Flexera provides a wide variety of policies that you can apply on Day 1 without much investment. All our policies are open source and can be found in our public git repo.

Interested in policies not listed here? Contact your Account Manager or our sales team, or write your own.

Cost Policies

Increase cost visibility and management in your multi-cloud world and take appropriate actions to run an efficient infrastructure.

NameVersionDescription
AWS Bucket Size Check1.2This Policy Template scans all S3 buckets in the given account and checks if the bucket exceeds a specified byte size
AWS Burstable Instance CloudWatch Utilization1.0Gathers AWS CloudWatch CPU and Burst Credit data for instances on 30 day intervals
AWS Delete Unused Classic Load Balancers1.2Report and remediate any Classic Load Balancers (CLB) that are not currently in use
AWS Expiring Reserved Instances1.6A policy that sends email notifications before AWS Reserved Instances expire
AWS Idle Compute Instances1.2Checks for AWS Compute Instances that are idle for the last 30 days and terminates them after approval
AWS Instance CloudWatch Utilization1.5Gathers AWS CloudWatch data for instances on 30 day intervals
AWS Object Storage Optimization1.0Checks S3 objects for last modified date and moves the object to glacier or glacier deep archive or delete(enable delete action as mentioned in README
AWS Reserved Instances Recommendations1.2A policy that sends email notifications when AWS RI Recommendations are identified
AWS Reserved Instances Utilization1.9A policy that sends email notifications when utilization falls below a threshold
AWS Rightsize RDS Instances1.1Checks for AWS RDS Instances that are inside or outside the CPU threshold for the last 30 days and resizes them after approval
AWS Savings Plan Recommendations1.0A policy that sends email notifications when AWS Savings Plan Recommendations are identified
AWS Unused RDS Instance1.0Check for AWS RDS instances that have no connections and decommissions them after approval
Azure Blob Storage Optimization1.0Checks Azure Blob Storage for last modified date and moves the object to the Cool or Archive tier after user approval [README](https://github
Azure Expiring Reserved Instances1.2A policy that sends email notifications when an Azure Reserved Instance are about to expire
Azure Hybrid Use Benefit for Windows Server1.3Identifies instances eligible for Azure Hybrid Use Benefit
Azure Idle Compute Instances1.0Checks for Azure Compute Instances that are idle for the last 30 days and terminates them after approval
Azure Instances Utilization from Log Analytics1.1Gathers instance utilization data from Azure Log Analytics and tags underutilized instances
Azure Reserved Instances Recommendations1.0A policy that sends email notifications when Azure RI Recommendations are identified
Azure Reserved Instances Utilization1.0A policy that sends email notifications when utilization falls below a threshold
Azure Rightsize SQL Databases1.2Checks Azure SQL databases based on CPU thresholds, and recommend resizing after user approval
Azure Unused SQL Databases1.0Checks Azure unused SQL databases based on DB Connections, and delete them after user approval
Billing Center Cost Anomalies1.1Analyze all Billing Centers for a specified number of days and raise an incident if the percentage of spend (compared to the previous period of the same number of days) has surpassed the defined threshold
Budget Alerts1.4Create a Monthly Budget Alert for a Billing Center or for the entire Organization
Cheaper Regions1.6Specify which regions have cheaper alternatives by specifying the expensive region name and the cheaper region name for analysis
Discover Old Snapshots1.9A policy that sends email and requests deletion when snapshots older then a certain timeframe are found
Downsize Instances1.14A policy that downsizes instances
Google Committed Use Discount (CUD)1.2A policy that sends email notifications for all Google CUD's
Google Expiring Committed Use Discount (CUD)1.1A policy that sends email notifications when Google CUD's are about to expire
Google Idle Compute Instances1.1Checks for Google Compute instances that are idle for the last 30 days and terminates them after approval
Google Instances StackDriver Utilization1.2Gathers Google StackDriver utilization for instances on 30 day intervals
Google Object Storage Optimization1.0Checks Google Storage objects for last updated time and moves the object to 'nearline' or 'coldline' or delete(enable delete action as mentioned in README
Google Rightsize CloudSQL Instances1.1Checks Google CloudSQL instances based on provided CPU threshold and Resize them after approval
Google Unused CloudSQL Instances1.0Checks for unused Google Cloud SQL instances using DB connections over 30 day period
Google Unutilized IP Addresses1.1Checks Google for Unutilized IP Addresses and deletes them
Inefficient Instance Utilization using RightLink1.12This policy checks Flexera CMP for inefficient instance utilization using
Inefficient Instance Utilization using RightLink Add Tags1.3A policy that checks cooldown time tag that the Instance
Low Account Usage1.3Analyze all account usage and determines recommend consolidation or deletion
Low Service Usage1.3Analyze all service usage and determines recommend consolidation or deletion
Monthly Actual v. Budgeted Spend Report1.1This policy allows you to set up scheduled reports that will provide monthly actual v
New Service Usage1.0Analyze bill for new service usage and notify
Reserved Instance Report by Billing Center1.1This policy generates a Reserved Instances report by Billing Center
Reserved Instances Coverage1.2A policy that sends email notifications on reserved instance coverage
Running Instance Count Anomaly1.0Report when the percentage of running instances increases or decreases beyond a specified threshold
Schedule Instances1.6A policy that start and stops instances based on a schedule
Scheduled Report1.8This policy allows you to set up scheduled reports that will provide summaries of cloud cost across all resources in the billing centers you specify, delivered to any email addresses you specify
Superseded Instance Remediation1.1This Policy Template is used to automatically supersede instances based on user-defined standards
Superseded Instances1.4This Policy Template is used to automatically resize instances based on user-defined standards
Terminate Instances with End Date1.3This Policy Template is used to terminate instances based on tag
Unattached IP Addresses1.1Checks for Unattached IP Addresses and deletes them with approval
Unattached Volumes1.9Finds unattached volumes older than specified number of days and, optionally, deletes them

Security Policies

Gain visibility and control across all your public and/or private cloud environments with our security policies. Improve security across your applications, data, and associated infrastructure by finding security vulnerabilities before your customers do.

NameVersionDescription
AWS Internet-facing ELBs & ALBs1.1Report and remediate any Classic Load Balancers(ELBs) and Application load Balancers(ALBs) that are Internet-facing
AWS Open Buckets1.9Checks for buckets that are open to everyone
AWS Publicly Accessible RDS Instances1.1Report and remediate any Relational Database Service (RDS) instances that are publicly accessible
AWS S3 Buckets without Server Access Logging1.2Checks for buckets that do not have server_access_logging enabled
AWS Unencrypted ELB Listeners (ALB/NLB)1.0Report any AWS App/Network Load Balancers w/Internet-facing Unencrypted Listeners
AWS Unencrypted ELB Listeners (CLB)1.0Report any AWS Classic Load Balancers w/Internet-facing Unencrypted Listeners
AWS Unencrypted RDS Instances1.1Report any Relational Database Service (RDS) instances that are unencrypted
AWS Unencrypted S3 Buckets1.0Report any S3 buckets in AWS that are unencrypted and provide the option to set the default encryption after approval
AWS Unencrypted Volumes1.1Report any Elastic Block Store (EBS) volumes in AWS that are unencrypted
Azure Publicly Accessible Managed SQL Instance1.2Report and remediate any Azure SQL Managed instances that are publicly accessible
Google Open Buckets1.3Checks for buckets that are open to the public
Security Group Rules with ports open to the world1.1A policy that sends email notifications when a security group has ports open to the world
Security Group Rules without Descriptions1.7A policy that sends email notifications when a security group has no description
Security Group with High Open Ports1.4A policy that sends email notifications when a security group has unapproved open ports
Security Groups with ICMP Enabled1.5A policy that sends email notifications a security group has icmp enabled

Operational Policies

Save valuable human time and investment by automating everyday IT operations. Running an automated and efficient cloud infrastructure frees up expensive resources on high ROI projects like scaling, growth, and deliver value faster than anyone else.

NameVersionDescription
AWS Cloud Credentials Rotation1.6Updates the IAM user keys used to connect RightScale to an AWS account
AWS Instance Scheduled Events1.0Report on any AWS scheduled event that will impact instance availability
AWS RDS Backup Settings1.2Checks for RDS Instances that have unapproved backup settings
AWS Subnet Name Tag Sync1.3Ensures a Subnet name in Cloud Management reflect the value of the Subnet name tag in AWS
AWS VPC Name Tag Sync1.3Ensures a Network name in Cloud Management reflects the value of the Network name tag in AWS
Application Migration Recommendations1.0This Policy Template will analyze RISC CloudScape data and will generate recommendations for migrating application stacks to the most cost effective cloud providers & regions
Azure Migrate Integration1.0This Policy will collect the resources from a RISC Foundations assessment and seed Azure Migrate with the discovered servers
Azure VMs Not Using Managed Disks1.2Report any VMs that are not using managed disks in Azure
NetFlow Top Talkers1.0This Policy Template will analyze RISC Foundations NetFlow data and will leverage these traffic patterns to identify the top communication routes from each application stack to external dependencies
No Recent Snapshots1.5Policy to check for snaphots between now and a certain numer of days
Policy Template Synchronization1.7A policy to manage policy template
Schedule FlexNet Manager report1.4Schedule a FlexNet Manager report (Custom view) and send it as a email to one or more recipients
Stranded Servers1.1Report and remediate any Servers that are stranded in booting
VMWare Instance Tag Sync1.1Adds tags to vmware instances from CMP

Compliance Policies

Enterprises typically have multiple compliance requirements but struggle to automate them which leads to downtime as well as resource waste. By having a strong compliance strategy but also ability to quickly automate it provides peace of mind and avoids business interruption.

NameVersionDescription
AWS Disallowed Regions1.0Report on any instances that are in a disallowed region with the option to Terminate them
AWS EC2 Instances not running FlexNet Inventory Agent1.0Check AWS EC2 instances that are not running the FlexNet Inventory Agent
AWS Long-stopped Instances1.0Report on any instances that have been stopped for a long time with the option to Terminate them
AWS Unused ECS Clusters1.2Report and remediate any ECS clusters that are not currently in use
Azure AHUB Utilization with Manual Entry1.1Report when AHUB usage in Azure falls outside or inside the number of licenses specified by the user
Azure Disallowed Regions1.2A policy that discovers all Azure resources that have been provisioned in unapproved regions and optionally deletes them
Azure Instances not running FlexNet Inventory Agent1.0Check Azure instances that are not running the FlexNet Inventory Agent
Azure Long Stopped Instances1.3Checks for Azure instances that have been stopped for more than a specified period of time with the option to Terminate them after approval
Azure Regulatory Compliance1.0This Policy will provide an overview for the various Regulatory Compliance controls and generate an email with the results
Azure Subscription Access1.3Lists anyone who has been granted Owner or Contributor access to an Azure subscription
Azure: Tag Resources with Resource Group Name1.3Scan all resources in an Azure Subscription, raise an incident if any resources are not tagged with the name of their Resource Group, and remediate by tagging the resource
Billing Center Access Report1.3This policy generates an access report by Billing Center
FlexNet Manager Licenses At Risk1.0Looks up Flexnet Manager Licenses \"At Risk\" and sends the result as an email
GitHub.com Available Seats Report1.5Gets the number of available seats for a licensed GitHub Org and creates an incident if they are out of the policy range
GitHub.com Repositories without Admin Team1.2Gets the repositories under a GitHub
GitHub.com Repository Branches without Protection1.2Gets the repositories + branches under a GitHub
GitHub.com Unpermitted Outside Collaborators1.1Gets all the Outside Collaborators (User that have been granted access to a repository, but are not a Member of the repository owner's Organization) under GitHub
GitHub.com Unpermitted Repository Names1.1Gets the names of all repositories under GitHub
GitHub.com Unpermitted Sized Repositories1.2Gets all repositories under GitHub
GitHub.com Unpermitted Top-Level Teams1.1Gets the top-level / parent Teams for a GitHub
Google Long-stopped instances1.0Report on any google instances that have been stopped for a long time with the option to Terminate them
Unapproved Instance Types1.2Checks for instances that are using instance types that are not in the specified list and stops them after approval
Untagged Resources1.9Check resources for missing tags and report on them

SaaS Management Policies

As your technology landscape matures, SaaS becomes a larger part of your spend between all of the services used for backoffice and for delivering applications. These policies help you monitor your SaaS tools for cost, compliance, and security purposes.

NameVersionDescription
Okta Inactive Users1.2This policy will identify Okta users that have not logged in within a specified number of days and deactivate the users upon approval