Flexera provides a wide variety of policies that you can apply on Day 1 without much investment. All our policies are open source and can be found in our public git repo.

Interested in policies not listed here? Contact your Account Manager or our sales team, or write your own.

Cost Policies

Increase cost visibility and management in your multi-cloud world and take appropriate actions to run an efficient infrastructure.

NameVersionDescription
AWS Bucket Size Check2.4This Policy Template scans all S3 buckets in the given account and checks if the bucket exceeds a specified byte size. See the [README](https://github.com/flexera/policy_templates/tree/master/cost/aws/s3_bucket_size) and [docs.rightscale.com/policies](https://docs.rightscale.com/policies/) to learn more.
AWS Burstable Instance CloudWatch Utilization2.5Gathers AWS CloudWatch CPU and Burst Credit data for instances on 30 day intervals. See the [README](https://github.com/flexera/policy_templates/tree/master/cost/aws/burstable_instance_cloudwatch_credit_utilization/) and [docs.rightscale.com/policies](https://docs.rightscale.com/policies/) to learn more.
AWS Delete Unused Classic Load Balancers2.8Report and remediate any Classic Load Balancers (CLB) that are not currently in use. See the [README](https://github.com/flexera/policy_templates/tree/master/cost/aws/elb/clb_unused) and [docs.rightscale.com/policies](https://docs.rightscale.com/policies/) to learn more.
AWS Expiring Reserved Instances1.10A policy that sends email notifications before AWS Reserved Instances expire. See the [README](https://github.com/rightscale/policy_templates/tree/master/cost/aws/reserved_instances/expiration) and [docs.rightscale.com/policies](http://docs.rightscale.com/policies/) to learn more.
AWS Idle Compute Instances2.9Check for instances that are idle for the last 30 days and terminates them after approval. See the [README](https://github.com/flexera/policy_templates/tree/master/cost/aws/idle_compute_instances/) and [docs.rightscale.com/policies](https://docs.rightscale.com/policies/) to learn more.
AWS Inefficient Instance Utilization using CloudWatch2.8Checks inefficient instance utilization using provided CPU and Memory thresholds. Instances matching the criteria can be resized after user approval. See the [README](https://github.com/flexera/policy_templates/tree/master/cost/aws/instance_cloudwatch_utilization/) and [docs.rightscale.com/policies](https://docs.rightscale.com/policies/) to learn more.
AWS Object Storage Optimization2.4Check for object store items for last modified date and moves the object to cool or cold archive tiers after user approval. [README](https://github.com/flexera/policy_templates/tree/master/cost/aws/object_storage_optimization) and [docs.rightscale.com/policies](https://docs.rightscale.com/policies/) to learn more.
AWS Old Snapshots2.10Checks for snapshots older than specified number of days and, optionally, deletes them. See the [README](https://github.com/flexera/policy_templates/tree/master/cost/aws/old_snapshots) and [docs.rightscale.com/policies](https://docs.rightscale.com/policies/) to learn more.
AWS RDS Instances2.3Collects all RDS instances in an account. See the [README](https://github.com/flexera/policy_templates/tree/master/cost/aws/rds_instance_license_info/) and [docs.rightscale.com/policies](https://docs.rightscale.com/policies/) to learn more.
AWS Reserved Instances Recommendations2.2A policy that sends email notifications when AWS RI Recommendations are identified. NOTE: These RI Purchase Recommendations are generated by AWS. See the [README](https://github.com/flexera/policy_templates/tree/master/cost/aws/reserved_instances/recommendations) and [docs.rightscale.com/policies](https://docs.rightscale.com/policies/) to learn more.
AWS Reserved Instances Utilization1.13A policy that sends email notifications when utilization falls below a threshold. See the [README](https://github.com/rightscale/policy_templates/tree/master/cost/aws/reserved_instances/utilization) and [docs.rightscale.com/policies](http://docs.rightscale.com/policies/) to learn more.
AWS Rightsize RDS Instances2.5Check for Inefficient database services that are inside or outside the CPU threshold for the last 30 days and resizes them after approval. See the [README](https://github.com/flexera/policy_templates/tree/master/cost/aws/rds_instance_cloudwatch_utilization/) and [docs.rightscale.com/policies](https://docs.rightscale.com/policies/) to learn more.
AWS Savings Plan Recommendations2.3A policy that sends email notifications when AWS Savings Plan Recommendations are identified. NOTE: These Recommendations are generated by AWS. See the [README](https://github.com/flexera/policy_templates/tree/master/cost/aws/savings_plan/recommendations) and [docs.rightscale.com/policies](https://docs.rightscale.com/policies/) to learn more.
AWS Schedule Instance2.5This Policy Template allows you to schedule start and stop times for your instance, along with the option to terminate instance, update and delete schedule. See the [README](https://github.com/flexera/policy_templates/tree/master/cost/aws/schedule_instance/) and [docs.rightscale.com/policies](https://docs.rightscale.com/policies/) to learn more.
AWS Unused IP Addresses2.11Checks AWS for unused IP Addresses and deletes them. See the [README](https://github.com/flexera/policy_templates/tree/master/cost/aws/unused_ip_addresses/) and [docs.rightscale.com/policies](https://docs.rightscale.com/policies/) to learn more.
AWS Unused RDS Instance2.7Check for database services that have no connections and delete them after approval. See the [README](https://github.com/flexera/policy_templates/tree/master/cost/aws/unused_rds) and [docs.rightscale.com/policies](https://docs.rightscale.com/policies/) to learn more.
AWS Unused Volumes2.12Checks for unused volumes and if no read/write operations performed within a specified number of days and, optionally, deletes them. See the [README](https://github.com/flexera/policy_templates/tree/master/cost/aws/unused_volumes) and [docs.rightscale.com/policies](https://docs.rightscale.com/policies/) to learn more.
Azure Blob Storage Optimization2.3Checks Azure Blob Storage for last modified date and moves the object to the Cool or Archive tier after user approval [README](https://github.com/flexera/policy_templates/tree/master/cost/azure/object_storage_optimization) and [docs.rightscale.com/policies](https://docs.rightscale.com/policies/) to learn more.
Azure Expiring Reserved Instances1.5A policy that sends email notifications when an Azure Reserved Instance are about to expire. See the [README](https://github.com/rightscale/policy_templates/tree/master/cost/azure/reserved_instances/expiration) and [docs.rightscale.com/policies](http://docs.rightscale.com/policies/) to learn more.
Azure Hybrid Use Benefit for Windows Server2.5Identifies instances eligible for Azure Hybrid Use Benefit. See the [README](https://github.com/rightscale/policy_templates/tree/master/cost/azure/hybrid_use_benefit) and [docs.rightscale.com/policies](http://docs.rightscale.com/policies/) to learn more.
Azure Idle Compute Instances2.7Checks for instances that are idle for the last 30 days and terminates them after approval.  See the [README](https://github.com/flexera/policy_templates/tree/master/cost/azure/idle_compute_instances/) and [docs.rightscale.com/policies](https://docs.rightscale.com/policies/) to learn more.
Azure Inefficient Instance Utilization using Log Analytics2.9This checks inefficient instance utilization using provided CPU and Memory thresholds. Instances matching the criteria can be resized after user approval. See the [README](https://github.com/flexera/policy_templates/tree/master/cost/azure/instances_log_analytics_utilization) and [docs.rightscale.com/policies](https://docs.rightscale.com/policies/) to learn more.
Azure Old Snapshots2.3Checks for snapshots older than specified number of days and, optionally, deletes them. See the [README](https://github.com/flexera/policy_templates/tree/master/cost/azure/old_snapshots) and [docs.rightscale.com/policies](https://docs.rightscale.com/policies/) to learn more.
Azure Reserved Instances Recommendations2.1A policy that sends email notifications when Azure RI Recommendations are identified. NOTE: These RI Purchase Recommendations are generated by Microsoft Azure. See the [README](https://github.com/flexera/policy_templates/tree/master/cost/azure/reserved_instances/recommendations) and [docs.rightscale.com/policies](https://docs.rightscale.com/policies/) to learn more.
Azure Reserved Instances Utilization2.2A policy that sends email notifications when utilization falls below a threshold. See the [README](https://github.com/flexera/policy_templates/tree/master/cost/azure/reserved_instances/utilization) and [docs.rightscale.com/policies](https://docs.rightscale.com/policies/) to learn more.
Azure Rightsize SQL Databases2.5Check for Inefficient Azure SQL single database services that are inside or outside the CPU threshold for the last 30 days and resizes them after approval. See the [README](https://github.com/flexera/policy_templates/tree/master/cost/azure/rightsize_sql_instances/) and [docs.rightscale.com/policies](https://docs.rightscale.com/policies/) to learn more.
Azure Schedule Instance2.1This Policy Template allows you to schedule start and stop times for your instance, along with the option to terminate instance, update and delete schedule. See the [README](https://github.com/flexera/policy_templates/tree/master/cost/azure/schedule_instance/) and [docs.rightscale.com/policies](https://docs.rightscale.com/policies/) to learn more.
Azure Unused IP Addresses2.4Checks for unused IP addresses in the given account and, optionally deletes them. See the [README](https://github.com/flexera/policy_templates/tree/master/cost/azure/unused_ip_addresses) and [docs.rightscale.com/policies](https://docs.rightscale.com/policies/) to learn more
Azure Unused SQL Databases2.5Check for database services that have no connections and decommissions them after approval. See the [README](https://github.com/flexera/policy_templates/tree/master/cost/azure/unused_sql_databases/) and [docs.rightscale.com/policies](https://docs.rightscale.com/policies/) to learn more.
Azure Unused Volumes2.4Checks for unused volumes older than specified number of days and, optionally, deletes them. See the [README](https://github.com/flexera/policy_templates/tree/master/cost/azure/unattached_volumes) and [docs.rightscale.com/policies](https://docs.rightscale.com/policies/) to learn more.
Billing Center Cost Anomalies1.8Analyze all Billing Centers for a specified number of days and raise an incident if the percentage of spend (compared to the previous period of the same number of days) has surpassed the defined threshold. See the [README](https://github.com/rightscale/policy_templates/tree/master/cost/billing_center_cost_anomaly/) and [docs.rightscale.com/policies](http://docs.rightscale.com/policies/) to learn more.
Budget Alerts1.14Create a Monthly Budget Alert for a Billing Center or for the entire Organization. See the [README](https://github.com/flexera/policy_templates/tree/master/cost/budget_alerts/) and [docs.rightscale.com/policies](https://docs.rightscale.com/policies/) to learn more.
Budget Alerts by Cloud Account1.1Create a Monthly Budget Alert for a Cloud Vendor Account. See the [README](https://github.com/flexera/policy_templates/tree/master/cost/budget_alerts_by_account/) and [docs.rightscale.com/policies](https://docs.rightscale.com/policies/) to learn more.
Cheaper Regions1.10Specify which regions have cheaper alternatives by specifying the expensive region name and the cheaper region name for analysis. See the [README](https://github.com/rightscale/policy_templates/tree/master/cost/cheaper_regions/) and [docs.rightscale.com/policies](http://docs.rightscale.com/policies/) to learn more.
Discover Old Snapshots1.13A policy that sends email and requests deletion when snapshots older then a certain timeframe are found. See the [README](https://github.com/rightscale/policy_templates/tree/master/cost/volumes/old_snapshots) and [docs.rightscale.com/policies](http://docs.rightscale.com/policies/) to learn more.
Downsize Instances1.18A policy that downsizes instances. See the [README](https://github.com/rightscale/policy_templates/tree/master/cost/downsize_instance) and [docs.rightscale.com/policies](http://docs.rightscale.com/policies/) to learn more.
Google Committed Use Discount (CUD)2.4A policy that sends email notifications for all Google CUD's. See the [README](https://github.com/flexera/policy_templates/tree/master/cost/google/cud_report) and [docs.rightscale.com/policies](https://docs.rightscale.com/policies/) to learn more
Google Expiring Committed Use Discount (CUD)2.4A policy that sends email notifications when Google CUD's are about to expire. See the [README](https://github.com/flexera/policy_templates/tree/master/cost/google/cud_expiration) and [docs.rightscale.com/policies](https://docs.rightscale.com/policies/) to learn more
Google Idle Compute Instances2.6Checks for Google Compute instances that are idle for the last 30 days and terminates them after approval.. See the [README](https://github.com/flexera/policy_templates/tree/master/cost/google/idle_compute_instances/) and [docs.rightscale.com/policies](https://docs.rightscale.com/policies/) to learn more.
Google Inefficient Instance Utilization using StackDriver2.7This checks inefficient instance utilization using provided CPU and Memory thresholds. Instances matching the criteria can be resized after user approval. See the [README](https://github.com/flexera/policy_templates/tree/master/cost/google/instances_stackdriver_utilization/) and [docs.rightscale.com/policies](https://docs.rightscale.com/policies/) to learn more.
Google Object Storage Optimization2.4Checks Google Storage objects for last updated time and moves the object to 'nearline' or 'coldline' or delete(enable delete action as mentioned in README.md) after user approval [README](https://github.com/flexera/policy_templates/tree/master/cost/google/object_storage_optimization) and [docs.rightscale.com/policies](https://docs.rightscale.com/policies/) to learn more.
Google Old Snapshots2.5Checks for snapshots older than specified number of days and, optionally, deletes them. See the [README](https://github.com/flexera/policy_templates/tree/master/cost/google/old_snapshots) and [docs.rightscale.com/policies](https://docs.rightscale.com/policies/) to learn more.
Google Rightsize CloudSQL Instances2.5Checks Google CloudSQL instances based on provided CPU threshold and Resize them after approval. See the [README](https://github.com/flexera/policy_templates/tree/master/cost/google/cloudsql_rightsizing/) and [docs.rightscale.com/policies](https://docs.rightscale.com/policies/) to learn more.
Google Schedule Instance2.1This Policy Template allows you to schedule start and stop times for your instance, along with the option to terminate instance, update and delete schedule. See the [README](https://github.com/flexera/policy_templates/tree/master/cost/google/schedule_instance/) and [docs.rightscale.com/policies](https://docs.rightscale.com/policies/) to learn more.
Google Unused CloudSQL Instances2.4Checks for unused Google Cloud SQL instances using DB connections over 30 day period. See the [README](https://github.com/flexera/policy_templates/tree/master/cost/google/unused_cloudsql_instances/) and [docs.rightscale.com/policies](https://docs.rightscale.com/policies/) to learn more.
Google Unused Volumes2.6Checks for unattached volumes older than specified number of days and, optionally, deletes them. See the [README](https://github.com/flexera/policy_templates/tree/master/cost/google/unattached_volumes) and [docs.rightscale.com/policies](https://docs.rightscale.com/policies/) to learn more.
Google Unutilized IP Addresses2.6Checks Google for Unutilized IP Addresses and deletes them. See the [README](https://github.com/flexera/policy_templates/tree/master/cost/google/unutilized_ip_addresses/) and [docs.rightscale.com/policies](https://docs.rightscale.com/policies/) to learn more.
Inefficient Instance Utilization using RightLink1.16This checks inefficient instance utilization using the provided CPU and Memory thresholds. Instances matching the criteria can be resized after user approval. See the [README](https://github.com/flexera/policy_templates/tree/master/cost/rightlink_rightsize) and [docs.rightscale.com/policies](https://docs.rightscale.com/policies/) to learn more.
Inefficient Instance Utilization using RightLink Add Tags1.5A policy that checks cooldown time tag that the Instance Utilization policy sets and if time has expired, it will add back the tag to allow the instance to be resized. See the [README](https://github.com/flexera/policy_templates/tree/master/cost/rightlink_rightsize) and [docs.rightscale.com/policies](https://docs.rightscale.com/policies/) to learn more.
Low Account Usage1.6Analyze all account usage and determines recommend consolidation or deletion. See the [README](https://github.com/rightscale/policy_templates/tree/master/cost/low_account_usage/) and [docs.rightscale.com/policies](http://docs.rightscale.com/policies/) to learn more.
Low Service Usage1.6Analyze all service usage and determines recommend consolidation or deletion. See the [README](https://github.com/rightscale/policy_templates/tree/master/cost/low_service_usage/) and [docs.rightscale.com/policies](http://docs.rightscale.com/policies/) to learn more.
Monthly Actual v. Budgeted Spend Report1.2This policy allows you to set up scheduled reports that will provide monthly actual v. budgeted cloud cost across all resources in the Billing Center(s) you specify, delivered to any email addresses you specify. See the [README](https://github.com/rightscale/policy_templates/tree/master/cost/budget_v_actual) and [docs.rightscale.com/policies](http://docs.rightscale.com/policies/) to learn more.
New Service Usage1.4Analyze bill for new service usage and notify. See the [README](https://github.com/rightscale/policy_templates/tree/master/cost/new_service_usage) and [docs.rightscale.com/policies](http://docs.rightscale.com/policies/) to learn more.
Reserved Instance Report by Billing Center1.5This policy generates a Reserved Instances report by Billing Center. See the [README](https://github.com/rightscale/policy_templates/tree/master/cost/aws/reserved_instances/report_by_bc) and [docs.rightscale.com/policies](http://docs.rightscale.com/policies/) to learn more.
Reserved Instances Coverage2.4A policy that sends email notifications on reserved instance coverage. See the [README](https://github.com/flexera/policy_templates/tree/master/cost/aws/reserved_instances/coverage) and [docs.rightscale.com/policies](https://docs.rightscale.com/policies/) to learn more.
Running Instance Count Anomaly1.4Report when the percentage of running instances increases or decreases beyond a specified threshold. See the [README](https://github.com/flexera/policy_templates/tree/master/cost/instance_anomaly) and [docs.rightscale.com/policies](https://docs.rightscale.com/policies/) to learn more.
Schedule Instances1.10A policy that start and stops instances based on a schedule. See [README](https://github.com/rightscale/policy_templates/tree/master/cost/schedule_instances) for more details
Scheduled Report1.22This policy allows you to set up scheduled reports that will provide summaries of cloud cost across all resources in the billing centers you specify, delivered to any email addresses you specify. The policy will report the following: Chart of the selected Date Range and Billing Term of utilization based on [category](https://docs.rightscale.com/optima/reference/rightscale_dimensions.html#category). Daily average cost across the last week and last month. Total cost during previous full week (Monday-Sunday) and previous full month. Total cost during current (incomplete) week and month. We recommend running this policy on a weekly or monthly cadence. _Note 1: The last 3 days of data in the current week or month will contain incomplete data._ _Note 2: The account you apply the policy to is unimportant as Optima metrics are scoped to the Org._ See [README](https://github.com/flexera/policy_templates/tree/master/cost/scheduled_reports) for more details
Superseded Instance Remediation1.4This Policy Template is used to automatically supersede instances based on user-defined standards. See the [README](https://github.com/rightscale/policy_templates/tree/master/cost/superseded_instance_remediation/) and [docs.rightscale.com/policies](http://docs.rightscale.com/policies/) to learn more.
Superseded Instances1.9This Policy Template is used to automatically resize instances based on user-defined standards. See the [README](https://github.com/rightscale/policy_templates/tree/master/cost/superseded_instance) and [docs.rightscale.com/policies](http://docs.rightscale.com/policies/) to learn more.
Terminate Instances with End Date1.6This Policy Template is used to terminate instances based on tag. See the [README](https://github.com/rightscale/policy_templates/tree/master/cost/terminate_policy/) and [docs.rightscale.com/policies](http://docs.rightscale.com/policies/) to learn more.
Unattached IP Addresses1.6Checks Unutilized IP Addresses and deletes them with approval. See the [README](https://github.com/flexera/policy_templates/tree/master/cost/unattached_addresses) and [docs.rightscale.com/policies](https://docs.rightscale.com/policies/) to learn more.
Unattached Volumes1.14Checks for unattached volumes older than specified number of days and, optionally, deletes them. See the [README](https://github.com/flexera/policy_templates/tree/master/cost/volumes/unattached_volumes) and [docs.rightscale.com/policies](https://docs.rightscale.com/policies/) to learn more.

Security Policies

Gain visibility and control across all your public and/or private cloud environments with our security policies. Improve security across your applications, data, and associated infrastructure by finding security vulnerabilities before your customers do.

NameVersionDescription
AWS Internet-facing ELBs & ALBs2.4Report and remediate any Classic Load Balancers(ELBs) and Application load Balancers(ALBs) that are Internet-facing. See the [README](https://github.com/flexera/policy_templates/tree/master/security/aws/loadbalancer_internet_facing) and [docs.rightscale.com/policies](https://docs.rightscale.com/policies/) to learn more.
AWS Open Buckets2.3Check for buckets that are open to everyone. See the [README](https://github.com/flexera/policy_templates/tree/master/security/storage/aws/public_buckets) and [docs.rightscale.com/policies](https://docs.rightscale.com/policies/) to learn more.
AWS Publicly Accessible RDS Instances2.4Check for database services that are publicly accessible and terminate them after approval. See the [README](https://github.com/flexera/policy_templates/tree/master/security/aws/rds_publicly_accessible) and [docs.rightscale.com/policies](https://docs.rightscale.com/policies/) to learn more.
AWS S3 Buckets without Server Access Logging2.2Checks for buckets that do not have server_access_logging enabled. See the [README](https://github.com/flexera/policy_templates/tree/master/security/storage/aws/s3_buckets_without_server_access_logging) and [docs.rightscale.com/policies](https://docs.rightscale.com/policies/) to learn more.
AWS Unencrypted ELB Listeners (ALB/NLB)2.4Report any AWS App/Network Load Balancers w/Internet-facing Unencrypted Listeners. See the [README](https://github.com/rightscale/policy_templates/tree/master/security/aws/elb_unencrypted) and [docs.rightscale.com/policies](http://docs.rightscale.com/policies/) to learn more.
AWS Unencrypted ELB Listeners (CLB)2.4Report any AWS Classic Load Balancers w/Internet-facing Unencrypted Listeners. See the [README](https://github.com/flexera/policy_templates/tree/master/security/aws/clb_unencrypted) and [docs.rightscale.com/policies](https://docs.rightscale.com/policies/) to learn more.
AWS Unencrypted RDS Instances2.4Report any Relational Database Service (RDS) instances that are unencrypted. See the [README](https://github.com/rightscale/policy_templates/tree/master/security/aws/rds_unencrypted) and [docs.rightscale.com/policies](http://docs.rightscale.com/policies/) to learn more.
AWS Unencrypted S3 Buckets2.3Report any S3 buckets in AWS that are unencrypted and provide the option to set the default encryption after approval. See the [README](https://github.com/flexera/policy_templates/tree/master/security/aws/unencrypted_s3_buckets) and [docs.rightscale.com/policies](https://docs.rightscale.com/policies/) to learn more.
AWS Unencrypted Volumes2.4Report any Elastic Block Store (EBS) volumes in AWS that are unencrypted. See the [README](https://github.com/rightscale/policy_templates/tree/master/security/aws/ebs_unencrypted_volumes) and [docs.rightscale.com/policies](http://docs.rightscale.com/policies/) to learn more.
Azure Publicly Accessible Managed SQL Instance2.3Check for database services that are publicly accessible and terminate them after approval. See the [README](https://github.com/flexera/policy_templates/tree/master/security/azure/sql_publicly_accessible_managed_instance) and [docs.rightscale.com/policies](https://docs.rightscale.com/policies/) to learn more.
Google Open Buckets2.3Checks for buckets that are open to the public. See the [README](https://github.com/flexera/policy_templates/tree/master/security/storage/google/public_buckets) and [docs.rightscale.com/policies](https://docs.rightscale.com/policies/) to learn more.
Security Group Rules with ports open to the world1.4A policy that sends email notifications when a security group has ports open to the world. See the [README](https://github.com/rightscale/policy_templates/tree/master/security/security_groups/world_open_ports) and [docs.rightscale.com/policies](http://docs.rightscale.com/policies/) to learn more.
Security Group Rules without Descriptions1.10A policy that sends email notifications when a security group has no description. See the [README](https://github.com/rightscale/policy_templates/tree/master/security/security_groups/rules_without_descriptions) and [docs.rightscale.com/policies](http://docs.rightscale.com/policies/) to learn more.
Security Group with High Open Ports1.7A policy that sends email notifications when a security group has unapproved open ports. See the [README](https://github.com/rightscale/policy_templates/tree/master/security/security_groups/high_open_ports) and [docs.rightscale.com/policies](http://docs.rightscale.com/policies/) to learn more.
Security Groups with ICMP Enabled1.8A policy that sends email notifications a security group has icmp enabled. See the [README](https://github.com/rightscale/policy_templates/tree/master/security/security_groups/icmp_enabled) and [docs.rightscale.com/policies](http://docs.rightscale.com/policies/) to learn more.

Operational Policies

Save valuable human time and investment by automating everyday IT operations. Running an automated and efficient cloud infrastructure frees up expensive resources on high ROI projects like scaling, growth, and deliver value faster than anyone else.

NameVersionDescription
AWS Cloud Credentials Rotation1.9Updates the IAM user keys used to connect the Flexera CMP to an AWS account. See the [README](https://github.com/flexera/policy_templates/tree/master/operational/cloud_credentials/aws) and [docs.rightscale.com/policies](https://docs.rightscale.com/policies/) to learn more.
AWS Instance Scheduled Events2.3Report on any AWS scheduled event that will impact instance availability. See the [README](https://github.com/rightscale/policy_templates/tree/master/operational/aws/instance_scheduled_events) and [docs.rightscale.com/policies](http://docs.rightscale.com/policies/) to learn more.
AWS Long Running Instances2.4Checks for running instances that have been running longer than the `Days Old` parameter. See the [README](https://github.com/flexera/policy_templates/tree/master/operational/aws/long_running_instances/) and [docs.rightscale.com/policies](https://docs.rightscale.com/policies/) to learn more.
AWS RDS Backup Settings2.3Checks for RDS Instances that have unapproved backup settings. See the [README](https://github.com/flexera/policy_templates/tree/master/operational/dbaas/aws/rds_backup) and [docs.rightscale.com/policies](https://docs.rightscale.com/policies/) to learn more.
AWS Subnet Name Tag Sync2.3Ensures a Subnet name in Cloud Management reflect the value of the Subnet name tag in AWS. See the [README](https://github.com/rightscale/policy_templates/tree/master/operational/aws/subnet_name_sync) and [docs.rightscale.com/policies](http://docs.rightscale.com/policies/) to learn more.
AWS VPC Name Tag Sync2.3Ensures a Network name in Cloud Management reflects the value of the Network name tag in AWS. See the [README](https://github.com/rightscale/policy_templates/tree/master/operational/aws/vpc_name_sync) and [docs.rightscale.com/policies](http://docs.rightscale.com/policies/) to learn more.
Application Migration Recommendations1.3This Policy Template will analyze RISC CloudScape data and will generate recommendations for migrating application stacks to the most cost effective for each cloud providers & regions. See the [README](https://github.com/flexera/policy_templates/tree/master/operational/compute_instance_migration) and [docs.rightscale.com/policies](https://docs.rightscale.com/policies/) to learn more.
Azure Migrate Integration1.1This Policy will collect the resources from a RISC Foundations assessment and seed Azure Migrate with the discovered servers. See the [README](https://github.com/rightscale/policy_templates/tree/master/operational/azure/azure_migrate) and [docs.rightscale.com/policies](http://docs.rightscale.com/policies/) to learn more.
Azure Sync Tags with Optima2.1Identify all Azure Tag Keys and add them as custom dimensions in Flexera Optima. See the [README](https://github.com/flexera/policy_templates/tree/master/operational/azure/sync_tags_with_optima) and [docs.rightscale.com/policies](https://docs.rightscale.com/policies/) to learn more.
Azure VMs Not Using Managed Disks2.4Report any VMs that are not using managed disks in Azure. See the [README](https://github.com/rightscale/policy_templates/tree/master/operational/azure/vms_without_managed_disks) and [docs.rightscale.com/policies](http://docs.rightscale.com/policies/) to learn more.
AzureAD Group Sync2.2Synchronizes AzureAD Groups to Flexera Governance Groups. See the [README](https://github.com/flexera/policy_templates/tree/master/operational/azure/azuread_group_sync) and [docs.rightscale.com/policies](https://docs.rightscale.com/policies/) to learn more.
NetFlow Top Talkers1.3This Policy Template will analyze RISC Foundations NetFlow data and will leverage these traffic patterns to identify the top communication routes from each application stack to external dependencies. See the [README](https://github.com/rightscale/policy_templates/tree/master/operational/network_flow) and [docs.rightscale.com/policies](http://docs.rightscale.com/policies/) to learn more.
No Recent Snapshots1.9Policy to check for snaphots between now and a certain numer of days. See the [README](https://github.com/rightscale/policy_templates/blob/master/operational/snapshots/) for details and example.
Schedule FlexNet Manager Report2.2Schedule a FlexNet Manager report (Custom view) and send it as a email to one or more recipients. See the [README](https://github.com/flexera/policy_templates/tree/master/operational/fnms/schedule_fnms_reports) and [docs.rightscale.com/policies](https://docs.rightscale.com/policies/) to learn more.
Stranded Servers1.4Report and remediate any Servers that are stranded in booting. See the [README](https://github.com/rightscale/policy_templates/tree/master/operational/stranded_servers) and [docs.rightscale.com/policies](http://docs.rightscale.com/policies/) to learn more.
VMWare Instance Tag Sync1.5Adds tags to vmware instances from CMP. See the [README](https://github.com/rightscale/policy_templates/tree/master/operational/vmware/instance_tag_sync) and [docs.rightscale.com/policies](http://docs.rightscale.com/policies/) to learn more.

Compliance Policies

Enterprises typically have multiple compliance requirements but struggle to automate them which leads to downtime as well as resource waste. By having a strong compliance strategy but also ability to quickly automate it provides peace of mind and avoids business interruption.

NameVersionDescription
AWS Disallowed Regions2.2Check for instances that are in a disallowed region with the option to terminate them. See the [README](https://github.com/flexera/policy_templates/tree/master/compliance/aws/disallowed_regions) and [docs.rightscale.com/policies](https://docs.rightscale.com/policies/) to learn more.
AWS EC2 Instances not running FlexNet Inventory Agent2.4Check instances that are not running the FlexNet Inventory Agent. See the [README](https://github.com/flexera/policy_templates/tree/master/compliance/aws/instances_without_fnm_agent) and [docs.rightscale.com/policies](https://docs.rightscale.com/policies/) to learn more.
AWS IAM Role Audit2.1This policy checks to see if the provided roles exist in an account. See the [README](https://github.com/flexera/policy_templates/tree/master/compliance/aws/iam_role_audit) and [docs.rightscale.com/policies](https://docs.rightscale.com/policies/) to learn more.
AWS Long-stopped Instances2.3Check for instances that have been stopped for a long time with the option to terminates them after approval. See the [README](https://github.com/flexera/policy_templates/tree/master/compliance/aws/long_stopped_instances) and [docs.rightscale.com/policies](https://docs.rightscale.com/policies/) to learn more.
AWS Service Control Policy Audit2.1This policy checks to see if the provided service control policy is applied across all accounts in an AWS organization. See the [README](https://github.com/flexera/policy_templates/tree/master/compliance/aws/scp_audit) and [docs.rightscale.com/policies](https://docs.rightscale.com/policies/) to learn more.
AWS Untagged Resources2.2Find all AWS resources missing any of the user provided tags with the option to update the resources with the missing tags. See the [README](https://github.com/flexera/policy_templates/tree/master/compliance/aws/untagged_resources/) and [docs.rightscale.com/policies](https://docs.rightscale.com/policies/) to learn more.
AWS Unused ECS Clusters2.3Report and remediate any ECS clusters that are not currently in use. See the [README](https://github.com/flexera/policy_templates/tree/master/compliance/aws/ecs_unused) and [docs.rightscale.com/policies](http://docs.rightscale.com/policies/) to learn more.
Azure AHUB Utilization with Manual Entry2.3Report when AHUB usage in Azure falls outside or inside the number of licenses specified by the user. See the [README](https://github.com/flexera/policy_templates/tree/master/compliance/azure/ahub_manual) and [docs.rightscale.com/policies](http://docs.rightscale.com/policies/) to learn more.
Azure Disallowed Regions2.4Check for instances that are in a disallowed region with the option to terminate them. See the [README](https://github.com/flexera/policy_templates/tree/master/compliance/azure/azure_disallowed_regions) and [docs.rightscale.com/policies](https://docs.rightscale.com/policies/) to learn more.
Azure Instances not running FlexNet Inventory Agent2.4Check instances that are not running the FlexNet Inventory Agent. See the [README](https://github.com/flexera/policy_templates/tree/master/compliance/azure/instances_without_fnm_agent) and [docs.rightscale.com/policies](https://docs.rightscale.com/policies/) to learn more.
Azure Long Stopped Instances2.4Check for instances that have been stopped for a long time with the option to terminates them after approval. See the [README](https://github.com/flexera/policy_templates/tree/master/compliance/azure/azure_long_stopped_instances) and [docs.rightscale.com/policies](https://docs.rightscale.com/policies/) to learn more.
Azure Policy Audit2.1Check for policies applied to Azure Subscriptions. See the [README](https://github.com/flexera/policy_templates/tree/master/compliance/azure/azure_policy_audit) and [docs.rightscale.com/policies](https://docs.rightscale.com/policies/) to learn more.
Azure Regulatory Compliance2.3This Policy will provide an overview for the various Regulatory Compliance controls and generate an email with the results. See the [README](https://github.com/rightscale/policy_templates/tree/master/compliance/azure/compliance_score) and [docs.rightscale.com/policies](http://docs.rightscale.com/policies/) to learn more.
Azure Subscription Access2.3Lists anyone who has been granted Owner or Contributor access to an Azure subscription. See the [README](https://github.com/flexera/policy_templates/tree/master/compliance/azure/subscription_access) and [docs.rightscale.com/policies](https://docs.rightscale.com/policies/) to learn more.
Azure Tag Resources with Resource Group Name2.1Scan all resources in an Azure Subscription, raise an incident if any resources are not tagged with the name of their Resource Group, and remediate by tagging the resource. See the [README](https://github.com/rightscale/policy_templates/tree/master/compliance/tags/azure_rg_tags) and [docs.rightscale.com/policies](http://docs.rightscale.com/policies/) to learn more.
Azure Untagged Resources2.2Find all Azure resources missing any of the user provided tags with the option to update the resources with the missing tags. See the [README](https://github.com/flexera/policy_templates/tree/master/compliance/azure_untagged_resources) and [docs.rightscale.com/policies](https://docs.rightscale.com/policies/) to learn more.
Billing Center Access Report1.6This policy generates an access report by Billing Center. See the [README](https://github.com/rightscale/policy_templates/tree/master/compliance/billing_center_access_report/) and [docs.rightscale.com/policies](http://docs.rightscale.com/policies/) to learn more.
Disallowed Cloud Images1.3Checks for any running instances that are using disallowed cloud images with the option to Terminate them after approval. See the [README](https://github.com/flexera/policy_templates/tree/master/compliance/disallowed_images) and [docs.rightscale.com/policies](https://docs.rightscale.com/policies/) to learn more.
FlexNet Manager Licenses At Risk2.3Looks up Flexnet Manager Licenses "At Risk" and sends the result as an email. See the [README](https://github.com/flexera/policy_templates/tree/master/compliance/fnms/fnms_licenses_at_risk) and [docs.rightscale.com/policies](https://docs.rightscale.com/policies/) to learn more.
FlexNet Manager Low Available Licenses2.2Looks up Flexnet Manager Licenses and finds all Flexnet Manager Licenses with available count less than user provide percentage, and sends the result as an email. See the [README](https://github.com/flexera/policy_templates/tree/master/compliance/fnms/fnms_low_licenses_available) and [docs.rightscale.com/policies](https://docs.rightscale.com/policies/) to learn more.
GitHub.com Available Seats Report2.2Gets the number of available seats for a licensed GitHub Org and creates an incident if they are out of the policy range. See the [README](https://github.com/flexera/policy_templates/tree/master/compliance/github/available_seats) and [docs.rightscale.com/policies](https://docs.rightscale.com/policies/) to learn more.
GitHub.com Repositories without Admin Team2.2Gets the repositories under a GitHub.com Organization and creates incidents for any that do not have at least 1 Team assigned with `admin` role. See the [README](https://github.com/flexera/policy_templates/tree/master/compliance/github/repository_admin_team) and [docs.rightscale.com/policies](https://docs.rightscale.com/policies/) to learn more.
GitHub.com Repository Branches without Protection2.2Gets the repositories + branches under a GitHub.com Organization and creates incidents for any that do not have protection enabled. See the [README](https://github.com/flexera/policy_templates/tree/master/compliance/github/repository_branch_protection) and [docs.rightscale.com/policies](https://docs.rightscale.com/policies/) to learn more.
GitHub.com Unpermitted Outside Collaborators2.2Gets all the Outside Collaborators (User that have been granted access to a repository, but are not a Member of the repository owner's Organization) under GitHub.com Organization(s) and creates an incident for each that are not included in the specified username whitelist. See the [README](https://github.com/flexera/policy_templates/tree/master/compliance/github/outside_collaborators) and [docs.rightscale.com/policies](https://docs.rightscale.com/policies/) to learn more.
GitHub.com Unpermitted Repository Names2.2Gets the names of all repositories under GitHub.com Organization(s) and creates incidents for any that do not match any of the whitelisted regex strings. See the [README](https://github.com/flexera/policy_templates/tree/master/compliance/github/repository_naming) and [docs.rightscale.com/policies](https://docs.rightscale.com/policies/) to learn more.
GitHub.com Unpermitted Sized Repositories2.2Gets all repositories under GitHub.com Organization(s) and creates incidents for any that were created longer than a specified number of days ago, and are smaller than a specified size. See the [README](https://github.com/flexera/policy_templates/tree/master/compliance/github/repository_size) and [docs.rightscale.com/policies](https://docs.rightscale.com/policies/) to learn more.
GitHub.com Unpermitted Top-Level Teams2.2Gets the top-level / parent Teams for a GitHub.com Org and creates an incident if any do not match the whitelisted values. See the [README](https://github.com/flexera/policy_templates/tree/master/compliance/github/toplevel_teams) and [docs.rightscale.com/policies](https://docs.rightscale.com/policies/) to learn more.
Google Long-stopped instances2.4Report on any google instances that have been stopped for a long time with the option to Terminate them. See the [README](https://github.com/flexera/policy_templates/tree/master/compliance/google/long_stopped_instances) and [docs.rightscale.com/policies](https://docs.rightscale.com/policies/) to learn more.
Google Unlabeled Resources2.2Find all Google Cloud resources(disks, images, instances, snapshots, buckets, vpnGateways), missing any of the user provided labels with the option to update the resources with the missing labels. See the [README](https://github.com/flexera/policy_templates/tree/master/compliance/google/unlabeled_resources) and [docs.rightscale.com/policies](https://docs.rightscale.com/policies/) to learn more.
Unapproved Instance Types1.5Checks for instances that are using instance types that are not in the specified list and stops them after approval. See the [README](https://github.com/flexera/policy_templates/tree/master/compliance/unapproved_instance_types) and [docs.rightscale.com/policies](http://docs.rightscale.com/policies/) to learn more.
Untagged Resources1.13Check resources for missing tags and report on them. See the [README](https://github.com/rightscale/policy_templates/tree/master/compliance/tags/tag_checker) and [docs.rightscale.com/policies](http://docs.rightscale.com/policies/) to learn more.

SaaS Management Policies

As your technology landscape matures, SaaS becomes a larger part of your spend between all of the services used for backoffice and for delivering applications. These policies help you monitor your SaaS tools for cost, compliance, and security purposes.

NameVersionDescription
Office 365 Security Alerts2.2This policy will identify Security Alerts that have been raised in Office 365. Policy Managers can minimize the notifications by choosing to only be alerted by certain severity level(s). See the [README](https://github.com/flexera/policy_templates/tree/master/saas/office365/security_alerts/) and [docs.rightscale.com/policies](https://docs.rightscale.com/policies/) to learn more.
Okta Inactive Users2.2This policy will identify Okta users that have not logged in within a specified number of days and deactivate the users upon approval. See the [README](https://github.com/flexera/policy_templates/tree/master/saas/okta/inactive_users/) and [docs.rightscale.com/policies](https://docs.rightscale.com/policies/) to learn more.
SaaS Manager - Duplicate User Accounts2.2This policy will create an incident when Flexera SaaS Manager identifies duplicate user accounts within a single managed SaaS application. See the [README](https://github.com/flexera/policy_templates/tree/master/saas/fsm/duplicate_users/) and [docs.rightscale.com/policies](https://docs.rightscale.com/policies/) to learn more.
SaaS Manager - Inactive Users by Department2.3This policy will create an incident when Flexera SaaS Manager identifies inactive or never active users for managed applications. See the [README](https://github.com/flexera/policy_templates/tree/master/saas/fsm/inactive_users_by_dept/) and [docs.rightscale.com/policies](https://docs.rightscale.com/policies/) to learn more.
SaaS Manager - Redundant Apps2.3This policy will create an incident when Flexera SaaS Manager identifies application categories with an excessive number of applications. See the [README](https://github.com/flexera/policy_templates/tree/master/saas/fsm/redundant_apps/) and [docs.rightscale.com/policies](https://docs.rightscale.com/policies/) to learn more.
SaaS Manager - Renewal Reminder2.2This policy will create an incident when Flexera SaaS Manager identifies applications whose expiration date is approaching. See the [README](https://github.com/flexera/policy_templates/tree/master/saas/fsm/renewal_reminder/) and [docs.rightscale.com/policies](https://docs.rightscale.com/policies/) to learn more.
SaaS Manager - SaaS App User Report by Category2.1This policy will create an incident when Flexera SaaS Manager identifies users entitled to SaaS apps within a specified department. See the [README](https://github.com/flexera/policy_templates/tree/master/saas/fsm/users_by_category/) and [docs.rightscale.com/policies](https://docs.rightscale.com/policies/) to learn more.
SaaS Manager - Suspicious Users2.2This policy will create an incident when Flexera SaaS Manager identifies suspicious users logging into SaaS applications. See the [README](https://github.com/flexera/policy_templates/tree/master/saas/fsm/suspicious_users/) and [docs.rightscale.com/policies](https://docs.rightscale.com/policies/) to learn more.
SaaS Manager - Unsanctioned Applications with Existing Contract2.2This policy will create an incident when Flexera SaaS Manager identifies unsanctioned SaaS purchases for managed applications under an existing license contract. See the [README](https://github.com/flexera/policy_templates/tree/master/saas/fsm/unsanctioned_apps_with_contract/) and [docs.rightscale.com/policies](https://docs.rightscale.com/policies/) to learn more.
SaaS Manager - Unsanctioned Spend2.3This policy will create an incident when Flexera SaaS Manager identifies unsanctioned spend on SaaS applications. See the [README](https://github.com/flexera/policy_templates/tree/master/saas/fsm/unsanctioned_spend/) and [docs.rightscale.com/policies](https://docs.rightscale.com/policies/) to learn more.
SaaS Manager - User Status Change2.3This policy will create an incident when Flexera SaaS Manager identifies users whose status in the HR roster changes to inactive. See the [README](https://github.com/flexera/policy_templates/tree/master/saas/fsm/user_status_change/) and [docs.rightscale.com/policies](https://docs.rightscale.com/policies/) to learn more.
ServiceNow Inactive Approvers2.1This policy will identify ServiceNow Approvers that have not logged in within a specified number of days. See the [README](https://github.com/rightscale/policy_templates/tree/master/saas/servicenow/inactive_approvers/) and [docs.rightscale.com/policies](http://docs.rightscale.com/policies/) to learn more.