Flexera provides a wide variety of policies that you can apply on Day 1 without much investment. All our policies are open source and can be found in our public git repo.
Interested in policies not listed here? Contact your Account Manager or our sales team, or write your own.
Cost Policies
Increase cost visibility and management in your multi-cloud world and take appropriate actions to run an efficient infrastructure.
| Name | Version | Description |
|---|---|---|
| AWS Bucket Size Check | 2.9 | This Policy Template scans all S3 buckets in the given account and checks if the bucket exceeds a specified byte size. See the [README](https://github.com/flexera-public/policy_templates/tree/master/cost/aws/s3_bucket_size) and [docs.flexera.com/flexera/EN/Automation](https://docs.flexera.com/flexera/EN/Automation/AutomationGS.htm) to learn more. |
| AWS Burstable Instance CloudWatch Utilization | 3.0 | Gathers AWS CloudWatch CPU and Burst Credit data for instances on 30 day intervals. See the [README](https://github.com/flexera-public/policy_templates/tree/master/cost/aws/burstable_instance_cloudwatch_credit_utilization/) and [docs.flexera.com/flexera/EN/Automation](https://docs.flexera.com/flexera/EN/Automation/AutomationGS.htm) to learn more. |
| AWS Delete Unused Classic Load Balancers | 4.0 | Report and remediate any Classic Load Balancers (CLB) that are not currently in use. See the [README](https://github.com/flexera-public/policy_templates/tree/master/cost/aws/elb/clb_unused) and [docs.flexera.com/flexera/EN/Automation](https://docs.flexera.com/flexera/EN/Automation/AutomationGS.htm) to learn more. |
| AWS Expiring Reserved Instances | 2.0 | A policy that sends email notifications before AWS Reserved Instances expire. See the [README](https://github.com/flexera-public/policy_templates/tree/master/cost/aws/reserved_instances/expiration) and [docs.flexera.com/flexera/EN/Automation](https://docs.flexera.com/flexera/EN/Automation/AutomationGS.htm) to learn more. |
| AWS Expiring Savings Plans | 2.0 | A policy that sends email notifications before AWS Savings Plan expire. See the [README](https://github.com/flexera/policy_templates/tree/master/cost/aws/savings_plan/expiration) and [docs.flexera.com/flexera/EN/Automation](https://docs.flexera.com/flexera/EN/Automation/AutomationGS.htm) to learn more. |
| AWS GP3 Upgradeable Volumes | 4.0 | Checks for upgradeable volumes and report them for modification. See the [README](https://github.com/flexera-public/policy_templates/tree/master/cost/aws/gp3_volume_upgrade) and [docs.flexera.com/flexera/EN/Automation](https://docs.flexera.com/flexera/EN/Automation/AutomationGS.htm) to learn more. |
| AWS Idle Compute Instances | 5.1 | Check for instances that are idle for the last 30 days and terminates them after approval. See the [README](https://github.com/flexera-public/policy_templates/tree/master/cost/aws/idle_compute_instances/) and [docs.flexera.com/flexera/EN/Automation](https://docs.flexera.com/flexera/EN/Automation/AutomationGS.htm) to learn more. |
| AWS Inefficient Instance Utilization using CloudWatch | 3.0 | Checks inefficient instance utilization using provided CPU and Memory thresholds. Instances matching the criteria can be resized after user approval. See the [README](https://github.com/flexera-public/policy_templates/tree/master/cost/aws/instance_cloudwatch_utilization/) and [docs.flexera.com/flexera/EN/Automation](https://docs.flexera.com/flexera/EN/Automation/AutomationGS.htm) to learn more. |
| AWS Object Storage Optimization | 3.0 | Check for object store items for last modified date and moves the object to cool or cold archive tiers after user approval. [README](https://github.com/flexera-public/policy_templates/tree/master/cost/aws/object_storage_optimization) and [docs.flexera.com/flexera/EN/Automation](https://docs.flexera.com/flexera/EN/Automation/AutomationGS.htm) to learn more. |
| AWS Old Snapshots | 7.1 | Checks for snapshots older than a specified number of days and, optionally, deletes them. See the [README](https://github.com/flexera-public/policy_templates/tree/master/cost/aws/old_snapshots) and [docs.flexera.com/flexera/EN/Automation](https://docs.flexera.com/flexera/EN/Automation/AutomationGS.htm) to learn more. |
| AWS RDS Instances | 3.0 | Collects all RDS instances in an account. See the [README](https://github.com/flexera-public/policy_templates/tree/master/cost/aws/rds_instance_license_info/) and [docs.flexera.com/flexera/EN/Automation](https://docs.flexera.com/flexera/EN/Automation/AutomationGS.htm) to learn more. |
| AWS Reserved Instances Recommendations | 2.19 | A policy that sends email notifications when AWS RI Recommendations are identified. NOTE: These RI Purchase Recommendations are generated by AWS. See the [README](https://github.com/flexera-public/policy_templates/tree/master/cost/aws/reserved_instances/recommendations) and [docs.flexera.com/flexera/EN/Automation](https://docs.flexera.com/flexera/EN/Automation/AutomationGS.htm) to learn more. |
| AWS Reserved Instances Utilization | 2.0 | A policy that sends email notifications when utilization falls below a threshold. See the [README](https://github.com/flexera-public/policy_templates/tree/master/cost/aws/reserved_instances/utilization) and [docs.flexera.com/flexera/EN/Automation](https://docs.flexera.com/flexera/EN/Automation/AutomationGS.htm) to learn more. |
| AWS Rightsize EBS Volumes | 3.2 | Checks for cost inefficient EBS volumes. This policy finds GP2 volume types and recommends them for an upgrade to GP3 if cost savings is present. See the [README](https://github.com/flexera-public/policy_templates/tree/master/cost/aws/rightsize_ebs_volumes/) and [docs.flexera.com/flexera/EN/Automation](https://docs.flexera.com/flexera/EN/Automation/AutomationGS.htm) to learn more. |
| AWS Rightsize EC2 Instances | 4.1 | Check for EC2 instances that have inefficient utilization for a specified number of days and downsizes or terminates them after approval. See the [README](https://github.com/flexera-public/policy_templates/tree/master/cost/aws/rightsize_ec2_instances/) and [docs.flexera.com/flexera/EN/Automation](https://docs.flexera.com/flexera/EN/Automation/AutomationGS.htm) to learn more. |
| AWS Rightsize RDS Instances | 3.1 | Check for Inefficient database services that are inside or outside the CPU threshold for the last 30 days and resizes them after approval. See the [README](https://github.com/flexera-public/policy_templates/tree/master/cost/aws/rds_instance_cloudwatch_utilization/) and [docs.flexera.com/flexera/EN/Automation](https://docs.flexera.com/flexera/EN/Automation/AutomationGS.htm) to learn more. |
| AWS S3 Bucket Intelligent Tiering Check | 2.4 | This Policy Template scans all s3 buckets and reports if they don't have intelligent tiering enabled. See the [README](https://github.com/flexera-public/policy_templates/tree/master/cost/aws/s3_storage_policy) and [docs.flexera.com/flexera/EN/Automation](https://docs.flexera.com/flexera/EN/Automation/AutomationGS.htm) to learn more. |
| AWS Savings Plan Recommendations | 2.17 | A policy that sends email notifications when AWS Savings Plan Recommendations are identified. NOTE: These Recommendations are generated by AWS. See the [README](https://github.com/flexera-public/policy_templates/tree/master/cost/aws/savings_plan/recommendations) and [docs.flexera.com/flexera/EN/Automation](https://docs.flexera.com/flexera/EN/Automation/AutomationGS.htm) to learn more. |
| AWS Savings Plan Utilization | 3.1 | A policy that sends email notifications when AWS Savings Plan Utilizations are identified. NOTE: These Utilizations are generated by AWS. See the [README](https://github.com/flexera-public/policy_templates/tree/master/cost/aws/savings_plan/utilization) and [docs.flexera.com/flexera/EN/Automation](https://docs.flexera.com/flexera/EN/Automation/AutomationGS.htm) to learn more. |
| AWS Savings Realized from Reservations | 3.2 | This policy calculates savings realized by Reserved Instance, Savings Plan, and Spot Instance purchases for AWS. See the [README](https://github.com/flexera-public/policy_templates/tree/master/cost/aws/savings_realized/) and [docs.flexera.com/flexera/EN/Automation](https://docs.flexera.com/flexera/EN/Automation/AutomationGS.htm) to learn more. |
| AWS Schedule Instance | 3.0 | This Policy Template allows you to schedule start and stop times for your instance, along with the option to terminate instance, update and delete schedule. See the [README](https://github.com/flexera-public/policy_templates/tree/master/cost/aws/schedule_instance/) and [docs.flexera.com/flexera/EN/Automation](https://docs.flexera.com/flexera/EN/Automation/AutomationGS.htm) to learn more. |
| AWS Unused IP Addresses | 6.1 | Checks AWS for unused IP Addresses and, optionally, deletes them. See the [README](https://github.com/flexera-public/policy_templates/tree/master/cost/aws/unused_ip_addresses/) and [docs.flexera.com/flexera/EN/Automation](https://docs.flexera.com/flexera/EN/Automation/AutomationGS.htm) to learn more. |
| AWS Unused RDS Instances | 6.1 | Check for database services that have no connections and delete them after approval. See the [README](https://github.com/flexera-public/policy_templates/tree/master/cost/aws/unused_rds) and [docs.flexera.com/flexera/EN/Automation](https://docs.flexera.com/flexera/EN/Automation/AutomationGS.htm) to learn more. |
| AWS Unused Volumes | 7.1 | Checks for unused volumes with no read/write operations performed within a specified number of days and, optionally, deletes them. See the [README](https://github.com/flexera-public/policy_templates/tree/master/cost/aws/unused_volumes) and [docs.flexera.com/flexera/EN/Automation](https://docs.flexera.com/flexera/EN/Automation/AutomationGS.htm) to learn more. |
| Azure Blob Storage Optimization | 2.6 | Checks Azure Blob Storage for last modified date and moves the object to the Cool or Archive tier after user approval [README](https://github.com/flexera-public/policy_templates/tree/master/cost/azure/object_storage_optimization) and [docs.flexera.com/flexera/EN/Automation](https://docs.flexera.com/flexera/EN/Automation/AutomationGS.htm) to learn more. |
| Azure China Common Bill Ingestion | 1.0 | Azure China CBI Policy. See the [README](https://github.com/flexera-public/policy_templates/tree/master/cost/azure/azure_china_cbi/) and [docs.flexera.com/flexera/EN/Automation](https://docs.flexera.com/flexera/EN/Automation/AutomationGS.htm) to learn more. |
| Azure Expiring Reserved Instances | 2.1 | A policy that sends email notifications when an Azure Reserved Instance are about to expire. See the [README](https://github.com/flexera-public/policy_templates/tree/master/cost/azure/reserved_instances/expiration) and [docs.flexera.com/flexera/EN/Automation](https://docs.flexera.com/flexera/EN/Automation/AutomationGS.htm) to learn more. |
| Azure Hybrid Use Benefit for Linux Server | 3.0 | Identifies Linux instances eligible for Azure Hybrid Use Benefit. See the [README](https://github.com/flexera-public/policy_templates/tree/master/cost/azure/hybrid_use_benefit_linux) and [docs.flexera.com/flexera/EN/Automation](https://docs.flexera.com/flexera/EN/Automation/AutomationGS.htm) to learn more. |
| Azure Hybrid Use Benefit for SQL | 3.0 | Identifies SQL instances eligible for Azure Hybrid Use Benefit. See the [README](https://github.com/flexera-public/policy_templates/tree/master/cost/azure/hybrid_use_benefit_sql) and [docs.flexera.com/flexera/EN/Automation](https://docs.flexera.com/flexera/EN/Automation/AutomationGS.htm) to learn more. |
| Azure Hybrid Use Benefit for Windows Server | 3.0 | Identifies instances eligible for Azure Hybrid Use Benefit. See the [README](https://github.com/flexera-public/policy_templates/tree/master/cost/azure/hybrid_use_benefit) and [docs.flexera.com/flexera/EN/Automation](https://docs.flexera.com/flexera/EN/Automation/AutomationGS.htm) to learn more. |
| Azure Idle Compute Instances | 5.0 | Checks for instances that are idle for the last 30 days and terminates them after approval. See the [README](https://github.com/flexera-public/policy_templates/tree/master/cost/azure/idle_compute_instances/) and [docs.flexera.com/flexera/EN/Automation](https://docs.flexera.com/flexera/EN/Automation/AutomationGS.htm) to learn more. |
| Azure Inefficient Instance Utilization using Log Analytics | 2.18 | This checks inefficient instance utilization using provided CPU and Memory thresholds. Instances matching the criteria can be resized after user approval. See the [README](https://github.com/flexera-public/policy_templates/tree/master/cost/azure/instances_log_analytics_utilization) and [docs.flexera.com/flexera/EN/Automation](https://docs.flexera.com/flexera/EN/Automation/AutomationGS.htm) to learn more. |
| Azure Old Snapshots | 5.0 | Checks for snapshots older than specified number of days and, optionally, deletes them. See the [README](https://github.com/flexera-public/policy_templates/tree/master/cost/azure/old_snapshots) and [docs.flexera.com/flexera/EN/Automation](https://docs.flexera.com/flexera/EN/Automation/AutomationGS.htm) to learn more. |
| Azure Reserved Instances Recommendations | 2.17 | A policy that sends email notifications when Azure Reservation Recommendations are identified. NOTE: These Reservation Purchase Recommendations are generated by Microsoft Azure. See the [README](https://github.com/flexera-public/policy_templates/tree/master/cost/azure/reserved_instances/recommendations) and [docs.flexera.com/flexera/EN/Automation](https://docs.flexera.com/flexera/EN/Automation/AutomationGS.htm) to learn more. |
| Azure Reserved Instances Utilization | 2.8 | A policy that sends email notifications when utilization falls below a threshold. See the [README](https://github.com/flexera-public/policy_templates/tree/master/cost/azure/reserved_instances/utilization) and [docs.flexera.com/flexera/EN/Automation](https://docs.flexera.com/flexera/EN/Automation/AutomationGS.htm) to learn more. |
| Azure Reserved Instances Utilization MCA | 1.0 | A policy that sends email notifications when utilization falls below a threshold. See the [README](https://github.com/flexera-public/policy_templates/tree/master/cost/azure/reserved_instances/utilization_mca) and [docs.flexera.com/flexera/EN/Automation](https://docs.flexera.com/flexera/EN/Automation/AutomationGS.htm) to learn more. |
| Azure Rightsize Compute Instances | 3.1 | Checks for instances that have inefficient utilization for the last 30 days and downsizes or deletes them after approval. See the [README](https://github.com/flexera-public/policy_templates/tree/master/cost/azure/rightsize_compute_instances/) and [docs.flexera.com/flexera/EN/Automation](https://docs.flexera.com/flexera/EN/Automation/AutomationGS.htm) to learn more. |
| Azure Rightsize SQL Databases | 3.0 | Check for Inefficient Azure SQL single database services that are inside or outside the CPU threshold for the last 30 days and resizes them after approval. See the [README](https://github.com/flexera-public/policy_templates/tree/master/cost/azure/rightsize_sql_instances/) and [docs.flexera.com/flexera/EN/Automation](https://docs.flexera.com/flexera/EN/Automation/AutomationGS.htm) to learn more. |
| Azure SQL Databases without Elastic Pools | 2.5 | Check a list of Azure SQL Servers and check for Elastic DB Pools. See the [README](https://github.com/flexera-public/policy_templates/tree/master/operational/azure/azure_sql_using_elastic_pool/) and [docs.flexera.com/flexera/EN/Automation](https://docs.flexera.com/flexera/EN/Automation/AutomationGS.htm) to learn more. |
| Azure Savings Plan Recommendations | 1.4 | A policy that sends email notifications when Azure Savings Plan Recommendations are identified. NOTE: These Savings Plan Purchase Recommendations are generated by Microsoft Azure. See the [README](https://github.com/flexera/policy_templates/tree/master/cost/azure/savings_plan/recommendations) and [docs.flexera.com/flexera/EN/Automation](https://docs.flexera.com/flexera/EN/Automation/AutomationGS.htm) to learn more. |
| Azure Savings Realized from Reservations | 3.1 | This policy calculates savings realized by Reserved Instance purchases for Azure. See the [README](https://github.com/flexera-public/policy_templates/tree/master/cost/azure/savings_realized/) and [docs.flexera.com/flexera/EN/Automation](https://docs.flexera.com/flexera/EN/Automation/AutomationGS.htm) to learn more. |
| Azure Schedule Instance | 2.10 | This Policy Template allows you to schedule start and stop times for your instance, along with the option to terminate instance, update and delete schedule. See the [README](https://github.com/flexera-public/policy_templates/tree/master/cost/azure/schedule_instance/) and [docs.flexera.com/flexera/EN/Automation](https://docs.flexera.com/flexera/EN/Automation/AutomationGS.htm) to learn more. |
| Azure Storage Accounts without Lifecycle Management Policies | 3.0 | Check a list of Azure Storage Accounts without Lifecycle Management Policies. See the [README](https://github.com/flexera-public/policy_templates/tree/master/cost/azure/storage_account_lifecycle_management/) and [docs.flexera.com/flexera/EN/Automation](https://docs.flexera.com/flexera/EN/Automation/AutomationGS.htm) to learn more. |
| Azure Unused IP Addresses | 6.0 | Checks for unused IP addresses in the given account and, optionally, deletes them. See the [README](https://github.com/flexera-public/policy_templates/tree/master/cost/azure/unused_ip_addresses) and [docs.flexera.com/flexera/EN/Automation](https://docs.flexera.com/flexera/EN/Automation/AutomationGS.htm) to learn more |
| Azure Unused SQL Databases | 5.0 | Check for database services that have no connections and decommissions them after approval. See the [README](https://github.com/flexera-public/policy_templates/tree/master/cost/azure/unused_sql_databases/) and [docs.flexera.com/flexera/EN/Automation](https://docs.flexera.com/flexera/EN/Automation/AutomationGS.htm) to learn more. |
| Azure Unused Volumes | 5.0 | Checks for unused volumes older than specified number of days and, optionally, deletes them. See the [README](https://github.com/flexera-public/policy_templates/tree/master/cost/azure/unused_volumes) and [docs.flexera.com/flexera/EN/Automation](https://docs.flexera.com/flexera/EN/Automation/AutomationGS.htm) to learn more. |
| Budget Alerts | 3.0 | This policy utilizes the Flexera Budget API to detect if budget threshold has been exceeded for a selected budget. See the [README](https://github.com/flexera-public/policy_templates/tree/master/cost/budget_report_alerts/) and [docs.flexera.com/flexera/EN/Automation](https://docs.flexera.com/flexera/EN/Automation/AutomationGS.htm) to learn more. |
| Budget Alerts by Cloud Account | 2.2 | Create a Monthly Budget Alert for a Cloud Vendor Account. See the [README](https://github.com/flexera-public/policy_templates/tree/master/cost/budget_alerts_by_account/) and [docs.flexera.com/flexera/EN/Automation](https://docs.flexera.com/flexera/EN/Automation/AutomationGS.htm) to learn more. |
| Cheaper Regions | 2.0 | Specify which regions have cheaper alternatives by specifying the expensive region name and the cheaper region name for analysis. See the [README](https://github.com/flexera-public/policy_templates/tree/master/cost/cheaper_regions/) and [docs.flexera.com/flexera/EN/Automation](https://docs.flexera.com/flexera/EN/Automation/AutomationGS.htm) to learn more. |
| Cloud Cost Anomaly Alerts | 2.5 | Uses the /anomalies/report for a specified number of days and dimensions. Will raise an incident if the algorythm catches anomalies. See the [README](https://github.com/rightscale/policy_templates/tree/master/cost/cloud_cost_anomaly_alerts/) and [docs.flexera.com/flexera/EN/Automation](https://docs.flexera.com/flexera/EN/Automation/AutomationGS.htm) to learn more. |
| Cloud Spend Forecast - Moving Average | 3.1 | Pulls the cost data for lookback period then generates a moving average forecast of cloud spend for the specified months. See the [README](https://github.com/flexera-public/policy_templates/tree/master/cost/forecasting/moving_average/) and [docs.flexera.com/flexera/EN/Automation](https://docs.flexera.com/flexera/EN/Automation/AutomationGS.htm) to learn more. |
| Cloud Spend Forecast - Straight-Line (Linear Regression Model) | 3.3 | Pulls the cost data for lookback period then generates a Straight-Line Forecast for the specified months using a Linear Regression model. See the [README](https://github.com/flexera-public/policy_templates/tree/master/cost/forecasting/straight_line_forecast/) and [docs.flexera.com/flexera/EN/Automation](https://docs.flexera.com/flexera/EN/Automation/AutomationGS.htm) to learn more. |
| Cloud Spend Forecast - Straight-Line (Simple Model) | 3.3 | Pulls the cost data for lookback period then generates a Straight-Line Forecast on cloud spend for the specified months using a Simple model. See the [README](https://github.com/flexera-public/policy_templates/tree/master/cost/forecasting/straight_line_forecast/) and [docs.flexera.com/flexera/EN/Automation](https://docs.flexera.com/flexera/EN/Automation/AutomationGS.htm) to learn more. |
| Currency Conversion | 2.0 | A policy that creates an adjustment rule that converts the currency of the cost of the Cloud Vendor of choice. It utilizes xe.com to retrieve the latest exchange rates. See the [README](https://github.com/flexera-public/policy_templates/tree/master/cost/currency_conversion/) and [docs.flexera.com/flexera/EN/Automation](https://docs.flexera.com/flexera/EN/Automation/AutomationGS.htm) to learn more. |
| Google Cloud SQL Idle Instance Recommender | 2.11 | This Policy finds Google Idle Cloud SQL Instance Recommendations and reports when it finds them. See the [README](https://github.com/flexera-public/policy_templates/tree/master/cost/google/cloud_sql_idle_instance_recommendations) and [docs.flexera.com/flexera/EN/Automation](https://docs.flexera.com/flexera/EN/Automation/AutomationGS.htm) to learn more. |
| Google Committed Use Discount (CUD) | 2.8 | A policy that sends email notifications for all Google CUD's. See the [README](https://github.com/flexera-public/policy_templates/tree/master/cost/google/cud_report) and [docs.flexera.com/flexera/EN/Automation](https://docs.flexera.com/flexera/EN/Automation/AutomationGS.htm) to learn more |
| Google Committed Use Discount Recommender | 3.3 | This Policy finds Google Committed Use Discount Recommendations and reports when it finds them. See the [README](https://github.com/flexera-public/policy_templates/tree/master/cost/google/cud_recommendations) and [docs.flexera.com/flexera/EN/Automation](https://docs.flexera.com/flexera/EN/Automation/AutomationGS.htm) to learn more. |
| Google Expiring Committed Use Discount (CUD) | 2.7 | A policy that sends email notifications when Google CUD's are about to expire. See the [README](https://github.com/flexera-public/policy_templates/tree/master/cost/google/cud_expiration) and [docs.flexera.com/flexera/EN/Automation](https://docs.flexera.com/flexera/EN/Automation/AutomationGS.htm) to learn more |
| Google Idle Compute Instances | 2.11 | Checks for Google Compute instances that are idle for the last 30 days and terminates them after approval.. See the [README](https://github.com/flexera-public/policy_templates/tree/master/cost/google/idle_compute_instances/) and [docs.flexera.com/flexera/EN/Automation](https://docs.flexera.com/flexera/EN/Automation/AutomationGS.htm) to learn more. |
| Google Idle IP Address Recommender | 2.11 | This Policy finds Google Idle IP Address Recommendations and reports when it finds them. See the [README](https://github.com/flexera-public/policy_templates/tree/master/cost/google/idle_ip_address_recommendations) and [docs.flexera.com/flexera/EN/Automation](https://docs.flexera.com/flexera/EN/Automation/AutomationGS.htm) to learn more. |
| Google Idle Persistent Disk Recommender | 2.10 | This Policy finds Google Idle Persistent Disk Recommendations and reports when it finds them. See the [README](https://github.com/flexera-public/policy_templates/tree/master/cost/google/idle_persistent_disk_recommendations) and [docs.flexera.com/flexera/EN/Automation](https://docs.flexera.com/flexera/EN/Automation/AutomationGS.htm) to learn more. |
| Google Idle VM Recommender | 2.11 | This Policy finds Google Idle VM Recommendations and reports when it finds them. See the [README](https://github.com/flexera-public/policy_templates/tree/master/cost/google/idle_vm_recommendations) and [docs.flexera.com/flexera/EN/Automation](https://docs.flexera.com/flexera/EN/Automation/AutomationGS.htm) to learn more. |
| Google Object Storage Optimization | 2.7 | Checks Google Storage objects for last updated time and moves the object to 'nearline' or 'coldline' or delete(enable delete action as mentioned in README.md) after user approval [README](https://github.com/flexera-public/policy_templates/tree/master/cost/google/object_storage_optimization) and [docs.flexera.com/flexera/EN/Automation](https://docs.flexera.com/flexera/EN/Automation/AutomationGS.htm) to learn more. |
| Google Old Snapshots | 2.12 | Checks for snapshots older than specified number of days and, optionally, deletes them. See the [README](https://github.com/flexera-public/policy_templates/tree/master/cost/google/old_snapshots) and [docs.flexera.com/flexera/EN/Automation](https://docs.flexera.com/flexera/EN/Automation/AutomationGS.htm) to learn more. |
| Google Recommender Policy | 2.5 | This Policy finds Google Recommendations and reports when it finds them. See the [README](https://github.com/flexera-public/policy_templates/tree/master/cost/google/recommender) and [docs.flexera.com/flexera/EN/Automation](https://docs.flexera.com/flexera/EN/Automation/AutomationGS.htm) to learn more. |
| Google Rightsize CloudSQL Instances | 2.10 | Checks Google CloudSQL instances based on provided CPU threshold and Resize them after approval. See the [README](https://github.com/flexera-public/policy_templates/tree/master/cost/google/cloudsql_rightsizing/) and [docs.flexera.com/flexera/EN/Automation](https://docs.flexera.com/flexera/EN/Automation/AutomationGS.htm) to learn more. |
| Google Rightsize VM Recommender | 1.1 | This Policy finds Google Machine Type (Rightsize) Recommendations and reports when it finds them. See the [README](https://github.com/flexera-public/policy_templates/tree/FOPTS-711_fix_google_rightsize_recommendation_policy/cost/google/rightsize_vm_recommendations) and [docs.flexera.com/flexera/EN/Automation](https://docs.flexera.com/flexera/EN/Automation/AutomationGS.htm) to learn more. |
| Google Schedule Instance | 2.4 | This Policy Template allows you to schedule start and stop times for your instance, along with the option to terminate instance, update and delete schedule. See the [README](https://github.com/flexera-public/policy_templates/tree/master/cost/google/schedule_instance/) and [docs.flexera.com/flexera/EN/Automation](https://docs.flexera.com/flexera/EN/Automation/AutomationGS.htm) to learn more. |
| Kubecost Cluster Rightsizing Recommendations | 0.2 | The policy retrieves Kubecost recommendations for rightsizing of Kubernetes clusters and raises an incident. See the [README](https://github.com/flexera-public/policy_templates/tree/master/cost/kubecost/cluster) and [docs.flexera.com/flexera/EN/Automation](https://docs.flexera.com/flexera/EN/Automation/AutomationGS.htm) to learn more. |
| Kubecost Request Rightsizing Recommendations | 0.2 | Pulls the Request Rightsizing Recommendations from Kubecost and raises and incident. See the [README](https://github.com/flexera-public/policy_templates/tree/master/cost/kubecost/sizing/) and [docs.flexera.com/flexera/EN/Automation](https://docs.flexera.com/flexera/EN/Automation/AutomationGS.htm) to learn more. |
| Low Account Usage | 2.1 | Analyze all account usage and determines recommend consolidation or deletion. See the [README](https://github.com/flexera-public/policy_templates/tree/master/cost/low_account_usage/) and [docs.flexera.com/flexera/EN/Automation](https://docs.flexera.com/flexera/EN/Automation/AutomationGS.htm) to learn more. |
| Low Service Usage | 2.0 | Analyze all service usage and determines recommend consolidation or deletion. See the [README](https://github.com/flexera-public/policy_templates/tree/master/cost/low_service_usage/) and [docs.flexera.com/flexera/EN/Automation](https://docs.flexera.com/flexera/EN/Automation/AutomationGS.htm) to learn more. |
| Monthly Actual v. Budgeted Spend Report | 2.0 | This policy allows you to set up scheduled reports that will provide monthly actual v. budgeted cloud cost across all resources in the Billing Center(s) you specify, delivered to any email addresses you specify. See the [README](https://github.com/flexera-public/policy_templates/tree/master/cost/budget_v_actual) and [docs.flexera.com/flexera/EN/Automation](https://docs.flexera.com/flexera/EN/Automation/AutomationGS.htm) to learn more. |
| New Service Usage | 2.0 | Analyze bill for new service usage and notify. See the [README](https://github.com/flexera-public/policy_templates/tree/master/cost/new_service_usage) and [docs.flexera.com/flexera/EN/Automation](https://docs.flexera.com/flexera/EN/Automation/AutomationGS.htm) to learn more. |
| Oracle Cloud Common Bill Ingestion | 3.1 | Downloads cost reports from Oracle Cloud (OCI) and then uploads them to a Flexera CBI endpoint. See the [README](https://github.com/flexera-public/policy_templates/tree/master/cost/oracle/oracle_cbi) and [docs.flexera.com/flexera/EN/Automation](https://docs.flexera.com/flexera/EN/Automation/AutomationGS.htm) to learn more. |
| Reserved Instance Report by Billing Center | 2.0 | This policy generates a Reserved Instances report by Billing Center. See the [README](https://github.com/flexera-public/policy_templates/tree/master/cost/aws/reserved_instances/report_by_bc) and [docs.flexera.com/flexera/EN/Automation](https://docs.flexera.com/flexera/EN/Automation/AutomationGS.htm) to learn more. |
| Reserved Instances Coverage | 2.9 | A policy that sends email notifications on reserved instance coverage. See the [README](https://github.com/flexera-public/policy_templates/tree/master/cost/aws/reserved_instances/coverage) and [docs.flexera.com/flexera/EN/Automation](https://docs.flexera.com/flexera/EN/Automation/AutomationGS.htm) to learn more. |
| Scheduled Report | 2.1 | This policy allows you to set up scheduled reports that will provide summaries of cloud cost across all resources in the billing centers you specify, delivered to any email addresses you specify. The policy will report the following: Chart of the selected Date Range and Billing Term of utilization based on [category](https://docs.rightscale.com/optima/reference/rightscale_dimensions.html#category). Daily average cost across the last week and last month. Total cost during previous full week (Monday-Sunday) and previous full month. Total cost during current (incomplete) week and month. We recommend running this policy on a weekly or monthly cadence. _Note 1: The last 3 days of data in the current week or month will contain incomplete data._ _Note 2: The account you apply the policy to is unimportant as Optima metrics are scoped to the Org._ See [README](https://github.com/flexera-public/policy_templates/tree/master/cost/scheduled_reports) for more details |
| Superseded Instances | 3.1 | This Policy Template is used to identify instance sizes that have been superseded. See the [README](https://github.com/flexera-public/policy_templates/tree/master/cost/superseded_instance) and [docs.flexera.com/flexera/EN/Automation](https://docs.flexera.com/flexera/EN/Automation/AutomationGS.htm) to learn more. |
| Turbonomic Allocate Virtual Machine Recommendations AWS | 2.2 | Turbonomic policy for allocating RI coverage for virtual machines [README](https://github.com/flexera-public/policy_templates/tree/master/cost/turbonomics/allocate_virtual_machines_recommendations/aws) and [docs.flexera.com/flexera/EN/Automation](https://docs.flexera.com/flexera/EN/Automation/AutomationGS.htm) to learn more. |
| Turbonomic Allocate Virtual Machine Recommendations Azure | 2.2 | Turbonomic policy for allocating RI coverage for virtual machines [README](https://github.com/flexera-public/policy_templates/tree/master/cost/turbonomics/allocate_virtual_machines_recommendations/azure) and [docs.flexera.com/flexera/EN/Automation](https://docs.flexera.com/flexera/EN/Automation/AutomationGS.htm) to learn more. |
| Turbonomic Allocate Virtual Machine Recommendations Google | 2.3 | Turbonomic policy for allocating RI coverage for virtual machines [README](https://github.com/flexera-public/policy_templates/tree/master/cost/turbonomics/allocate_virtual_machines_recommendations/google) and [docs.flexera.com/flexera/EN/Automation](https://docs.flexera.com/flexera/EN/Automation/AutomationGS.htm) to learn more. |
| Turbonomic Buy Reserved Instances Recommendations AWS | 0.1 | Turbonomic policy for recommending purchasable reserved instances [README](https://github.com/flexera-public/policy_templates/tree/master/cost/turbonomics/buy_reserved_instances_recommendations/aws) and [docs.flexera.com/flexera/EN/Automation](https://docs.flexera.com/flexera/EN/Automation/AutomationGS.htm) to learn more. |
| Turbonomic Buy Reserved Instances Recommendations Azure | 0.1 | Turbonomic policy for recommending purchaseable reserved instances [README](https://github.com/flexera-public/policy_templates/tree/master/cost/turbonomics/buy_reserved_instances_recommendations/azure) and [docs.flexera.com/flexera/EN/Automation](https://docs.flexera.com/flexera/EN/Automation/AutomationGS.htm) to learn more. |
| Turbonomic Delete Unattached Volumes Recommendations AWS | 0.5 | Turbonomics policy for deleting unattached volumes [README](https://github.com/flexera-public/policy_templates/tree/master/cost/turbonomics/delete_unattached_volumes/aws) and [docs.flexera.com/flexera/EN/Automation](https://docs.flexera.com/flexera/EN/Automation/AutomationGS.htm) to learn more. |
| Turbonomic Delete Unattached Volumes Recommendations Azure | 0.4 | Turbonomics policy for deleting unattached volumes [README](https://github.com/flexera-public/policy_templates/tree/master/cost/turbonomics/delete_unattached_volumes/azure) and [docs.flexera.com/flexera/EN/Automation](https://docs.flexera.com/flexera/EN/Automation/AutomationGS.htm) to learn more. |
| Turbonomic Delete Unattached Volumes Recommendations Google | 0.5 | Turbonomics policy for deleting unattached volumes [README](https://github.com/flexera-public/policy_templates/tree/master/cost/turbonomics/delete_unattached_volumes/google) and [docs.flexera.com/flexera/EN/Automation](https://docs.flexera.com/flexera/EN/Automation/AutomationGS.htm) to learn more. |
| Turbonomic Rightsize Databases Recommendations AWS | 0.3 | Turbonomic policy that gives recommendations to rightsize Databases/DatabaseServers [README](https://github.com/flexera-public/policy_templates/tree/master/cost/turbonomics/rightsize_databases_recommendations/aws) and [docs.flexera.com/flexera/EN/Automation](https://docs.flexera.com/flexera/EN/Automation/AutomationGS.htm) to learn more. |
| Turbonomic Rightsize Databases Recommendations Azure | 0.3 | Turbonomic policy that gives recommendations to rightsize Databases/DatabaseServers [README](https://github.com/flexera-public/policy_templates/tree/master/cost/turbonomics/rightsize_databases_recommendations/azure) and [docs.flexera.com/flexera/EN/Automation](https://docs.flexera.com/flexera/EN/Automation/AutomationGS.htm) to learn more. |
| Turbonomic Rightsize Databases Recommendations Google | 0.3 | Turbonomic policy that gives recommendations to rightsize Databases/DatabaseServers [README](https://github.com/flexera-public/policy_templates/tree/master/cost/turbonomics/rightsize_databases_recommendations/google) and [docs.flexera.com/flexera/EN/Automation](https://docs.flexera.com/flexera/EN/Automation/AutomationGS.htm) to learn more. |
| Turbonomic Rightsize Virtual Machines Recommendations AWS | 0.3 | Turbonomic policy for scaling virtual machines [README](https://github.com/flexera-public/policy_templates/tree/master/cost/turbonomics/scale_virtual_machines_recommendations/aws) and [docs.flexera.com/flexera/EN/Automation](https://docs.flexera.com/flexera/EN/Automation/AutomationGS.htm) to learn more. |
| Turbonomic Rightsize Virtual Machines Recommendations Azure | 0.3 | Turbonomics policy for scaling virtual machines [README](https://github.com/flexera-public/policy_templates/tree/master/cost/turbonomics/scale_virtual_machines_recommendations/azure) and [docs.flexera.com/flexera/EN/Automation](https://docs.flexera.com/flexera/EN/Automation/AutomationGS.htm) to learn more. |
| Turbonomic Rightsize Virtual Machines Recommendations Google | 0.4 | Turbonomics policy for scaling virtual machines [README](https://github.com/flexera-public/policy_templates/tree/master/cost/turbonomics/scale_virtual_machines_recommendations/google) and [docs.flexera.com/flexera/EN/Automation](https://docs.flexera.com/flexera/EN/Automation/AutomationGS.htm) to learn more. |
| Turbonomic Rightsize Virtual Volumes Recommendations AWS | 0.3 | Turbonomic policy that gives recommendations to rightsize Virtual Volumes [README](https://github.com/flexera-public/policy_templates/tree/master/cost/turbonomics/rightsize_virtual_volumes_recommendations/aws) and [docs.flexera.com/flexera/EN/Automation](https://docs.flexera.com/flexera/EN/Automation/AutomationGS.htm) to learn more. |
| Turbonomic Rightsize Virtual Volumes Recommendations Azure | 0.3 | Turbonomic policy that gives recommendations to rightsize Virtual Volumes [README](https://github.com/flexera-public/policy_templates/tree/master/cost/turbonomics/rightsize_virtual_volumes_recommendations/azure) and [docs.flexera.com/flexera/EN/Automation](https://docs.flexera.com/flexera/EN/Automation/AutomationGS.htm) to learn more. |
| Vendor Commitment Forecast | 3.2 | This policy allows the user to specify a Commitment target value (based on the commitment amount agreed with your Cloud Service Provider/s), and track the current commitment spend to date, as well as projected commitment spend over a period. See the [README](https://github.com/flexera-public/policy_templates/tree/master/cost/forecasting/commitment_forecast/) and [docs.flexera.com/flexera/EN/Automation](https://docs.flexera.com/flexera/EN/Automation/AutomationGS.htm) to learn more. |
Security Policies
Gain visibility and control across all your public and/or private cloud environments with our security policies. Improve security across your applications, data, and associated infrastructure by finding security vulnerabilities before your customers do.
| Name | Version | Description |
|---|---|---|
| AWS EBS Ensure Encryption By Default | 3.0 | Report if EBS volumes are not set to be encrypted by default. See the [README](https://github.com/flexera-public/policy_templates/tree/master/security/aws/ebs_ensure_encryption_default) and [docs.flexera.com/flexera/EN/Automation](https://docs.flexera.com/flexera/EN/Automation/AutomationGS.htm) to learn more. |
| AWS Ensure AWS Config Enabled In All Regions | 2.2 | Report if AWS Config is not enabled in all regions. See the [README](https://github.com/flexera-public/policy_templates/tree/master/security/aws/aws_config_enabled) and [docs.rightscale.com/policies](https://docs.rightscale.com/policies/) to learn more. |
| AWS Ensure CloudTrail Enabled In All Regions | 2.1 | Report if CloudTrail is not fully enabled in all regions. See the [README](https://github.com/flexera-public/policy_templates/tree/master/security/aws/log_ensure_cloudtrail_multiregion) and [docs.rightscale.com/policies](https://docs.rightscale.com/policies/) to learn more. |
| AWS Ensure CloudTrail Integrated With Cloudwatch | 2.1 | Report if CloudTrail trails are not integrated with CloudWatch logs. See the [README](https://github.com/flexera-public/policy_templates/tree/master/security/aws/log_cloudtrail_cloudwatch_integrated) and [docs.rightscale.com/policies](https://docs.rightscale.com/policies/) to learn more. |
| AWS Ensure CloudTrail Logs Encrypted At Rest | 2.1 | Report if CloudTrail logs are not encrypted at rest. See the [README](https://github.com/flexera-public/policy_templates/tree/master/security/aws/log_ensure_cloudtrail_encrypted) and [docs.rightscale.com/policies](https://docs.rightscale.com/policies/) to learn more. |
| AWS Ensure CloudTrail S3 Buckets Have Access Logging | 2.1 | Report if CloudTrail stores logs in S3 bucket(s) without access logging enabled. See the [README](https://github.com/flexera-public/policy_templates/tree/master/security/aws/log_ensure_cloudtrail_bucket_access_logging) and [docs.rightscale.com/policies](https://docs.rightscale.com/policies/) to learn more. |
| AWS Ensure CloudTrail S3 Buckets Non-Public | 2.1 | Report if CloudTrail stores logs in publicly accessible S3 bucket(s). See the [README](https://github.com/flexera-public/policy_templates/tree/master/security/aws/log_ensure_cloudtrail_bucket_not_public) and [docs.rightscale.com/policies](https://docs.rightscale.com/policies/) to learn more. |
| AWS Ensure Log File Validation Enabled For All CloudTrails | 2.1 | Report if any CloudTrails do not have log file validation enabled. See the [README](https://github.com/flexera-public/policy_templates/tree/master/security/aws/log_file_validation_enabled) and [docs.rightscale.com/policies](https://docs.rightscale.com/policies/) to learn more. |
| AWS Ensure Object-level Events Logging Enabled For CloudTrails | 2.1 | Report if CloudTrail does not have object-level logging for read and write events enabled. See the [README](https://github.com/flexera-public/policy_templates/tree/master/security/aws/log_ensure_cloudtrail_bucket_object_logging) and [docs.rightscale.com/policies](https://docs.rightscale.com/policies/) to learn more. |
| AWS Ensure Rotation For Customer Master Keys (CMKs) Is Enabled | 2.2 | Report if CMK rotation is not enabled. See the [README](https://github.com/flexera-public/policy_templates/tree/master/security/aws/kms_rotation) and [docs.rightscale.com/policies](https://docs.rightscale.com/policies/) to learn more. |
| AWS IAM Ensure Access Keys Are Rotated | 2.6 | Report if access keys exist that are 90 days old or older. See the [README](https://github.com/flexera-public/policy_templates/tree/master/security/aws/iam_rotate_access_keys) and [docs.flexera.com/flexera/EN/Automation](https://docs.flexera.com/flexera/EN/Automation/AutomationGS.htm) to learn more. |
| AWS IAM Ensure Credentials Unused For >45 days Are Disabled | 2.4 | Report if credentials exist that have gone unused for 45 days or more. See the [README](https://github.com/flexera-public/policy_templates/tree/master/security/aws/iam_disable_45_day_creds) and [docs.flexera.com/flexera/EN/Automation](https://docs.flexera.com/flexera/EN/Automation/AutomationGS.htm) to learn more. |
| AWS IAM Ensure MFA Enabled For IAM Users | 2.5 | Report if MFA is not enabled for IAM users with a console password. See the [README](https://github.com/flexera-public/policy_templates/tree/master/security/aws/iam_no_root_for_tasks) and [docs.flexera.com/flexera/EN/Automation](https://docs.flexera.com/flexera/EN/Automation/AutomationGS.htm) to learn more. |
| AWS IAM Ensure One Active Key Per IAM User | 2.2 | Report if any IAM users have 2 or more active access keys. See the [README](https://github.com/flexera-public/policy_templates/tree/master/security/aws/iam_one_active_key_per_user) and [docs.flexera.com/flexera/EN/Automation](https://docs.flexera.com/flexera/EN/Automation/AutomationGS.htm) to learn more. |
| AWS IAM Ensure One Active Key Per IAM User | 2.2 | Report if any IAM users have policies assigned directly instead of through groups. See the [README](https://github.com/flexera-public/policy_templates/tree/master/security/aws/iam_users_perms_via_groups_only) and [docs.flexera.com/flexera/EN/Automation](https://docs.flexera.com/flexera/EN/Automation/AutomationGS.htm) to learn more. |
| AWS IAM Report Attached Admin IAM Policies | 2.4 | Report any admin IAM policies that are attached. See the [README](https://github.com/flexera-public/policy_templates/tree/master/security/aws/iam_no_admin_iam_policies_attached) and [docs.flexera.com/flexera/EN/Automation](https://docs.flexera.com/flexera/EN/Automation/AutomationGS.htm) to learn more. |
| AWS IAM Report Expired SSL/TLS Certificates | 2.4 | Report any expired SSL/TLS certificates in the AWS account.. See the [README](https://github.com/flexera-public/policy_templates/tree/master/security/aws/iam_expired_ssl_certs) and [docs.flexera.com/flexera/EN/Automation](https://docs.flexera.com/flexera/EN/Automation/AutomationGS.htm) to learn more. |
| AWS IAM Report Insufficient Password Policy | 2.4 | Report if password length requirement is insufficient. See the [README](https://github.com/flexera-public/policy_templates/tree/master/security/aws/iam_min_password_length) and [docs.flexera.com/flexera/EN/Automation](https://docs.flexera.com/flexera/EN/Automation/AutomationGS.htm) to learn more. |
| AWS IAM Report Password Policy No Restrict Password Reuse | 2.4 | Report if password policy does not restrict reusing passwords or saves fewer than 24 passwords for this purpose. See the [README](https://github.com/flexera-public/policy_templates/tree/master/security/aws/iam_min_password_length) and [docs.flexera.com/flexera/EN/Automation](https://docs.flexera.com/flexera/EN/Automation/AutomationGS.htm) to learn more. |
| AWS IAM Report Regions Without Access Analyzer | 3.0 | Report affected regions if no Access Analyzer is enabled. See the [README](https://github.com/flexera-public/policy_templates/tree/master/security/aws/iam_access_analyzer_enabled) and [docs.flexera.com/flexera/EN/Automation](https://docs.flexera.com/flexera/EN/Automation/AutomationGS.htm) to learn more. |
| AWS IAM Report Root Account Access Keys | 2.4 | Report any access keys with root access. See the [README](https://github.com/flexera-public/policy_templates/tree/master/security/aws/iam_no_root_access_keys) and [docs.flexera.com/flexera/EN/Automation](https://docs.flexera.com/flexera/EN/Automation/AutomationGS.htm) to learn more. |
| AWS IAM Report Root Accounts Without Hardware MFA | 2.4 | Report root account if hardware MFA is disabled. See the [README](https://github.com/flexera-public/policy_templates/tree/master/security/aws/iam_hwmfa_enabled_for_root) and [docs.flexera.com/flexera/EN/Automation](https://docs.flexera.com/flexera/EN/Automation/AutomationGS.htm) to learn more. |
| AWS IAM Report Root Accounts Without MFA | 2.4 | Report root account if MFA is disabled. See the [README](https://github.com/flexera-public/policy_templates/tree/master/security/aws/iam_mfa_enabled_for_root) and [docs.flexera.com/flexera/EN/Automation](https://docs.flexera.com/flexera/EN/Automation/AutomationGS.htm) to learn more. |
| AWS IAM Report Root User Doing Everyday Tasks | 2.5 | Report whether the root account is being used for routine or everyday tasks. See the [README](https://github.com/flexera-public/policy_templates/tree/master/security/aws/iam_no_root_for_tasks) and [docs.flexera.com/flexera/EN/Automation](https://docs.flexera.com/flexera/EN/Automation/AutomationGS.htm) to learn more. |
| AWS IAM Support Role Created | 2.4 | Report if no support roles exist in the AWS account. See the [README](https://github.com/flexera-public/policy_templates/tree/master/security/aws/iam_support_role_created) and [docs.flexera.com/flexera/EN/Automation](https://docs.flexera.com/flexera/EN/Automation/AutomationGS.htm) to learn more. |
| AWS Internet-facing ELBs & ALBs | 3.0 | Report and remediate any Classic Load Balancers(ELBs) and Application load Balancers(ALBs) that are Internet-facing. See the [README](https://github.com/flexera-public/policy_templates/tree/master/security/aws/loadbalancer_internet_facing) and [docs.flexera.com/flexera/EN/Automation](https://docs.flexera.com/flexera/EN/Automation/AutomationGS.htm) to learn more. |
| AWS Open Buckets | 2.7 | Check for buckets that are open to everyone. See the [README](https://github.com/flexera-public/policy_templates/tree/master/security/storage/aws/public_buckets) and [docs.flexera.com/flexera/EN/Automation](https://docs.flexera.com/flexera/EN/Automation/AutomationGS.htm) to learn more. |
| AWS Publicly Accessible RDS Instances | 4.0 | Check for database services that are publicly accessible and terminate them after approval. See the [README](https://github.com/flexera-public/policy_templates/tree/master/security/aws/rds_publicly_accessible) and [docs.flexera.com/flexera/EN/Automation](https://docs.flexera.com/flexera/EN/Automation/AutomationGS.htm) to learn more. |
| AWS S3 Buckets without Server Access Logging | 2.6 | Checks for buckets that do not have server_access_logging enabled. See the [README](https://github.com/flexera-public/policy_templates/tree/master/security/storage/aws/s3_buckets_without_server_access_logging) and [docs.flexera.com/flexera/EN/Automation](https://docs.flexera.com/flexera/EN/Automation/AutomationGS.htm) to learn more. |
| AWS S3 Ensure 'Block Public Access' Configured For All Buckets | 2.2 | Report if 'Block Public Access' is not configured for any S3 Buckets. See the [README](https://github.com/flexera-public/policy_templates/tree/master/security/aws/s3_ensure_buckets_block_public_access) and [docs.flexera.com/flexera/EN/Automation](https://docs.flexera.com/flexera/EN/Automation/AutomationGS.htm) to learn more. |
| AWS S3 Ensure Bucket Policies Deny HTTP Requests | 2.4 | Report any S3 buckets that do not have a policy to deny HTTP requests. See the [README](https://github.com/flexera-public/policy_templates/tree/master/security/aws/s3_buckets_deny_http) and [docs.flexera.com/flexera/EN/Automation](https://docs.flexera.com/flexera/EN/Automation/AutomationGS.htm) to learn more. |
| AWS S3 Ensure MFA Delete Enabled For All Buckets | 2.4 | Report if MFA Delete is not enabled for any S3 Buckets. See the [README](https://github.com/flexera-public/policy_templates/tree/master/security/aws/s3_ensure_mfa_delete_enabled) and [docs.flexera.com/flexera/EN/Automation](https://docs.flexera.com/flexera/EN/Automation/AutomationGS.htm) to learn more. |
| AWS Unencrypted ELB Listeners (ALB/NLB) | 3.0 | Report any AWS App/Network Load Balancers w/Internet-facing Unencrypted Listeners. See the [README](https://github.com/flexera-public/policy_templates/tree/master/security/aws/elb_unencrypted) and [docs.flexera.com/flexera/EN/Automation](https://docs.flexera.com/flexera/EN/Automation/AutomationGS.htm) to learn more. |
| AWS Unencrypted ELB Listeners (CLB) | 3.0 | Report any AWS Classic Load Balancers w/Internet-facing Unencrypted Listeners. See the [README](https://github.com/flexera-public/policy_templates/tree/master/security/aws/clb_unencrypted) and [docs.flexera.com/flexera/EN/Automation](https://docs.flexera.com/flexera/EN/Automation/AutomationGS.htm) to learn more. |
| AWS Unencrypted RDS Instances | 3.0 | Report any Relational Database Service (RDS) instances that are unencrypted. See the [README](https://github.com/flexera-public/policy_templates/tree/master/security/aws/rds_unencrypted) and [docs.flexera.com/flexera/EN/Automation](https://docs.flexera.com/flexera/EN/Automation/AutomationGS.htm) to learn more. |
| AWS Unencrypted S3 Buckets | 2.8 | Report any S3 buckets in AWS that are unencrypted and provide the option to set the default encryption after approval. See the [README](https://github.com/flexera-public/policy_templates/tree/master/security/aws/unencrypted_s3_buckets) and [docs.flexera.com/flexera/EN/Automation](https://docs.flexera.com/flexera/EN/Automation/AutomationGS.htm) to learn more. |
| AWS Unencrypted Volumes | 3.0 | Report any Elastic Block Store (EBS) volumes in AWS that are unencrypted. See the [README](https://github.com/flexera-public/policy_templates/tree/master/security/aws/ebs_unencrypted_volumes) and [docs.flexera.com/flexera/EN/Automation](https://docs.flexera.com/flexera/EN/Automation/AutomationGS.htm) to learn more. |
| AWS VPC's without FlowLogs Enabled | 3.0 | Report any AWS VPC's without FlowLogs Enabled. See the [README](https://github.com/flexera-public/policy_templates/tree/master/security/aws/vpcs_without_flow_logs_enabled) and [docs.flexera.com/flexera/EN/Automation](https://docs.flexera.com/flexera/EN/Automation/AutomationGS.htm) to learn more. |
| Azure Ensure Blob Containers Set To Private | 2.2 | Report if any blob storage containers do not have their public access level set to private. See the [README](https://github.com/flexera-public/policy_templates/tree/master/security/azure/private_blob_containers) and [docs.rightscale.com/policies](https://docs.rightscale.com/policies/) to learn more. |
| Azure Ensure Correct PostgreSQL Servers Log Settings | 2.0 | Report if any PostgreSQL server instances are not configured with correct log settings. See the [README](https://github.com/flexera/policy_templates/tree/master/security/azure/pg_log_settings) and [docs.rightscale.com/policies](https://docs.rightscale.com/policies/) to learn more. |
| Azure Ensure High Severity Alerts | 2.2 | Report if any subscriptions are not configured to report high severity alerts. See the [README](https://github.com/flexera-public/policy_templates/tree/master/security/azure/high_severity_alerts) and [docs.rightscale.com/policies](https://docs.rightscale.com/policies/) to learn more. |
| Azure Ensure Log Analytics Auto-Provisioning | 2.2 | Report if auto-provisioning of Log Analytics agent for Azure VMs is disabled. See the [README](https://github.com/flexera-public/policy_templates/tree/master/security/azure/log_analytics_autoprovision) and [docs.rightscale.com/policies](https://docs.rightscale.com/policies/) to learn more. |
| Azure Ensure MySQL Flexible Servers Use Secure TLS | 2.2 | Report if any MySQL flexible server instances do not use a secure TLS version. See the [README](https://github.com/flexera-public/policy_templates/tree/master/security/azure/mysql_tls_version/) and [docs.rightscale.com/policies](https://docs.rightscale.com/policies/) to learn more. |
| Azure Ensure MySQL Servers Enforce SSL Connections | 2.2 | Report if any MySQL server instances do not enforce SSL connections. See the [README](https://github.com/flexera-public/policy_templates/tree/master/security/azure/mysql_ssl/) and [docs.rightscale.com/policies](https://docs.rightscale.com/policies/) to learn more. |
| Azure Ensure Owners Receive Security Alerts | 2.2 | Report if any subscriptions are not configured to send security alerts to their owners. See the [README](https://github.com/flexera-public/policy_templates/tree/master/security/azure/security_alert_owners) and [docs.rightscale.com/policies](https://docs.rightscale.com/policies/) to learn more. |
| Azure Ensure PostgreSQL Servers Connection Throttling Enabled | 2.0 | Report if any PostgreSQL server instances do not have connection throttling enabled. See the [README](https://github.com/flexera/policy_templates/tree/master/security/azure/pg_conn_throttling) and [docs.rightscale.com/policies](https://docs.rightscale.com/policies/) to learn more. |
| Azure Ensure PostgreSQL Servers Infrastructure Encryption | 2.2 | Report if any PostgreSQL server instances do not have infrastructure encryption enabled. See the [README](https://github.com/flexera-public/policy_templates/tree/master/security/azure/pg_infra_encryption) and [docs.rightscale.com/policies](https://docs.rightscale.com/policies/) to learn more. |
| Azure Ensure PostgreSQL Servers Sufficient Log Retention | 2.0 | Report if any PostgreSQL server instances do not have log retention configured for more than 3 days. See the [README](https://github.com/flexera/policy_templates/tree/master/security/azure/pg_log_retention) and [docs.rightscale.com/policies](https://docs.rightscale.com/policies/) to learn more. |
| Azure Ensure SQL Database Encryption | 2.0 | Report if any SQL databases do not have encryption enabled. See the [README](https://github.com/flexera/policy_templates/tree/master/security/azure/sql_db_encryption) and [docs.rightscale.com/policies](https://docs.rightscale.com/policies/) to learn more. |
| Azure Ensure SQL Server AD Admin Configured | 2.2 | Report if any SQL server instances do not have an AD (Active Directory) Admin configured. See the [README](https://github.com/flexera-public/policy_templates/tree/master/security/azure/sql_ad_admin/) and [docs.rightscale.com/policies](https://docs.rightscale.com/policies/) to learn more. |
| Azure Ensure SQL Server ATP (Advanced Threat Protection) Enabled | 2.0 | Report if any SQL server instances do not have ATP (Advanced Threat Protection) enabled. See the [README](https://github.com/flexera/policy_templates/tree/master/security/azure/sql_server_atp) and [docs.rightscale.com/policies](https://docs.rightscale.com/policies/) to learn more. |
| Azure Ensure SQL Server Auditing Enabled | 2.2 | Report if any SQL server instances do not have auditing enabled. See the [README](https://github.com/flexera-public/policy_templates/tree/master/security/azure/sql_server_auditing) and [docs.rightscale.com/policies](https://docs.rightscale.com/policies/) to learn more. |
| Azure Ensure SQL Server Minimum Auditing Retention Of 90 Days | 2.0 | Report if any SQL server instances do not have auditing retention configured for 90 days or more. See the [README](https://github.com/flexera/policy_templates/tree/master/security/azure/sql_auditing_retention) and [docs.rightscale.com/policies](https://docs.rightscale.com/policies/) to learn more. |
| Azure Ensure SQL Server VA Email Notifications | 2.2 | Report if any SQL server instances do not have notification emails configured for VA. See the [README](https://github.com/flexera-public/policy_templates/tree/master/security/azure/sql_server_va_emails) and [docs.rightscale.com/policies](https://docs.rightscale.com/policies/) to learn more. |
| Azure Ensure SQL Server VA Notify Admins/Subscription Owners | 2.2 | Report if any SQL server instances are not configured in VA to also notify admins and subscription owners. See the [README](https://github.com/flexera-public/policy_templates/tree/master/security/azure/sql_server_va_admins) and [docs.rightscale.com/policies](https://docs.rightscale.com/policies/) to learn more. |
| Azure Ensure SQL Server VA Periodic Scans Enabled | 2.0 | Report if any SQL server instances do not have Vulnerability Assessment (VA) periodic scans enabled. See the [README](https://github.com/flexera/policy_templates/tree/master/security/azure/sql_server_va_scans) and [docs.rightscale.com/policies](https://docs.rightscale.com/policies/) to learn more. |
| Azure Ensure SQL Server Vulnerability Assessment (VA) Enabled | 2.2 | Report if any SQL server instances do not have Vulnerability Assessment (VA) enabled. See the [README](https://github.com/flexera-public/policy_templates/tree/master/security/azure/sql_server_va) and [docs.rightscale.com/policies](https://docs.rightscale.com/policies/) to learn more. |
| Azure Ensure Secure Transfer Required | 2.2 | Report if any storage accounts are not configured to require secure transfers. See the [README](https://github.com/flexera-public/policy_templates/tree/master/security/azure/secure_transfer_required) and [docs.rightscale.com/policies](https://docs.rightscale.com/policies/) to learn more. |
| Azure Ensure Security Contact Email | 2.2 | Report if any subscriptions lack a security contact email address. See the [README](https://github.com/flexera-public/policy_templates/tree/master/security/azure/security_contact_email) and [docs.rightscale.com/policies](https://docs.rightscale.com/policies/) to learn more. |
| Azure Ensure Soft Delete Enabled For Azure Storage | 2.2 | Report if the storage service does not have soft delete enabled. See the [README](https://github.com/flexera-public/policy_templates/tree/master/security/azure/storage_soft_delete/) and [docs.rightscale.com/policies](https://docs.rightscale.com/policies/) to learn more. |
| Azure Ensure Storage Account Default Network Access Set To Deny | 2.2 | Report if any storage accounts do not have their default network access set to 'deny'. See the [README](https://github.com/flexera-public/policy_templates/tree/master/security/azure/storage_network_deny) and [docs.rightscale.com/policies](https://docs.rightscale.com/policies/) to learn more. |
| Azure Ensure Storage Accounts Require Secure TLS Version | 2.2 | Report if any storage accounts are not configured to require TLS 1.2. See the [README](https://github.com/flexera-public/policy_templates/tree/master/security/azure/storage_tls_version) and [docs.rightscale.com/policies](https://docs.rightscale.com/policies/) to learn more. |
| Azure Ensure Storage Logging Enabled For Blob Service | 2.2 | Report if any blob storage accounts are not configured to log read, write, and delete requests. See the [README](https://github.com/flexera-public/policy_templates/tree/master/security/azure/blob_storage_logging) and [docs.rightscale.com/policies](https://docs.rightscale.com/policies/) to learn more. |
| Azure Ensure Storage Logging Enabled For Queue Service | 2.2 | Report if any storage queue accounts are not configured to log read, write, and delete requests. See the [README](https://github.com/flexera-public/policy_templates/tree/master/security/azure/queue_storage_logging) and [docs.rightscale.com/policies](https://docs.rightscale.com/policies/) to learn more. |
| Azure Ensure Storage Logging Enabled For Table Service | 2.2 | Report if any storage table accounts are not configured to log read, write, and delete requests. See the [README](https://github.com/flexera-public/policy_templates/tree/master/security/azure/table_storage_logging) and [docs.rightscale.com/policies](https://docs.rightscale.com/policies/) to learn more. |
| Azure Ensure Trusted Microsoft Services Enabled | 2.2 | Report if any storage accounts do not have access enabled for Trusted Microsoft Services. See the [README](https://github.com/flexera-public/policy_templates/tree/master/security/azure/storage_trusted_services/) and [docs.rightscale.com/policies](https://docs.rightscale.com/policies/) to learn more. |
| Azure Guest Users Audit | 2.1 | Report if any guest users exist so that they can be reviewed. See the [README](https://github.com/flexera-public/policy_templates/tree/master/security/azure/guest_users) and [docs.rightscale.com/policies](https://docs.rightscale.com/policies/) to learn more. |
| Azure Network Security Groups With Inbound RDP Open | 2.3 | Reports when an Azure Network Security Group has RDP open to the internet. See the [README](https://github.com/flexera-public/policy_templates/tree/master/security/azure/restrict_rdp_internet) and [docs.flexera.com/flexera/EN/Automation](https://docs.flexera.com/flexera/EN/Automation/AutomationGS.htm) to learn more. |
| Azure Network Security Groups With Inbound SSH Open | 2.3 | Reports when an Azure Network Security Group has ssh (port 22) open to the internet. See the [README](https://github.com/flexera-public/policy_templates/tree/master/security/azure/restrict_ssh_internet) and [docs.flexera.com/flexera/EN/Automation](https://docs.flexera.com/flexera/EN/Automation/AutomationGS.htm) to learn more. |
| Azure Publicly Accessible Managed SQL Instance | 2.8 | Check for database services that are publicly accessible and terminate them after approval. See the [README](https://github.com/flexera-public/policy_templates/tree/master/security/azure/sql_publicly_accessible_managed_instance) and [docs.flexera.com/flexera/EN/Automation](https://docs.flexera.com/flexera/EN/Automation/AutomationGS.htm) to learn more. |
| Azure Resources with public IP address | 2.4 | Get the Resource Group or any resources with public IP address. See the [docs.flexera.com/flexera/EN/Automation](https://docs.flexera.com/flexera/EN/Automation/AutomationGS.htm) to learn more. |
| Azure Storage Accounts Without HTTPs Enforced | 2.5 | Checks for Azure Storage Accounts with HTTPs not enforced. See the [README](https://github.com/flexera-public/policy_templates/tree/master/security/storage/azure/storage_account_https_enabled) and [docs.flexera.com/flexera/EN/Automation](https://docs.flexera.com/flexera/EN/Automation/AutomationGS.htm) to learn more. |
| Azure Web App Minimum TLS Version | 2.6 | Checks for Azure Web Apps with a minimum TLS version less that the value specified. See the [README](https://github.com/flexera-public/policy_templates/tree/master/security/azure/webapp_tls_version_support) and [docs.flexera.com/flexera/EN/Automation](https://docs.flexera.com/flexera/EN/Automation/AutomationGS.htm) to learn more. |
| Google Open Buckets | 2.5 | Checks for buckets that are open to the public. See the [README](https://github.com/flexera-public/policy_templates/tree/master/security/storage/google/public_buckets) and [docs.flexera.com/flexera/EN/Automation](https://docs.flexera.com/flexera/EN/Automation/AutomationGS.htm) to learn more. |
Operational Policies
Save valuable human time and investment by automating everyday IT operations. Running an automated and efficient cloud infrastructure frees up expensive resources on high ROI projects like scaling, growth, and deliver value faster than anyone else.
| Name | Version | Description |
|---|---|---|
| AKS Node Pools Without Autoscaling | 2.4 | Raise an incident if there are any AKS user node pools without autoscaling enabled. See the [README](https://github.com/flexera-public/policy_templates/tree/master/operational/azure/aks_nodepools_without_autoscaling) and [docs.flexera.com/flexera/EN/Automation](https://docs.flexera.com/flexera/EN/Automation/AutomationGS.htm) to learn more. |
| AKS Node Pools Without Zero Autoscaling | 2.4 | Raise an incident if there are any AKS user node pools without zero autoscaling enabled. See the [README](https://github.com/flexera-public/policy_templates/tree/master/operational/azure/aks_nodepools_without_autoscaling) and [docs.flexera.com/flexera/EN/Automation](https://docs.flexera.com/flexera/EN/Automation/AutomationGS.htm) to learn more. |
| AWS Instance Scheduled Events | 3.0 | Report on any AWS scheduled event that will impact instance availability. See the [README](https://github.com/flexera-public/policy_templates/tree/master/operational/aws/instance_scheduled_events) and [docs.flexera.com/flexera/EN/Automation](https://docs.flexera.com/flexera/EN/Automation/AutomationGS.htm) to learn more. |
| AWS Lambda Functions with high error rate | 4.0 | Report any functions with error rate over parameter. See the [README](https://github.com/flexera-public/policy_templates/tree/master/operational/aws/lambda_functions_with_high_error_rate) and [docs.flexera.com/flexera/EN/Automation](https://docs.flexera.com/flexera/EN/Automation/AutomationGS.htm) to learn more. |
| AWS Long Running Instances | 3.0 | Checks for running instances that have been running longer than the `Days Old` parameter. See the [README](https://github.com/flexera-public/policy_templates/tree/master/operational/aws/long_running_instances/) and [docs.flexera.com/flexera/EN/Automation](https://docs.flexera.com/flexera/EN/Automation/AutomationGS.htm) to learn more. |
| AWS RDS Backup Settings | 2.7 | Checks for RDS Instances that have unapproved backup settings. See the [README](https://github.com/flexera-public/policy_templates/tree/master/operational/dbaas/aws/rds_backup) and [docs.flexera.com/flexera/EN/Automation](https://docs.flexera.com/flexera/EN/Automation/AutomationGS.htm) to learn more. |
| AWS Tag Cardinality Report | 2.3 | Generates a tag cardinality report for AWS Accounts and Resources. See the [README](https://github.com/flexera-public/policy_templates/tree/master/operational/aws/tag_cardinality) and [docs.flexera.com/flexera/EN/Automation](https://docs.flexera.com/flexera/EN/Automation/AutomationGS.htm) to learn more. |
| AWS Usage Forecast - Number of Instance Hours Used | 3.2 | This policy uses a linear-regression model to produce a forecast of the number of hours used for AWS instances, categorized by Instance Family. See the [README](https://github.com/flexera-public/policy_templates/tree/master/operational/aws/total_instance_hours_forecast) and [docs.flexera.com/flexera/EN/Automation](https://docs.flexera.com/flexera/EN/Automation/AutomationGS.htm) to learn more. |
| AWS Usage Forecast - Number of Instance vCPUs Used | 3.2 | This policy uses a linear-regression model to produce a forecast of the number of vCPUs used for AWS instances, categorized by Instance Family. See the [README](https://github.com/flexera-public/policy_templates/tree/master/operational/aws/total_instance_vcpus_forecast) and [docs.flexera.com/flexera/EN/Automation](https://docs.flexera.com/flexera/EN/Automation/AutomationGS.htm) to learn more. |
| AWS Usage Report - Number of Instance Hours Used | 3.1 | This policy produces a usage report showing the number of Hours used for each AWS Instance Family. See the [README](https://github.com/flexera-public/policy_templates/tree/master/operational/aws/total_instance_hours) and [docs.flexera.com/flexera/EN/Automation](https://docs.flexera.com/flexera/EN/Automation/AutomationGS.htm) to learn more. |
| AWS Usage Report - Number of Instance vCPUs Used | 3.1 | This policy produces a usage report showing the number of vCPUs used for each AWS Instance Family. See the [README](https://github.com/flexera-public/policy_templates/tree/master/operational/aws/total_instance_vcpus) and [docs.flexera.com/flexera/EN/Automation](https://docs.flexera.com/flexera/EN/Automation/AutomationGS.htm) to learn more. |
| Application Migration Recommendations | 1.5 | This Policy Template will analyze RISC CloudScape data and will generate recommendations for migrating application stacks to the most cost effective for each cloud providers & regions. See the [README](https://github.com/flexera-public/policy_templates/tree/master/operational/compute_instance_migration) and [docs.flexera.com/flexera/EN/Automation](https://docs.flexera.com/flexera/EN/Automation/AutomationGS.htm) to learn more. |
| Azure Long Running Instances | 3.0 | Checks for running instances that have been running longer than the `Days Old` parameter. See the [docs.flexera.com/flexera/EN/Automation](https://docs.flexera.com/flexera/EN/Automation/AutomationGS.htm) to learn more. |
| Azure Migrate Integration | 1.3 | This Policy will collect the resources from a RISC Foundations assessment and seed Azure Migrate with the discovered servers. See the [README](https://github.com/flexera-public/policy_templates/tree/master/operational/azure/azure_migrate) and [docs.flexera.com/flexera/EN/Automation](https://docs.flexera.com/flexera/EN/Automation/AutomationGS.htm) to learn more. |
| Azure Sync Tags with Optima | 3.2 | Identify all Azure Tag Keys and add them as custom dimensions in Flexera Optima. See the [README](https://github.com/flexera-public/policy_templates/tree/master/operational/azure/sync_tags_with_optima) and [docs.flexera.com/flexera/EN/Automation](https://docs.flexera.com/flexera/EN/Automation/AutomationGS.htm) to learn more. |
| Azure Tag Cardinality Report | 3.0 | Generates a tag cardinality report for Azure Subscriptions, Resource Groups, and Resources. See the [README](https://github.com/flexera-public/policy_templates/tree/master/operational/azure/tag_cardinality) and [docs.flexera.com/flexera/EN/Automation](https://docs.flexera.com/flexera/EN/Automation/AutomationGS.htm) to learn more. |
| Azure VMs Not Using Managed Disks | 3.0 | Report any VMs that are not using managed disks in Azure. See the [README](https://github.com/flexera-public/policy_templates/tree/master/operational/azure/vms_without_managed_disks) and [docs.flexera.com/flexera/EN/Automation](https://docs.flexera.com/flexera/EN/Automation/AutomationGS.htm) to learn more. |
| Bill Processing Error Notification | 2.0 | Collects all currently applied policies and raises an incident for any in an error state. See the [README](https://github.com/flexera-public/policy_templates/tree/master/operational/bill_processing_errors_notification/) and [docs.flexera.com/flexera/EN/Automation](https://docs.flexera.com/flexera/EN/Automation/AutomationGS.htm) to learn more. |
| Expiring Azure Certificates | 3.0 | Raise an incident if there are expired and almost expired certificates on the Azure account in active use. See the [README](https://github.com/flexera-public/policy_templates/tree/master/operational/azure/azure_certificates) and [docs.flexera.com/flexera/EN/Automation](https://docs.flexera.com/flexera/EN/Automation/AutomationGS.htm) to learn more. |
| NetFlow Top Talkers | 1.5 | This Policy Template will analyze RISC Foundations NetFlow data and will leverage these traffic patterns to identify the top communication routes from each application stack to external dependencies. See the [README](https://github.com/flexera-public/policy_templates/tree/master/operational/network_flow) and [docs.flexera.com/flexera/EN/Automation](https://docs.flexera.com/flexera/EN/Automation/AutomationGS.htm) to learn more. |
| Schedule FlexNet Manager Report | 3.0 | Schedule a FlexNet Manager report (Custom view) and send it as a email to one or more recipients. This template uses the SOAP version of the FlexNet Manager APIs. See the [README](https://github.com/flexera-public/policy_templates/tree/master/operational/fnms/schedule_fnms_reports) and [docs.flexera.com/flexera/EN/Automation](https://docs.flexera.com/flexera/EN/Automation/AutomationGS.htm) to learn more. |
| Schedule ITAM Report | 0.1.0 | Schedule a Flexera ITAM report (Custom view) and send it as a email to one or more recipients. See the [README](https://github.com/flexera-public/policy_templates/tree/master/operational/itam/schedule_itam_reports) and [docs.flexera.com/flexera/EN/Automation](https://docs.flexera.com/flexera/EN/Automation/AutomationGS.htm) to learn more. |
Compliance Policies
Enterprises typically have multiple compliance requirements but struggle to automate them which leads to downtime as well as resource waste. By having a strong compliance strategy but also ability to quickly automate it provides peace of mind and avoids business interruption.
| Name | Version | Description |
|---|---|---|
| AWS Disallowed Regions | 3.0 | Check for instances that are outside of an allowed region with the option to terminate them. See the [README](https://github.com/flexera-public/policy_templates/tree/master/compliance/aws/disallowed_regions) and [docs.flexera.com/flexera/EN/Automation](https://docs.flexera.com/flexera/EN/Automation/AutomationGS.htm) to learn more. |
| AWS EC2 Instances not running FlexNet Inventory Agent | 4.1 | Check instances that are not running the FlexNet Inventory Agent. This template uses the SOAP version of the FlexNet Manager APIs. See the [README](https://github.com/flexera-public/policy_templates/tree/master/compliance/aws/instances_without_fnm_agent) and [docs.flexera.com/flexera/EN/Automation](https://docs.flexera.com/flexera/EN/Automation/AutomationGS.htm) to learn more. |
| AWS IAM Role Audit | 2.5 | This policy checks to see if the provided roles exist in an account. See the [README](https://github.com/flexera-public/policy_templates/tree/master/compliance/aws/iam_role_audit) and [docs.flexera.com/flexera/EN/Automation](https://docs.flexera.com/flexera/EN/Automation/AutomationGS.htm) to learn more. |
| AWS Long-stopped Instances | 4.0 | Check for instances that have been stopped for a long time with the option to terminates them after approval. See the [README](https://github.com/flexera-public/policy_templates/tree/master/compliance/aws/long_stopped_instances) and [docs.flexera.com/flexera/EN/Automation](https://docs.flexera.com/flexera/EN/Automation/AutomationGS.htm) to learn more. |
| AWS Service Control Policy Audit | 2.6 | This policy checks to see if the provided service control policy is applied across all accounts in an AWS organization. See the [README](https://github.com/flexera-public/policy_templates/tree/master/compliance/aws/scp_audit) and [docs.flexera.com/flexera/EN/Automation](https://docs.flexera.com/flexera/EN/Automation/AutomationGS.htm) to learn more. |
| AWS Untagged Resources | 4.0 | Find all AWS resources missing any of the user provided tags with the option to update the resources with the missing tags. See the [README](https://github.com/flexera-public/policy_templates/tree/master/compliance/aws/untagged_resources/) and [docs.flexera.com/flexera/EN/Automation](https://docs.flexera.com/flexera/EN/Automation/AutomationGS.htm) to learn more. |
| AWS Unused ECS Clusters | 3.0 | Report and remediate any ECS clusters that are not currently in use. See the [README](https://github.com/flexera-public/policy_templates/tree/master/compliance/aws/ecs_unused) and [docs.flexera.com/flexera/EN/Automation](https://docs.flexera.com/flexera/EN/Automation/AutomationGS.htm) to learn more. |
| Azure AHUB Utilization with Manual Entry | 2.9 | Report when AHUB usage in Azure falls outside or inside the number of licenses specified by the user. See the [README](https://github.com/flexera-public/policy_templates/tree/master/compliance/azure/ahub_manual) and [docs.flexera.com/flexera/EN/Automation](https://docs.flexera.com/flexera/EN/Automation/AutomationGS.htm) to learn more. |
| Azure Disallowed Regions | 2.9 | Check for instances that are in a disallowed region with the option to terminate them. See the [README](https://github.com/flexera-public/policy_templates/tree/master/compliance/azure/azure_disallowed_regions) and [docs.flexera.com/flexera/EN/Automation](https://docs.flexera.com/flexera/EN/Automation/AutomationGS.htm) to learn more. |
| Azure Instances not running FlexNet Inventory Agent | 4.0 | Check instances that are not running the FlexNet Inventory Agent. This template uses the SOAP version of the FlexNet Manager APIs. See the [README](https://github.com/flexera-public/policy_templates/tree/master/compliance/azure/instances_without_fnm_agent) and [docs.flexera.com/flexera/EN/Automation](https://docs.flexera.com/flexera/EN/Automation/AutomationGS.htm) to learn more. |
| Azure Long Stopped Instances | 2.9 | Check for instances that have been stopped for a long time with the option to terminates them after approval. See the [README](https://github.com/flexera-public/policy_templates/tree/master/compliance/azure/azure_long_stopped_instances) and [docs.flexera.com/flexera/EN/Automation](https://docs.flexera.com/flexera/EN/Automation/AutomationGS.htm) to learn more. |
| Azure Policy Audit | 2.6 | Check for policies applied to Azure Subscriptions. See the [README](https://github.com/flexera-public/policy_templates/tree/master/compliance/azure/azure_policy_audit) and [docs.flexera.com/flexera/EN/Automation](https://docs.flexera.com/flexera/EN/Automation/AutomationGS.htm) to learn more. |
| Azure Regulatory Compliance | 2.9 | This Policy will provide an overview for the various Regulatory Compliance controls and generate an email with the results. See the [README](https://github.com/flexera-public/policy_templates/tree/master/compliance/azure/compliance_score) and [docs.flexera.com/flexera/EN/Automation](https://docs.flexera.com/flexera/EN/Automation/AutomationGS.htm) to learn more. |
| Azure Subscription Access | 2.9 | Lists anyone who has been granted Owner or Contributor access to an Azure subscription. See the [README](https://github.com/flexera-public/policy_templates/tree/master/compliance/azure/subscription_access) and [docs.flexera.com/flexera/EN/Automation](https://docs.flexera.com/flexera/EN/Automation/AutomationGS.htm) to learn more. |
| Azure Tag Resources with Resource Group Name | 2.6 | Scan all resources in an Azure Subscription, raise an incident if any resources are not tagged with the name of their Resource Group, and remediate by tagging the resource. See the [README](https://github.com/flexera-public/policy_templates/tree/master/compliance/tags/azure_rg_tags) and [docs.flexera.com/flexera/EN/Automation](https://docs.flexera.com/flexera/EN/Automation/AutomationGS.htm) to learn more. |
| Azure Untagged Resources | 2.13 | Find all Azure resources missing any of the user provided tags with the option to update the resources with the missing tags. See the [README](https://github.com/flexera-public/policy_templates/tree/master/compliance/azure/azure_untagged_resources) and [docs.flexera.com/flexera/EN/Automation](https://docs.flexera.com/flexera/EN/Automation/AutomationGS.htm) to learn more. |
| Billing Center Access Report | 2.0 | This policy generates an access report by Billing Center. See the [README](https://github.com/flexera-public/policy_templates/tree/master/compliance/billing_center_access_report/) and [docs.flexera.com/flexera/EN/Automation](https://docs.flexera.com/flexera/EN/Automation/AutomationGS.htm) to learn more. |
| Flexera IAM Explicit User Roles | 3.0 | Identifies users in Flexera IAM that have explicit user roles assigned. See the [README](https://github.com/flexera-public/policy_templates/tree/master/compliance/flexera/iam_explicit_user_roles) and [docs.flexera.com/flexera/EN/Automation](https://docs.flexera.com/flexera/EN/Automation/AutomationGS.htm) to learn more. |
| GitHub.com Available Seats Report | 2.4 | Gets the number of available seats for a licensed GitHub Org and creates an incident if they are out of the policy range. See the [README](https://github.com/flexera-public/policy_templates/tree/master/compliance/github/available_seats) and [docs.flexera.com/flexera/EN/Automation](https://docs.flexera.com/flexera/EN/Automation/AutomationGS.htm) to learn more. |
| GitHub.com Repositories without Admin Team | 2.4 | Gets the repositories under a GitHub.com Organization and creates incidents for any that do not have at least 1 Team assigned with `admin` role. See the [README](https://github.com/flexera-public/policy_templates/tree/master/compliance/github/repository_admin_team) and [docs.flexera.com/flexera/EN/Automation](https://docs.flexera.com/flexera/EN/Automation/AutomationGS.htm) to learn more. |
| GitHub.com Repository Branches without Protection | 2.5 | Gets the repositories under a list of GitHub.com Organizations and creates incidents for any that do not have protection enabled for selected branches. See the [README](https://github.com/flexera-public/policy_templates/tree/master/compliance/github/repository_branch_protection) and [docs.flexera.com/flexera/EN/Automation](https://docs.flexera.com/flexera/EN/Automation/AutomationGS.htm) to learn more. |
| GitHub.com Unpermitted Outside Collaborators | 2.4 | Gets all the Outside Collaborators (User that have been granted access to a repository, but are not a Member of the repository owner's Organization) under GitHub.com Organization(s) and creates an incident for each that are not included in the specified username whitelist. See the [README](https://github.com/flexera-public/policy_templates/tree/master/compliance/github/outside_collaborators) and [docs.flexera.com/flexera/EN/Automation](https://docs.flexera.com/flexera/EN/Automation/AutomationGS.htm) to learn more. |
| GitHub.com Unpermitted Repository Names | 2.4 | Gets the names of all repositories under GitHub.com Organization(s) and creates incidents for any that do not match any of the whitelisted regex strings. See the [README](https://github.com/flexera-public/policy_templates/tree/master/compliance/github/repository_naming) and [docs.flexera.com/flexera/EN/Automation](https://docs.flexera.com/flexera/EN/Automation/AutomationGS.htm) to learn more. |
| GitHub.com Unpermitted Sized Repositories | 2.4 | Gets all repositories under GitHub.com Organization(s) and creates incidents for any that were created longer than a specified number of days ago, and are smaller than a specified size. See the [README](https://github.com/flexera-public/policy_templates/tree/master/compliance/github/repository_size) and [docs.flexera.com/flexera/EN/Automation](https://docs.flexera.com/flexera/EN/Automation/AutomationGS.htm) to learn more. |
| GitHub.com Unpermitted Top-Level Teams | 2.4 | Gets the top-level / parent Teams for a GitHub.com Org and creates an incident if any do not match the whitelisted values. See the [README](https://github.com/flexera-public/policy_templates/tree/master/compliance/github/toplevel_teams) and [docs.flexera.com/flexera/EN/Automation](https://docs.flexera.com/flexera/EN/Automation/AutomationGS.htm) to learn more. |
| Google Long-stopped instances | 2.7 | Report on any google instances that have been stopped for a long time with the option to Terminate them. See the [README](https://github.com/flexera-public/policy_templates/tree/master/compliance/google/long_stopped_instances) and [docs.flexera.com/flexera/EN/Automation](https://docs.flexera.com/flexera/EN/Automation/AutomationGS.htm) to learn more. |
| Google Unlabeled Resources | 2.4 | Find all Google Cloud resources(disks, images, instances, snapshots, buckets, vpnGateways), missing any of the user provided labels with the option to update the resources with the missing labels. See the [README](https://github.com/flexera-public/policy_templates/tree/master/compliance/google/unlabeled_resources) and [docs.flexera.com/flexera/EN/Automation](https://docs.flexera.com/flexera/EN/Automation/AutomationGS.htm) to learn more. |
| ITAM Expiring Licenses | 2.2 | Looks up Active Flexnet Manager Licenses Expiring within set Time Period and sends the result as an email. See the [README](https://github.com/flexera-public/policy_templates/tree/master/compliance/fnms/fnms_licenses_expiring) and [docs.flexera.com/flexera/EN/Automation](https://docs.flexera.com/flexera/EN/Automation/AutomationGS.htm) to learn more. |
| ITAM Ignored Recent Inventory Dates | 2.2 | Looks for machines that are ignored but have been invenotry recently and sends the result as an email. See the [README](https://github.com/flexera-public/policy_templates/tree/master/compliance/fnms/ignored_recent_inventory_dates/) and [docs.flexera.com/flexera/EN/Automation](https://docs.flexera.com/flexera/EN/Automation/AutomationGS.htm) to learn more. |
| ITAM Missing Active Machines | 2.2 | Looks for machines that are active but haven't checked in and sends the result as an email. See the [README](https://github.com/flexera-public/policy_templates/tree/master/compliance/fnms/missing_active_machines/) and [docs.flexera.com/flexera/EN/Automation](https://docs.flexera.com/flexera/EN/Automation/AutomationGS.htm) to learn more. |
| ITAM Overused Licenses | 2.2 | Looks up software licenses and reports in email any licenses that are overused. See the [README](https://github.com/flexera-public/policy_templates/tree/master/compliance/fnms/overused_licenses) and [docs.flexera.com/flexera/EN/Automation](https://docs.flexera.com/flexera/EN/Automation/AutomationGS.htm) to learn more. |
| ITAM VMs Missing Host ID | 2.2 | Looks for machines that are active but missing a Host ID. See the [README](https://github.com/flexera-public/policy_templates/tree/master/compliance/fnms/vms_missing_hostid/) and [docs.flexera.com/flexera/EN/Automation](https://docs.flexera.com/flexera/EN/Automation/AutomationGS.htm) to learn more. |
SaaS Management Policies
As your technology landscape matures, SaaS becomes a larger part of your spend between all of the services used for backoffice and for delivering applications. These policies help you monitor your SaaS tools for cost, compliance, and security purposes.
| Name | Version | Description |
|---|---|---|
| Office 365 Security Alerts | 2.4 | This policy will identify Security Alerts that have been raised in Office 365. Policy Managers can minimize the notifications by choosing to only be alerted by certain severity level(s). See the [README](https://github.com/flexera-public/policy_templates/tree/master/saas/office365/security_alerts/) and [docs.flexera.com/flexera/EN/Automation](https://docs.flexera.com/flexera/EN/Automation/AutomationGS.htm) to learn more. |
| Okta Inactive Users | 2.4 | This policy will identify Okta users that have not logged in within a specified number of days and deactivate the users upon approval. See the [README](https://github.com/flexera-public/policy_templates/tree/master/saas/okta/inactive_users/) and [docs.flexera.com/flexera/EN/Automation](https://docs.flexera.com/flexera/EN/Automation/AutomationGS.htm) to learn more. |
| SaaS Manager - Duplicate User Accounts | 2.5 | This policy will create an incident when Flexera SaaS Manager identifies duplicate user accounts within a single managed SaaS application. See the [README](https://github.com/flexera-public/policy_templates/tree/master/saas/fsm/duplicate_users/) and [docs.flexera.com/flexera/EN/Automation](https://docs.flexera.com/flexera/EN/Automation/AutomationGS.htm) to learn more. |
| SaaS Manager - Inactive Users by Department | 2.7 | This policy will create an incident when Flexera SaaS Manager identifies inactive or never active users for managed applications. See the [README](https://github.com/flexera-public/policy_templates/tree/master/saas/fsm/inactive_users_by_dept/) and [docs.flexera.com/flexera/EN/Automation](https://docs.flexera.com/flexera/EN/Automation/AutomationGS.htm) to learn more. |
| SaaS Manager - Inactive Users for Integrated Applications | 2.1 | Gets inactive users for the Integrated Applications of the specified Managed SaaS Application. |
| SaaS Manager - Redundant Apps | 2.6 | This policy will create an incident when Flexera SaaS Manager identifies application categories with an excessive number of applications. See the [README](https://github.com/flexera-public/policy_templates/tree/master/saas/fsm/redundant_apps/) and [docs.flexera.com/flexera/EN/Automation](https://docs.flexera.com/flexera/EN/Automation/AutomationGS.htm) to learn more. |
| SaaS Manager - Renewal Reminder | 2.6 | This policy will create an incident when Flexera SaaS Manager identifies applications whose expiration date is approaching. See the [README](https://github.com/flexera-public/policy_templates/tree/master/saas/fsm/renewal_reminder/) and [docs.flexera.com/flexera/EN/Automation](https://docs.flexera.com/flexera/EN/Automation/AutomationGS.htm) to learn more. |
| SaaS Manager - SaaS App User Report by Category | 2.4 | This policy will create an incident when Flexera SaaS Manager identifies users entitled to SaaS apps within a specified department. See the [README](https://github.com/flexera-public/policy_templates/tree/master/saas/fsm/users_by_category/) and [docs.flexera.com/flexera/EN/Automation](https://docs.flexera.com/flexera/EN/Automation/AutomationGS.htm) to learn more. |
| SaaS Manager - Suspicious Users | 2.6 | This policy will create an incident when Flexera SaaS Manager identifies suspicious users logging into SaaS applications. See the [README](https://github.com/flexera-public/policy_templates/tree/master/saas/fsm/suspicious_users/) and [docs.flexera.com/flexera/EN/Automation](https://docs.flexera.com/flexera/EN/Automation/AutomationGS.htm) to learn more. |
| SaaS Manager - Unsanctioned Applications with Existing Contract | 2.5 | This policy will create an incident when Flexera SaaS Manager identifies unsanctioned SaaS purchases for managed applications under an existing license contract. See the [README](https://github.com/flexera-public/policy_templates/tree/master/saas/fsm/unsanctioned_apps_with_contract/) and [docs.flexera.com/flexera/EN/Automation](https://docs.flexera.com/flexera/EN/Automation/AutomationGS.htm) to learn more. |
| SaaS Manager - Unsanctioned Spend | 2.6 | This policy will create an incident when Flexera SaaS Manager identifies unsanctioned spend on SaaS applications. See the [README](https://github.com/flexera-public/policy_templates/tree/master/saas/fsm/unsanctioned_spend/) and [docs.flexera.com/flexera/EN/Automation](https://docs.flexera.com/flexera/EN/Automation/AutomationGS.htm) to learn more. |
| SaaS Manager - User Status Change | 2.6 | This policy will create an incident when Flexera SaaS Manager identifies users whose status in the HR roster changes to inactive. See the [README](https://github.com/flexera-public/policy_templates/tree/master/saas/fsm/user_status_change/) and [docs.flexera.com/flexera/EN/Automation](https://docs.flexera.com/flexera/EN/Automation/AutomationGS.htm) to learn more. |
| ServiceNow Inactive Approvers | 2.3 | This policy will identify ServiceNow Approvers that have not logged in within a specified number of days. See the [README](https://github.com/flexera-public/policy_templates/tree/master/saas/servicenow/inactive_approvers/) and [docs.flexera.com/flexera/EN/Automation](https://docs.flexera.com/flexera/EN/Automation/AutomationGS.htm) to learn more. |