Flexera provides a wide variety of policies that you can apply on Day 1 without much investment. All our policies are open source and can be found in our public git repo.

Interested in policies not listed here? Contact your Account Manager or our sales team, or write your own.

Cost Policies

Increase cost visibility and management in your multi-cloud world and take appropriate actions to run an efficient infrastructure.

NameVersionDescription
AWS Delete Unused Classic Load Balancers1.0Report and remediate any Classic Load Balancers (CLB) that are not currently in use
AWS Instance CloudWatch Utilization1.1Gathers AWS CloudWatch data for instances on 30 day intervals
AWS Reserved Instances Recommendations1.0A policy that sends email notifications when AWS RI Recommendations are identified
Azure Hybrid Use Benefit for Windows Server1.1Identifies eligible instances not utilizing Azure Hybrid Use Benefit
Azure Instances Utilization from Log Analytics1.0Gathers instance utilization data from Azure Log Analytics and tags underutilized instances
Azure Reserved Instances Recommendations1.0A policy that sends email notifications when Azure RI Recommendations are identified
Azure Reserved Instances Utilization1.0A policy that sends email notifications when utilization falls below a threshold
Azure Superseded Instance Types1.2Discover disallowed instance types and resize to an approved instance type
Billing Center Cost Anomalies1.0Analyze all Billing Centers for a specified number of days and raise an incident if the percentage of spend (compared to the previous period of the same number of days) has surpassed the defined threshold
Budget Alerts1.3Create a Monthly Budget Alert for a Billing Center or for the entire Organization
Cheaper Regions1.2Specify which regions have cheaper alternatives by specifying the expensive region name and the cheaper region name for analysis
Discover Old Snapshots1.6A policy that sends email and requests deletion when snapshots older then a certain timeframe are found
Downsize Instances1.12A policy that downsizes instances
Expired Reserved Instances1.5A policy that sends email notifications before reserved instances expire
Google Committed Use Discount (CUD) Report1.0Report on all Google CUDs that have been purchased
Google Instances StackDriver Utilization1.0Gathers Google StackDriver utilization for instances on 30 day intervals
Google Unutilized IP Addresses1.0Checks Google for Unutilized IP Addresses
Low Account Usage1.1Analyze all account usage and determines recommend consolidation or deletion
Low Service Usage1.1Analyze all service usage and determines recommend consolidation or deletion
Reserved Instance Report by Billing Center1.1This policy generates a Reserved Instances report by Billing Center
Reserved Instances Coverage1.2A policy that sends email notifications on reserved instance coverage
Reserved Instances Utilization1.8A policy that sends email notifications when utilization falls below a threshold
Schedule Instances1.5A policy that start and stops instances based on a schedule
Scheduled Report1.6This policy allows you to set up scheduled reports that will provide summaries of cloud cost across all resources in the billing centers you specify, delivered to any email addresses you specify
Superseded Instance Remediation1.0This Policy Template is used to automatically supersede instances based on user-defined standards
Superseded Instances1.0This Policy Template is used to automatically resize instances based on user-defined standards
Terminate Instances with End Date1.1This Policy Template is used to terminate instances based on tag
Unattached IP Addresses1.0Checks for Unattached IP Addresses and deletes them with approval
Unattached Volumes1.8Finds unattached volumes older than specified number of days and, optionally, deletes them

Security Policies

Gain visibility and control across all your public and/or private cloud environments with our security policies. Improve security across your applications, data, and associated infrastructure by finding security vulnerabilities before your customers do.

NameVersionDescription
AWS Internet-facing ELBs & ALBs1.0Report and remediate any Classic Load Balancers(ELBs) and Application load Balancers(ALBs) that are Internet-facing
AWS Open Buckets1.7Checks for buckets that are open to everyone
AWS Publicly Accessible RDS Instances1.0Report and remediate any Relational Database Service (RDS) instances that are publicly accessible
AWS Unencrypted RDS Instances1.0Report any Relational Database Service (RDS) instances that are unencrypted
AWS Unencrypted Volumes1.0Report any Elastic Block Store (EBS) volumes in AWS that are unencrypted
Google Open Buckets1.3Checks for buckets that are open to the public
Security Group Rules with ports open to the world1.0A policy that sends email notifications when a security group has ports open to the world
Security Group Rules without Descriptions1.7A policy that sends email notifications when a security group has no description
Security Group with High Open Ports1.4A policy that sends email notifications when a security group has unapproved open ports
Security Groups with ICMP Enabled1.5A policy that sends email notifications a security group has icmp enabled

Operational Policies

Save valuable human time and investment by automating everyday IT operations. Running an automated and efficient cloud infrastructure frees up expensive resources on high ROI projects like scaling, growth, and deliver value faster than anyone else.

NameVersionDescription
AWS Cloud Credentials Rotation1.5Updates the IAM user keys used to connect RightScale to an AWS account
AWS RDS Backup Settings1.1Checks for RDS Instances that have unapproved backup settings
AWS Subnet Name Tag Sync1.1Ensures a Subnet name in Cloud Management reflect the value of the Subnet name tag in AWS
AWS VPC Name Tag Sync1.1Ensures a Network name in Cloud Management reflects the value of the Network name tag in AWS
No Recent Snapshots1.3Policy to check for snaphots between now and a certain numer of days
Policy Template Synchronization1.7A policy to manage policy template
Stranded Servers1.0Report and remediate any Servers that are stranded in booting
VMWare Instance Tag Sync1.0Adds tags to vmware instances from CMP

Compliance Policies

Enterprises typically have multiple compliance requirements but struggle to automate them which leads to downtime as well as resource waste. By having a strong compliance strategy but also ability to quickly automate it provides peace of mind and avoids business interruption.

NameVersionDescription
AWS Unused ECS Clusters1.0Report and remediate any ECS clusters that are not currently in use
Azure Disallowed Regions1.1A policy that discovers all Azure resources that have been provisioned in unapproved regions and optionally deletes them
Azure: Tag Resources with Resource Group Name1.1Scan all resources in an Azure Subscription, raise an incident if any resources are not tagged with the name of their Resource Group, and remediate by tagging the resource
Billing Center Access Report1.1This policy generates an access report by Billing Center
GitHub.com Available Seats Report1.4Gets the number of available seats for a licensed GitHub Org and creates an incident if they are out of the policy range
GitHub.com Repositories without Admin Team1.0Gets the repositories under a GitHub
GitHub.com Repository Branches without Protection1.0Gets the repositories + branches under a GitHub
GitHub.com Unpermitted Outside Collaborators1.0Gets all the Outside Collaborators (User that have been granted access to a repository, but are not a Member of the repository owner's Organization) under GitHub
GitHub.com Unpermitted Repository Names1.0Gets the names of all repositories under GitHub
GitHub.com Unpermitted Sized Repositories1.0Gets all repositories under GitHub
GitHub.com Unpermitted Top-Level Teams1.0Gets the top-level / parent Teams for a GitHub
Unapproved instance types1.0Report on any instances that are running using instance types that are not approved
Untagged Resources1.9Check resources for missing tags and report on them