Flexera provides a wide variety of policies that you can apply on Day 1 without much investment. All our policies are open source and can be found in our public git repo.

Interested in policies not listed here? Contact your Account Manager or our sales team, or write your own.

Cost Policies

Increase cost visibility and management in your multi-cloud world and take appropriate actions to run an efficient infrastructure.

NameVersionDescription
AWS Bucket Size Check2.1This Policy Template scans all S3 buckets in the given account and checks if the bucket exceeds a specified byte size. See the [README](https://github.com/flexera/policy_templates/tree/master/cost/aws/s3_bucket_size) and [docs.rightscale.com/policies] (https://docs.rightscale.com/policies/) to learn more.
AWS Burstable Instance CloudWatch Utilization2.1Gathers AWS CloudWatch CPU and Burst Credit data for instances on 30 day intervals. See the [README](https://github.com/flexera/policy_templates/tree/master/cost/aws/burstable_instance_cloudwatch_credit_utilization/) and [docs.rightscale.com/policies](https://docs.rightscale.com/policies/) to learn more.
AWS Delete Unused Classic Load Balancers2.1Report and remediate any Classic Load Balancers (CLB) that are not currently in use. See the [README](https://github.com/flexera/policy_templates/tree/master/cost/aws/elb/clb_unused) and [docs.rightscale.com/policies](https://docs.rightscale.com/policies/) to learn more.
AWS Expiring Reserved Instances1.8A policy that sends email notifications before AWS Reserved Instances expire. See the [README](https://github.com/rightscale/policy_templates/tree/master/cost/aws/reserved_instances/expiration) and [docs.rightscale.com/policies](http://docs.rightscale.com/policies/) to learn more.
AWS Idle Compute Instances2.2Check for instances that are idle for the last 30 days and terminates them after approval. See the [README](https://github.com/flexera/policy_templates/tree/master/cost/aws/idle_compute_instances/) and [docs.rightscale.com/policies](https://docs.rightscale.com/policies/) to learn more.
AWS Inefficient Instance Utilization using CloudWatch2.2Checks inefficient instance utilization using provided CPU and Memory thresholds. Instances matching the criteria can be resized after user approval. See the [README](https://github.com/flexera/policy_templates/tree/master/cost/aws/instance_cloudwatch_utilization/) and [docs.rightscale.com/policies](https://docs.rightscale.com/policies/) to learn more.
AWS Object Storage Optimization2.1Check for object store items for last modified date and moves the object to cool or cold archive tiers after user approval. [README](https://github.com/flexera/policy_templates/tree/master/cost/aws/object_storage_optimization) and [docs.rightscale.com/policies](https://docs.rightscale.com/policies/) to learn more.
AWS Old Snapshots2.1Checks for snapshots older than specified number of days and, optionally, deletes them. See the [README](https://github.com/flexera/policy_templates/tree/master/cost/aws/old_snapshots) and [docs.rightscale.com/policies](https://docs.rightscale.com/policies/) to learn more.
AWS RDS Instances2.0Collects all RDS instances in an account. See the [README](https://github.com/flexera/policy_templates/tree/master/cost/aws/rds_instance_license_info/) and [docs.rightscale.com/policies](https://docs.rightscale.com/policies/) to learn more.
AWS Reserved Instances Recommendations2.0A policy that sends email notifications when AWS RI Recommendations are identified. NOTE: These RI Purchase Recommendations are generated by AWS. See the [README](https://github.com/flexera/policy_templates/tree/master/cost/aws/reserved_instances/recommendations) and [docs.rightscale.com/policies](https://docs.rightscale.com/policies/) to learn more.
AWS Reserved Instances Utilization1.11A policy that sends email notifications when utilization falls below a threshold. See the [README](https://github.com/rightscale/policy_templates/tree/master/cost/aws/reserved_instances/utilization) and [docs.rightscale.com/policies](http://docs.rightscale.com/policies/) to learn more.
AWS Rightsize RDS Instances2.1Check for Inefficient database services that are inside or outside the CPU threshold for the last 30 days and resizes them after approval. See the [README](https://github.com/flexera/policy_templates/tree/master/cost/aws/rds_instance_cloudwatch_utilization/) and [docs.rightscale.com/policies](https://docs.rightscale.com/policies/) to learn more.
AWS Savings Plan Recommendations2.1A policy that sends email notifications when AWS Savings Plan Recommendations are identified. NOTE: These Recommendations are generated by AWS. See the [README](https://github.com/flexera/policy_templates/tree/master/cost/aws/savings_plan/recommendations) and [docs.rightscale.com/policies](https://docs.rightscale.com/policies/) to learn more.
AWS Unused RDS Instance2.1Check for database services that have no connections and decommissions them after approval. See the [README](https://github.com/flexera/policy_templates/tree/master/cost/aws/unused_rds) and [docs.rightscale.com/policies](https://docs.rightscale.com/policies/) to learn more.
AWS Unused Volumes2.3Checks for unused volumes and if no read/write operations performed within a specified number of days and, optionally, deletes them. See the [README](https://github.com/flexera/policy_templates/tree/master/cost/aws/unused_volumes) and [docs.rightscale.com/policies](https://docs.rightscale.com/policies/) to learn more.
Azure Blob Storage Optimization2.1Checks Azure Blob Storage for last modified date and moves the object to the Cool or Archive tier after user approval [README](https://github.com/flexera/policy_templates/tree/master/cost/azure/object_storage_optimization) and [docs.rightscale.com/policies](https://docs.rightscale.com/policies/) to learn more.
Azure Expiring Reserved Instances1.3A policy that sends email notifications when an Azure Reserved Instance are about to expire. See the [README](https://github.com/rightscale/policy_templates/tree/master/cost/azure/reserved_instances/expiration) and [docs.rightscale.com/policies](http://docs.rightscale.com/policies/) to learn more.
Azure Hybrid Use Benefit for Windows Server2.1Identifies instances eligible for Azure Hybrid Use Benefit. See the [README](https://github.com/rightscale/policy_templates/tree/master/cost/azure/hybrid_use_benefit) and [docs.rightscale.com/policies](http://docs.rightscale.com/policies/) to learn more.
Azure Idle Compute Instances2.2Checks for instances that are idle for the last 30 days and terminates them after approval.  See the [README](https://github.com/flexera/policy_templates/tree/master/cost/azure/idle_compute_instances/) and [docs.rightscale.com/policies](https://docs.rightscale.com/policies/) to learn more.
Azure Inefficient Instance Utilization using Log Analytics2.3This checks inefficient instance utilization using provided CPU and Memory thresholds. Instances matching the criteria can be resized after user approval. See the [README](https://github.com/flexera/policy_templates/tree/master/cost/azure/instances_log_analitics_utilization) and [docs.rightscale.com/policies](https://docs.rightscale.com/policies/) to learn more.
Azure Old Snapshots2.2Checks for snapshots older than specified number of days and, optionally, deletes them. See the [README](https://github.com/flexera/policy_templates/tree/master/cost/azure/old_snapshots) and [docs.rightscale.com/policies](https://docs.rightscale.com/policies/) to learn more.
Azure Reserved Instances Recommendations2.0A policy that sends email notifications when Azure RI Recommendations are identified. NOTE: These RI Purchase Recommendations are generated by Microsoft Azure. See the [README](https://github.com/flexera/policy_templates/tree/master/cost/azure/reserved_instances/recommendations) and [docs.rightscale.com/policies](https://docs.rightscale.com/policies/) to learn more.
Azure Reserved Instances Utilization2.0A policy that sends email notifications when utilization falls below a threshold. See the [README](https://github.com/flexera/policy_templates/tree/master/cost/azure/reserved_instances/utilization) and [docs.rightscale.com/policies](https://docs.rightscale.com/policies/) to learn more.
Azure Rightsize SQL Databases2.2Check for Inefficient database services that are inside or outside the CPU threshold for the last 30 days and resizes them after approval. See the [README](https://github.com/flexera/policy_templates/tree/master/cost/azure/rightsize_sql_instances/) and [docs.rightscale.com/policies](https://docs.rightscale.com/policies/) to learn more.
Azure Unused SQL Databases2.1Check for database services that have no connections and decommissions them after approval. See the [README](https://github.com/flexera/policy_templates/tree/master/cost/azure/unused_sql_databases/) and [docs.rightscale.com/policies](https://docs.rightscale.com/policies/) to learn more.
Azure Unused Volumes2.0Checks for unused volumes older than specified number of days and, optionally, deletes them. See the [README](https://github.com/flexera/policy_templates/tree/master/cost/azure/unattached_volumes) and [docs.rightscale.com/policies](https://docs.rightscale.com/policies/) to learn more.
Billing Center Cost Anomalies1.5Analyze all Billing Centers for a specified number of days and raise an incident if the percentage of spend (compared to the previous period of the same number of days) has surpassed the defined threshold. See the [README](https://github.com/rightscale/policy_templates/tree/master/cost/billing_center_cost_anomaly/) and [docs.rightscale.com/policies](http://docs.rightscale.com/policies/) to learn more.
Budget Alerts1.11Create a Monthly Budget Alert for a Billing Center or for the entire Organization. See the [README](https://github.com/flexera/policy_templates/tree/master/cost/budget_alerts/) and [docs.rightscale.com/policies](https://docs.rightscale.com/policies/) to learn more.
Cheaper Regions1.8Specify which regions have cheaper alternatives by specifying the expensive region name and the cheaper region name for analysis. See the [README](https://github.com/rightscale/policy_templates/tree/master/cost/cheaper_regions/) and [docs.rightscale.com/policies](http://docs.rightscale.com/policies/) to learn more.
Discover Old Snapshots1.11A policy that sends email and requests deletion when snapshots older then a certain timeframe are found. See the [README](https://github.com/rightscale/policy_templates/tree/master/cost/volumes/old_snapshots) and [docs.rightscale.com/policies](http://docs.rightscale.com/policies/) to learn more.
Downsize Instances1.16A policy that downsizes instances. See the [README](https://github.com/rightscale/policy_templates/tree/master/cost/downsize_instance) and [docs.rightscale.com/policies](http://docs.rightscale.com/policies/) to learn more.
Google Committed Use Discount (CUD)2.2A policy that sends email notifications for all Google CUD's. See the [README](https://github.com/flexera/policy_templates/tree/master/cost/google/cud_report) and [docs.rightscale.com/policies](https://docs.rightscale.com/policies/) to learn more
Google Expiring Committed Use Discount (CUD)2.2A policy that sends email notifications when Google CUD's are about to expire. See the [README](https://github.com/flexera/policy_templates/tree/master/cost/google/cud_expiration) and [docs.rightscale.com/policies](https://docs.rightscale.com/policies/) to learn more
Google Idle Compute Instances2.3Checks for Google Compute instances that are idle for the last 30 days and terminates them after approval.. See the [README](https://github.com/flexera/policy_templates/tree/master/cost/google/idle_compute_instances/) and [docs.rightscale.com/policies](https://docs.rightscale.com/policies/) to learn more.
Google Inefficient Instance Utilization using StackDriver2.4This checks inefficient instance utilization using provided CPU and Memory thresholds. Instances matching the criteria can be resized after user approval. See the [README](https://github.com/flexera/policy_templates/tree/master/cost/google/instances_stackdriver_utilization/) and [docs.rightscale.com/policies](https://docs.rightscale.com/policies/) to learn more.
Google Object Storage Optimization2.2Checks Google Storage objects for last updated time and moves the object to 'nearline' or 'coldline' or delete(enable delete action as mentioned in README.md) after user approval [README](https://github.com/flexera/policy_templates/tree/master/cost/google/object_storage_optimization) and [docs.rightscale.com/policies](https://docs.rightscale.com/policies/) to learn more.
Google Old Snapshots2.2Checks for snapshots older than specified number of days and, optionally, deletes them. See the [README](https://github.com/flexera/policy_templates/tree/master/cost/google/old_snapshots) and [docs.rightscale.com/policies](https://docs.rightscale.com/policies/) to learn more.
Google Rightsize CloudSQL Instances2.2Checks Google CloudSQL instances based on provided CPU threshold and Resize them after approval. See the [README](https://github.com/flexera/policy_templates/tree/master/cost/google/cloudsql_rightsizing/) and [docs.rightscale.com/policies](https://docs.rightscale.com/policies/) to learn more.
Google Unused CloudSQL Instances2.2Checks for unused Google Cloud SQL instances using DB connections over 30 day period. See the [README](https://github.com/flexera/policy_templates/tree/master/cost/google/unused_cloudsql_instances/) and [docs.rightscale.com/policies](https://docs.rightscale.com/policies/) to learn more.
Google Unused Volumes2.4Checks for unattached volumes older than specified number of days and, optionally, deletes them. See the [README](https://github.com/flexera/policy_templates/tree/master/cost/google/unattached_volumes) and [docs.rightscale.com/policies](https://docs.rightscale.com/policies/) to learn more.
Google Unutilized IP Addresses2.3Checks Google for Unutilized IP Addresses and deletes them. See the [README](https://github.com/flexera/policy_templates/tree/master/cost/google/unutilized_ip_addresses/) and [docs.rightscale.com/policies](https://docs.rightscale.com/policies/) to learn more.
Inefficient Instance Utilization using RightLink1.14This checks inefficient instance utilization using the provided CPU and Memory thresholds. Instances matching the criteria can be resized after user approval. See the [README](https://github.com/flexera/policy_templates/tree/master/cost/rightlink_rightsize) and [docs.rightscale.com/policies](https://docs.rightscale.com/policies/) to learn more.
Inefficient Instance Utilization using RightLink Add Tags1.4A policy that checks cooldown time tag that the Instance Utilization policy sets and if time has expired, it will add back the tag to allow the instance to be resized. See the [README](https://github.com/flexera/policy_templates/tree/master/cost/rightlink_rightsize) and [docs.rightscale.com/policies](https://docs.rightscale.com/policies/) to learn more.
Low Account Usage1.3Analyze all account usage and determines recommend consolidation or deletion. See the [README](https://github.com/rightscale/policy_templates/tree/master/cost/low_account_usage/) and [docs.rightscale.com/policies](http://docs.rightscale.com/policies/) to learn more.
Low Service Usage1.3Analyze all service usage and determines recommend consolidation or deletion. See the [README](https://github.com/rightscale/policy_templates/tree/master/cost/low_service_usage/) and [docs.rightscale.com/policies](http://docs.rightscale.com/policies/) to learn more.
Monthly Actual v. Budgeted Spend Report1.1This policy allows you to set up scheduled reports that will provide monthly actual v. budgeted cloud cost across all resources in the Billing Center(s) you specify, delivered to any email addresses you specify. See the [README](https://github.com/rightscale/policy_templates/tree/master/cost/budget_v_actual) and [docs.rightscale.com/policies](http://docs.rightscale.com/policies/) to learn more.
New Service Usage1.0Analyze bill for new service usage and notify. See the [README](https://github.com/rightscale/policy_templates/tree/master/cost/new_service_alert/) and [docs.rightscale.com/policies](http://docs.rightscale.com/policies/) to learn more.
Reserved Instance Report by Billing Center1.3This policy generates a Reserved Instances report by Billing Center. See the [README](https://github.com/rightscale/policy_templates/tree/master/cost/aws/reserved_instances/report_by_bc) and [docs.rightscale.com/policies](http://docs.rightscale.com/policies/) to learn more.
Reserved Instances Coverage2.1A policy that sends email notifications on reserved instance coverage. See the [README](https://github.com/flexera/policy_templates/tree/master/cost/aws/reserved_instances/coverage) and [docs.rightscale.com/policies](https://docs.rightscale.com/policies/) to learn more.
Running Instance Count Anomaly1.2Report when the percentage of running instances increases or decreases beyond a specified threshold. See the [README](https://github.com/flexera/policy_templates/tree/master/cost/instance_anomaly) and [docs.rightscale.com/policies](https://docs.rightscale.com/policies/) to learn more.
Schedule Instances1.8A policy that start and stops instances based on a schedule. See [README](https://github.com/rightscale/policy_templates/tree/master/cost/schedule_instances) for more details
Scheduled Report1.21This policy allows you to set up scheduled reports that will provide summaries of cloud cost across all resources in the billing centers you specify, delivered to any email addresses you specify. The policy will report the following: Chart of the selected Date Range and Billing Term of utilization based on [category](https://docs.rightscale.com/optima/reference/rightscale_dimensions.html#category). Daily average cost across the last week and last month. Total cost during previous full week (Monday-Sunday) and previous full month. Total cost during current (incomplete) week and month. We recommend running this policy on a weekly or monthly cadence. _Note 1: The last 3 days of data in the current week or month will contain incomplete data._ _Note 2: The account you apply the policy to is unimportant as Optima metrics are scoped to the Org._ See [README](https://github.com/flexera/policy_templates/tree/master/cost/scheduled_reports) for more details
Superseded Instance Remediation1.2This Policy Template is used to automatically supersede instances based on user-defined standards. See the [README](https://github.com/rightscale/policy_templates/tree/master/cost/superseded_instance_remediation/) and [docs.rightscale.com/policies](http://docs.rightscale.com/policies/) to learn more.
Superseded Instances1.6This Policy Template is used to automatically resize instances based on user-defined standards. See the [README](https://github.com/rightscale/policy_templates/tree/master/cost/superseded_instance) and [docs.rightscale.com/policies](http://docs.rightscale.com/policies/) to learn more.
Terminate Instances with End Date1.4This Policy Template is used to terminate instances based on tag. See the [README](https://github.com/rightscale/policy_templates/tree/master/cost/terminate_policy/) and [docs.rightscale.com/policies](http://docs.rightscale.com/policies/) to learn more.
Unattached IP Addresses1.4Checks Unutilized IP Addresses and deletes them with approval. See the [README](https://github.com/flexera/policy_templates/tree/master/cost/unattached_addresses) and [docs.rightscale.com/policies](https://docs.rightscale.com/policies/) to learn more.
Unattached Volumes1.12Checks for unattached volumes older than specified number of days and, optionally, deletes them. See the [README](https://github.com/flexera/policy_templates/tree/master/cost/volumes/unattached_volumes) and [docs.rightscale.com/policies](https://docs.rightscale.com/policies/) to learn more.

Security Policies

Gain visibility and control across all your public and/or private cloud environments with our security policies. Improve security across your applications, data, and associated infrastructure by finding security vulnerabilities before your customers do.

NameVersionDescription
AWS Internet-facing ELBs & ALBs2.1Report and remediate any Classic Load Balancers(ELBs) and Application load Balancers(ALBs) that are Internet-facing. See the [README](https://github.com/flexera/policy_templates/tree/master/security/aws/loadbalancer_internet_facing) and [docs.rightscale.com/policies](https://docs.rightscale.com/policies/) to learn more.
AWS Open Buckets2.1Check for buckets that are open to everyone. See the [README](https://github.com/flexera/policy_templates/tree/master/security/storage/aws/public_buckets) and [docs.rightscale.com/policies](https://docs.rightscale.com/policies/) to learn more.
AWS Publicly Accessible RDS Instances2.1Check for database services that are publicly accessible and terminate them after approval. See the [README](https://github.com/flexera/policy_templates/tree/master/security/aws/rds_publicly_accessible) and [docs.rightscale.com/policies](https://docs.rightscale.com/policies/) to learn more.
AWS S3 Buckets without Server Access Logging2.0Checks for buckets that do not have server_access_logging enabled. See the [README](https://github.com/flexera/policy_templates/tree/master/security/storage/aws/s3_buckets_without_server_access_logging) and [docs.rightscale.com/policies](https://docs.rightscale.com/policies/) to learn more.
AWS Unencrypted ELB Listeners (ALB/NLB)2.1Report any AWS App/Network Load Balancers w/Internet-facing Unencrypted Listeners. See the [README](https://github.com/rightscale/policy_templates/tree/master/security/aws/elb_unencrypted) and [docs.rightscale.com/policies](http://docs.rightscale.com/policies/) to learn more.
AWS Unencrypted ELB Listeners (CLB)2.1Report any AWS Classic Load Balancers w/Internet-facing Unencrypted Listeners. See the [README](https://github.com/flexera/policy_templates/tree/master/security/aws/clb_unencrypted) and [docs.rightscale.com/policies](https://docs.rightscale.com/policies/) to learn more.
AWS Unencrypted RDS Instances2.1Report any Relational Database Service (RDS) instances that are unencrypted. See the [README](https://github.com/rightscale/policy_templates/tree/master/security/aws/rds_unencrypted) and [docs.rightscale.com/policies](http://docs.rightscale.com/policies/) to learn more.
AWS Unencrypted S3 Buckets2.1Report any S3 buckets in AWS that are unencrypted and provide the option to set the default encryption after approval. See the [README](https://github.com/flexera/policy_templates/tree/master/security/aws/unencrypted_s3_buckets) and [docs.rightscale.com/policies](https://docs.rightscale.com/policies/) to learn more.
AWS Unencrypted Volumes2.1Report any Elastic Block Store (EBS) volumes in AWS that are unencrypted. See the [README](https://github.com/rightscale/policy_templates/tree/master/security/aws/ebs_unencrypted_volumes) and [docs.rightscale.com/policies](http://docs.rightscale.com/policies/) to learn more.
Azure Publicly Accessible Managed SQL Instance2.1Check for database services that are publicly accessible and terminate them after approval. See the [README](https://github.com/flexera/policy_templates/tree/master/security/azure/sql_publicly_accessible_managed_instance) and [docs.rightscale.com/policies](https://docs.rightscale.com/policies/) to learn more.
Google Open Buckets2.1Checks for buckets that are open to the public. See the [README](https://github.com/flexera/policy_templates/tree/master/security/storage/google/public_buckets) and [docs.rightscale.com/policies](https://docs.rightscale.com/policies/) to learn more.
Security Group Rules with ports open to the world1.2A policy that sends email notifications when a security group has ports open to the world. See the [README](https://github.com/rightscale/policy_templates/tree/master/security/security_groups/world_open_ports) and [docs.rightscale.com/policies](http://docs.rightscale.com/policies/) to learn more.
Security Group Rules without Descriptions1.8A policy that sends email notifications when a security group has no description. See the [README](https://github.com/rightscale/policy_templates/tree/master/security/security_groups/rules_without_descriptions) and [docs.rightscale.com/policies](http://docs.rightscale.com/policies/) to learn more.
Security Group with High Open Ports1.5A policy that sends email notifications when a security group has unapproved open ports. See the [README](https://github.com/rightscale/policy_templates/tree/master/security/security_groups/high_open_ports) and [docs.rightscale.com/policies](http://docs.rightscale.com/policies/) to learn more.
Security Groups with ICMP Enabled1.6A policy that sends email notifications a security group has icmp enabled. See the [README](https://github.com/rightscale/policy_templates/tree/master/security/security_groups/icmp_enabled) and [docs.rightscale.com/policies](http://docs.rightscale.com/policies/) to learn more.

Operational Policies

Save valuable human time and investment by automating everyday IT operations. Running an automated and efficient cloud infrastructure frees up expensive resources on high ROI projects like scaling, growth, and deliver value faster than anyone else.

NameVersionDescription
AWS Cloud Credentials Rotation1.7Updates the IAM user keys used to connect the Flexera CMP to an AWS account. See the [README](https://github.com/flexera/policy_templates/tree/master/operational/cloud_credentials/aws) and [docs.rightscale.com/policies](https://docs.rightscale.com/policies/) to learn more.
AWS Instance Scheduled Events2.0Report on any AWS scheduled event that will impact instance availability. See the [README](https://github.com/rightscale/policy_templates/tree/master/operational/aws/instance_scheduled_events) and [docs.rightscale.com/policies](http://docs.rightscale.com/policies/) to learn more.
AWS Long Running Instances2.1Checks for running instances that have been running longer than the `Days Old` parameter. See the [README](https://github.com/flexera/policy_templates/tree/master/operational/aws/long_running_instances/) and [docs.rightscale.com/policies](https://docs.rightscale.com/policies/) to learn more.
AWS RDS Backup Settings2.0Checks for RDS Instances that have unapproved backup settings. See the [README](https://github.com/flexera/policy_templates/tree/master/operational/dbaas/aws/rds_backup) and [docs.rightscale.com/policies](https://docs.rightscale.com/policies/) to learn more.
AWS Subnet Name Tag Sync2.0Ensures a Subnet name in Cloud Management reflect the value of the Subnet name tag in AWS. See the [README](https://github.com/rightscale/policy_templates/tree/master/operational/aws/subnet_name_sync) and [docs.rightscale.com/policies](http://docs.rightscale.com/policies/) to learn more.
AWS VPC Name Tag Sync2.0Ensures a Network name in Cloud Management reflects the value of the Network name tag in AWS. See the [README](https://github.com/rightscale/policy_templates/tree/master/operational/aws/vpc_name_sync) and [docs.rightscale.com/policies](http://docs.rightscale.com/policies/) to learn more.
Application Migration Recommendations1.2This Policy Template will analyze RISC CloudScape data and will generate recommendations for migrating application stacks to the most cost effective for each cloud providers & regions. See the [README](https://github.com/flexera/policy_templates/tree/master/operational/compute_instance_migration) and [docs.rightscale.com/policies](https://docs.rightscale.com/policies/) to learn more.
Azure Migrate Integration1.0This Policy will collect the resources from a RISC Foundations assessment and seed Azure Migrate with the discovered servers. See the [README](https://github.com/rightscale/policy_templates/tree/master/operational/azure/azure_migrate) and [docs.rightscale.com/policies](http://docs.rightscale.com/policies/) to learn more.
Azure VMs Not Using Managed Disks2.1Report any VMs that are not using managed disks in Azure. See the [README](https://github.com/rightscale/policy_templates/tree/master/operational/azure/vms_without_managed_disks) and [docs.rightscale.com/policies](http://docs.rightscale.com/policies/) to learn more.
AzureAD Group Sync2.0Synchronizes AzureAD Groups to Flexera Governance Groups. See the [README](https://github.com/flexera/policy_templates/tree/master/operational/azure/azuread_group_sync) and [docs.rightscale.com/policies](https://docs.rightscale.com/policies/) to learn more.
NetFlow Top Talkers1.1This Policy Template will analyze RISC Foundations NetFlow data and will leverage these traffic patterns to identify the top communication routes from each application stack to external dependencies. See the [README](https://github.com/rightscale/policy_templates/tree/master/operational/network_flow) and [docs.rightscale.com/policies](http://docs.rightscale.com/policies/) to learn more.
No Recent Snapshots1.6Policy to check for snaphots between now and a certain numer of days. See the [README](https://github.com/rightscale/policy_templates/blob/master/operational/snapshots/) for details and example.
Schedule FlexNet Manager Report - Cloud2.0Schedule a FlexNet Manager report (Custom view) and send it as a email to one or more recipients. See the [README](https://github.com/flexera/policy_templates/tree/master/operational/fnms/schedule_fnms_reports) and [docs.rightscale.com/policies](https://docs.rightscale.com/policies/) to learn more.
Schedule FlexNet Manager report - On Premise2.0Schedule a FlexNet Manager report (Custom view) and send it as a email to one or more recipients. See the [README](https://github.com/flexera/policy_templates/tree/master/operational/fnms/schedule_fnms_reports_on_premise) and [docs.rightscale.com/policies](https://docs.rightscale.com/policies/) to learn more.
Stranded Servers1.2Report and remediate any Servers that are stranded in booting. See the [README](https://github.com/rightscale/policy_templates/tree/master/operational/stranded_servers) and [docs.rightscale.com/policies](http://docs.rightscale.com/policies/) to learn more.
VMWare Instance Tag Sync1.1Adds tags to vmware instances from CMP. See the [README](https://github.com/rightscale/policy_templates/tree/master/operational/vmware/instance_tag_sync) and [docs.rightscale.com/policies](http://docs.rightscale.com/policies/) to learn more.

Compliance Policies

Enterprises typically have multiple compliance requirements but struggle to automate them which leads to downtime as well as resource waste. By having a strong compliance strategy but also ability to quickly automate it provides peace of mind and avoids business interruption.

NameVersionDescription
AWS Disallowed Regions2.1Check for instances that are in a disallowed region with the option to terminate them. See the [README](https://github.com/flexera/policy_templates/tree/master/compliance/aws/disallowed_regions) and [docs.rightscale.com/policies](https://docs.rightscale.com/policies/) to learn more.
AWS EC2 Instances not running FlexNet Inventory Agent - Cloud2.1Check instances that are not running the FlexNet Inventory Agent. See the [README](https://github.com/flexera/policy_templates/tree/master/compliance/aws/instances_without_fnm_agent) and [docs.rightscale.com/policies](https://docs.rightscale.com/policies/) to learn more.
AWS EC2 Instances not running FlexNet Inventory Agent - On Premise2.1Check instances that are not running the FlexNet Inventory Agent. See the [README](https://github.com/flexera/policy_templates/tree/master/compliance/aws/instances_without_fnm_agent_on_premise) and [docs.rightscale.com/policies](https://docs.rightscale.com/policies/) to learn more.
AWS Long-stopped Instances2.1Check for instances that have been stopped for a long time with the option to terminates them after approval. See the [README](https://github.com/flexera/policy_templates/tree/master/compliance/aws/long_stopped_instances) and [docs.rightscale.com/policies](https://docs.rightscale.com/policies/) to learn more.
AWS Unused ECS Clusters2.1Report and remediate any ECS clusters that are not currently in use. See the [README](https://github.com/flexera/policy_templates/tree/master/compliance/aws/ecs_unused) and [docs.rightscale.com/policies](http://docs.rightscale.com/policies/) to learn more.
Azure AHUB Utilization with Manual Entry2.2Report when AHUB usage in Azure falls outside or inside the number of licenses specified by the user. See the [README](https://github.com/flexera/policy_templates/tree/master/compliance/azure/ahub_manual) and [docs.rightscale.com/policies](http://docs.rightscale.com/policies/) to learn more.
Azure Disallowed Regions2.2Check for instances that are in a disallowed region with the option to terminate them. See the [README](https://github.com/flexera/policy_templates/tree/master/compliance/azure/azure_disallowed_regions) and [docs.rightscale.com/policies](https://docs.rightscale.com/policies/) to learn more.
Azure Instances not running FlexNet Inventory Agent - Cloud2.1Check instances that are not running the FlexNet Inventory Agent. See the [README](https://github.com/flexera/policy_templates/tree/master/compliance/azure/instances_without_fnm_agent) and [docs.rightscale.com/policies](https://docs.rightscale.com/policies/) to learn more.
Azure Instances not running FlexNet Inventory Agent - On Premise2.1Check instances that are not running the FlexNet Inventory Agent. See the [README](https://github.com/flexera/policy_templates/tree/master/compliance/azure/instances_without_fnm_agent_on_premise) and [docs.rightscale.com/policies](https://docs.rightscale.com/policies/) to learn more.
Azure Long Stopped Instances2.1Check for instances that have been stopped for a long time with the option to terminates them after approval. See the [README](https://github.com/flexera/policy_templates/tree/master/compliance/azure/azure_long_stopped_instances) and [docs.rightscale.com/policies](https://docs.rightscale.com/policies/) to learn more.
Azure Regulatory Compliance2.1This Policy will provide an overview for the various Regulatory Compliance controls and generate an email with the results. See the [README](https://github.com/rightscale/policy_templates/tree/master/compliance/azure/compliance_score) and [docs.rightscale.com/policies](http://docs.rightscale.com/policies/) to learn more.
Azure Subscription Access2.1Lists anyone who has been granted Owner or Contributor access to an Azure subscription. See the [README](https://github.com/flexera/policy_templates/tree/master/compliance/azure/subscription_access) and [docs.rightscale.com/policies](https://docs.rightscale.com/policies/) to learn more.
Azure Tag Resources with Resource Group Name2.0Scan all resources in an Azure Subscription, raise an incident if any resources are not tagged with the name of their Resource Group, and remediate by tagging the resource. See the [README](https://github.com/rightscale/policy_templates/tree/master/compliance/tags/azure_rg_tags) and [docs.rightscale.com/policies](http://docs.rightscale.com/policies/) to learn more.
Billing Center Access Report1.4This policy generates an access report by Billing Center. See the [README](https://github.com/rightscale/policy_templates/tree/master/compliance/billing_center_access_report/) and [docs.rightscale.com/policies](http://docs.rightscale.com/policies/) to learn more.
Disallowed Cloud Images1.1Checks for any running instances that are using disallowed cloud images with the option to Terminate them after approval. See the [README](https://github.com/flexera/policy_templates/tree/master/compliance/disallowed_images) and [docs.rightscale.com/policies](https://docs.rightscale.com/policies/) to learn more.
FlexNet Manager Licenses At Risk - Cloud2.0Looks up Flexnet Manager Licenses "At Risk" and sends the result as an email. See the [README](https://github.com/flexera/policy_templates/tree/master/compliance/fnms/fnms_licenses_at_risk) and [docs.rightscale.com/policies](https://docs.rightscale.com/policies/) to learn more.
FlexNet Manager Licenses At Risk - On Premise2.0Looks up Flexnet Manager Licenses "At Risk" and sends the result as an email. See the [README](https://github.com/flexera/policy_templates/tree/master/compliance/fnms/fnms_licenses_at_risk_on_premise) and [docs.rightscale.com/policies](https://docs.rightscale.com/policies/) to learn more.
FlexNet Manager Low Available Licenses2.1Looks up Flexnet Manager Licenses and finds all Flexnet Manager Licenses with available count less than user provide percentage, and sends the result as an email. See the [README](https://github.com/flexera/policy_templates/tree/master/compliance/fnms/fnms_low_licenses_available) and [docs.rightscale.com/policies](https://docs.rightscale.com/policies/) to learn more.
GitHub.com Available Seats Report2.0Gets the number of available seats for a licensed GitHub Org and creates an incident if they are out of the policy range. See the [README](https://github.com/flexera/policy_templates/tree/master/compliance/github/available_seats) and [docs.rightscale.com/policies](https://docs.rightscale.com/policies/) to learn more.
GitHub.com Repositories without Admin Team2.0Gets the repositories under a GitHub.com Organization and creates incidents for any that do not have at least 1 Team assigned with `admin` role. See the [README](https://github.com/flexera/policy_templates/tree/master/compliance/github/repository_admin_team) and [docs.rightscale.com/policies](https://docs.rightscale.com/policies/) to learn more.
GitHub.com Repository Branches without Protection2.0Gets the repositories + branches under a GitHub.com Organization and creates incidents for any that do not have protection enabled. See the [README](https://github.com/flexera/policy_templates/tree/master/compliance/github/repository_branch_protection) and [docs.rightscale.com/policies](https://docs.rightscale.com/policies/) to learn more.
GitHub.com Unpermitted Outside Collaborators2.0Gets all the Outside Collaborators (User that have been granted access to a repository, but are not a Member of the repository owner's Organization) under GitHub.com Organization(s) and creates an incident for each that are not included in the specified username whitelist. See the [README](https://github.com/flexera/policy_templates/tree/master/compliance/github/outside_collaborators) and [docs.rightscale.com/policies](https://docs.rightscale.com/policies/) to learn more.
GitHub.com Unpermitted Repository Names2.0Gets the names of all repositories under GitHub.com Organization(s) and creates incidents for any that do not match any of the whitelisted regex strings. See the [README](https://github.com/flexera/policy_templates/tree/master/compliance/github/repository_naming) and [docs.rightscale.com/policies](https://docs.rightscale.com/policies/) to learn more.
GitHub.com Unpermitted Sized Repositories2.0Gets all repositories under GitHub.com Organization(s) and creates incidents for any that were created longer than a specified number of days ago, and are smaller than a specified size. See the [README](https://github.com/flexera/policy_templates/tree/master/compliance/github/repository_size) and [docs.rightscale.com/policies](https://docs.rightscale.com/policies/) to learn more.
GitHub.com Unpermitted Top-Level Teams2.0Gets the top-level / parent Teams for a GitHub.com Org and creates an incident if any do not match the whitelisted values. See the [README](https://github.com/flexera/policy_templates/tree/master/compliance/github/toplevel_teams) and [docs.rightscale.com/policies](https://docs.rightscale.com/policies/) to learn more.
Google Long-stopped instances2.2Report on any google instances that have been stopped for a long time with the option to Terminate them. See the [README](https://github.com/flexera/policy_templates/tree/master/compliance/google/long_stopped_instances) and [docs.rightscale.com/policies](https://docs.rightscale.com/policies/) to learn more.
Unapproved Instance Types1.3Checks for instances that are using instance types that are not in the specified list and stops them after approval. See the [README](https://github.com/flexera/policy_templates/tree/master/compliance/unapproved_instance_types) and [docs.rightscale.com/policies](http://docs.rightscale.com/policies/) to learn more.
Untagged Resources1.11Check resources for missing tags and report on them. See the [README](https://github.com/rightscale/policy_templates/tree/master/compliance/tags/tag_checker) and [docs.rightscale.com/policies](http://docs.rightscale.com/policies/) to learn more.

SaaS Management Policies

As your technology landscape matures, SaaS becomes a larger part of your spend between all of the services used for backoffice and for delivering applications. These policies help you monitor your SaaS tools for cost, compliance, and security purposes.

NameVersionDescription
Office 365 Security Alerts2.0This policy will identify Security Alerts that have been raised in Office 365. Policy Managers can minimize the notifications by choosing to only be alerted by certain severity level(s). See the [README](https://github.com/flexera/policy_templates/tree/master/saas/office365/security_alerts/) and [docs.rightscale.com/policies](https://docs.rightscale.com/policies/) to learn more.
Okta Inactive Users2.0This policy will identify Okta users that have not logged in within a specified number of days and deactivate the users upon approval. See the [README](https://github.com/flexera/policy_templates/tree/master/saas/okta/inactive_users/) and [docs.rightscale.com/policies](https://docs.rightscale.com/policies/) to learn more.
SaaS Manager - Duplicate User Accounts2.0This policy will create an incident when Flexera SaaS Manager identifies duplicate user accounts within a single managed SaaS application. See the [README](https://github.com/flexera/policy_templates/tree/master/saas/fsm/duplicate_users/) and [docs.rightscale.com/policies](https://docs.rightscale.com/policies/) to learn more.
SaaS Manager - Inactive Users by Department2.1This policy will create an incident when Flexera SaaS Manager identifies inactive or never active users for managed applications. See the [README](https://github.com/flexera/policy_templates/tree/master/saas/fsm/inactive_users_by_dept/) and [docs.rightscale.com/policies](https://docs.rightscale.com/policies/) to learn more.
SaaS Manager - Redundant Apps2.1This policy will create an incident when Flexera SaaS Manager identifies application categories with an excessive number of applications. See the [README](https://github.com/flexera/policy_templates/tree/master/saas/fsm/redundant_apps/) and [docs.rightscale.com/policies](https://docs.rightscale.com/policies/) to learn more.
SaaS Manager - Renewal Reminder2.0This policy will create an incident when Flexera SaaS Manager identifies applications whose expiration date is approaching. See the [README](https://github.com/flexera/policy_templates/tree/master/saas/fsm/renewal_reminder/) and [docs.rightscale.com/policies](https://docs.rightscale.com/policies/) to learn more.
SaaS Manager - Suspicious Users2.0This policy will create an incident when Flexera SaaS Manager identifies suspicious users logging into SaaS applications. See the [README](https://github.com/flexera/policy_templates/tree/master/saas/fsm/suspicious_users/) and [docs.rightscale.com/policies](https://docs.rightscale.com/policies/) to learn more.
SaaS Manager - Unsanctioned Applications with Existing Contract2.0This policy will create an incident when Flexera SaaS Manager identifies unsanctioned SaaS purchases for managed applications under an existing license contract. See the [README](https://github.com/flexera/policy_templates/tree/master/saas/fsm/unsanctioned_apps_with_contract/) and [docs.rightscale.com/policies](https://docs.rightscale.com/policies/) to learn more.
SaaS Manager - Unsanctioned Spend2.1This policy will create an incident when Flexera SaaS Manager identifies unsanctioned spend on SaaS applications. See the [README](https://github.com/flexera/policy_templates/tree/master/saas/fsm/unsanctioned_spend/) and [docs.rightscale.com/policies](https://docs.rightscale.com/policies/) to learn more.
SaaS Manager - User Status Change2.1This policy will create an incident when Flexera SaaS Manager identifies users whose status in the HR roster changes to inactive. See the [README](https://github.com/flexera/policy_templates/tree/master/saas/fsm/user_status_change/) and [docs.rightscale.com/policies](https://docs.rightscale.com/policies/) to learn more.