RATATOSKRATATOSK
ログイン

Cloud Custodian

0.9.50.0Security
2026年3月19日

A broad feature release adding 12+ new AWS resources, new upgrade-available filters for EKS/Elasticsearch, Azure Entra ID resources, and GCP Vertex AI support. Several bug fixes address S3 cache staleness, GuardDuty validation, and IAM user errors.

  • enhancementAudit EKS and Elasticsearch upgrade readiness now

    The new upgrade-available filter for both EKS and Elasticsearch means you can write policies that flag clusters where a newer version exists. If you've been tracking version compliance manually, replace that with a c7n policy using the upgrade-available filter and route matches to notify or tag. Good timing before any end-of-support deadlines.

  • enhancementAdd whitelist_patterns to cross-account filters using deleted principals

    If your cross-account policies flag deleted IAM principals as violations, you've likely been dealing with false positives. The new whitelist_patterns parameter on the cross-account filter lets you skip ARN patterns for known-deleted or transient principals. Review your existing cross-account policies and add patterns for any deleted accounts or service-linked roles you see repeated in output.

  • enhancementAudit Azure Entra ID security posture with new resource types

    Four new Entra ID resource types — conditional-access-policy, authorization-policy, named-location, security-defaults — are now queryable. If you manage Azure security baselines, write policies to check that security defaults are enabled and conditional access policies match your org's requirements. This fills a gap that previously required separate tooling.

主な変更 (5)

  • New upgrade-available filters for EKS and Elasticsearch let you proactively find clusters running outdated versions
  • 12 new AWS resource types added: savings-plan, vpc-lattice-listener, directconnect-gateway, bedrock-inference-profile, transfer-connector, and more
  • Azure Entra ID resources now manageable: conditional-access-policy, authorization-policy, named-location, and security-defaults
  • GCP gains Vertex AI resources (endpoint, batch-prediction-job) and expanded set-labels support across BigQuery, BigTable, KMS, and GCS buckets
  • cross-account filter gets whitelist_patterns to skip deleted IAM principals, and org-id + wildcard joint conditions now handled correctly