Flexera provides a wide variety of policies that you can apply on Day 1 without much investment. All our policies are open source and can be found in our public git repo.

Interested in policies not listed here? Contact your Account Manager or our sales team, or write your own.

Cost Policies

Increase cost visibility and management in your multi-cloud world and take appropriate actions to run an efficient infrastructure.

NameVersionDescription
AWS Bucket Size Check2.9This Policy Template scans all S3 buckets in the given account and checks if the bucket exceeds a specified byte size. See the [README](https://github.com/flexera-public/policy_templates/tree/master/cost/aws/s3_bucket_size) and [docs.flexera.com/flexera/EN/Automation](https://docs.flexera.com/flexera/EN/Automation/AutomationGS.htm) to learn more.
AWS Burstable Instance CloudWatch Utilization3.0Gathers AWS CloudWatch CPU and Burst Credit data for instances on 30 day intervals. See the [README](https://github.com/flexera-public/policy_templates/tree/master/cost/aws/burstable_instance_cloudwatch_credit_utilization/) and [docs.flexera.com/flexera/EN/Automation](https://docs.flexera.com/flexera/EN/Automation/AutomationGS.htm) to learn more.
AWS Delete Unused Classic Load Balancers4.0Report and remediate any Classic Load Balancers (CLB) that are not currently in use. See the [README](https://github.com/flexera-public/policy_templates/tree/master/cost/aws/elb/clb_unused) and [docs.flexera.com/flexera/EN/Automation](https://docs.flexera.com/flexera/EN/Automation/AutomationGS.htm) to learn more.
AWS Expiring Reserved Instances2.0A policy that sends email notifications before AWS Reserved Instances expire. See the [README](https://github.com/flexera-public/policy_templates/tree/master/cost/aws/reserved_instances/expiration) and [docs.flexera.com/flexera/EN/Automation](https://docs.flexera.com/flexera/EN/Automation/AutomationGS.htm) to learn more.
AWS Expiring Savings Plans2.0A policy that sends email notifications before AWS Savings Plan expire. See the [README](https://github.com/flexera/policy_templates/tree/master/cost/aws/savings_plan/expiration) and [docs.flexera.com/flexera/EN/Automation](https://docs.flexera.com/flexera/EN/Automation/AutomationGS.htm) to learn more.
AWS GP3 Upgradeable Volumes4.0Checks for upgradeable volumes and report them for modification. See the [README](https://github.com/flexera-public/policy_templates/tree/master/cost/aws/gp3_volume_upgrade) and [docs.flexera.com/flexera/EN/Automation](https://docs.flexera.com/flexera/EN/Automation/AutomationGS.htm) to learn more.
AWS Idle Compute Instances5.1Check for instances that are idle for the last 30 days and terminates them after approval. See the [README](https://github.com/flexera-public/policy_templates/tree/master/cost/aws/idle_compute_instances/) and [docs.flexera.com/flexera/EN/Automation](https://docs.flexera.com/flexera/EN/Automation/AutomationGS.htm) to learn more.
AWS Inefficient Instance Utilization using CloudWatch3.0Checks inefficient instance utilization using provided CPU and Memory thresholds. Instances matching the criteria can be resized after user approval. See the [README](https://github.com/flexera-public/policy_templates/tree/master/cost/aws/instance_cloudwatch_utilization/) and [docs.flexera.com/flexera/EN/Automation](https://docs.flexera.com/flexera/EN/Automation/AutomationGS.htm) to learn more.
AWS Object Storage Optimization3.0Check for object store items for last modified date and moves the object to cool or cold archive tiers after user approval. [README](https://github.com/flexera-public/policy_templates/tree/master/cost/aws/object_storage_optimization) and [docs.flexera.com/flexera/EN/Automation](https://docs.flexera.com/flexera/EN/Automation/AutomationGS.htm) to learn more.
AWS Old Snapshots7.1Checks for snapshots older than a specified number of days and, optionally, deletes them. See the [README](https://github.com/flexera-public/policy_templates/tree/master/cost/aws/old_snapshots) and [docs.flexera.com/flexera/EN/Automation](https://docs.flexera.com/flexera/EN/Automation/AutomationGS.htm) to learn more.
AWS RDS Instances3.0Collects all RDS instances in an account. See the [README](https://github.com/flexera-public/policy_templates/tree/master/cost/aws/rds_instance_license_info/) and [docs.flexera.com/flexera/EN/Automation](https://docs.flexera.com/flexera/EN/Automation/AutomationGS.htm) to learn more.
AWS Reserved Instances Recommendations2.19A policy that sends email notifications when AWS RI Recommendations are identified. NOTE: These RI Purchase Recommendations are generated by AWS. See the [README](https://github.com/flexera-public/policy_templates/tree/master/cost/aws/reserved_instances/recommendations) and [docs.flexera.com/flexera/EN/Automation](https://docs.flexera.com/flexera/EN/Automation/AutomationGS.htm) to learn more.
AWS Reserved Instances Utilization2.0A policy that sends email notifications when utilization falls below a threshold. See the [README](https://github.com/flexera-public/policy_templates/tree/master/cost/aws/reserved_instances/utilization) and [docs.flexera.com/flexera/EN/Automation](https://docs.flexera.com/flexera/EN/Automation/AutomationGS.htm) to learn more.
AWS Rightsize EBS Volumes3.2Checks for cost inefficient EBS volumes. This policy finds GP2 volume types and recommends them for an upgrade to GP3 if cost savings is present. See the [README](https://github.com/flexera-public/policy_templates/tree/master/cost/aws/rightsize_ebs_volumes/) and [docs.flexera.com/flexera/EN/Automation](https://docs.flexera.com/flexera/EN/Automation/AutomationGS.htm) to learn more.
AWS Rightsize EC2 Instances4.1Check for EC2 instances that have inefficient utilization for a specified number of days and downsizes or terminates them after approval. See the [README](https://github.com/flexera-public/policy_templates/tree/master/cost/aws/rightsize_ec2_instances/) and [docs.flexera.com/flexera/EN/Automation](https://docs.flexera.com/flexera/EN/Automation/AutomationGS.htm) to learn more.
AWS Rightsize RDS Instances3.1Check for Inefficient database services that are inside or outside the CPU threshold for the last 30 days and resizes them after approval. See the [README](https://github.com/flexera-public/policy_templates/tree/master/cost/aws/rds_instance_cloudwatch_utilization/) and [docs.flexera.com/flexera/EN/Automation](https://docs.flexera.com/flexera/EN/Automation/AutomationGS.htm) to learn more.
AWS S3 Bucket Intelligent Tiering Check2.4This Policy Template scans all s3 buckets and reports if they don't have intelligent tiering enabled. See the [README](https://github.com/flexera-public/policy_templates/tree/master/cost/aws/s3_storage_policy) and [docs.flexera.com/flexera/EN/Automation](https://docs.flexera.com/flexera/EN/Automation/AutomationGS.htm) to learn more.
AWS Savings Plan Recommendations2.17A policy that sends email notifications when AWS Savings Plan Recommendations are identified. NOTE: These Recommendations are generated by AWS. See the [README](https://github.com/flexera-public/policy_templates/tree/master/cost/aws/savings_plan/recommendations) and [docs.flexera.com/flexera/EN/Automation](https://docs.flexera.com/flexera/EN/Automation/AutomationGS.htm) to learn more.
AWS Savings Plan Utilization3.1A policy that sends email notifications when AWS Savings Plan Utilizations are identified. NOTE: These Utilizations are generated by AWS. See the [README](https://github.com/flexera-public/policy_templates/tree/master/cost/aws/savings_plan/utilization) and [docs.flexera.com/flexera/EN/Automation](https://docs.flexera.com/flexera/EN/Automation/AutomationGS.htm) to learn more.
AWS Savings Realized from Reservations3.2This policy calculates savings realized by Reserved Instance, Savings Plan, and Spot Instance purchases for AWS. See the [README](https://github.com/flexera-public/policy_templates/tree/master/cost/aws/savings_realized/) and [docs.flexera.com/flexera/EN/Automation](https://docs.flexera.com/flexera/EN/Automation/AutomationGS.htm) to learn more.
AWS Schedule Instance3.0This Policy Template allows you to schedule start and stop times for your instance, along with the option to terminate instance, update and delete schedule. See the [README](https://github.com/flexera-public/policy_templates/tree/master/cost/aws/schedule_instance/) and [docs.flexera.com/flexera/EN/Automation](https://docs.flexera.com/flexera/EN/Automation/AutomationGS.htm) to learn more.
AWS Unused IP Addresses6.1Checks AWS for unused IP Addresses and, optionally, deletes them. See the [README](https://github.com/flexera-public/policy_templates/tree/master/cost/aws/unused_ip_addresses/) and [docs.flexera.com/flexera/EN/Automation](https://docs.flexera.com/flexera/EN/Automation/AutomationGS.htm) to learn more.
AWS Unused RDS Instances6.1Check for database services that have no connections and delete them after approval. See the [README](https://github.com/flexera-public/policy_templates/tree/master/cost/aws/unused_rds) and [docs.flexera.com/flexera/EN/Automation](https://docs.flexera.com/flexera/EN/Automation/AutomationGS.htm) to learn more.
AWS Unused Volumes7.1Checks for unused volumes with no read/write operations performed within a specified number of days and, optionally, deletes them. See the [README](https://github.com/flexera-public/policy_templates/tree/master/cost/aws/unused_volumes) and [docs.flexera.com/flexera/EN/Automation](https://docs.flexera.com/flexera/EN/Automation/AutomationGS.htm) to learn more.
Azure Blob Storage Optimization2.6Checks Azure Blob Storage for last modified date and moves the object to the Cool or Archive tier after user approval [README](https://github.com/flexera-public/policy_templates/tree/master/cost/azure/object_storage_optimization) and [docs.flexera.com/flexera/EN/Automation](https://docs.flexera.com/flexera/EN/Automation/AutomationGS.htm) to learn more.
Azure China Common Bill Ingestion1.0Azure China CBI Policy. See the [README](https://github.com/flexera-public/policy_templates/tree/master/cost/azure/azure_china_cbi/) and [docs.flexera.com/flexera/EN/Automation](https://docs.flexera.com/flexera/EN/Automation/AutomationGS.htm) to learn more.
Azure Expiring Reserved Instances2.1A policy that sends email notifications when an Azure Reserved Instance are about to expire. See the [README](https://github.com/flexera-public/policy_templates/tree/master/cost/azure/reserved_instances/expiration) and [docs.flexera.com/flexera/EN/Automation](https://docs.flexera.com/flexera/EN/Automation/AutomationGS.htm) to learn more.
Azure Hybrid Use Benefit for Linux Server3.0Identifies Linux instances eligible for Azure Hybrid Use Benefit. See the [README](https://github.com/flexera-public/policy_templates/tree/master/cost/azure/hybrid_use_benefit_linux) and [docs.flexera.com/flexera/EN/Automation](https://docs.flexera.com/flexera/EN/Automation/AutomationGS.htm) to learn more.
Azure Hybrid Use Benefit for SQL3.0Identifies SQL instances eligible for Azure Hybrid Use Benefit. See the [README](https://github.com/flexera-public/policy_templates/tree/master/cost/azure/hybrid_use_benefit_sql) and [docs.flexera.com/flexera/EN/Automation](https://docs.flexera.com/flexera/EN/Automation/AutomationGS.htm) to learn more.
Azure Hybrid Use Benefit for Windows Server3.0Identifies instances eligible for Azure Hybrid Use Benefit. See the [README](https://github.com/flexera-public/policy_templates/tree/master/cost/azure/hybrid_use_benefit) and [docs.flexera.com/flexera/EN/Automation](https://docs.flexera.com/flexera/EN/Automation/AutomationGS.htm) to learn more.
Azure Idle Compute Instances5.0Checks for instances that are idle for the last 30 days and terminates them after approval.  See the [README](https://github.com/flexera-public/policy_templates/tree/master/cost/azure/idle_compute_instances/) and [docs.flexera.com/flexera/EN/Automation](https://docs.flexera.com/flexera/EN/Automation/AutomationGS.htm) to learn more.
Azure Inefficient Instance Utilization using Log Analytics2.18This checks inefficient instance utilization using provided CPU and Memory thresholds. Instances matching the criteria can be resized after user approval. See the [README](https://github.com/flexera-public/policy_templates/tree/master/cost/azure/instances_log_analytics_utilization) and [docs.flexera.com/flexera/EN/Automation](https://docs.flexera.com/flexera/EN/Automation/AutomationGS.htm) to learn more.
Azure Old Snapshots5.0Checks for snapshots older than specified number of days and, optionally, deletes them. See the [README](https://github.com/flexera-public/policy_templates/tree/master/cost/azure/old_snapshots) and [docs.flexera.com/flexera/EN/Automation](https://docs.flexera.com/flexera/EN/Automation/AutomationGS.htm) to learn more.
Azure Reserved Instances Recommendations2.17A policy that sends email notifications when Azure Reservation Recommendations are identified. NOTE: These Reservation Purchase Recommendations are generated by Microsoft Azure. See the [README](https://github.com/flexera-public/policy_templates/tree/master/cost/azure/reserved_instances/recommendations) and [docs.flexera.com/flexera/EN/Automation](https://docs.flexera.com/flexera/EN/Automation/AutomationGS.htm) to learn more.
Azure Reserved Instances Utilization2.8A policy that sends email notifications when utilization falls below a threshold. See the [README](https://github.com/flexera-public/policy_templates/tree/master/cost/azure/reserved_instances/utilization) and [docs.flexera.com/flexera/EN/Automation](https://docs.flexera.com/flexera/EN/Automation/AutomationGS.htm) to learn more.
Azure Reserved Instances Utilization MCA1.0A policy that sends email notifications when utilization falls below a threshold. See the [README](https://github.com/flexera-public/policy_templates/tree/master/cost/azure/reserved_instances/utilization_mca) and [docs.flexera.com/flexera/EN/Automation](https://docs.flexera.com/flexera/EN/Automation/AutomationGS.htm) to learn more.
Azure Rightsize Compute Instances3.1Checks for instances that have inefficient utilization for the last 30 days and downsizes or deletes them after approval. See the [README](https://github.com/flexera-public/policy_templates/tree/master/cost/azure/rightsize_compute_instances/) and [docs.flexera.com/flexera/EN/Automation](https://docs.flexera.com/flexera/EN/Automation/AutomationGS.htm) to learn more.
Azure Rightsize SQL Databases3.0Check for Inefficient Azure SQL single database services that are inside or outside the CPU threshold for the last 30 days and resizes them after approval. See the [README](https://github.com/flexera-public/policy_templates/tree/master/cost/azure/rightsize_sql_instances/) and [docs.flexera.com/flexera/EN/Automation](https://docs.flexera.com/flexera/EN/Automation/AutomationGS.htm) to learn more.
Azure SQL Databases without Elastic Pools2.5Check a list of Azure SQL Servers and check for Elastic DB Pools. See the [README](https://github.com/flexera-public/policy_templates/tree/master/operational/azure/azure_sql_using_elastic_pool/) and [docs.flexera.com/flexera/EN/Automation](https://docs.flexera.com/flexera/EN/Automation/AutomationGS.htm) to learn more.
Azure Savings Plan Recommendations1.4A policy that sends email notifications when Azure Savings Plan Recommendations are identified. NOTE: These Savings Plan Purchase Recommendations are generated by Microsoft Azure. See the [README](https://github.com/flexera/policy_templates/tree/master/cost/azure/savings_plan/recommendations) and [docs.flexera.com/flexera/EN/Automation](https://docs.flexera.com/flexera/EN/Automation/AutomationGS.htm) to learn more.
Azure Savings Realized from Reservations3.1This policy calculates savings realized by Reserved Instance purchases for Azure. See the [README](https://github.com/flexera-public/policy_templates/tree/master/cost/azure/savings_realized/) and [docs.flexera.com/flexera/EN/Automation](https://docs.flexera.com/flexera/EN/Automation/AutomationGS.htm) to learn more.
Azure Schedule Instance2.10This Policy Template allows you to schedule start and stop times for your instance, along with the option to terminate instance, update and delete schedule. See the [README](https://github.com/flexera-public/policy_templates/tree/master/cost/azure/schedule_instance/) and [docs.flexera.com/flexera/EN/Automation](https://docs.flexera.com/flexera/EN/Automation/AutomationGS.htm) to learn more.
Azure Storage Accounts without Lifecycle Management Policies3.0Check a list of Azure Storage Accounts without Lifecycle Management Policies. See the [README](https://github.com/flexera-public/policy_templates/tree/master/cost/azure/storage_account_lifecycle_management/) and [docs.flexera.com/flexera/EN/Automation](https://docs.flexera.com/flexera/EN/Automation/AutomationGS.htm) to learn more.
Azure Unused IP Addresses6.0Checks for unused IP addresses in the given account and, optionally, deletes them. See the [README](https://github.com/flexera-public/policy_templates/tree/master/cost/azure/unused_ip_addresses) and [docs.flexera.com/flexera/EN/Automation](https://docs.flexera.com/flexera/EN/Automation/AutomationGS.htm) to learn more
Azure Unused SQL Databases5.0Check for database services that have no connections and decommissions them after approval. See the [README](https://github.com/flexera-public/policy_templates/tree/master/cost/azure/unused_sql_databases/) and [docs.flexera.com/flexera/EN/Automation](https://docs.flexera.com/flexera/EN/Automation/AutomationGS.htm) to learn more.
Azure Unused Volumes5.0Checks for unused volumes older than specified number of days and, optionally, deletes them. See the [README](https://github.com/flexera-public/policy_templates/tree/master/cost/azure/unused_volumes) and [docs.flexera.com/flexera/EN/Automation](https://docs.flexera.com/flexera/EN/Automation/AutomationGS.htm) to learn more.
Budget Alerts3.0This policy utilizes the Flexera Budget API to detect if budget threshold has been exceeded for a selected budget. See the [README](https://github.com/flexera-public/policy_templates/tree/master/cost/budget_report_alerts/) and [docs.flexera.com/flexera/EN/Automation](https://docs.flexera.com/flexera/EN/Automation/AutomationGS.htm) to learn more.
Budget Alerts by Cloud Account2.2Create a Monthly Budget Alert for a Cloud Vendor Account. See the [README](https://github.com/flexera-public/policy_templates/tree/master/cost/budget_alerts_by_account/) and [docs.flexera.com/flexera/EN/Automation](https://docs.flexera.com/flexera/EN/Automation/AutomationGS.htm) to learn more.
Cheaper Regions2.0Specify which regions have cheaper alternatives by specifying the expensive region name and the cheaper region name for analysis. See the [README](https://github.com/flexera-public/policy_templates/tree/master/cost/cheaper_regions/) and [docs.flexera.com/flexera/EN/Automation](https://docs.flexera.com/flexera/EN/Automation/AutomationGS.htm) to learn more.
Cloud Cost Anomaly Alerts2.5Uses the /anomalies/report for a specified number of days and dimensions. Will raise an incident if the algorythm catches anomalies. See the [README](https://github.com/rightscale/policy_templates/tree/master/cost/cloud_cost_anomaly_alerts/) and [docs.flexera.com/flexera/EN/Automation](https://docs.flexera.com/flexera/EN/Automation/AutomationGS.htm) to learn more.
Cloud Spend Forecast - Moving Average3.1Pulls the cost data for lookback period then generates a moving average forecast of cloud spend for the specified months. See the [README](https://github.com/flexera-public/policy_templates/tree/master/cost/forecasting/moving_average/) and [docs.flexera.com/flexera/EN/Automation](https://docs.flexera.com/flexera/EN/Automation/AutomationGS.htm) to learn more.
Cloud Spend Forecast - Straight-Line (Linear Regression Model)3.3Pulls the cost data for lookback period then generates a Straight-Line Forecast for the specified months using a Linear Regression model. See the [README](https://github.com/flexera-public/policy_templates/tree/master/cost/forecasting/straight_line_forecast/) and [docs.flexera.com/flexera/EN/Automation](https://docs.flexera.com/flexera/EN/Automation/AutomationGS.htm) to learn more.
Cloud Spend Forecast - Straight-Line (Simple Model)3.3Pulls the cost data for lookback period then generates a Straight-Line Forecast on cloud spend for the specified months using a Simple model. See the [README](https://github.com/flexera-public/policy_templates/tree/master/cost/forecasting/straight_line_forecast/) and [docs.flexera.com/flexera/EN/Automation](https://docs.flexera.com/flexera/EN/Automation/AutomationGS.htm) to learn more.
Currency Conversion2.0A policy that creates an adjustment rule that converts the currency of the cost of the Cloud Vendor of choice. It utilizes xe.com to retrieve the latest exchange rates. See the [README](https://github.com/flexera-public/policy_templates/tree/master/cost/currency_conversion/) and [docs.flexera.com/flexera/EN/Automation](https://docs.flexera.com/flexera/EN/Automation/AutomationGS.htm) to learn more.
Google Cloud SQL Idle Instance Recommender2.11This Policy finds Google Idle Cloud SQL Instance Recommendations and reports when it finds them. See the [README](https://github.com/flexera-public/policy_templates/tree/master/cost/google/cloud_sql_idle_instance_recommendations) and [docs.flexera.com/flexera/EN/Automation](https://docs.flexera.com/flexera/EN/Automation/AutomationGS.htm) to learn more.
Google Committed Use Discount (CUD)2.8A policy that sends email notifications for all Google CUD's. See the [README](https://github.com/flexera-public/policy_templates/tree/master/cost/google/cud_report) and [docs.flexera.com/flexera/EN/Automation](https://docs.flexera.com/flexera/EN/Automation/AutomationGS.htm) to learn more
Google Committed Use Discount Recommender3.3This Policy finds Google Committed Use Discount Recommendations and reports when it finds them. See the [README](https://github.com/flexera-public/policy_templates/tree/master/cost/google/cud_recommendations) and [docs.flexera.com/flexera/EN/Automation](https://docs.flexera.com/flexera/EN/Automation/AutomationGS.htm) to learn more.
Google Expiring Committed Use Discount (CUD)2.7A policy that sends email notifications when Google CUD's are about to expire. See the [README](https://github.com/flexera-public/policy_templates/tree/master/cost/google/cud_expiration) and [docs.flexera.com/flexera/EN/Automation](https://docs.flexera.com/flexera/EN/Automation/AutomationGS.htm) to learn more
Google Idle Compute Instances2.11Checks for Google Compute instances that are idle for the last 30 days and terminates them after approval.. See the [README](https://github.com/flexera-public/policy_templates/tree/master/cost/google/idle_compute_instances/) and [docs.flexera.com/flexera/EN/Automation](https://docs.flexera.com/flexera/EN/Automation/AutomationGS.htm) to learn more.
Google Idle IP Address Recommender2.11This Policy finds Google Idle IP Address Recommendations and reports when it finds them. See the [README](https://github.com/flexera-public/policy_templates/tree/master/cost/google/idle_ip_address_recommendations) and [docs.flexera.com/flexera/EN/Automation](https://docs.flexera.com/flexera/EN/Automation/AutomationGS.htm) to learn more.
Google Idle Persistent Disk Recommender2.10This Policy finds Google Idle Persistent Disk Recommendations and reports when it finds them. See the [README](https://github.com/flexera-public/policy_templates/tree/master/cost/google/idle_persistent_disk_recommendations) and [docs.flexera.com/flexera/EN/Automation](https://docs.flexera.com/flexera/EN/Automation/AutomationGS.htm) to learn more.
Google Idle VM Recommender2.11This Policy finds Google Idle VM Recommendations and reports when it finds them. See the [README](https://github.com/flexera-public/policy_templates/tree/master/cost/google/idle_vm_recommendations) and [docs.flexera.com/flexera/EN/Automation](https://docs.flexera.com/flexera/EN/Automation/AutomationGS.htm) to learn more.
Google Object Storage Optimization2.7Checks Google Storage objects for last updated time and moves the object to 'nearline' or 'coldline' or delete(enable delete action as mentioned in README.md) after user approval [README](https://github.com/flexera-public/policy_templates/tree/master/cost/google/object_storage_optimization) and [docs.flexera.com/flexera/EN/Automation](https://docs.flexera.com/flexera/EN/Automation/AutomationGS.htm) to learn more.
Google Old Snapshots2.12Checks for snapshots older than specified number of days and, optionally, deletes them. See the [README](https://github.com/flexera-public/policy_templates/tree/master/cost/google/old_snapshots) and [docs.flexera.com/flexera/EN/Automation](https://docs.flexera.com/flexera/EN/Automation/AutomationGS.htm) to learn more.
Google Recommender Policy2.5This Policy finds Google Recommendations and reports when it finds them. See the [README](https://github.com/flexera-public/policy_templates/tree/master/cost/google/recommender) and [docs.flexera.com/flexera/EN/Automation](https://docs.flexera.com/flexera/EN/Automation/AutomationGS.htm) to learn more.
Google Rightsize CloudSQL Instances2.10Checks Google CloudSQL instances based on provided CPU threshold and Resize them after approval. See the [README](https://github.com/flexera-public/policy_templates/tree/master/cost/google/cloudsql_rightsizing/) and [docs.flexera.com/flexera/EN/Automation](https://docs.flexera.com/flexera/EN/Automation/AutomationGS.htm) to learn more.
Google Rightsize VM Recommender1.1This Policy finds Google Machine Type (Rightsize) Recommendations and reports when it finds them. See the [README](https://github.com/flexera-public/policy_templates/tree/FOPTS-711_fix_google_rightsize_recommendation_policy/cost/google/rightsize_vm_recommendations) and [docs.flexera.com/flexera/EN/Automation](https://docs.flexera.com/flexera/EN/Automation/AutomationGS.htm) to learn more.
Google Schedule Instance2.4This Policy Template allows you to schedule start and stop times for your instance, along with the option to terminate instance, update and delete schedule. See the [README](https://github.com/flexera-public/policy_templates/tree/master/cost/google/schedule_instance/) and [docs.flexera.com/flexera/EN/Automation](https://docs.flexera.com/flexera/EN/Automation/AutomationGS.htm) to learn more.
Kubecost Cluster Rightsizing Recommendations0.2The policy retrieves Kubecost recommendations for rightsizing of Kubernetes clusters and raises an incident. See the [README](https://github.com/flexera-public/policy_templates/tree/master/cost/kubecost/cluster) and [docs.flexera.com/flexera/EN/Automation](https://docs.flexera.com/flexera/EN/Automation/AutomationGS.htm) to learn more.
Kubecost Request Rightsizing Recommendations0.2Pulls the Request Rightsizing Recommendations from Kubecost and raises and incident. See the [README](https://github.com/flexera-public/policy_templates/tree/master/cost/kubecost/sizing/) and [docs.flexera.com/flexera/EN/Automation](https://docs.flexera.com/flexera/EN/Automation/AutomationGS.htm) to learn more.
Low Account Usage2.1Analyze all account usage and determines recommend consolidation or deletion. See the [README](https://github.com/flexera-public/policy_templates/tree/master/cost/low_account_usage/) and [docs.flexera.com/flexera/EN/Automation](https://docs.flexera.com/flexera/EN/Automation/AutomationGS.htm) to learn more.
Low Service Usage2.0Analyze all service usage and determines recommend consolidation or deletion. See the [README](https://github.com/flexera-public/policy_templates/tree/master/cost/low_service_usage/) and [docs.flexera.com/flexera/EN/Automation](https://docs.flexera.com/flexera/EN/Automation/AutomationGS.htm) to learn more.
Monthly Actual v. Budgeted Spend Report2.0This policy allows you to set up scheduled reports that will provide monthly actual v. budgeted cloud cost across all resources in the Billing Center(s) you specify, delivered to any email addresses you specify. See the [README](https://github.com/flexera-public/policy_templates/tree/master/cost/budget_v_actual) and [docs.flexera.com/flexera/EN/Automation](https://docs.flexera.com/flexera/EN/Automation/AutomationGS.htm) to learn more.
New Service Usage2.0Analyze bill for new service usage and notify. See the [README](https://github.com/flexera-public/policy_templates/tree/master/cost/new_service_usage) and [docs.flexera.com/flexera/EN/Automation](https://docs.flexera.com/flexera/EN/Automation/AutomationGS.htm) to learn more.
Oracle Cloud Common Bill Ingestion3.1Downloads cost reports from Oracle Cloud (OCI) and then uploads them to a Flexera CBI endpoint. See the [README](https://github.com/flexera-public/policy_templates/tree/master/cost/oracle/oracle_cbi) and [docs.flexera.com/flexera/EN/Automation](https://docs.flexera.com/flexera/EN/Automation/AutomationGS.htm) to learn more.
Reserved Instance Report by Billing Center2.0This policy generates a Reserved Instances report by Billing Center. See the [README](https://github.com/flexera-public/policy_templates/tree/master/cost/aws/reserved_instances/report_by_bc) and [docs.flexera.com/flexera/EN/Automation](https://docs.flexera.com/flexera/EN/Automation/AutomationGS.htm) to learn more.
Reserved Instances Coverage2.9A policy that sends email notifications on reserved instance coverage. See the [README](https://github.com/flexera-public/policy_templates/tree/master/cost/aws/reserved_instances/coverage) and [docs.flexera.com/flexera/EN/Automation](https://docs.flexera.com/flexera/EN/Automation/AutomationGS.htm) to learn more.
Scheduled Report2.1This policy allows you to set up scheduled reports that will provide summaries of cloud cost across all resources in the billing centers you specify, delivered to any email addresses you specify. The policy will report the following: Chart of the selected Date Range and Billing Term of utilization based on [category](https://docs.rightscale.com/optima/reference/rightscale_dimensions.html#category). Daily average cost across the last week and last month. Total cost during previous full week (Monday-Sunday) and previous full month. Total cost during current (incomplete) week and month. We recommend running this policy on a weekly or monthly cadence. _Note 1: The last 3 days of data in the current week or month will contain incomplete data._ _Note 2: The account you apply the policy to is unimportant as Optima metrics are scoped to the Org._ See [README](https://github.com/flexera-public/policy_templates/tree/master/cost/scheduled_reports) for more details
Superseded Instances3.1This Policy Template is used to identify instance sizes that have been superseded. See the [README](https://github.com/flexera-public/policy_templates/tree/master/cost/superseded_instance) and [docs.flexera.com/flexera/EN/Automation](https://docs.flexera.com/flexera/EN/Automation/AutomationGS.htm) to learn more.
Turbonomic Allocate Virtual Machine Recommendations AWS2.2Turbonomic policy for allocating RI coverage for virtual machines [README](https://github.com/flexera-public/policy_templates/tree/master/cost/turbonomics/allocate_virtual_machines_recommendations/aws) and [docs.flexera.com/flexera/EN/Automation](https://docs.flexera.com/flexera/EN/Automation/AutomationGS.htm) to learn more.
Turbonomic Allocate Virtual Machine Recommendations Azure2.2Turbonomic policy for allocating RI coverage for virtual machines [README](https://github.com/flexera-public/policy_templates/tree/master/cost/turbonomics/allocate_virtual_machines_recommendations/azure) and [docs.flexera.com/flexera/EN/Automation](https://docs.flexera.com/flexera/EN/Automation/AutomationGS.htm) to learn more.
Turbonomic Allocate Virtual Machine Recommendations Google2.3Turbonomic policy for allocating RI coverage for virtual machines [README](https://github.com/flexera-public/policy_templates/tree/master/cost/turbonomics/allocate_virtual_machines_recommendations/google) and [docs.flexera.com/flexera/EN/Automation](https://docs.flexera.com/flexera/EN/Automation/AutomationGS.htm) to learn more.
Turbonomic Buy Reserved Instances Recommendations AWS0.1Turbonomic policy for recommending purchasable reserved instances [README](https://github.com/flexera-public/policy_templates/tree/master/cost/turbonomics/buy_reserved_instances_recommendations/aws) and [docs.flexera.com/flexera/EN/Automation](https://docs.flexera.com/flexera/EN/Automation/AutomationGS.htm) to learn more.
Turbonomic Buy Reserved Instances Recommendations Azure0.1Turbonomic policy for recommending purchaseable reserved instances [README](https://github.com/flexera-public/policy_templates/tree/master/cost/turbonomics/buy_reserved_instances_recommendations/azure) and [docs.flexera.com/flexera/EN/Automation](https://docs.flexera.com/flexera/EN/Automation/AutomationGS.htm) to learn more.
Turbonomic Delete Unattached Volumes Recommendations AWS0.5Turbonomics policy for deleting unattached volumes [README](https://github.com/flexera-public/policy_templates/tree/master/cost/turbonomics/delete_unattached_volumes/aws) and [docs.flexera.com/flexera/EN/Automation](https://docs.flexera.com/flexera/EN/Automation/AutomationGS.htm) to learn more.
Turbonomic Delete Unattached Volumes Recommendations Azure0.4Turbonomics policy for deleting unattached volumes [README](https://github.com/flexera-public/policy_templates/tree/master/cost/turbonomics/delete_unattached_volumes/azure) and [docs.flexera.com/flexera/EN/Automation](https://docs.flexera.com/flexera/EN/Automation/AutomationGS.htm) to learn more.
Turbonomic Delete Unattached Volumes Recommendations Google0.5Turbonomics policy for deleting unattached volumes [README](https://github.com/flexera-public/policy_templates/tree/master/cost/turbonomics/delete_unattached_volumes/google) and [docs.flexera.com/flexera/EN/Automation](https://docs.flexera.com/flexera/EN/Automation/AutomationGS.htm) to learn more.
Turbonomic Rightsize Databases Recommendations AWS0.3Turbonomic policy that gives recommendations to rightsize Databases/DatabaseServers [README](https://github.com/flexera-public/policy_templates/tree/master/cost/turbonomics/rightsize_databases_recommendations/aws) and [docs.flexera.com/flexera/EN/Automation](https://docs.flexera.com/flexera/EN/Automation/AutomationGS.htm) to learn more.
Turbonomic Rightsize Databases Recommendations Azure0.3Turbonomic policy that gives recommendations to rightsize Databases/DatabaseServers [README](https://github.com/flexera-public/policy_templates/tree/master/cost/turbonomics/rightsize_databases_recommendations/azure) and [docs.flexera.com/flexera/EN/Automation](https://docs.flexera.com/flexera/EN/Automation/AutomationGS.htm) to learn more.
Turbonomic Rightsize Databases Recommendations Google0.3Turbonomic policy that gives recommendations to rightsize Databases/DatabaseServers [README](https://github.com/flexera-public/policy_templates/tree/master/cost/turbonomics/rightsize_databases_recommendations/google) and [docs.flexera.com/flexera/EN/Automation](https://docs.flexera.com/flexera/EN/Automation/AutomationGS.htm) to learn more.
Turbonomic Rightsize Virtual Machines Recommendations AWS0.3Turbonomic policy for scaling virtual machines [README](https://github.com/flexera-public/policy_templates/tree/master/cost/turbonomics/scale_virtual_machines_recommendations/aws) and [docs.flexera.com/flexera/EN/Automation](https://docs.flexera.com/flexera/EN/Automation/AutomationGS.htm) to learn more.
Turbonomic Rightsize Virtual Machines Recommendations Azure0.3Turbonomics policy for scaling virtual machines [README](https://github.com/flexera-public/policy_templates/tree/master/cost/turbonomics/scale_virtual_machines_recommendations/azure) and [docs.flexera.com/flexera/EN/Automation](https://docs.flexera.com/flexera/EN/Automation/AutomationGS.htm) to learn more.
Turbonomic Rightsize Virtual Machines Recommendations Google0.4Turbonomics policy for scaling virtual machines [README](https://github.com/flexera-public/policy_templates/tree/master/cost/turbonomics/scale_virtual_machines_recommendations/google) and [docs.flexera.com/flexera/EN/Automation](https://docs.flexera.com/flexera/EN/Automation/AutomationGS.htm) to learn more.
Turbonomic Rightsize Virtual Volumes Recommendations AWS0.3Turbonomic policy that gives recommendations to rightsize Virtual Volumes [README](https://github.com/flexera-public/policy_templates/tree/master/cost/turbonomics/rightsize_virtual_volumes_recommendations/aws) and [docs.flexera.com/flexera/EN/Automation](https://docs.flexera.com/flexera/EN/Automation/AutomationGS.htm) to learn more.
Turbonomic Rightsize Virtual Volumes Recommendations Azure0.3Turbonomic policy that gives recommendations to rightsize Virtual Volumes [README](https://github.com/flexera-public/policy_templates/tree/master/cost/turbonomics/rightsize_virtual_volumes_recommendations/azure) and [docs.flexera.com/flexera/EN/Automation](https://docs.flexera.com/flexera/EN/Automation/AutomationGS.htm) to learn more.
Vendor Commitment Forecast3.2This policy allows the user to specify a Commitment target value (based on the commitment amount agreed with your Cloud Service Provider/s), and track the current commitment spend to date, as well as projected commitment spend over a period. See the [README](https://github.com/flexera-public/policy_templates/tree/master/cost/forecasting/commitment_forecast/) and [docs.flexera.com/flexera/EN/Automation](https://docs.flexera.com/flexera/EN/Automation/AutomationGS.htm) to learn more.

Security Policies

Gain visibility and control across all your public and/or private cloud environments with our security policies. Improve security across your applications, data, and associated infrastructure by finding security vulnerabilities before your customers do.

NameVersionDescription
AWS EBS Ensure Encryption By Default3.0Report if EBS volumes are not set to be encrypted by default. See the [README](https://github.com/flexera-public/policy_templates/tree/master/security/aws/ebs_ensure_encryption_default) and [docs.flexera.com/flexera/EN/Automation](https://docs.flexera.com/flexera/EN/Automation/AutomationGS.htm) to learn more.
AWS Ensure AWS Config Enabled In All Regions2.2Report if AWS Config is not enabled in all regions. See the [README](https://github.com/flexera-public/policy_templates/tree/master/security/aws/aws_config_enabled) and [docs.rightscale.com/policies](https://docs.rightscale.com/policies/) to learn more.
AWS Ensure CloudTrail Enabled In All Regions2.1Report if CloudTrail is not fully enabled in all regions. See the [README](https://github.com/flexera-public/policy_templates/tree/master/security/aws/log_ensure_cloudtrail_multiregion) and [docs.rightscale.com/policies](https://docs.rightscale.com/policies/) to learn more.
AWS Ensure CloudTrail Integrated With Cloudwatch2.1Report if CloudTrail trails are not integrated with CloudWatch logs. See the [README](https://github.com/flexera-public/policy_templates/tree/master/security/aws/log_cloudtrail_cloudwatch_integrated) and [docs.rightscale.com/policies](https://docs.rightscale.com/policies/) to learn more.
AWS Ensure CloudTrail Logs Encrypted At Rest2.1Report if CloudTrail logs are not encrypted at rest. See the [README](https://github.com/flexera-public/policy_templates/tree/master/security/aws/log_ensure_cloudtrail_encrypted) and [docs.rightscale.com/policies](https://docs.rightscale.com/policies/) to learn more.
AWS Ensure CloudTrail S3 Buckets Have Access Logging2.1Report if CloudTrail stores logs in S3 bucket(s) without access logging enabled. See the [README](https://github.com/flexera-public/policy_templates/tree/master/security/aws/log_ensure_cloudtrail_bucket_access_logging) and [docs.rightscale.com/policies](https://docs.rightscale.com/policies/) to learn more.
AWS Ensure CloudTrail S3 Buckets Non-Public2.1Report if CloudTrail stores logs in publicly accessible S3 bucket(s). See the [README](https://github.com/flexera-public/policy_templates/tree/master/security/aws/log_ensure_cloudtrail_bucket_not_public) and [docs.rightscale.com/policies](https://docs.rightscale.com/policies/) to learn more.
AWS Ensure Log File Validation Enabled For All CloudTrails2.1Report if any CloudTrails do not have log file validation enabled. See the [README](https://github.com/flexera-public/policy_templates/tree/master/security/aws/log_file_validation_enabled) and [docs.rightscale.com/policies](https://docs.rightscale.com/policies/) to learn more.
AWS Ensure Object-level Events Logging Enabled For CloudTrails2.1Report if CloudTrail does not have object-level logging for read and write events enabled. See the [README](https://github.com/flexera-public/policy_templates/tree/master/security/aws/log_ensure_cloudtrail_bucket_object_logging) and [docs.rightscale.com/policies](https://docs.rightscale.com/policies/) to learn more.
AWS Ensure Rotation For Customer Master Keys (CMKs) Is Enabled2.2Report if CMK rotation is not enabled. See the [README](https://github.com/flexera-public/policy_templates/tree/master/security/aws/kms_rotation) and [docs.rightscale.com/policies](https://docs.rightscale.com/policies/) to learn more.
AWS IAM Ensure Access Keys Are Rotated2.6Report if access keys exist that are 90 days old or older. See the [README](https://github.com/flexera-public/policy_templates/tree/master/security/aws/iam_rotate_access_keys) and [docs.flexera.com/flexera/EN/Automation](https://docs.flexera.com/flexera/EN/Automation/AutomationGS.htm) to learn more.
AWS IAM Ensure Credentials Unused For >45 days Are Disabled2.4Report if credentials exist that have gone unused for 45 days or more. See the [README](https://github.com/flexera-public/policy_templates/tree/master/security/aws/iam_disable_45_day_creds) and [docs.flexera.com/flexera/EN/Automation](https://docs.flexera.com/flexera/EN/Automation/AutomationGS.htm) to learn more.
AWS IAM Ensure MFA Enabled For IAM Users2.5Report if MFA is not enabled for IAM users with a console password. See the [README](https://github.com/flexera-public/policy_templates/tree/master/security/aws/iam_no_root_for_tasks) and [docs.flexera.com/flexera/EN/Automation](https://docs.flexera.com/flexera/EN/Automation/AutomationGS.htm) to learn more.
AWS IAM Ensure One Active Key Per IAM User2.2Report if any IAM users have 2 or more active access keys. See the [README](https://github.com/flexera-public/policy_templates/tree/master/security/aws/iam_one_active_key_per_user) and [docs.flexera.com/flexera/EN/Automation](https://docs.flexera.com/flexera/EN/Automation/AutomationGS.htm) to learn more.
AWS IAM Ensure One Active Key Per IAM User2.2Report if any IAM users have policies assigned directly instead of through groups. See the [README](https://github.com/flexera-public/policy_templates/tree/master/security/aws/iam_users_perms_via_groups_only) and [docs.flexera.com/flexera/EN/Automation](https://docs.flexera.com/flexera/EN/Automation/AutomationGS.htm) to learn more.
AWS IAM Report Attached Admin IAM Policies2.4Report any admin IAM policies that are attached. See the [README](https://github.com/flexera-public/policy_templates/tree/master/security/aws/iam_no_admin_iam_policies_attached) and [docs.flexera.com/flexera/EN/Automation](https://docs.flexera.com/flexera/EN/Automation/AutomationGS.htm) to learn more.
AWS IAM Report Expired SSL/TLS Certificates2.4Report any expired SSL/TLS certificates in the AWS account.. See the [README](https://github.com/flexera-public/policy_templates/tree/master/security/aws/iam_expired_ssl_certs) and [docs.flexera.com/flexera/EN/Automation](https://docs.flexera.com/flexera/EN/Automation/AutomationGS.htm) to learn more.
AWS IAM Report Insufficient Password Policy2.4Report if password length requirement is insufficient. See the [README](https://github.com/flexera-public/policy_templates/tree/master/security/aws/iam_min_password_length) and [docs.flexera.com/flexera/EN/Automation](https://docs.flexera.com/flexera/EN/Automation/AutomationGS.htm) to learn more.
AWS IAM Report Password Policy No Restrict Password Reuse2.4Report if password policy does not restrict reusing passwords or saves fewer than 24 passwords for this purpose. See the [README](https://github.com/flexera-public/policy_templates/tree/master/security/aws/iam_min_password_length) and [docs.flexera.com/flexera/EN/Automation](https://docs.flexera.com/flexera/EN/Automation/AutomationGS.htm) to learn more.
AWS IAM Report Regions Without Access Analyzer3.0Report affected regions if no Access Analyzer is enabled. See the [README](https://github.com/flexera-public/policy_templates/tree/master/security/aws/iam_access_analyzer_enabled) and [docs.flexera.com/flexera/EN/Automation](https://docs.flexera.com/flexera/EN/Automation/AutomationGS.htm) to learn more.
AWS IAM Report Root Account Access Keys2.4Report any access keys with root access. See the [README](https://github.com/flexera-public/policy_templates/tree/master/security/aws/iam_no_root_access_keys) and [docs.flexera.com/flexera/EN/Automation](https://docs.flexera.com/flexera/EN/Automation/AutomationGS.htm) to learn more.
AWS IAM Report Root Accounts Without Hardware MFA2.4Report root account if hardware MFA is disabled. See the [README](https://github.com/flexera-public/policy_templates/tree/master/security/aws/iam_hwmfa_enabled_for_root) and [docs.flexera.com/flexera/EN/Automation](https://docs.flexera.com/flexera/EN/Automation/AutomationGS.htm) to learn more.
AWS IAM Report Root Accounts Without MFA2.4Report root account if MFA is disabled. See the [README](https://github.com/flexera-public/policy_templates/tree/master/security/aws/iam_mfa_enabled_for_root) and [docs.flexera.com/flexera/EN/Automation](https://docs.flexera.com/flexera/EN/Automation/AutomationGS.htm) to learn more.
AWS IAM Report Root User Doing Everyday Tasks2.5Report whether the root account is being used for routine or everyday tasks. See the [README](https://github.com/flexera-public/policy_templates/tree/master/security/aws/iam_no_root_for_tasks) and [docs.flexera.com/flexera/EN/Automation](https://docs.flexera.com/flexera/EN/Automation/AutomationGS.htm) to learn more.
AWS IAM Support Role Created2.4Report if no support roles exist in the AWS account. See the [README](https://github.com/flexera-public/policy_templates/tree/master/security/aws/iam_support_role_created) and [docs.flexera.com/flexera/EN/Automation](https://docs.flexera.com/flexera/EN/Automation/AutomationGS.htm) to learn more.
AWS Internet-facing ELBs & ALBs3.0Report and remediate any Classic Load Balancers(ELBs) and Application load Balancers(ALBs) that are Internet-facing. See the [README](https://github.com/flexera-public/policy_templates/tree/master/security/aws/loadbalancer_internet_facing) and [docs.flexera.com/flexera/EN/Automation](https://docs.flexera.com/flexera/EN/Automation/AutomationGS.htm) to learn more.
AWS Open Buckets2.7Check for buckets that are open to everyone. See the [README](https://github.com/flexera-public/policy_templates/tree/master/security/storage/aws/public_buckets) and [docs.flexera.com/flexera/EN/Automation](https://docs.flexera.com/flexera/EN/Automation/AutomationGS.htm) to learn more.
AWS Publicly Accessible RDS Instances4.0Check for database services that are publicly accessible and terminate them after approval. See the [README](https://github.com/flexera-public/policy_templates/tree/master/security/aws/rds_publicly_accessible) and [docs.flexera.com/flexera/EN/Automation](https://docs.flexera.com/flexera/EN/Automation/AutomationGS.htm) to learn more.
AWS S3 Buckets without Server Access Logging2.6Checks for buckets that do not have server_access_logging enabled. See the [README](https://github.com/flexera-public/policy_templates/tree/master/security/storage/aws/s3_buckets_without_server_access_logging) and [docs.flexera.com/flexera/EN/Automation](https://docs.flexera.com/flexera/EN/Automation/AutomationGS.htm) to learn more.
AWS S3 Ensure 'Block Public Access' Configured For All Buckets2.2Report if 'Block Public Access' is not configured for any S3 Buckets. See the [README](https://github.com/flexera-public/policy_templates/tree/master/security/aws/s3_ensure_buckets_block_public_access) and [docs.flexera.com/flexera/EN/Automation](https://docs.flexera.com/flexera/EN/Automation/AutomationGS.htm) to learn more.
AWS S3 Ensure Bucket Policies Deny HTTP Requests2.4Report any S3 buckets that do not have a policy to deny HTTP requests. See the [README](https://github.com/flexera-public/policy_templates/tree/master/security/aws/s3_buckets_deny_http) and [docs.flexera.com/flexera/EN/Automation](https://docs.flexera.com/flexera/EN/Automation/AutomationGS.htm) to learn more.
AWS S3 Ensure MFA Delete Enabled For All Buckets2.4Report if MFA Delete is not enabled for any S3 Buckets. See the [README](https://github.com/flexera-public/policy_templates/tree/master/security/aws/s3_ensure_mfa_delete_enabled) and [docs.flexera.com/flexera/EN/Automation](https://docs.flexera.com/flexera/EN/Automation/AutomationGS.htm) to learn more.
AWS Unencrypted ELB Listeners (ALB/NLB)3.0Report any AWS App/Network Load Balancers w/Internet-facing Unencrypted Listeners. See the [README](https://github.com/flexera-public/policy_templates/tree/master/security/aws/elb_unencrypted) and [docs.flexera.com/flexera/EN/Automation](https://docs.flexera.com/flexera/EN/Automation/AutomationGS.htm) to learn more.
AWS Unencrypted ELB Listeners (CLB)3.0Report any AWS Classic Load Balancers w/Internet-facing Unencrypted Listeners. See the [README](https://github.com/flexera-public/policy_templates/tree/master/security/aws/clb_unencrypted) and [docs.flexera.com/flexera/EN/Automation](https://docs.flexera.com/flexera/EN/Automation/AutomationGS.htm) to learn more.
AWS Unencrypted RDS Instances3.0Report any Relational Database Service (RDS) instances that are unencrypted. See the [README](https://github.com/flexera-public/policy_templates/tree/master/security/aws/rds_unencrypted) and [docs.flexera.com/flexera/EN/Automation](https://docs.flexera.com/flexera/EN/Automation/AutomationGS.htm) to learn more.
AWS Unencrypted S3 Buckets2.8Report any S3 buckets in AWS that are unencrypted and provide the option to set the default encryption after approval. See the [README](https://github.com/flexera-public/policy_templates/tree/master/security/aws/unencrypted_s3_buckets) and [docs.flexera.com/flexera/EN/Automation](https://docs.flexera.com/flexera/EN/Automation/AutomationGS.htm) to learn more.
AWS Unencrypted Volumes3.0Report any Elastic Block Store (EBS) volumes in AWS that are unencrypted. See the [README](https://github.com/flexera-public/policy_templates/tree/master/security/aws/ebs_unencrypted_volumes) and [docs.flexera.com/flexera/EN/Automation](https://docs.flexera.com/flexera/EN/Automation/AutomationGS.htm) to learn more.
AWS VPC's without FlowLogs Enabled3.0Report any AWS VPC's without FlowLogs Enabled. See the [README](https://github.com/flexera-public/policy_templates/tree/master/security/aws/vpcs_without_flow_logs_enabled) and [docs.flexera.com/flexera/EN/Automation](https://docs.flexera.com/flexera/EN/Automation/AutomationGS.htm) to learn more.
Azure Ensure Blob Containers Set To Private2.2Report if any blob storage containers do not have their public access level set to private. See the [README](https://github.com/flexera-public/policy_templates/tree/master/security/azure/private_blob_containers) and [docs.rightscale.com/policies](https://docs.rightscale.com/policies/) to learn more.
Azure Ensure Correct PostgreSQL Servers Log Settings2.0Report if any PostgreSQL server instances are not configured with correct log settings. See the [README](https://github.com/flexera/policy_templates/tree/master/security/azure/pg_log_settings) and [docs.rightscale.com/policies](https://docs.rightscale.com/policies/) to learn more.
Azure Ensure High Severity Alerts2.2Report if any subscriptions are not configured to report high severity alerts. See the [README](https://github.com/flexera-public/policy_templates/tree/master/security/azure/high_severity_alerts) and [docs.rightscale.com/policies](https://docs.rightscale.com/policies/) to learn more.
Azure Ensure Log Analytics Auto-Provisioning2.2Report if auto-provisioning of Log Analytics agent for Azure VMs is disabled. See the [README](https://github.com/flexera-public/policy_templates/tree/master/security/azure/log_analytics_autoprovision) and [docs.rightscale.com/policies](https://docs.rightscale.com/policies/) to learn more.
Azure Ensure MySQL Flexible Servers Use Secure TLS2.2Report if any MySQL flexible server instances do not use a secure TLS version. See the [README](https://github.com/flexera-public/policy_templates/tree/master/security/azure/mysql_tls_version/) and [docs.rightscale.com/policies](https://docs.rightscale.com/policies/) to learn more.
Azure Ensure MySQL Servers Enforce SSL Connections2.2Report if any MySQL server instances do not enforce SSL connections. See the [README](https://github.com/flexera-public/policy_templates/tree/master/security/azure/mysql_ssl/) and [docs.rightscale.com/policies](https://docs.rightscale.com/policies/) to learn more.
Azure Ensure Owners Receive Security Alerts2.2Report if any subscriptions are not configured to send security alerts to their owners. See the [README](https://github.com/flexera-public/policy_templates/tree/master/security/azure/security_alert_owners) and [docs.rightscale.com/policies](https://docs.rightscale.com/policies/) to learn more.
Azure Ensure PostgreSQL Servers Connection Throttling Enabled2.0Report if any PostgreSQL server instances do not have connection throttling enabled. See the [README](https://github.com/flexera/policy_templates/tree/master/security/azure/pg_conn_throttling) and [docs.rightscale.com/policies](https://docs.rightscale.com/policies/) to learn more.
Azure Ensure PostgreSQL Servers Infrastructure Encryption2.2Report if any PostgreSQL server instances do not have infrastructure encryption enabled. See the [README](https://github.com/flexera-public/policy_templates/tree/master/security/azure/pg_infra_encryption) and [docs.rightscale.com/policies](https://docs.rightscale.com/policies/) to learn more.
Azure Ensure PostgreSQL Servers Sufficient Log Retention2.0Report if any PostgreSQL server instances do not have log retention configured for more than 3 days. See the [README](https://github.com/flexera/policy_templates/tree/master/security/azure/pg_log_retention) and [docs.rightscale.com/policies](https://docs.rightscale.com/policies/) to learn more.
Azure Ensure SQL Database Encryption2.0Report if any SQL databases do not have encryption enabled. See the [README](https://github.com/flexera/policy_templates/tree/master/security/azure/sql_db_encryption) and [docs.rightscale.com/policies](https://docs.rightscale.com/policies/) to learn more.
Azure Ensure SQL Server AD Admin Configured2.2Report if any SQL server instances do not have an AD (Active Directory) Admin configured. See the [README](https://github.com/flexera-public/policy_templates/tree/master/security/azure/sql_ad_admin/) and [docs.rightscale.com/policies](https://docs.rightscale.com/policies/) to learn more.
Azure Ensure SQL Server ATP (Advanced Threat Protection) Enabled2.0Report if any SQL server instances do not have ATP (Advanced Threat Protection) enabled. See the [README](https://github.com/flexera/policy_templates/tree/master/security/azure/sql_server_atp) and [docs.rightscale.com/policies](https://docs.rightscale.com/policies/) to learn more.
Azure Ensure SQL Server Auditing Enabled2.2Report if any SQL server instances do not have auditing enabled. See the [README](https://github.com/flexera-public/policy_templates/tree/master/security/azure/sql_server_auditing) and [docs.rightscale.com/policies](https://docs.rightscale.com/policies/) to learn more.
Azure Ensure SQL Server Minimum Auditing Retention Of 90 Days2.0Report if any SQL server instances do not have auditing retention configured for 90 days or more. See the [README](https://github.com/flexera/policy_templates/tree/master/security/azure/sql_auditing_retention) and [docs.rightscale.com/policies](https://docs.rightscale.com/policies/) to learn more.
Azure Ensure SQL Server VA Email Notifications2.2Report if any SQL server instances do not have notification emails configured for VA. See the [README](https://github.com/flexera-public/policy_templates/tree/master/security/azure/sql_server_va_emails) and [docs.rightscale.com/policies](https://docs.rightscale.com/policies/) to learn more.
Azure Ensure SQL Server VA Notify Admins/Subscription Owners2.2Report if any SQL server instances are not configured in VA to also notify admins and subscription owners. See the [README](https://github.com/flexera-public/policy_templates/tree/master/security/azure/sql_server_va_admins) and [docs.rightscale.com/policies](https://docs.rightscale.com/policies/) to learn more.
Azure Ensure SQL Server VA Periodic Scans Enabled2.0Report if any SQL server instances do not have Vulnerability Assessment (VA) periodic scans enabled. See the [README](https://github.com/flexera/policy_templates/tree/master/security/azure/sql_server_va_scans) and [docs.rightscale.com/policies](https://docs.rightscale.com/policies/) to learn more.
Azure Ensure SQL Server Vulnerability Assessment (VA) Enabled2.2Report if any SQL server instances do not have Vulnerability Assessment (VA) enabled. See the [README](https://github.com/flexera-public/policy_templates/tree/master/security/azure/sql_server_va) and [docs.rightscale.com/policies](https://docs.rightscale.com/policies/) to learn more.
Azure Ensure Secure Transfer Required2.2Report if any storage accounts are not configured to require secure transfers. See the [README](https://github.com/flexera-public/policy_templates/tree/master/security/azure/secure_transfer_required) and [docs.rightscale.com/policies](https://docs.rightscale.com/policies/) to learn more.
Azure Ensure Security Contact Email2.2Report if any subscriptions lack a security contact email address. See the [README](https://github.com/flexera-public/policy_templates/tree/master/security/azure/security_contact_email) and [docs.rightscale.com/policies](https://docs.rightscale.com/policies/) to learn more.
Azure Ensure Soft Delete Enabled For Azure Storage2.2Report if the storage service does not have soft delete enabled. See the [README](https://github.com/flexera-public/policy_templates/tree/master/security/azure/storage_soft_delete/) and [docs.rightscale.com/policies](https://docs.rightscale.com/policies/) to learn more.
Azure Ensure Storage Account Default Network Access Set To Deny2.2Report if any storage accounts do not have their default network access set to 'deny'. See the [README](https://github.com/flexera-public/policy_templates/tree/master/security/azure/storage_network_deny) and [docs.rightscale.com/policies](https://docs.rightscale.com/policies/) to learn more.
Azure Ensure Storage Accounts Require Secure TLS Version2.2Report if any storage accounts are not configured to require TLS 1.2. See the [README](https://github.com/flexera-public/policy_templates/tree/master/security/azure/storage_tls_version) and [docs.rightscale.com/policies](https://docs.rightscale.com/policies/) to learn more.
Azure Ensure Storage Logging Enabled For Blob Service2.2Report if any blob storage accounts are not configured to log read, write, and delete requests. See the [README](https://github.com/flexera-public/policy_templates/tree/master/security/azure/blob_storage_logging) and [docs.rightscale.com/policies](https://docs.rightscale.com/policies/) to learn more.
Azure Ensure Storage Logging Enabled For Queue Service2.2Report if any storage queue accounts are not configured to log read, write, and delete requests. See the [README](https://github.com/flexera-public/policy_templates/tree/master/security/azure/queue_storage_logging) and [docs.rightscale.com/policies](https://docs.rightscale.com/policies/) to learn more.
Azure Ensure Storage Logging Enabled For Table Service2.2Report if any storage table accounts are not configured to log read, write, and delete requests. See the [README](https://github.com/flexera-public/policy_templates/tree/master/security/azure/table_storage_logging) and [docs.rightscale.com/policies](https://docs.rightscale.com/policies/) to learn more.
Azure Ensure Trusted Microsoft Services Enabled2.2Report if any storage accounts do not have access enabled for Trusted Microsoft Services. See the [README](https://github.com/flexera-public/policy_templates/tree/master/security/azure/storage_trusted_services/) and [docs.rightscale.com/policies](https://docs.rightscale.com/policies/) to learn more.
Azure Guest Users Audit2.1Report if any guest users exist so that they can be reviewed. See the [README](https://github.com/flexera-public/policy_templates/tree/master/security/azure/guest_users) and [docs.rightscale.com/policies](https://docs.rightscale.com/policies/) to learn more.
Azure Network Security Groups With Inbound RDP Open2.3Reports when an Azure Network Security Group has RDP open to the internet. See the [README](https://github.com/flexera-public/policy_templates/tree/master/security/azure/restrict_rdp_internet) and [docs.flexera.com/flexera/EN/Automation](https://docs.flexera.com/flexera/EN/Automation/AutomationGS.htm) to learn more.
Azure Network Security Groups With Inbound SSH Open2.3Reports when an Azure Network Security Group has ssh (port 22) open to the internet. See the [README](https://github.com/flexera-public/policy_templates/tree/master/security/azure/restrict_ssh_internet) and [docs.flexera.com/flexera/EN/Automation](https://docs.flexera.com/flexera/EN/Automation/AutomationGS.htm) to learn more.
Azure Publicly Accessible Managed SQL Instance2.8Check for database services that are publicly accessible and terminate them after approval. See the [README](https://github.com/flexera-public/policy_templates/tree/master/security/azure/sql_publicly_accessible_managed_instance) and [docs.flexera.com/flexera/EN/Automation](https://docs.flexera.com/flexera/EN/Automation/AutomationGS.htm) to learn more.
Azure Resources with public IP address2.4Get the Resource Group or any resources with public IP address. See the [docs.flexera.com/flexera/EN/Automation](https://docs.flexera.com/flexera/EN/Automation/AutomationGS.htm) to learn more.
Azure Storage Accounts Without HTTPs Enforced2.5Checks for Azure Storage Accounts with HTTPs not enforced. See the [README](https://github.com/flexera-public/policy_templates/tree/master/security/storage/azure/storage_account_https_enabled) and [docs.flexera.com/flexera/EN/Automation](https://docs.flexera.com/flexera/EN/Automation/AutomationGS.htm) to learn more.
Azure Web App Minimum TLS Version2.6Checks for Azure Web Apps with a minimum TLS version less that the value specified. See the [README](https://github.com/flexera-public/policy_templates/tree/master/security/azure/webapp_tls_version_support) and [docs.flexera.com/flexera/EN/Automation](https://docs.flexera.com/flexera/EN/Automation/AutomationGS.htm) to learn more.
Google Open Buckets2.5Checks for buckets that are open to the public. See the [README](https://github.com/flexera-public/policy_templates/tree/master/security/storage/google/public_buckets) and [docs.flexera.com/flexera/EN/Automation](https://docs.flexera.com/flexera/EN/Automation/AutomationGS.htm) to learn more.

Operational Policies

Save valuable human time and investment by automating everyday IT operations. Running an automated and efficient cloud infrastructure frees up expensive resources on high ROI projects like scaling, growth, and deliver value faster than anyone else.

NameVersionDescription
AKS Node Pools Without Autoscaling2.4Raise an incident if there are any AKS user node pools without autoscaling enabled. See the [README](https://github.com/flexera-public/policy_templates/tree/master/operational/azure/aks_nodepools_without_autoscaling) and [docs.flexera.com/flexera/EN/Automation](https://docs.flexera.com/flexera/EN/Automation/AutomationGS.htm) to learn more.
AKS Node Pools Without Zero Autoscaling2.4Raise an incident if there are any AKS user node pools without zero autoscaling enabled. See the [README](https://github.com/flexera-public/policy_templates/tree/master/operational/azure/aks_nodepools_without_autoscaling) and [docs.flexera.com/flexera/EN/Automation](https://docs.flexera.com/flexera/EN/Automation/AutomationGS.htm) to learn more.
AWS Instance Scheduled Events3.0Report on any AWS scheduled event that will impact instance availability. See the [README](https://github.com/flexera-public/policy_templates/tree/master/operational/aws/instance_scheduled_events) and [docs.flexera.com/flexera/EN/Automation](https://docs.flexera.com/flexera/EN/Automation/AutomationGS.htm) to learn more.
AWS Lambda Functions with high error rate4.0Report any functions with error rate over parameter. See the [README](https://github.com/flexera-public/policy_templates/tree/master/operational/aws/lambda_functions_with_high_error_rate) and [docs.flexera.com/flexera/EN/Automation](https://docs.flexera.com/flexera/EN/Automation/AutomationGS.htm) to learn more.
AWS Long Running Instances3.0Checks for running instances that have been running longer than the `Days Old` parameter. See the [README](https://github.com/flexera-public/policy_templates/tree/master/operational/aws/long_running_instances/) and [docs.flexera.com/flexera/EN/Automation](https://docs.flexera.com/flexera/EN/Automation/AutomationGS.htm) to learn more.
AWS RDS Backup Settings2.7Checks for RDS Instances that have unapproved backup settings. See the [README](https://github.com/flexera-public/policy_templates/tree/master/operational/dbaas/aws/rds_backup) and [docs.flexera.com/flexera/EN/Automation](https://docs.flexera.com/flexera/EN/Automation/AutomationGS.htm) to learn more.
AWS Tag Cardinality Report2.3Generates a tag cardinality report for AWS Accounts and Resources. See the [README](https://github.com/flexera-public/policy_templates/tree/master/operational/aws/tag_cardinality) and [docs.flexera.com/flexera/EN/Automation](https://docs.flexera.com/flexera/EN/Automation/AutomationGS.htm) to learn more.
AWS Usage Forecast - Number of Instance Hours Used3.2This policy uses a linear-regression model to produce a forecast of the number of hours used for AWS instances, categorized by Instance Family. See the [README](https://github.com/flexera-public/policy_templates/tree/master/operational/aws/total_instance_hours_forecast) and [docs.flexera.com/flexera/EN/Automation](https://docs.flexera.com/flexera/EN/Automation/AutomationGS.htm) to learn more.
AWS Usage Forecast - Number of Instance vCPUs Used3.2This policy uses a linear-regression model to produce a forecast of the number of vCPUs used for AWS instances, categorized by Instance Family. See the [README](https://github.com/flexera-public/policy_templates/tree/master/operational/aws/total_instance_vcpus_forecast) and [docs.flexera.com/flexera/EN/Automation](https://docs.flexera.com/flexera/EN/Automation/AutomationGS.htm) to learn more.
AWS Usage Report - Number of Instance Hours Used3.1This policy produces a usage report showing the number of Hours used for each AWS Instance Family. See the [README](https://github.com/flexera-public/policy_templates/tree/master/operational/aws/total_instance_hours) and [docs.flexera.com/flexera/EN/Automation](https://docs.flexera.com/flexera/EN/Automation/AutomationGS.htm) to learn more.
AWS Usage Report - Number of Instance vCPUs Used3.1This policy produces a usage report showing the number of vCPUs used for each AWS Instance Family. See the [README](https://github.com/flexera-public/policy_templates/tree/master/operational/aws/total_instance_vcpus) and [docs.flexera.com/flexera/EN/Automation](https://docs.flexera.com/flexera/EN/Automation/AutomationGS.htm) to learn more.
Application Migration Recommendations1.5This Policy Template will analyze RISC CloudScape data and will generate recommendations for migrating application stacks to the most cost effective for each cloud providers & regions. See the [README](https://github.com/flexera-public/policy_templates/tree/master/operational/compute_instance_migration) and [docs.flexera.com/flexera/EN/Automation](https://docs.flexera.com/flexera/EN/Automation/AutomationGS.htm) to learn more.
Azure Long Running Instances3.0Checks for running instances that have been running longer than the `Days Old` parameter. See the [docs.flexera.com/flexera/EN/Automation](https://docs.flexera.com/flexera/EN/Automation/AutomationGS.htm) to learn more.
Azure Migrate Integration1.3This Policy will collect the resources from a RISC Foundations assessment and seed Azure Migrate with the discovered servers. See the [README](https://github.com/flexera-public/policy_templates/tree/master/operational/azure/azure_migrate) and [docs.flexera.com/flexera/EN/Automation](https://docs.flexera.com/flexera/EN/Automation/AutomationGS.htm) to learn more.
Azure Sync Tags with Optima3.2Identify all Azure Tag Keys and add them as custom dimensions in Flexera Optima. See the [README](https://github.com/flexera-public/policy_templates/tree/master/operational/azure/sync_tags_with_optima) and [docs.flexera.com/flexera/EN/Automation](https://docs.flexera.com/flexera/EN/Automation/AutomationGS.htm) to learn more.
Azure Tag Cardinality Report3.0Generates a tag cardinality report for Azure Subscriptions, Resource Groups, and Resources. See the [README](https://github.com/flexera-public/policy_templates/tree/master/operational/azure/tag_cardinality) and [docs.flexera.com/flexera/EN/Automation](https://docs.flexera.com/flexera/EN/Automation/AutomationGS.htm) to learn more.
Azure VMs Not Using Managed Disks3.0Report any VMs that are not using managed disks in Azure. See the [README](https://github.com/flexera-public/policy_templates/tree/master/operational/azure/vms_without_managed_disks) and [docs.flexera.com/flexera/EN/Automation](https://docs.flexera.com/flexera/EN/Automation/AutomationGS.htm) to learn more.
Bill Processing Error Notification2.0Collects all currently applied policies and raises an incident for any in an error state. See the [README](https://github.com/flexera-public/policy_templates/tree/master/operational/bill_processing_errors_notification/) and [docs.flexera.com/flexera/EN/Automation](https://docs.flexera.com/flexera/EN/Automation/AutomationGS.htm) to learn more.
Expiring Azure Certificates3.0Raise an incident if there are expired and almost expired certificates on the Azure account in active use. See the [README](https://github.com/flexera-public/policy_templates/tree/master/operational/azure/azure_certificates) and [docs.flexera.com/flexera/EN/Automation](https://docs.flexera.com/flexera/EN/Automation/AutomationGS.htm) to learn more.
NetFlow Top Talkers1.5This Policy Template will analyze RISC Foundations NetFlow data and will leverage these traffic patterns to identify the top communication routes from each application stack to external dependencies. See the [README](https://github.com/flexera-public/policy_templates/tree/master/operational/network_flow) and [docs.flexera.com/flexera/EN/Automation](https://docs.flexera.com/flexera/EN/Automation/AutomationGS.htm) to learn more.
Schedule FlexNet Manager Report3.0Schedule a FlexNet Manager report (Custom view) and send it as a email to one or more recipients. This template uses the SOAP version of the FlexNet Manager APIs. See the [README](https://github.com/flexera-public/policy_templates/tree/master/operational/fnms/schedule_fnms_reports) and [docs.flexera.com/flexera/EN/Automation](https://docs.flexera.com/flexera/EN/Automation/AutomationGS.htm) to learn more.
Schedule ITAM Report0.1.0Schedule a Flexera ITAM report (Custom view) and send it as a email to one or more recipients. See the [README](https://github.com/flexera-public/policy_templates/tree/master/operational/itam/schedule_itam_reports) and [docs.flexera.com/flexera/EN/Automation](https://docs.flexera.com/flexera/EN/Automation/AutomationGS.htm) to learn more.

Compliance Policies

Enterprises typically have multiple compliance requirements but struggle to automate them which leads to downtime as well as resource waste. By having a strong compliance strategy but also ability to quickly automate it provides peace of mind and avoids business interruption.

NameVersionDescription
AWS Disallowed Regions3.0Check for instances that are outside of an allowed region with the option to terminate them. See the [README](https://github.com/flexera-public/policy_templates/tree/master/compliance/aws/disallowed_regions) and [docs.flexera.com/flexera/EN/Automation](https://docs.flexera.com/flexera/EN/Automation/AutomationGS.htm) to learn more.
AWS EC2 Instances not running FlexNet Inventory Agent4.1Check instances that are not running the FlexNet Inventory Agent. This template uses the SOAP version of the FlexNet Manager APIs. See the [README](https://github.com/flexera-public/policy_templates/tree/master/compliance/aws/instances_without_fnm_agent) and [docs.flexera.com/flexera/EN/Automation](https://docs.flexera.com/flexera/EN/Automation/AutomationGS.htm) to learn more.
AWS IAM Role Audit2.5This policy checks to see if the provided roles exist in an account. See the [README](https://github.com/flexera-public/policy_templates/tree/master/compliance/aws/iam_role_audit) and [docs.flexera.com/flexera/EN/Automation](https://docs.flexera.com/flexera/EN/Automation/AutomationGS.htm) to learn more.
AWS Long-stopped Instances4.0Check for instances that have been stopped for a long time with the option to terminates them after approval. See the [README](https://github.com/flexera-public/policy_templates/tree/master/compliance/aws/long_stopped_instances) and [docs.flexera.com/flexera/EN/Automation](https://docs.flexera.com/flexera/EN/Automation/AutomationGS.htm) to learn more.
AWS Service Control Policy Audit2.6This policy checks to see if the provided service control policy is applied across all accounts in an AWS organization. See the [README](https://github.com/flexera-public/policy_templates/tree/master/compliance/aws/scp_audit) and [docs.flexera.com/flexera/EN/Automation](https://docs.flexera.com/flexera/EN/Automation/AutomationGS.htm) to learn more.
AWS Untagged Resources4.0Find all AWS resources missing any of the user provided tags with the option to update the resources with the missing tags. See the [README](https://github.com/flexera-public/policy_templates/tree/master/compliance/aws/untagged_resources/) and [docs.flexera.com/flexera/EN/Automation](https://docs.flexera.com/flexera/EN/Automation/AutomationGS.htm) to learn more.
AWS Unused ECS Clusters3.0Report and remediate any ECS clusters that are not currently in use. See the [README](https://github.com/flexera-public/policy_templates/tree/master/compliance/aws/ecs_unused) and [docs.flexera.com/flexera/EN/Automation](https://docs.flexera.com/flexera/EN/Automation/AutomationGS.htm) to learn more.
Azure AHUB Utilization with Manual Entry2.9Report when AHUB usage in Azure falls outside or inside the number of licenses specified by the user. See the [README](https://github.com/flexera-public/policy_templates/tree/master/compliance/azure/ahub_manual) and [docs.flexera.com/flexera/EN/Automation](https://docs.flexera.com/flexera/EN/Automation/AutomationGS.htm) to learn more.
Azure Disallowed Regions2.9Check for instances that are in a disallowed region with the option to terminate them. See the [README](https://github.com/flexera-public/policy_templates/tree/master/compliance/azure/azure_disallowed_regions) and [docs.flexera.com/flexera/EN/Automation](https://docs.flexera.com/flexera/EN/Automation/AutomationGS.htm) to learn more.
Azure Instances not running FlexNet Inventory Agent4.0Check instances that are not running the FlexNet Inventory Agent. This template uses the SOAP version of the FlexNet Manager APIs. See the [README](https://github.com/flexera-public/policy_templates/tree/master/compliance/azure/instances_without_fnm_agent) and [docs.flexera.com/flexera/EN/Automation](https://docs.flexera.com/flexera/EN/Automation/AutomationGS.htm) to learn more.
Azure Long Stopped Instances2.9Check for instances that have been stopped for a long time with the option to terminates them after approval. See the [README](https://github.com/flexera-public/policy_templates/tree/master/compliance/azure/azure_long_stopped_instances) and [docs.flexera.com/flexera/EN/Automation](https://docs.flexera.com/flexera/EN/Automation/AutomationGS.htm) to learn more.
Azure Policy Audit2.6Check for policies applied to Azure Subscriptions. See the [README](https://github.com/flexera-public/policy_templates/tree/master/compliance/azure/azure_policy_audit) and [docs.flexera.com/flexera/EN/Automation](https://docs.flexera.com/flexera/EN/Automation/AutomationGS.htm) to learn more.
Azure Regulatory Compliance2.9This Policy will provide an overview for the various Regulatory Compliance controls and generate an email with the results. See the [README](https://github.com/flexera-public/policy_templates/tree/master/compliance/azure/compliance_score) and [docs.flexera.com/flexera/EN/Automation](https://docs.flexera.com/flexera/EN/Automation/AutomationGS.htm) to learn more.
Azure Subscription Access2.9Lists anyone who has been granted Owner or Contributor access to an Azure subscription. See the [README](https://github.com/flexera-public/policy_templates/tree/master/compliance/azure/subscription_access) and [docs.flexera.com/flexera/EN/Automation](https://docs.flexera.com/flexera/EN/Automation/AutomationGS.htm) to learn more.
Azure Tag Resources with Resource Group Name2.6Scan all resources in an Azure Subscription, raise an incident if any resources are not tagged with the name of their Resource Group, and remediate by tagging the resource. See the [README](https://github.com/flexera-public/policy_templates/tree/master/compliance/tags/azure_rg_tags) and [docs.flexera.com/flexera/EN/Automation](https://docs.flexera.com/flexera/EN/Automation/AutomationGS.htm) to learn more.
Azure Untagged Resources2.13Find all Azure resources missing any of the user provided tags with the option to update the resources with the missing tags. See the [README](https://github.com/flexera-public/policy_templates/tree/master/compliance/azure/azure_untagged_resources) and [docs.flexera.com/flexera/EN/Automation](https://docs.flexera.com/flexera/EN/Automation/AutomationGS.htm) to learn more.
Billing Center Access Report2.0This policy generates an access report by Billing Center. See the [README](https://github.com/flexera-public/policy_templates/tree/master/compliance/billing_center_access_report/) and [docs.flexera.com/flexera/EN/Automation](https://docs.flexera.com/flexera/EN/Automation/AutomationGS.htm) to learn more.
Flexera IAM Explicit User Roles3.0Identifies users in Flexera IAM that have explicit user roles assigned. See the [README](https://github.com/flexera-public/policy_templates/tree/master/compliance/flexera/iam_explicit_user_roles) and [docs.flexera.com/flexera/EN/Automation](https://docs.flexera.com/flexera/EN/Automation/AutomationGS.htm) to learn more.
GitHub.com Available Seats Report2.4Gets the number of available seats for a licensed GitHub Org and creates an incident if they are out of the policy range. See the [README](https://github.com/flexera-public/policy_templates/tree/master/compliance/github/available_seats) and [docs.flexera.com/flexera/EN/Automation](https://docs.flexera.com/flexera/EN/Automation/AutomationGS.htm) to learn more.
GitHub.com Repositories without Admin Team2.4Gets the repositories under a GitHub.com Organization and creates incidents for any that do not have at least 1 Team assigned with `admin` role. See the [README](https://github.com/flexera-public/policy_templates/tree/master/compliance/github/repository_admin_team) and [docs.flexera.com/flexera/EN/Automation](https://docs.flexera.com/flexera/EN/Automation/AutomationGS.htm) to learn more.
GitHub.com Repository Branches without Protection2.5Gets the repositories under a list of GitHub.com Organizations and creates incidents for any that do not have protection enabled for selected branches. See the [README](https://github.com/flexera-public/policy_templates/tree/master/compliance/github/repository_branch_protection) and [docs.flexera.com/flexera/EN/Automation](https://docs.flexera.com/flexera/EN/Automation/AutomationGS.htm) to learn more.
GitHub.com Unpermitted Outside Collaborators2.4Gets all the Outside Collaborators (User that have been granted access to a repository, but are not a Member of the repository owner's Organization) under GitHub.com Organization(s) and creates an incident for each that are not included in the specified username whitelist. See the [README](https://github.com/flexera-public/policy_templates/tree/master/compliance/github/outside_collaborators) and [docs.flexera.com/flexera/EN/Automation](https://docs.flexera.com/flexera/EN/Automation/AutomationGS.htm) to learn more.
GitHub.com Unpermitted Repository Names2.4Gets the names of all repositories under GitHub.com Organization(s) and creates incidents for any that do not match any of the whitelisted regex strings. See the [README](https://github.com/flexera-public/policy_templates/tree/master/compliance/github/repository_naming) and [docs.flexera.com/flexera/EN/Automation](https://docs.flexera.com/flexera/EN/Automation/AutomationGS.htm) to learn more.
GitHub.com Unpermitted Sized Repositories2.4Gets all repositories under GitHub.com Organization(s) and creates incidents for any that were created longer than a specified number of days ago, and are smaller than a specified size. See the [README](https://github.com/flexera-public/policy_templates/tree/master/compliance/github/repository_size) and [docs.flexera.com/flexera/EN/Automation](https://docs.flexera.com/flexera/EN/Automation/AutomationGS.htm) to learn more.
GitHub.com Unpermitted Top-Level Teams2.4Gets the top-level / parent Teams for a GitHub.com Org and creates an incident if any do not match the whitelisted values. See the [README](https://github.com/flexera-public/policy_templates/tree/master/compliance/github/toplevel_teams) and [docs.flexera.com/flexera/EN/Automation](https://docs.flexera.com/flexera/EN/Automation/AutomationGS.htm) to learn more.
Google Long-stopped instances2.7Report on any google instances that have been stopped for a long time with the option to Terminate them. See the [README](https://github.com/flexera-public/policy_templates/tree/master/compliance/google/long_stopped_instances) and [docs.flexera.com/flexera/EN/Automation](https://docs.flexera.com/flexera/EN/Automation/AutomationGS.htm) to learn more.
Google Unlabeled Resources2.4Find all Google Cloud resources(disks, images, instances, snapshots, buckets, vpnGateways), missing any of the user provided labels with the option to update the resources with the missing labels. See the [README](https://github.com/flexera-public/policy_templates/tree/master/compliance/google/unlabeled_resources) and [docs.flexera.com/flexera/EN/Automation](https://docs.flexera.com/flexera/EN/Automation/AutomationGS.htm) to learn more.
ITAM Expiring Licenses2.2Looks up Active Flexnet Manager Licenses Expiring within set Time Period and sends the result as an email. See the [README](https://github.com/flexera-public/policy_templates/tree/master/compliance/fnms/fnms_licenses_expiring) and [docs.flexera.com/flexera/EN/Automation](https://docs.flexera.com/flexera/EN/Automation/AutomationGS.htm) to learn more.
ITAM Ignored Recent Inventory Dates2.2Looks for machines that are ignored but have been invenotry recently and sends the result as an email. See the [README](https://github.com/flexera-public/policy_templates/tree/master/compliance/fnms/ignored_recent_inventory_dates/) and [docs.flexera.com/flexera/EN/Automation](https://docs.flexera.com/flexera/EN/Automation/AutomationGS.htm) to learn more.
ITAM Missing Active Machines2.2Looks for machines that are active but haven't checked in and sends the result as an email. See the [README](https://github.com/flexera-public/policy_templates/tree/master/compliance/fnms/missing_active_machines/) and [docs.flexera.com/flexera/EN/Automation](https://docs.flexera.com/flexera/EN/Automation/AutomationGS.htm) to learn more.
ITAM Overused Licenses2.2Looks up software licenses and reports in email any licenses that are overused. See the [README](https://github.com/flexera-public/policy_templates/tree/master/compliance/fnms/overused_licenses) and [docs.flexera.com/flexera/EN/Automation](https://docs.flexera.com/flexera/EN/Automation/AutomationGS.htm) to learn more.
ITAM VMs Missing Host ID2.2Looks for machines that are active but missing a Host ID. See the [README](https://github.com/flexera-public/policy_templates/tree/master/compliance/fnms/vms_missing_hostid/) and [docs.flexera.com/flexera/EN/Automation](https://docs.flexera.com/flexera/EN/Automation/AutomationGS.htm) to learn more.

SaaS Management Policies

As your technology landscape matures, SaaS becomes a larger part of your spend between all of the services used for backoffice and for delivering applications. These policies help you monitor your SaaS tools for cost, compliance, and security purposes.

NameVersionDescription
Office 365 Security Alerts2.4This policy will identify Security Alerts that have been raised in Office 365. Policy Managers can minimize the notifications by choosing to only be alerted by certain severity level(s). See the [README](https://github.com/flexera-public/policy_templates/tree/master/saas/office365/security_alerts/) and [docs.flexera.com/flexera/EN/Automation](https://docs.flexera.com/flexera/EN/Automation/AutomationGS.htm) to learn more.
Okta Inactive Users2.4This policy will identify Okta users that have not logged in within a specified number of days and deactivate the users upon approval. See the [README](https://github.com/flexera-public/policy_templates/tree/master/saas/okta/inactive_users/) and [docs.flexera.com/flexera/EN/Automation](https://docs.flexera.com/flexera/EN/Automation/AutomationGS.htm) to learn more.
SaaS Manager - Duplicate User Accounts2.5This policy will create an incident when Flexera SaaS Manager identifies duplicate user accounts within a single managed SaaS application. See the [README](https://github.com/flexera-public/policy_templates/tree/master/saas/fsm/duplicate_users/) and [docs.flexera.com/flexera/EN/Automation](https://docs.flexera.com/flexera/EN/Automation/AutomationGS.htm) to learn more.
SaaS Manager - Inactive Users by Department2.7This policy will create an incident when Flexera SaaS Manager identifies inactive or never active users for managed applications. See the [README](https://github.com/flexera-public/policy_templates/tree/master/saas/fsm/inactive_users_by_dept/) and [docs.flexera.com/flexera/EN/Automation](https://docs.flexera.com/flexera/EN/Automation/AutomationGS.htm) to learn more.
SaaS Manager - Inactive Users for Integrated Applications2.1Gets inactive users for the Integrated Applications of the specified Managed SaaS Application.
SaaS Manager - Redundant Apps2.6This policy will create an incident when Flexera SaaS Manager identifies application categories with an excessive number of applications. See the [README](https://github.com/flexera-public/policy_templates/tree/master/saas/fsm/redundant_apps/) and [docs.flexera.com/flexera/EN/Automation](https://docs.flexera.com/flexera/EN/Automation/AutomationGS.htm) to learn more.
SaaS Manager - Renewal Reminder2.6This policy will create an incident when Flexera SaaS Manager identifies applications whose expiration date is approaching. See the [README](https://github.com/flexera-public/policy_templates/tree/master/saas/fsm/renewal_reminder/) and [docs.flexera.com/flexera/EN/Automation](https://docs.flexera.com/flexera/EN/Automation/AutomationGS.htm) to learn more.
SaaS Manager - SaaS App User Report by Category2.4This policy will create an incident when Flexera SaaS Manager identifies users entitled to SaaS apps within a specified department. See the [README](https://github.com/flexera-public/policy_templates/tree/master/saas/fsm/users_by_category/) and [docs.flexera.com/flexera/EN/Automation](https://docs.flexera.com/flexera/EN/Automation/AutomationGS.htm) to learn more.
SaaS Manager - Suspicious Users2.6This policy will create an incident when Flexera SaaS Manager identifies suspicious users logging into SaaS applications. See the [README](https://github.com/flexera-public/policy_templates/tree/master/saas/fsm/suspicious_users/) and [docs.flexera.com/flexera/EN/Automation](https://docs.flexera.com/flexera/EN/Automation/AutomationGS.htm) to learn more.
SaaS Manager - Unsanctioned Applications with Existing Contract2.5This policy will create an incident when Flexera SaaS Manager identifies unsanctioned SaaS purchases for managed applications under an existing license contract. See the [README](https://github.com/flexera-public/policy_templates/tree/master/saas/fsm/unsanctioned_apps_with_contract/) and [docs.flexera.com/flexera/EN/Automation](https://docs.flexera.com/flexera/EN/Automation/AutomationGS.htm) to learn more.
SaaS Manager - Unsanctioned Spend2.6This policy will create an incident when Flexera SaaS Manager identifies unsanctioned spend on SaaS applications. See the [README](https://github.com/flexera-public/policy_templates/tree/master/saas/fsm/unsanctioned_spend/) and [docs.flexera.com/flexera/EN/Automation](https://docs.flexera.com/flexera/EN/Automation/AutomationGS.htm) to learn more.
SaaS Manager - User Status Change2.6This policy will create an incident when Flexera SaaS Manager identifies users whose status in the HR roster changes to inactive. See the [README](https://github.com/flexera-public/policy_templates/tree/master/saas/fsm/user_status_change/) and [docs.flexera.com/flexera/EN/Automation](https://docs.flexera.com/flexera/EN/Automation/AutomationGS.htm) to learn more.
ServiceNow Inactive Approvers2.3This policy will identify ServiceNow Approvers that have not logged in within a specified number of days. See the [README](https://github.com/flexera-public/policy_templates/tree/master/saas/servicenow/inactive_approvers/) and [docs.flexera.com/flexera/EN/Automation](https://docs.flexera.com/flexera/EN/Automation/AutomationGS.htm) to learn more.