounts (AWS, Azure, GCP, OCI) run-script run a script across AWS accounts ``` In order to run c7n-org against multiple accounts, a config file must first be created containing pertinent information about the accounts: Example AWS Config File: ```yaml accounts: - account_id: '123123123123' name: account-1 regions: - us-east-1 - us-west-2 role: arn:aws:iam::123123123123:role/CloudCustodian vars: charge_code: xyz tags: - type:prod - division:some division - partition:us - scope:pci ... ``` Example Azure Config File: ```yaml subscriptions: - name: Subscription-1 subscription_id: a1b2c3d4-e5f6-g7h8i9... - name: Subscription-2 subscription_id: 1z2y3x4w-5v6u-7t8s9r... ``` Example GCP Config File: ```yaml projects: - name: app-dev project_id: app-203501 tags: - label:env:dev - name: app-prod project_id: app-1291 tags: - label:env:dev ``` Example OCI Config File: ```yaml tenancies: - name: dev-tenancy profile: DEVTENANCY regions: - us-ashburn-1 - us-phoenix-1 vars: environment: dev tags: - type:test ... ``` ### Config File Generation We also distribute subcommands and scripts to generate the necessary config file in the [`scripts` folder](https://github.com/cloud-custodian/cloud-custodian/tree/main/tools/c7n_org/scripts). **Note:** Besides AWS, these are distributed only via git. Per <https://github.com/cloud-custodian/cloud-custodian/issues/2420>, we'll be looking to incorporate them into a new c7n-org subcommand. - For **AWS**, the subcommand `aws-accounts` generates a config file from the AWS Organizations API. ```shell c7n-org aws-accounts -f accounts.yml ``` - For **Azure**, the script `azuresubs.py` generates a config file from the Azure Resource Management API. - Please see the [Additional Azure Instructions](#additional-azure-instructions) for initial setup and other important info. ```shell python azuresubs.py -f subscriptions.yml ``` - For **GCP**, the script `gcpprojects.py` generates a config file from the GCP Resource Management API. ```shell python gcpprojects.py -f projects.yml ``` - For **OCI**, the script `ocitenancies.py` generates a config file using OCI Configuration file and OCI Organizations API. - Please refer to the [Additional OCI Instructions](#additional-oci-instructions) for additional information. ```shell python ocitenancies.py -f tenancies.yml ``` ## Running a Policy with c7n-org To run a policy, the following arguments must be passed in: ```shell -c | accounts|projects|subscriptions|tenancies config file -s | output directory -u | policy ``` For example: ```shell c7n-org run -c accounts.yml -s output -u test.yml --dryrun ``` After running the above command, the following folder structure will be created: ``` output |_ account-1 |_ us-east-1 |_ policy-name |_ resources.json |_ custodian-run.log |_ us-west-2 |_ policy-name |_ resources.json |_ custodian-run.log |- account-2 ... ``` Use `c7n-org report` to generate a csv report from the output directory. ## Selecting accounts, regions, policies for execution You can filter the accounts to be run against by either passing the account name or id via the `-a` flag, which can be specified multiple times, or alternatively with comma separated values. Groups of accounts can also be selected for execution by specifying the `-t` tag filter. Account tags are specified in the config file. Given the above accounts config file, you can specify all prod accounts with `-t type:prod`. You can specify the `-t` flag multiple times or use a comma separated list. You can specify which policies to use for execution by either specifying `-p` or selecting groups of policies via their tags with `-l`. Both options support being specified multiple times or using comma separated values. By default in AWS, c7n-org will execute in parallel across regions. The `-r` flag can be specified multiple times and defaults to `(us-east-1, us-west-2)`. A special value of `all` will execute across all regions. See `c7n-org run --help` for more information. #
Release History
| Version | Changes | Urgency | Date |
|---|---|---|---|
| 0.6.49 | Imported from PyPI (0.6.49) | Low | 4/21/2026 |
| 0.9.50.0 | ## What's Changed ### multiple providers * core - Add ability to normalize tag keys in filters by @adamsgoldsmith in https://github.com/cloud-custodian/cloud-custodian/pull/10380 * aws/azure/gcp - metric(s) filter - add start-of-day option by @iamanmolm in https://github.com/cloud-custodian/cloud-custodian/pull/10573 ### aws * aws - cross-account joint condition of org id and wildcard by @jerryhxu in https://github.com/cloud-custodian/cloud-custodian/pull/10499 * aws - implement th | Low | 3/18/2026 |
| 0.9.49.0 | ## What's Changed # aws - aws - add 'resolver-rule' resource (#10419) - aws - appelb - add listener-rule filter for inspecting routing rules (#10432) - aws - cloudfront/shield - gracefully handle pricing plan distributions (#10477) - aws - quicksight - gracefully handle missing or standard edition configurations (#10452) - aws - quicksight - handle exception in list tags (#10501) - aws - rds - skip cluster members in start/stop action (#10497) - aws - service-quota - updated `ac | Low | 1/16/2026 |
| 0.9.48.0 | ## What's Changed # aws - aws - account - add 'ami-block-public-access' filter (#10377) - aws - add 'iam-access-key' resource (#10364) - aws - add custom replica filter to the secretsmanager resource (#10350) - aws - add delete action for subnet (#10296) - aws - artifact-domain - fix cross account filter (#10446) - aws - cache-cluster - implement the 'upgrade-available' filter (#10361) - aws - core - consolidated query parsing (#10388) - aws - ebs - add Server-Side Query Filteri | Low | 12/1/2025 |
| 0.9.47.0 | ## What's Changed # aws - aws - Quicksight DataSource and Dashboard support (#10274) - aws - S3 Multi Region Access Point Cross Account Filter (#10301) - aws - add region-copy feature for rds cluster snapshot (#10271) - aws - cross-account filter - handle multiple context keys per operator (#10267) - aws - enable CloudWatch Synthetics service (#10324) - aws - eventbridge pipes (#10315) - aws - fix firehose pagination (#10313) - aws - fix organization resources tag actions (# | Low | 9/22/2025 |
| 0.9.46.0 | ## What's Changed # aws - aws - account - add new action for setting sts config (#10225) - aws - add resource client-vpn-endpoint (#10257) - aws - add vpc-endpoint-service-configuration resource (#10220) - aws - cross-account filter - support additional condition keys (#10264) - aws - delivery-destination - fix cross-account for destinations with no policy (#10254) - aws - invoke-lambda - use keyword args for `assumed_session()` call (#10252) - aws - kms - Add UnsupportedOperat | Low | 7/17/2025 |
| 0.9.45.0 | # aws - aws - add elasticache server side query support to retrieve cluster info (#10111) - aws - apigwv2 API and Stage update, delete actions (#9959) - aws - cross-account filter - return_allowed configuration which returns matching allowed statements (#10001) - aws - glue-catalog - arn generator (#10147) - aws - keyspaces (#10012) - aws - lexv2 bot-alias - resource and cross-account filter and delete action (#10057) - aws - metrics - handle extended statistics keys (#10131) - a | Low | 6/2/2025 |
| 0.9.44.0 | ## What's Changed # aws - aws - account - emr - block public account access bugfix (#10018) - aws - add rds-db-shard-group resource (#10052) - aws - athena-data-catalog tagging (#10021) - aws - aws.cfn add sns notification topic filter (#10013) - aws - codedeploy-config resource and codedeploy-group config filter (#10044) - aws - destination and delivery destination (#9995) - aws - docs - Add example of PartialMatch for EFS (#10031) - aws - docs - remove-keys fix example to | Low | 4/24/2025 |
| 0.9.43.0 | # aws - aws - account - fix has-virtual-mfa (#9848) - aws - add support for lexv2 bot (#9937) - aws - add support for timestream influxdb (#9858) - aws - athena workgroup, capacity-reservation, data-catalog (#9933) - aws - bugfix for IAM role arn parsing (#9885) - aws - cfn - search template filter (#9768) - aws - cfn - stacks - Add ARN definition (#9936) - aws - cloudhsm - backup (#9721) - aws - directory - fix - filtering directories without trusts (#9899) - aws - directory | Low | 2/4/2025 |
| 0.9.42.0 | # aws - aws - account - ec2 instance metadata defaults (#9765) - aws - add support for global accelerator (#9738) - aws - aws.cloudwatch-dashboard - set global_resource=true (#9781) - aws - directory-service - add trust-relationships filter (#9795) - aws - ds - filters for LDAP & Directory Settings (#9743) - aws - dynamodb cross-account and has-statement (#9731) - aws - elasticache-user resource (#9761) - aws - event-bridge-bus - kms filter (#9802) - aws - global accelerator - | Low | 11/14/2024 |
| 0.9.41.0 | # core - core - add terraform back to provider resources and ensure jsonschema for validation (#9639) - core - value filter et all - add from_json jmespath function (#9657) # aws - aws - asg - update invalid filter to allow default subnets usage if they exist (#9652) - aws - cloudfront - add origin-access-control resource (#9645) - aws - config-recorder retention filter (#9528) - aws - ecr normalize keys from config source to match service apis (#9642) - aws - has-statement fil | Low | 9/18/2024 |
| 0.9.40.0 | ## What's Changed Primarily a critical fix for 0.9.39 that required all cloud providers to be installed for the cli to run, versus being optional. * releng - remove stray debug and release 0.9.40 by @kapilt in https://github.com/cloud-custodian/cloud-custodian/pull/9637 **Full Changelog**: https://github.com/cloud-custodian/cloud-custodian/compare/0.9.39.0...0.9.40.0 | Low | 7/23/2024 |
| 0.9.39.0 | # aws - aws - appmesh filters (route, service, gateway-route) and service discovery namespace resource and instance filter (#9607) - aws - codebuild source credentials resource (#9606) - aws - ec2 - filter for ssm inventory / installed packages query (#9596) - aws - ecs - include configuration information (#9601) - aws - event modes - handle event dicts without a detail key (#9586) - aws - fix kms-key filter bug with arn alias (#9617) - aws - memorydb - add subnet, kms-key, securit | Low | 7/23/2024 |
| 0.9.38.0 | # overview this release is a bit smaller as we're doing it early in order to address some performance anomalies related to caching of aws clients in 0.9.37 which caused some memory increases for large environments and policies counts per #9558. # aws - aws - ec2 - snapshot action - add instance name to snapshot description (#9538) - aws - memorydb - add support for cluster (#9556) - aws - mu - avoid unnecessary lambda updates for vpc config (#9559) - aws - revert usage of caching | Low | 6/18/2024 |
| 0.9.37.0 | ## What's Changed Of note in this release, we now use python 3.12 for docker images which will provide a good performance improvement, as well caching clients in the aws provider which should also save on memory. # aws - aws - TimestreamDB kms key filter (#9500) - aws - add eventbridge scheduler mode for policy lambdas (#9273) - aws - add utility function for resolving global region for tagging augments by partition (#9475) - aws - cache clients by region (#9107) - aws - ela | Low | 6/5/2024 |
| 0.9.36.0 | ## What's Changed # aws - aws - account - switch to describe source (#9337) - aws - add workspaces bundle support (#9380) - aws - appmesh - add virtualnode resource (#9378) - aws - appmesh - update resource model, extend core docs and test support (#9290) - aws - ebs - add snapshots filter (#9451) - aws - ecs-service - fix delete for services with task sets (#9353) - aws - firewall - add logging-config filter and tag actions (#9339) - aws - lambda@edge filter - fix to use uni | Low | 4/29/2024 |
| 0.9.35.0 | # aws - aws - account - add support for bedrock model invocation logging configuration (#9259) - aws - add set-policy action for iam-profile resource (#9257) - aws - allow excluding specific processes when resuming ASGs (#9252) - aws - appmesh support (#9260) - aws - bedrock - support for knowledge base, bedrock-agent delete action (#9301) - aws - bedrock customization jobs, tag, kms-key and stop action (#9282) - aws - cloud watch alarm - add a filter for determining if part of a c | Low | 3/5/2024 |
| 0.9.34.0 | # aws - aws - actions - fix typo in documentation for invoke-lambda (#9180) - aws - add eni detach and eip disassociate actions, fix check-permissions filter (#9100) - aws - add in operator to vpc network-location filter (#9160) - aws - add python3.12 runtime support, default to python3.11 (#9231) - aws - batch - add tagging support and update/delete job queue actions (#9182) - aws - cost optimization filter (#9209) - aws - fix ASG config resource id (#9248) - aws - org unit filt | Low | 1/18/2024 |
| 0.9.33.0 | # aws - aws - add support for 'aws-iso' partition (#9103) - aws - support python3.11 in lambda policy schema (#9047) - aws - account service-limit filter - handle non-refreshable checks (#9072) - aws - add bedrock custom model resource (#9161) - aws - add support for opensearch serverless (#9058) - aws - add support for workspaces web (#9121) - aws - ami - fix ou/org regex patterns in set-permissions (#9032) - aws - arn parse explicit value error on invalid (#9071) - aws - | Low | 11/29/2023 |
| 0.9.32.0 | # aws - aws - airflow - update-environment and delete-environment (#8866) - aws - app-elb-target-group - retry wrapper for describe_target_group_attributes (#8916) - aws - ec2 - use a list instead of tuple for empty tag set (#8957) - aws - eip - release - handle InvalidAddress.PtrSet and InvalidAddress.Locked exception (#8924) - aws - elasticache and rg skip deletion when linked with global ds (#8876) - aws - glue catalog - kms-key filter and set-encryption refactor (#8833) - aws | Low | 10/3/2023 |
| 0.9.31.0 | # aws - aws - access analyzer finding resource (#8895) - aws - rds - fix delete action filtering (#8891) - aws - s3 - add bucket-replication filter (#8686) - aws - s3 - adding bucket_key_enabled to bucket-encryption filter (#8868) - aws - sg - unused/used filter don't consider self references as usage (#8821) - aws - tag rename action via universal/resource group tag api (#8878) # azure - azure - add CIDR support for network security group (#8798) - azure - application insi | Low | 9/6/2023 |
| 0.9.30.0 | # aws - aws - add more resource types (#8799) - aws - add value filter logic to waf-enabled and wafv2-enabled filters (#8407) - aws - ami - add cancel-launch-permission action (#8728) - aws - asg rename-tag - don't propagate tags when there are no instances (#8762) - aws - flow-log filter & action - refactor for kinesis/parquet support (#8757) - aws - key-pair unused filter - check autoscaling groups (#8755) - aws - rds - add pending-maintenance filter (#8793) - aws - rds - del | Low | 8/15/2023 |
| 0.9.29.0 | ## What's Changed # overview more gcp resources, two others of note. - aws - **breaking change** - operators using cloudtrail to inspect custodian api calls in an environment, the format of the user agent field has changed due to underlying changes within the sdk details and new format are documented/discussed in https://github.com/cloud-custodian/cloud-custodian/issues/8739 - oci - **breaking changes** - oci provider is currently alpha, the syntax for actions has been simplified in # | Low | 7/20/2023 |
| 0.9.28.0 | # TLDR New oracle cloud infrastructure provider, several additional resources to gcp, regular fixes and updates to extant providers. # aws - aws - add delete action to directory and cloud-directory (#8610) - aws - add ses-receipt-rule resource and delete action (#8671) - aws - asg - fix propagate-tags for asgs with no tags (#8612) - aws - core - fix fetching resources by id for types with scalar server-side filters (#8614) - aws - ebs - encrypt-instance-volumes handle missing tag | Low | 6/28/2023 |
| 0.9.27.0 | # aws - AWS - SES - Create new resource type configuration-set for SES (#8457) - aws - add pinpoint resource (#8514) - aws - codecommit - add universal_augment to pull tags (#8576) - aws - ebs-snapshot - cross-account filter - enable everyone_only (#8552) - aws - eks - adding associate-encryption-config action (#8426) - aws - fis - adding aws.fis-experiment resource (#8470) - aws - fsx - rds - register aws_backup count filter (#8494) - aws - kms related filter - resolve key ali | Low | 5/25/2023 |
| 0.9.26.0 | Fixes a package upload issue caused using poetry to upload our frozen wheels that affected (0.9.25.0), in favor of using twine to. upload, which results in proper frozen metadata. ## What's Changed * docs - value filter - add subheadings and expanded examples by @ajkerrigan in https://github.com/cloud-custodian/cloud-custodian/pull/8476 * Add policy statement filter to vpc-endpoint by @speshak in https://github.com/cloud-custodian/cloud-custodian/pull/8463 * releng - publish package usin | Low | 4/12/2023 |
| 0.9.25.0 | # aws - aws - asg - image filter - fix warning when image not found (#8473) - aws - asp-sync - delete action (#8419) - aws - ecs cluster - including settings to check for container insights (#8380) - aws - ecs-task-definition - support permanent deletion via force option (#8406) - aws - elasticsearch - cross-account bug fix handle no access policy (#8403) - aws - kinesis-video add tag/remove tag action (#8454) - aws - output - set region when using lambda exec options (#8471) - a | Low | 4/11/2023 |
| 0.9.24.0 | # aws - aws - ami - allow no 'add' in set-permissions action (#8327) - aws - apigw - generate domain name arns (#8366) - aws - asg - let valid/invalid filters work in explicit pull mode (#8308) - aws - efs-mount-point - network-location filter (#8347) - aws - eks - add network-location filter (#8377) - aws - elasticsearch - enable support for server-side query filtering (#8337) - aws - elasticsearch - new action to enable audit logs to cloudwatch (#8232) - aws - enhance modify-se | Low | 3/16/2023 |
| 0.9.23.0 | # aws - aws - account - check-cloudtrail sns subscription lookup refactor (#8020) - aws - emr-serverless-app - add resource and delete, tag, mark actions (#8197) - aws - autotag - add principalId as option for value field (#8244) - aws - cloudwatch logs - added attribute to allow passing role arn to put-subscription-filter call (#8246) - aws - dynamodb - add update table action (#8023) - aws - ecr - modify-policy update action schema validation (#8254) - aws - elasticache - skip de | Low | 2/16/2023 |
| 0.9.22.0 | # aws - aws - route53 recovery readiness-check - add resource and tagging support (#8112) - aws - account - organization filter (#8113) - aws - ami - add image-attribute filter (#8091) - aws - appelb - added filter and action for target group attributes (#8037) - aws - config - remediation filter: add rule_prefix to schema (#8171) - aws - connect - add set-attribute action (#8095) - aws - docs - network-addr moved to elastic-ip resource (#8170) - aws - ebs - EBS CreateDate shoul | Low | 1/18/2023 |
| 0.9.21.0 | # aws - aws - rest-stage - add regex match support for wafv2-enabled filter and set-wafv2 action (#7946) - aws - account - add ses send metric filters (#7874) - aws - account - check-cloudtrail filter: add include-management-events and log-metric-filter-pattern (#7851) - aws - account - managed config rule (#7029) - aws - ami - add set-permissions and set-deprecation actions, org support for cross-account filter (#7974) - aws - asg - ignore UnsupportedOperation on asg suspend (#807 | Low | 12/15/2022 |
| 0.9.20.0 | # aws - aws - apigwv2 - new resource and tagging support (#7881) - aws - appsync resource and waf filter/action (#7872) - aws - dynamodb - enhancement recommended for the consecuitive-backups filter (#7813) - aws - ec2 - set-metadata-access - include instance tags option (#7772) - aws - elbv2 wafv2-enabled fix to include only application loadbalancers (#7869) - aws - iam-user - add login-profile filter (#7804) - aws - log-group - add `put-subscription-filter` action (#7817) - aws | Low | 10/26/2022 |
| 0.9.19.0 | # aws - aws - add lambda handler as parameter (#7652) - aws - account - lake formation cross account s3 filter (#7578) - aws - add cfn_type to rds-snapshot, redshift-snapshot and elastic-ip (#7758) - aws - apigw rest-stage config poll support (#7787) - aws - catalog-product - new resource (#7802) - aws - datalake-location - add resource, deregister action, cross-account filter (#7668) - aws - dlm-policy - fix tags, add tag/remove-tag actions (#7702) - aws - dynamodb - add consecu | Low | 10/5/2022 |
| 0.9.18.0 | # aws This release includes a change that requires the `GetBucketLocation` permission on the output bucket when using the s3 output. If you are missing this permission and are doing cross account outputs to s3, ensure that your custodian role has `GetBucketLocation` permission for the target bucket. # aws - aws - account - check-macie filter - return empty list if doesn't match (#7536) - aws - artifact - fix cfn type metadata (#7560) - aws - asg - fix tagging interpolate values (#754 | Low | 8/11/2022 |
| 0.9.17.0 | # aws - aws - account - support config poll rule evaluations (#7476) - aws - cloudfront - recursively merge config during set-attributes (#7486) - aws - cloudfront - update formatting for post-finding (#7491) - aws - cloudsearch - add domain-options filter and enable-https action (#7280) - aws - config-rule - fetch tags via universal augment (#7241) - aws - ebs - preserve tags across encrypt-instance-volumes action (#7275) - aws - elb - remove-tag - fix for list of tags (#7473) - | Low | 6/21/2022 |
| 0.9.16.0 | # aws - aws - access-analyzer - fix policy name ref for err msg if no access analyzers (#7231) - aws - config-poll-rule mode - optionally ignore resource support check (#7194) - aws - core - add TooManyRequestsException to list of default retry codes (#7163) - aws - cross-account filter - handle multiple principal types (#7112) - aws - mu - default to python3.9 for lambda execution modes (#7212) - aws - ebs - snapshot create with description (#7135) - aws - elb - support predefined | Low | 5/10/2022 |
| 0.9.15.0 | # aws - aws - add ecr modify policy action, iam has-policy, and sechub formatting fix (#7102) - aws - add modify-subnet-atrribute action for aws subnet (#7075) - aws - apigateway - delete action - use retry (#7106) - aws - apigw custom domain resource (#7030) - aws - check-permissions - fix for boundary handling (#7012) - aws - credential-report - handle report in progress error when generating credential report (#7074) - aws - cross-account filter - fix for non arn principals when | Low | 2/24/2022 |
| 0.9.14.0 | # IMPORTANT AWS users should upgrade prior to dec 6th, 2021 to accomodate for a behavior change in lambda provisioning, which will otherwise cause errors when updating policies. See https://aws.amazon.com/blogs/compute/coming-soon-expansion-of-aws-lambda-states-to-all-functions/ for details. # aws - aws - apache airflow support and kms filter (#6823) - aws - check-permissions - gracefully handle non-existent iam entities (#6986) - aws - codedeploy - map resource type id application | Low | 11/16/2021 |
| 0.9.13.0 | # aws - aws - api gateway - metric filter fix (#6728) - aws - application autoscaling w offhours/resize support (#6548) - aws - cloudtrail - event-selectors filter (#6394) - aws - health filter - update chunk size per provider api breakage (#6808) - aws - iam policy - tagging support (#6751) - aws - iam-policy - only fetch local policies (#6828) - aws - iam-profile - unused filter fix (#6804) - aws - lambda-layer - cross-account ignore layers with no policies (#6827) - aws - rd | Low | 8/10/2021 |
| 0.9.12.0 | # aws - aws - ami deregister exception when snapshot in use (#6706) - aws - asg - add update action to set max lifetime and other settings (#6612) - aws - batch - fix subnet and sg filters related resource expressions (#6644) - aws - cloud watch alarms - tag augment (#6598) - aws - config support for ecs service & eks cluster (#6605) - aws - dax fix tagging action (#6754) - aws - ebs - modify action - add gp3 ebs type to schema (#6753) - aws - ec2 svc id prefix for more resources | Low | 6/28/2021 |
| 0.9.11.0 | # Summary This release contains some breaking changes for the azure provider. The azure sdks from microsoft have dropped compatibility with several resources, specifically azure.keyvault-storage of note. This release also sees the inclusion of a new openstack provider (alpha). # aws - aws - add set-permissions action for rds/rds-cluster snapshots (#6381) - aws - appelb - modify-listener - support nlb protocols (#6462) - aws - appflow - add resource, tag filters/actions, and dele | Low | 3/22/2021 |
| 0.9.10.0 | # aws - aws - api gateway client certificate support (#6376) - aws - config - cross account aggregation filter (#6384) - aws - config source - selectively demangle/title keys (#6377) - aws - event bus resource and cross-account filter (#6339) - aws - iam-group - add delete-inline-policies action (#6369) - aws - iam-users - ssh-key management (#6365) - aws - s3 remove-statements - handle missing Sid (#6375) # azure - azure - add firewall filters to postgresql servers. (#6357) | Low | 1/11/2021 |
| 0.9.9.0 | # aws - aws - account - check macie2 filter (#6327) - aws - app-elb - add modify-attributes action (#6220) - aws - asg propagate tag changes for auto-tag-user (#6257) - aws - ebs-snapshot - set-permissions action (#6203) - aws - elasticsearch - cross-account filter and remove-statements action (#6225) - aws - iam certificate - add delete action (#6288) - aws - logs - fix tag augment (#6333) - aws - metrics filter - push start time back to the top of the last hour (#6329) - aws | Low | 12/14/2020 |
| 0.9.8.0 | # aws - aws - batch queue resource (#6214) - aws - code pipeline - config describe source (#6294) - aws - dynamodb - config mode deserialization fix for BillingModeSummary (#6276) - aws - iam identity provider resources (saml, oidc) (#6267) - aws - iam-role - add mark-for-op/marked-for-op support (#6230) - aws - mq-configuration - tagging support (#6236) - aws - s3 - config - bucket replication dont assume non required values (#6188) - aws - secrets-manager fix get-resources re | Low | 11/17/2020 |
| 0.9.7.0 | # aws - aws - account access-analyzer filter (#6075) - aws - add delete action to iam user group (#6088) - aws - ami - remove permission - support only on matched cross accounts (#6009) - aws - auto filter classic elastic ips, we only support vpc elastic ips (#6168) - aws - cloud watch - contributor insight rule resource (#6157) - aws - code artifact support (#6119) - aws - config - more aws config garbage unmangling (#6185) - aws - config source - implicitly sniff date keys in i | Low | 10/15/2020 |
| 0.9.6.0 | # docs - docs - add c7n-org example usage with mugc (#6101) - docs - minor grammar fixes (#6084) # releng - releng - ensure version file increment, fix wheel dep pre-publish (#6076) - releng - prep release 0.9.6 (#6095) # tools - tools/ops/policylambda - config rule support (#6067) | Low | 9/4/2020 |
| 0.9.5.0 | # aws - aws - asg image filter - fix use whole image data instead of just image id (#6041) - aws - cloudtrail fix tag augment (#5986) - aws - copy-related - skip aws prefixed tags if doing wild card copy (#5977) - aws - elasticsearch - reserved instances resource (#5974) - aws - glue-security configuration - kms-key filters (#5960) - aws - iam access analyzer - use a getter to account for resource w/o finding result (#6022) - aws - iam role - support mark-for-op (#5978) - aws - l | Low | 8/25/2020 |
| 0.9.4.0 | # aws - aws - sns subscription resource (#5868) - aws - access analyzer finding filter (#5821) - aws - account basic filter to check enablement of securityhub (#5855) - aws - add ThrottledException to resource manager default retry codes (#5912) - aws - don't cache unaugmented resources (#5850) - aws - ec2 - set-metadata-access action (#5847) - aws - ec2 keypair supports tags (#5883) - aws - ecs task definition - augment throttling retry (#5910) - aws - elastic ip - get resourc | Low | 7/7/2020 |
| 0.9.3.0 | # aws - aws - glue-catalog - cloud-trail mode default for api calls that don't provide ids (#5841) - aws - asg - propagate tags actions skip api call if asg has no instances (#5792) - aws - cloudtrail mode - support processing delay (#5764) - aws - code commit & code pipeline taggable typo fix (#5807) - aws - config workaround broken select resource api and normalize rds cluster snapshot (#5802) - aws - config-compliance - work around security hub inconsistent rule resource ids (#580 | Low | 6/9/2020 |
| 0.9.2.0 | # aws - aws - account - emr block public access configuration filter/action (#5642) - aws - add cfn types to resources (#5681) - aws - add redshift set-attributes action (#5721) - aws - additional config resource support (#5408) - aws - cloudtrail status - dont process foreign account org trails (#5715) - aws - code commit & pipeline tags and delete action (#5682) - aws - config-poll-rule mode (#5695) - aws - cwe - event-rule resource group tagging support (#5676) - aws - dynam | Low | 5/21/2020 |
| 0.9.1.0 | # Change Log There's been quite a few changes in this release, highlights - This is our first release to drop python 2.7 compatibility. - lazy loading by default, greatly reduces cli and serverless cold start latency. - docker images have been significantly trimmed using multi-stage builds with the distroless container. - poetry is now being used for package management, existing workflows using pip/setuptools will work without any changes. - pypi release artifacts a | Low | 4/28/2020 |
Dependencies & License Audit
Loading dependencies...
Similar Packages
azure-monitor-opentelemetry-exporterMicrosoft Azure Monitor Opentelemetry Exporter Client Library for Pythonazure-template_0.1.0b6187637
azure-monitor-opentelemetryMicrosoft Azure Monitor Opentelemetry Distro Client Library for Pythonazure-template_0.1.0b6187637