Flexera provides a wide variety of policies that you can apply on Day 1 without much investment. All our policies are open source and can be found in our public git repo.

Interested in policies not listed here? Contact your Account Manager or our sales team, or write your own.

Cost Policies

Increase cost visibility and management in your multi-cloud world and take appropriate actions to run an efficient infrastructure.

NameVersionDescription
AWS Delete Unused Classic Load Balancers1.0Report and remediate any Classic Load Balancers (CLB) that are not currently in use
AWS Instance CloudWatch Utilization1.0Gathers AWS CloudWatch data for instances on 30 day intervals
Add Expiring Cooldown Tags for Downsizing Instances1.3A policy that checks cooldown time tag that the downsize policy sets and if time has expired, it will add back the tag to allow the instance to be downsized
Azure Hybrid Use Benefit for Windows Server1.0Identifies eligible instances not utilizing Azure Hybrid Use Benefit
Azure Reserved Instances Utilization1.0A policy that sends email notifications when utilization falls below a threshold
Azure Superseded Instance Types1.1Discover disallowed instance types and resize to an approved instance type
Billing Center Cost Anomalies1.0Analyze all Billing Centers for a specified number of days and raise an incident if the percentage of spend (compared to the previous period of the same number of days) has surpassed the defined threshold
Budget Alerts1.3Create a Monthly Budget Alert for a Billing Center or for the entire Organization
Cheaper Regions1.1Specify which regions have cheaper alternatives by specifying the expensive region name and the cheaper region name for analysis
Discover Old Snapshots1.6A policy that sends email and requests deletion when snapshots older then a certain timeframe are found
Downsize Instances based on CPU and Memory1.11A policy that downsizes instances based on monitoring metrics
Expired Reserved Instances1.5A policy that sends email notifications before reserved instances expire
Google Committed Use Discount (CUD) Report1.0Report on all Google CUDs that have been purchased
Google Instances StackDriver Utilization1.0Gathers Google StackDriver utilization for instances on 30 day intervals
Google Unutilized IP Addresses1.0Checks Google for Unutilized IP Addresses
Low Account Usage1.0Analyze all account usage and determines recommend consolidation or deletion
Low Service Usage1.0Analyze all service usage and determines recommend consolidation or deletion
Reserved Instance Report by Billing Center1.1This policy generates a Reserved Instances report by Billing Center
Reserved Instances Coverage1.2A policy that sends email notifications on reserved instance coverage
Reserved Instances Utilization1.8A policy that sends email notifications when utilization falls below a threshold
Schedule Instances1.5A policy that start and stops instances based on a schedule
Scheduled Report1.6This policy allows you to set up scheduled reports that will provide summaries of cloud cost across all resources in the billing centers you specify, delivered to any email addresses you specify
Unattached IP Addresses1.0Checks for Unattached IP Addresses and deletes them with approval
Unattached Volumes1.7Finds unattached volumes older than specified number of days and, optionally, deletes them

Security Policies

Gain visibility and control across all your public and/or private cloud environments with our security policies. Improve security across your applications, data, and associated infrastructure by finding security vulnerabilities before your customers do.

NameVersionDescription
AWS Internet-facing ELBs & ALBs1.0Report and remediate any Classic Load Balancers(ELBs) and Application load Balancers(ALBs) that are Internet-facing
AWS Open Buckets1.7Checks for buckets that are open to everyone
AWS Publicly Accessible RDS Instances1.0Report and remediate any Relational Database Service (RDS) instances that are publicly accessible
AWS Unencrypted RDS Instances1.0Report any Relational Database Service (RDS) instances that are unencrypted
AWS Unencrypted Volumes1.0Report any Elastic Block Store (EBS) volumes in AWS that are unencrypted
Google Open Buckets1.3Checks for buckets that are open to the public
Security Group Rules with ports open to the world1.0A policy that sends email notifications when a security group has ports open to the world
Security Group Rules without Descriptions1.7A policy that sends email notifications when a security group has no description
Security Group with High Open Ports1.4A policy that sends email notifications when a security group has unapproved open ports
Security Groups with ICMP Enabled1.5A policy that sends email notifications a security group has icmp enabled

Operational Policies

Save valuable human time and investment by automating everyday IT operations. Running an automated and efficient cloud infrastructure frees up expensive resources on high ROI projects like scaling, growth, and deliver value faster than anyone else.

NameVersionDescription
AWS Cloud Credentials Rotation1.5Updates the IAM user keys used to connect RightScale to an AWS account
AWS RDS Backup Settings1.1Checks for RDS Instances that have unapproved backup settings
AWS Subnet Name Tag Sync1.1Ensures a Subnet name in Cloud Management reflect the value of the Subnet name tag in AWS
AWS VPC Name Tag Sync1.1Ensures a Network name in Cloud Management reflects the value of the Network name tag in AWS
No Recent Snapshots1.3Policy to check for snaphots between now and a certain numer of days
Policy Template Synchronization1.7A policy to manage policy template

Compliance Policies

Enterprises typically have multiple compliance requirements but struggle to automate them which leads to downtime as well as resource waste. By having a strong compliance strategy but also ability to quickly automate it provides peace of mind and avoids business interruption.

NameVersionDescription
AWS Unused ECS Clusters1.0Report and remediate any ECS clusters that are not currently in use
Azure Disallowed Regions1.0A policy that discovers all Azure resources that have been provisioned in unapproved regions and optionally deletes them
Azure: Tag Resources with Resource Group Name1.0Scan all resources in an Azure Subscription, raise an incident if any resources are not tagged with the name of their Resource Group, and remediate by tagging the resource
Billing Center Access Report1.1This policy generates an access report by Billing Center
GitHub.com Available Seats Report1.4Gets the number of available seats for a licensed GitHub Org and creates an incident if they are out of the policy range
GitHub.com Repositories without Admin Team1.0Gets the repositories under a GitHub
GitHub.com Repository Branches without Protection1.0Gets the repositories + branches under a GitHub
GitHub.com Unpermitted Outside Collaborators1.0Gets all the Outside Collaborators (User that have been granted access to a repository, but are not a Member of the repository owner's Organization) under GitHub
GitHub.com Unpermitted Repository Names1.0Gets the names of all repositories under GitHub
GitHub.com Unpermitted Sized Repositories1.0Gets all repositories under GitHub
GitHub.com Unpermitted Top-Level Teams1.0Gets the top-level / parent Teams for a GitHub
Untagged Resources1.9Check resources for missing tags and report on them