Flexera provides a wide variety of policies that you can apply on Day 1 without much investment. All our policies are open source and can be found in our public git repo.

Interested in policies not listed here? Contact your Account Manager or our sales team, or write your own.

Cost Policies

Increase cost visibility and management in your multi-cloud world and take appropriate actions to run an efficient infrastructure.

NameVersionDescription
AWS Bucket Size Check2.8This Policy Template scans all S3 buckets in the given account and checks if the bucket exceeds a specified byte size. See the [README](https://github.com/flexera/policy_templates/tree/master/cost/aws/s3_bucket_size) and [docs.flexera.com/flexera/EN/Automation](https://docs.flexera.com/flexera/EN/Automation/AutomationGS.htm) to learn more.
AWS Burstable Instance CloudWatch Utilization2.10Gathers AWS CloudWatch CPU and Burst Credit data for instances on 30 day intervals. See the [README](https://github.com/flexera/policy_templates/tree/master/cost/aws/burstable_instance_cloudwatch_credit_utilization/) and [docs.flexera.com/flexera/EN/Automation](https://docs.flexera.com/flexera/EN/Automation/AutomationGS.htm) to learn more.
AWS Delete Unused Classic Load Balancers2.15Report and remediate any Classic Load Balancers (CLB) that are not currently in use. See the [README](https://github.com/flexera/policy_templates/tree/master/cost/aws/elb/clb_unused) and [docs.flexera.com/flexera/EN/Automation](https://docs.flexera.com/flexera/EN/Automation/AutomationGS.htm) to learn more.
AWS Expiring Reserved Instances1.11A policy that sends email notifications before AWS Reserved Instances expire. See the [README](https://github.com/rightscale/policy_templates/tree/master/cost/aws/reserved_instances/expiration) and [docs.flexera.com/flexera/EN/Automation](https://docs.flexera.com/flexera/EN/Automation/AutomationGS.htm) to learn more.
AWS Expiring Savings Plans2.0A policy that sends email notifications before AWS Savings Plan expire. See the [README](https://github.com/flexera/policy_templates/tree/master/cost/aws/savings_plan/expiration) and [docs.flexera.com/flexera/EN/Automation](https://docs.flexera.com/flexera/EN/Automation/AutomationGS.htm) to learn more.
AWS GP3 Upgradeable Volumes2.5Checks for upgradeable volumes and report them for modification. See the [README](https://github.com/flexera/policy_templates/tree/master/cost/aws/gp3_volume_upgrade) and [docs.flexera.com/flexera/EN/Automation](https://docs.flexera.com/flexera/EN/Automation/AutomationGS.htm) to learn more.
AWS Idle Compute Instances3.4Check for instances that are idle for the last 30 days and terminates them after approval. See the [README](https://github.com/flexera/policy_templates/tree/master/cost/aws/idle_compute_instances/) and [docs.flexera.com/flexera/EN/Automation](https://docs.flexera.com/flexera/EN/Automation/AutomationGS.htm) to learn more.
AWS Inefficient Instance Utilization using CloudWatch2.14Checks inefficient instance utilization using provided CPU and Memory thresholds. Instances matching the criteria can be resized after user approval. See the [README](https://github.com/flexera/policy_templates/tree/master/cost/aws/instance_cloudwatch_utilization/) and [docs.flexera.com/flexera/EN/Automation](https://docs.flexera.com/flexera/EN/Automation/AutomationGS.htm) to learn more.
AWS Object Storage Optimization2.8Check for object store items for last modified date and moves the object to cool or cold archive tiers after user approval. [README](https://github.com/flexera/policy_templates/tree/master/cost/aws/object_storage_optimization) and [docs.flexera.com/flexera/EN/Automation](https://docs.flexera.com/flexera/EN/Automation/AutomationGS.htm) to learn more.
AWS Old Snapshots3.3Checks for snapshots older than a specified number of days and, optionally, deletes them. See the [README](https://github.com/flexera/policy_templates/tree/master/cost/aws/old_snapshots) and [docs.flexera.com/flexera/EN/Automation](https://docs.flexera.com/flexera/EN/Automation/AutomationGS.htm) to learn more.
AWS RDS Instances2.8Collects all RDS instances in an account. See the [README](https://github.com/flexera/policy_templates/tree/master/cost/aws/rds_instance_license_info/) and [docs.flexera.com/flexera/EN/Automation](https://docs.flexera.com/flexera/EN/Automation/AutomationGS.htm) to learn more.
AWS Reserved Instances Recommendations2.11A policy that sends email notifications when AWS RI Recommendations are identified. NOTE: These RI Purchase Recommendations are generated by AWS. See the [README](https://github.com/flexera/policy_templates/tree/master/cost/aws/reserved_instances/recommendations) and [docs.flexera.com/flexera/EN/Automation](https://docs.flexera.com/flexera/EN/Automation/AutomationGS.htm) to learn more.
AWS Reserved Instances Utilization1.14A policy that sends email notifications when utilization falls below a threshold. See the [README](https://github.com/rightscale/policy_templates/tree/master/cost/aws/reserved_instances/utilization) and [docs.flexera.com/flexera/EN/Automation](https://docs.flexera.com/flexera/EN/Automation/AutomationGS.htm) to learn more.
AWS Rightsize RDS Instances2.12Check for Inefficient database services that are inside or outside the CPU threshold for the last 30 days and resizes them after approval. See the [README](https://github.com/flexera/policy_templates/tree/master/cost/aws/rds_instance_cloudwatch_utilization/) and [docs.flexera.com/flexera/EN/Automation](https://docs.flexera.com/flexera/EN/Automation/AutomationGS.htm) to learn more.
AWS S3 Bucket Intelligent Tiering Check2.3This Policy Template scans all s3 buckets and reports if they don't have intelligent tiering enabled. See the [README](https://github.com/flexera/policy_templates/tree/master/cost/aws/s3_storage_policy) and [docs.flexera.com/flexera/EN/Automation](https://docs.flexera.com/flexera/EN/Automation/AutomationGS.htm) to learn more.
AWS Savings Plan Recommendations2.11A policy that sends email notifications when AWS Savings Plan Recommendations are identified. NOTE: These Recommendations are generated by AWS. See the [README](https://github.com/flexera/policy_templates/tree/master/cost/aws/savings_plan/recommendations) and [docs.flexera.com/flexera/EN/Automation](https://docs.flexera.com/flexera/EN/Automation/AutomationGS.htm) to learn more.
AWS Savings Plan Utilization2.1A policy that sends email notifications when AWS Savings Plan Utilizations are identified. NOTE: These Utilizations are generated by AWS. See the [README](https://github.com/flexera/policy_templates/tree/master/cost/aws/savings_plan/utilization) and [docs.flexera.com/flexera/EN/Automation](https://docs.flexera.com/flexera/EN/Automation/AutomationGS.htm) to learn more.
AWS Savings Realized from Reservations2.1This policy calculates savings realized by Reserved Instance, Savings Plan, and Spot Instance purchases for AWS. See the [README](https://github.com/flexera/policy_templates/tree/master/cost/aws/savings_realized/) and [docs.flexera.com/flexera/EN/Automation](https://docs.flexera.com/flexera/EN/Automation/AutomationGS.htm) to learn more.
AWS Schedule Instance2.10This Policy Template allows you to schedule start and stop times for your instance, along with the option to terminate instance, update and delete schedule. See the [README](https://github.com/flexera/policy_templates/tree/master/cost/aws/schedule_instance/) and [docs.flexera.com/flexera/EN/Automation](https://docs.flexera.com/flexera/EN/Automation/AutomationGS.htm) to learn more.
AWS Unused IP Addresses3.4Checks AWS for unused IP Addresses and, optionally, deletes them. See the [README](https://github.com/flexera/policy_templates/tree/master/cost/aws/unused_ip_addresses/) and [docs.flexera.com/flexera/EN/Automation](https://docs.flexera.com/flexera/EN/Automation/AutomationGS.htm) to learn more.
AWS Unused RDS Instance3.4Check for database services that have no connections and delete them after approval. See the [README](https://github.com/flexera/policy_templates/tree/master/cost/aws/unused_rds) and [docs.flexera.com/flexera/EN/Automation](https://docs.flexera.com/flexera/EN/Automation/AutomationGS.htm) to learn more.
AWS Unused Volumes3.5Checks for unused volumes with no read/write operations performed within a specified number of days and, optionally, deletes them. See the [README](https://github.com/flexera/policy_templates/tree/master/cost/aws/unused_volumes) and [docs.flexera.com/flexera/EN/Automation](https://docs.flexera.com/flexera/EN/Automation/AutomationGS.htm) to learn more.
Azure Blob Storage Optimization2.5Checks Azure Blob Storage for last modified date and moves the object to the Cool or Archive tier after user approval [README](https://github.com/flexera/policy_templates/tree/master/cost/azure/object_storage_optimization) and [docs.flexera.com/flexera/EN/Automation](https://docs.flexera.com/flexera/EN/Automation/AutomationGS.htm) to learn more.
Azure Expiring Reserved Instances1.6A policy that sends email notifications when an Azure Reserved Instance are about to expire. See the [README](https://github.com/rightscale/policy_templates/tree/master/cost/azure/reserved_instances/expiration) and [docs.flexera.com/flexera/EN/Automation](https://docs.flexera.com/flexera/EN/Automation/AutomationGS.htm) to learn more.
Azure Hybrid Use Benefit for Linux Server2.7Identifies Linux instances eligible for Azure Hybrid Use Benefit. See the [README](https://github.com/rightscale/policy_templates/tree/master/cost/azure/hybrid_use_benefit_linux) and [docs.flexera.com/flexera/EN/Automation](https://docs.flexera.com/flexera/EN/Automation/AutomationGS.htm) to learn more.
Azure Hybrid Use Benefit for SQL2.3Identifies SQL instances eligible for Azure Hybrid Use Benefit. See the [README](https://github.com/flexera/policy_templates/tree/master/cost/azure/hybrid_use_benefit_sql) and [docs.flexera.com/flexera/EN/Automation](https://docs.flexera.com/flexera/EN/Automation/AutomationGS.htm) to learn more.
Azure Hybrid Use Benefit for Windows Server2.9Identifies instances eligible for Azure Hybrid Use Benefit. See the [README](https://github.com/rightscale/policy_templates/tree/master/cost/azure/hybrid_use_benefit) and [docs.flexera.com/flexera/EN/Automation](https://docs.flexera.com/flexera/EN/Automation/AutomationGS.htm) to learn more.
Azure Idle Compute Instances3.0Checks for instances that are idle for the last 30 days and terminates them after approval.  See the [README](https://github.com/flexera/policy_templates/tree/master/cost/azure/idle_compute_instances/) and [docs.flexera.com/flexera/EN/Automation](https://docs.flexera.com/flexera/EN/Automation/AutomationGS.htm) to learn more.
Azure Inefficient Instance Utilization using Log Analytics2.15This checks inefficient instance utilization using provided CPU and Memory thresholds. Instances matching the criteria can be resized after user approval. See the [README](https://github.com/flexera/policy_templates/tree/master/cost/azure/instances_log_analytics_utilization) and [docs.flexera.com/flexera/EN/Automation](https://docs.flexera.com/flexera/EN/Automation/AutomationGS.htm) to learn more.
Azure Old Snapshots3.0Checks for snapshots older than specified number of days and, optionally, deletes them. See the [README](https://github.com/flexera/policy_templates/tree/master/cost/azure/old_snapshots) and [docs.flexera.com/flexera/EN/Automation](https://docs.flexera.com/flexera/EN/Automation/AutomationGS.htm) to learn more.
Azure Reserved Instances Recommendations2.9A policy that sends email notifications when Azure Reservation Recommendations are identified. NOTE: These Reservation Purchase Recommendations are generated by Microsoft Azure. See the [README](https://github.com/flexera/policy_templates/tree/master/cost/azure/reserved_instances/mca_recommendations) and [docs.flexera.com/flexera/EN/Automation](https://docs.flexera.com/flexera/EN/Automation/AutomationGS.htm) to learn more.
Azure Reserved Instances Utilization2.4A policy that sends email notifications when utilization falls below a threshold. See the [README](https://github.com/flexera/policy_templates/tree/master/cost/azure/reserved_instances/utilization) and [docs.flexera.com/flexera/EN/Automation](https://docs.flexera.com/flexera/EN/Automation/AutomationGS.htm) to learn more.
Azure Rightsize SQL Databases2.9Check for Inefficient Azure SQL single database services that are inside or outside the CPU threshold for the last 30 days and resizes them after approval. See the [README](https://github.com/flexera/policy_templates/tree/master/cost/azure/rightsize_sql_instances/) and [docs.flexera.com/flexera/EN/Automation](https://docs.flexera.com/flexera/EN/Automation/AutomationGS.htm) to learn more.
Azure SQL Databases without Elastic Pools2.2Check a list of Azure SQL Servers and check for Elastic DB Pools. See the [README](https://github.com/flexera/policy_templates/tree/master/operational/azure/azure_sql_using_elastic_pool/) and [docs.flexera.com/flexera/EN/Automation](https://docs.flexera.com/flexera/EN/Automation/AutomationGS.htm) to learn more.
Azure Savings Realized from Reservations2.2This policy calculates savings realized by Reserved Instance purchases for Azure. See the [README](https://github.com/flexera/policy_templates/tree/master/cost/azure/savings_realized/) and [docs.flexera.com/flexera/EN/Automation](https://docs.flexera.com/flexera/EN/Automation/AutomationGS.htm) to learn more.
Azure Schedule Instance2.5This Policy Template allows you to schedule start and stop times for your instance, along with the option to terminate instance, update and delete schedule. See the [README](https://github.com/flexera/policy_templates/tree/master/cost/azure/schedule_instance/) and [docs.flexera.com/flexera/EN/Automation](https://docs.flexera.com/flexera/EN/Automation/AutomationGS.htm) to learn more.
Azure Storage Accounts without Lifecycle Management Policies2.3Check a list of Azure Storage Accounts without Lifecycle Management Policies. See the [README](https://github.com/flexera/policy_templates/tree/master/cost/azure/storage_account_lifecycle_management/) and [docs.flexera.com/flexera/EN/Automation](https://docs.flexera.com/flexera/EN/Automation/AutomationGS.htm) to learn more.
Azure Unused IP Addresses3.2Checks for unused IP addresses in the given account and, optionally deletes them. See the [README](https://github.com/flexera/policy_templates/tree/master/cost/azure/unused_ip_addresses) and [docs.flexera.com/flexera/EN/Automation](https://docs.flexera.com/flexera/EN/Automation/AutomationGS.htm) to learn more
Azure Unused SQL Databases3.1Check for database services that have no connections and decommissions them after approval. See the [README](https://github.com/flexera/policy_templates/tree/master/cost/azure/unused_sql_databases/) and [docs.flexera.com/flexera/EN/Automation](https://docs.flexera.com/flexera/EN/Automation/AutomationGS.htm) to learn more.
Azure Unused Volumes3.0Checks for unused volumes older than specified number of days and, optionally, deletes them. See the [README](https://github.com/flexera/policy_templates/tree/master/cost/azure/unattached_volumes) and [docs.flexera.com/flexera/EN/Automation](https://docs.flexera.com/flexera/EN/Automation/AutomationGS.htm) to learn more.
Billing Center Cost Anomalies1.11Analyze all Billing Centers for a specified number of days and raise an incident if the percentage of spend (compared to the previous period of the same number of days) has surpassed the defined threshold. See the [README](https://github.com/rightscale/policy_templates/tree/master/cost/billing_center_cost_anomaly/) and [docs.flexera.com/flexera/EN/Automation](https://docs.flexera.com/flexera/EN/Automation/AutomationGS.htm) to learn more.
Budget Alerts1.19Create a Monthly Budget Alert for a Billing Center or for the entire Organization. See the [README](https://github.com/flexera/policy_templates/tree/master/cost/budget_alerts/) and [docs.flexera.com/flexera/EN/Automation](https://docs.flexera.com/flexera/EN/Automation/AutomationGS.htm) to learn more.
Budget Alerts by Cloud Account1.8Create a Monthly Budget Alert for a Cloud Vendor Account. See the [README](https://github.com/flexera/policy_templates/tree/master/cost/budget_alerts_by_account/) and [docs.flexera.com/flexera/EN/Automation](https://docs.flexera.com/flexera/EN/Automation/AutomationGS.htm) to learn more.
Cheaper Regions1.14Specify which regions have cheaper alternatives by specifying the expensive region name and the cheaper region name for analysis. See the [README](https://github.com/rightscale/policy_templates/tree/master/cost/cheaper_regions/) and [docs.flexera.com/flexera/EN/Automation](https://docs.flexera.com/flexera/EN/Automation/AutomationGS.htm) to learn more.
Cloud Spend Forecast - Moving Average2.2Pulls the cost data for lookback period then generates a moving average forecast of cloud spend for the specified months. See the [README](https://github.com/flexera/policy_templates/tree/master/cost/forecasting/moving_average/) and [docs.flexera.com/flexera/EN/Automation](https://docs.flexera.com/flexera/EN/Automation/AutomationGS.htm) to learn more.
Cloud Spend Forecast - Straight-Line (Linear Regression Model)2.2Pulls the cost data for lookback period then generates a Straight-Line Forecast for the specified months using a Linear Regression model. See the [README](https://github.com/flexera/policy_templates/tree/master/cost/forecasting/straight_line_forecast/) and [docs.flexera.com/flexera/EN/Automation](https://docs.flexera.com/flexera/EN/Automation/AutomationGS.htm) to learn more.
Cloud Spend Forecast - Straight-Line (Simple Model)2.5Pulls the cost data for lookback period then generates a Straight-Line Forecast on cloud spend for the specified months using a Simple model. See the [README](https://github.com/flexera/policy_templates/tree/master/cost/forecasting/straight_line_forecast/) and [docs.flexera.com/flexera/EN/Automation](https://docs.flexera.com/flexera/EN/Automation/AutomationGS.htm) to learn more.
Google Cloud SQL Idle Instance Recommender2.1This Policy finds Google Idle Cloud SQL Instance Recommendations and reports when it finds them. See the [README](https://github.com/flexera/policy_templates/tree/master/cost/google/cloud_sql_idle_instance_recommendations) and [docs.flexera.com/flexera/EN/Automation](https://docs.flexera.com/flexera/EN/Automation/AutomationGS.htm) to learn more.
Google Committed Use Discount (CUD)2.7A policy that sends email notifications for all Google CUD's. See the [README](https://github.com/flexera/policy_templates/tree/master/cost/google/cud_report) and [docs.flexera.com/flexera/EN/Automation](https://docs.flexera.com/flexera/EN/Automation/AutomationGS.htm) to learn more
Google Committed Use Discount Recommender2.2This Policy finds Google Committed Use Discount Recommendations and reports when it finds them. See the [README](https://github.com/flexera/policy_templates/tree/master/cost/google/cud_recommendations) and [docs.flexera.com/flexera/EN/Automation](https://docs.flexera.com/flexera/EN/Automation/AutomationGS.htm) to learn more.
Google Expiring Committed Use Discount (CUD)2.6A policy that sends email notifications when Google CUD's are about to expire. See the [README](https://github.com/flexera/policy_templates/tree/master/cost/google/cud_expiration) and [docs.flexera.com/flexera/EN/Automation](https://docs.flexera.com/flexera/EN/Automation/AutomationGS.htm) to learn more
Google Idle Compute Instances2.9Checks for Google Compute instances that are idle for the last 30 days and terminates them after approval.. See the [README](https://github.com/flexera/policy_templates/tree/master/cost/google/idle_compute_instances/) and [docs.flexera.com/flexera/EN/Automation](https://docs.flexera.com/flexera/EN/Automation/AutomationGS.htm) to learn more.
Google Idle IP Address Recommender2.1This Policy finds Google Idle IP Address Recommendations and reports when it finds them. See the [README](https://github.com/flexera/policy_templates/tree/master/cost/google/idle_ip_address_recommendations) and [docs.flexera.com/flexera/EN/Automation](https://docs.flexera.com/flexera/EN/Automation/AutomationGS.htm) to learn more.
Google Idle Persistent Disk Recommender2.1This Policy finds Google Idle Persistent Disk Recommendations and reports when it finds them. See the [README](https://github.com/flexera/policy_templates/tree/master/cost/google/idle_persistent_disk_recommendations) and [docs.flexera.com/flexera/EN/Automation](https://docs.flexera.com/flexera/EN/Automation/AutomationGS.htm) to learn more.
Google Idle VM Recommender2.1This Policy finds Google Idle VM Recommendations and reports when it finds them. See the [README](https://github.com/flexera/policy_templates/tree/master/cost/google/idle_vm_recommendations) and [docs.flexera.com/flexera/EN/Automation](https://docs.flexera.com/flexera/EN/Automation/AutomationGS.htm) to learn more.
Google Inefficient Instance Utilization using StackDriver2.11This checks inefficient instance utilization using provided CPU and Memory thresholds. Instances matching the criteria can be resized after user approval. See the [README](https://github.com/flexera/policy_templates/tree/master/cost/google/instances_stackdriver_utilization/) and [docs.flexera.com/flexera/EN/Automation](https://docs.flexera.com/flexera/EN/Automation/AutomationGS.htm) to learn more.
Google Object Storage Optimization2.6Checks Google Storage objects for last updated time and moves the object to 'nearline' or 'coldline' or delete(enable delete action as mentioned in README.md) after user approval [README](https://github.com/flexera/policy_templates/tree/master/cost/google/object_storage_optimization) and [docs.flexera.com/flexera/EN/Automation](https://docs.flexera.com/flexera/EN/Automation/AutomationGS.htm) to learn more.
Google Old Snapshots2.11Checks for snapshots older than specified number of days and, optionally, deletes them. See the [README](https://github.com/flexera/policy_templates/tree/master/cost/google/old_snapshots) and [docs.flexera.com/flexera/EN/Automation](https://docs.flexera.com/flexera/EN/Automation/AutomationGS.htm) to learn more.
Google Recommender Policy2.3This Policy finds Google Recommendations and reports when it finds them. See the [README](https://github.com/flexera/policy_templates/tree/master/cost/google/recommender) and [docs.flexera.com/flexera/EN/Automation](https://docs.flexera.com/flexera/EN/Automation/AutomationGS.htm) to learn more.
Google Rightsize CloudSQL Instances2.9Checks Google CloudSQL instances based on provided CPU threshold and Resize them after approval. See the [README](https://github.com/flexera/policy_templates/tree/master/cost/google/cloudsql_rightsizing/) and [docs.flexera.com/flexera/EN/Automation](https://docs.flexera.com/flexera/EN/Automation/AutomationGS.htm) to learn more.
Google Schedule Instance2.3This Policy Template allows you to schedule start and stop times for your instance, along with the option to terminate instance, update and delete schedule. See the [README](https://github.com/flexera/policy_templates/tree/master/cost/google/schedule_instance/) and [docs.flexera.com/flexera/EN/Automation](https://docs.flexera.com/flexera/EN/Automation/AutomationGS.htm) to learn more.
Google Unused CloudSQL Instances2.7Checks for unused Google Cloud SQL instances using DB connections over 30 day period. See the [README](https://github.com/flexera/policy_templates/tree/master/cost/google/unused_cloudsql_instances/) and [docs.flexera.com/flexera/EN/Automation](https://docs.flexera.com/flexera/EN/Automation/AutomationGS.htm) to learn more.
Google Unused Volumes2.9Checks for unattached volumes older than specified number of days and, optionally, deletes them. See the [README](https://github.com/flexera/policy_templates/tree/master/cost/google/unattached_volumes) and [docs.flexera.com/flexera/EN/Automation](https://docs.flexera.com/flexera/EN/Automation/AutomationGS.htm) to learn more.
Google Unutilized IP Addresses2.9Checks Google for Unutilized IP Addresses and deletes them. See the [README](https://github.com/flexera/policy_templates/tree/master/cost/google/unutilized_ip_addresses/) and [docs.flexera.com/flexera/EN/Automation](https://docs.flexera.com/flexera/EN/Automation/AutomationGS.htm) to learn more.
Low Account Usage1.9Analyze all account usage and determines recommend consolidation or deletion. See the [README](https://github.com/rightscale/policy_templates/tree/master/cost/low_account_usage/) and [docs.flexera.com/flexera/EN/Automation](https://docs.flexera.com/flexera/EN/Automation/AutomationGS.htm) to learn more.
Low Service Usage1.8Analyze all service usage and determines recommend consolidation or deletion. See the [README](https://github.com/rightscale/policy_templates/tree/master/cost/low_service_usage/) and [docs.flexera.com/flexera/EN/Automation](https://docs.flexera.com/flexera/EN/Automation/AutomationGS.htm) to learn more.
Monthly Actual v. Budgeted Spend Report1.5This policy allows you to set up scheduled reports that will provide monthly actual v. budgeted cloud cost across all resources in the Billing Center(s) you specify, delivered to any email addresses you specify. See the [README](https://github.com/rightscale/policy_templates/tree/master/cost/budget_v_actual) and [docs.flexera.com/flexera/EN/Automation](https://docs.flexera.com/flexera/EN/Automation/AutomationGS.htm) to learn more.
New Service Usage1.6Analyze bill for new service usage and notify. See the [README](https://github.com/rightscale/policy_templates/tree/master/cost/new_service_usage) and [docs.flexera.com/flexera/EN/Automation](https://docs.flexera.com/flexera/EN/Automation/AutomationGS.htm) to learn more.
Reserved Instance Report by Billing Center1.7This policy generates a Reserved Instances report by Billing Center. See the [README](https://github.com/rightscale/policy_templates/tree/master/cost/aws/reserved_instances/report_by_bc) and [docs.flexera.com/flexera/EN/Automation](https://docs.flexera.com/flexera/EN/Automation/AutomationGS.htm) to learn more.
Reserved Instances Coverage2.8A policy that sends email notifications on reserved instance coverage. See the [README](https://github.com/flexera/policy_templates/tree/master/cost/aws/reserved_instances/coverage) and [docs.flexera.com/flexera/EN/Automation](https://docs.flexera.com/flexera/EN/Automation/AutomationGS.htm) to learn more.
Scheduled Report1.26This policy allows you to set up scheduled reports that will provide summaries of cloud cost across all resources in the billing centers you specify, delivered to any email addresses you specify. The policy will report the following: Chart of the selected Date Range and Billing Term of utilization based on [category](https://docs.rightscale.com/optima/reference/rightscale_dimensions.html#category). Daily average cost across the last week and last month. Total cost during previous full week (Monday-Sunday) and previous full month. Total cost during current (incomplete) week and month. We recommend running this policy on a weekly or monthly cadence. _Note 1: The last 3 days of data in the current week or month will contain incomplete data._ _Note 2: The account you apply the policy to is unimportant as Optima metrics are scoped to the Org._ See [README](https://github.com/flexera/policy_templates/tree/master/cost/scheduled_reports) for more details
Superseded Instances2.2This Policy Template is used to identify instance sizes that have been superseded. See the [README](https://github.com/rightscale/policy_templates/tree/master/cost/superseded_instance) and [docs.flexera.com/flexera/EN/Automation](https://docs.flexera.com/flexera/EN/Automation/AutomationGS.htm) to learn more.
Vendor Commitment Forecast2.1This policy allows the user to specify a Commitment target value (based on the commitment amount agreed with your Cloud Service Provider/s), and track the current commitment spend to date, as well as projected commitment spend over a period. See the [README](https://github.com/flexera/policy_templates/tree/master/cost/forecasting/commitment_forecast/) and [docs.flexera.com/flexera/EN/Automation](https://docs.flexera.com/flexera/EN/Automation/AutomationGS.htm) to learn more.

Security Policies

Gain visibility and control across all your public and/or private cloud environments with our security policies. Improve security across your applications, data, and associated infrastructure by finding security vulnerabilities before your customers do.

NameVersionDescription
AWS EBS Ensure Encryption By Default2.1Report if EBS volumes are not set to be encrypted by default. See the [README](https://github.com/flexera/policy_templates/tree/master/security/aws/ebs_ensure_encryption_default) and [docs.flexera.com/flexera/EN/Automation](https://docs.flexera.com/flexera/EN/Automation/AutomationGS.htm) to learn more.
AWS Ensure AWS Config Enabled In All Regions2.0Report if AWS Config is not enabled in all regions. See the [README](https://github.com/flexera/policy_templates/tree/master/security/aws/aws_config_enabled) and [docs.rightscale.com/policies](https://docs.rightscale.com/policies/) to learn more.
AWS Ensure CloudTrail Enabled In All Regions2.0Report if CloudTrail is not fully enabled in all regions. See the [README](https://github.com/flexera/policy_templates/tree/master/security/aws/log_ensure_cloudtrail_multiregion) and [docs.rightscale.com/policies](https://docs.rightscale.com/policies/) to learn more.
AWS Ensure CloudTrail Integrated With Cloudwatch2.0Report if CloudTrail trails are not integrated with CloudWatch logs. See the [README](https://github.com/flexera/policy_templates/tree/master/security/aws/log_cloudtrail_cloudwatch_integrated) and [docs.rightscale.com/policies](https://docs.rightscale.com/policies/) to learn more.
AWS Ensure CloudTrail Logs Encrypted At Rest2.0Report if CloudTrail logs are not encrypted at rest. See the [README](https://github.com/flexera/policy_templates/tree/master/security/aws/log_ensure_cloudtrail_encrypted) and [docs.rightscale.com/policies](https://docs.rightscale.com/policies/) to learn more.
AWS Ensure CloudTrail S3 Buckets Have Access Logging2.0Report if CloudTrail stores logs in S3 bucket(s) without access logging enabled. See the [README](https://github.com/flexera/policy_templates/tree/master/security/aws/log_ensure_cloudtrail_bucket_access_logging) and [docs.rightscale.com/policies](https://docs.rightscale.com/policies/) to learn more.
AWS Ensure CloudTrail S3 Buckets Non-Public2.0Report if CloudTrail stores logs in publicly accessible S3 bucket(s). See the [README](https://github.com/flexera/policy_templates/tree/master/security/aws/log_ensure_cloudtrail_bucket_not_public) and [docs.rightscale.com/policies](https://docs.rightscale.com/policies/) to learn more.
AWS Ensure Log File Validation Enabled For All CloudTrails2.0Report if any CloudTrails do not have log file validation enabled. See the [README](https://github.com/flexera/policy_templates/tree/master/security/aws/log_file_validation_enabled) and [docs.rightscale.com/policies](https://docs.rightscale.com/policies/) to learn more.
AWS Ensure Object-level Events Logging Enabled For CloudTrails2.0Report if CloudTrail does not have object-level logging for read and write events enabled. See the [README](https://github.com/flexera/policy_templates/tree/master/security/aws/log_ensure_cloudtrail_bucket_object_logging) and [docs.rightscale.com/policies](https://docs.rightscale.com/policies/) to learn more.
AWS Ensure Rotation For Customer Master Keys (CMKs) Is Enabled2.0Report if CMK rotation is not enabled. See the [README](https://github.com/flexera/policy_templates/tree/master/security/aws/kms_rotation) and [docs.rightscale.com/policies](https://docs.rightscale.com/policies/) to learn more.
AWS IAM Ensure Access Keys Are Rotated2.5Report if access keys exist that are 90 days old or older. See the [README](https://github.com/flexera/policy_templates/tree/master/security/aws/iam_rotate_access_keys) and [docs.flexera.com/flexera/EN/Automation](https://docs.flexera.com/flexera/EN/Automation/AutomationGS.htm) to learn more.
AWS IAM Ensure Credentials Unused For >45 days Are Disabled2.3Report if credentials exist that have gone unused for 45 days or more. See the [README](https://github.com/flexera/policy_templates/tree/master/security/aws/iam_disable_45_day_creds) and [docs.flexera.com/flexera/EN/Automation](https://docs.flexera.com/flexera/EN/Automation/AutomationGS.htm) to learn more.
AWS IAM Ensure MFA Enabled For IAM Users2.4Report if MFA is not enabled for IAM users with a console password. See the [README](https://github.com/flexera/policy_templates/tree/master/security/aws/iam_no_root_for_tasks) and [docs.flexera.com/flexera/EN/Automation](https://docs.flexera.com/flexera/EN/Automation/AutomationGS.htm) to learn more.
AWS IAM Ensure One Active Key Per IAM User2.1Report if any IAM users have 2 or more active access keys. See the [README](https://github.com/flexera/policy_templates/tree/master/security/aws/iam_one_active_key_per_user) and [docs.flexera.com/flexera/EN/Automation](https://docs.flexera.com/flexera/EN/Automation/AutomationGS.htm) to learn more.
AWS IAM Ensure One Active Key Per IAM User2.1Report if any IAM users have policies assigned directly instead of through groups. See the [README](https://github.com/flexera/policy_templates/tree/master/security/aws/iam_users_perms_via_groups_only) and [docs.flexera.com/flexera/EN/Automation](https://docs.flexera.com/flexera/EN/Automation/AutomationGS.htm) to learn more.
AWS IAM Report Attached Admin IAM Policies2.3Report any admin IAM policies that are attached. See the [README](https://github.com/flexera/policy_templates/tree/master/security/aws/iam_no_admin_iam_policies_attached) and [docs.flexera.com/flexera/EN/Automation](https://docs.flexera.com/flexera/EN/Automation/AutomationGS.htm) to learn more.
AWS IAM Report Expired SSL/TLS Certificates2.3Report any expired SSL/TLS certificates in the AWS account.. See the [README](https://github.com/flexera/policy_templates/tree/master/security/aws/iam_expired_ssl_certs) and [docs.flexera.com/flexera/EN/Automation](https://docs.flexera.com/flexera/EN/Automation/AutomationGS.htm) to learn more.
AWS IAM Report Insufficient Password Policy2.3Report if password length requirement is insufficient. See the [README](https://github.com/flexera/policy_templates/tree/master/security/aws/iam_min_password_length) and [docs.flexera.com/flexera/EN/Automation](https://docs.flexera.com/flexera/EN/Automation/AutomationGS.htm) to learn more.
AWS IAM Report Password Policy No Restrict Password Reuse2.3Report if password policy does not restrict reusing passwords or saves fewer than 24 passwords for this purpose. See the [README](https://github.com/flexera/policy_templates/tree/master/security/aws/iam_min_password_length) and [docs.flexera.com/flexera/EN/Automation](https://docs.flexera.com/flexera/EN/Automation/AutomationGS.htm) to learn more.
AWS IAM Report Regions Without Access Analyzer2.3Report affected regions if no Access Analyzer is enabled. See the [README](https://github.com/flexera/policy_templates/tree/master/security/aws/iam_access_analyzer_enabled) and [docs.flexera.com/flexera/EN/Automation](https://docs.flexera.com/flexera/EN/Automation/AutomationGS.htm) to learn more.
AWS IAM Report Root Account Access Keys2.3Report any access keys with root access. See the [README](https://github.com/flexera/policy_templates/tree/master/security/aws/iam_no_root_access_keys) and [docs.flexera.com/flexera/EN/Automation](https://docs.flexera.com/flexera/EN/Automation/AutomationGS.htm) to learn more.
AWS IAM Report Root Accounts Without Hardware MFA2.3Report root account if hardware MFA is disabled. See the [README](https://github.com/flexera/policy_templates/tree/master/security/aws/iam_hwmfa_enabled_for_root) and [docs.flexera.com/flexera/EN/Automation](https://docs.flexera.com/flexera/EN/Automation/AutomationGS.htm) to learn more.
AWS IAM Report Root Accounts Without MFA2.3Report root account if MFA is disabled. See the [README](https://github.com/flexera/policy_templates/tree/master/security/aws/iam_mfa_enabled_for_root) and [docs.flexera.com/flexera/EN/Automation](https://docs.flexera.com/flexera/EN/Automation/AutomationGS.htm) to learn more.
AWS IAM Report Root User Doing Everyday Tasks2.4Report whether the root account is being used for routine or everyday tasks. See the [README](https://github.com/flexera/policy_templates/tree/master/security/aws/iam_no_root_for_tasks) and [docs.flexera.com/flexera/EN/Automation](https://docs.flexera.com/flexera/EN/Automation/AutomationGS.htm) to learn more.
AWS IAM Support Role Created2.3Report if no support roles exist in the AWS account. See the [README](https://github.com/flexera/policy_templates/tree/master/security/aws/iam_support_role_created) and [docs.flexera.com/flexera/EN/Automation](https://docs.flexera.com/flexera/EN/Automation/AutomationGS.htm) to learn more.
AWS Internet-facing ELBs & ALBs2.8Report and remediate any Classic Load Balancers(ELBs) and Application load Balancers(ALBs) that are Internet-facing. See the [README](https://github.com/flexera/policy_templates/tree/master/security/aws/loadbalancer_internet_facing) and [docs.flexera.com/flexera/EN/Automation](https://docs.flexera.com/flexera/EN/Automation/AutomationGS.htm) to learn more.
AWS Open Buckets2.6Check for buckets that are open to everyone. See the [README](https://github.com/flexera/policy_templates/tree/master/security/storage/aws/public_buckets) and [docs.flexera.com/flexera/EN/Automation](https://docs.flexera.com/flexera/EN/Automation/AutomationGS.htm) to learn more.
AWS Publicly Accessible RDS Instances2.8Check for database services that are publicly accessible and terminate them after approval. See the [README](https://github.com/flexera/policy_templates/tree/master/security/aws/rds_publicly_accessible) and [docs.flexera.com/flexera/EN/Automation](https://docs.flexera.com/flexera/EN/Automation/AutomationGS.htm) to learn more.
AWS S3 Buckets without Server Access Logging2.5Checks for buckets that do not have server_access_logging enabled. See the [README](https://github.com/flexera/policy_templates/tree/master/security/storage/aws/s3_buckets_without_server_access_logging) and [docs.flexera.com/flexera/EN/Automation](https://docs.flexera.com/flexera/EN/Automation/AutomationGS.htm) to learn more.
AWS S3 Ensure 'Block Public Access' Configured For All Buckets2.1Report if 'Block Public Access' is not configured for any S3 Buckets. See the [README](https://github.com/flexera/policy_templates/tree/master/security/aws/s3_ensure_buckets_block_public_access) and [docs.flexera.com/flexera/EN/Automation](https://docs.flexera.com/flexera/EN/Automation/AutomationGS.htm) to learn more.
AWS S3 Ensure Bucket Policies Deny HTTP Requests2.3Report any S3 buckets that do not have a policy to deny HTTP requests. See the [README](https://github.com/flexera/policy_templates/tree/master/security/aws/s3_buckets_deny_http) and [docs.flexera.com/flexera/EN/Automation](https://docs.flexera.com/flexera/EN/Automation/AutomationGS.htm) to learn more.
AWS S3 Ensure MFA Delete Enabled For All Buckets2.3Report if MFA Delete is not enabled for any S3 Buckets. See the [README](https://github.com/flexera/policy_templates/tree/master/security/aws/s3_ensure_mfa_delete_enabled) and [docs.flexera.com/flexera/EN/Automation](https://docs.flexera.com/flexera/EN/Automation/AutomationGS.htm) to learn more.
AWS Unencrypted ELB Listeners (ALB/NLB)2.8Report any AWS App/Network Load Balancers w/Internet-facing Unencrypted Listeners. See the [README](https://github.com/rightscale/policy_templates/tree/master/security/aws/elb_unencrypted) and [docs.flexera.com/flexera/EN/Automation](https://docs.flexera.com/flexera/EN/Automation/AutomationGS.htm) to learn more.
AWS Unencrypted ELB Listeners (CLB)2.8Report any AWS Classic Load Balancers w/Internet-facing Unencrypted Listeners. See the [README](https://github.com/flexera/policy_templates/tree/master/security/aws/clb_unencrypted) and [docs.flexera.com/flexera/EN/Automation](https://docs.flexera.com/flexera/EN/Automation/AutomationGS.htm) to learn more.
AWS Unencrypted RDS Instances2.9Report any Relational Database Service (RDS) instances that are unencrypted. See the [README](https://github.com/rightscale/policy_templates/tree/master/security/aws/rds_unencrypted) and [docs.flexera.com/flexera/EN/Automation](https://docs.flexera.com/flexera/EN/Automation/AutomationGS.htm) to learn more.
AWS Unencrypted S3 Buckets2.7Report any S3 buckets in AWS that are unencrypted and provide the option to set the default encryption after approval. See the [README](https://github.com/flexera/policy_templates/tree/master/security/aws/unencrypted_s3_buckets) and [docs.flexera.com/flexera/EN/Automation](https://docs.flexera.com/flexera/EN/Automation/AutomationGS.htm) to learn more.
AWS Unencrypted Volumes2.8Report any Elastic Block Store (EBS) volumes in AWS that are unencrypted. See the [README](https://github.com/rightscale/policy_templates/tree/master/security/aws/ebs_unencrypted_volumes) and [docs.flexera.com/flexera/EN/Automation](https://docs.flexera.com/flexera/EN/Automation/AutomationGS.htm) to learn more.
AWS VPC's without FlowLogs Enabled2.3Report any AWS VPC's without FlowLogs Enabled. See the [README](https://github.com/rightscale/policy_templates/tree/master/security/aws/vpcs_without_flow_logs_enabled) and [docs.flexera.com/flexera/EN/Automation](https://docs.flexera.com/flexera/EN/Automation/AutomationGS.htm) to learn more.
Azure Ensure Blob Containers Set To Private2.0Report if any blob storage containers do not have their public access level set to private. See the [README](https://github.com/flexera/policy_templates/tree/master/security/azure/private_blob_containers) and [docs.rightscale.com/policies](https://docs.rightscale.com/policies/) to learn more.
Azure Ensure High Severity Alerts2.0Report if any subscriptions are not configured to report high severity alerts. See the [README](https://github.com/flexera/policy_templates/tree/master/security/azure/high_severity_alerts) and [docs.rightscale.com/policies](https://docs.rightscale.com/policies/) to learn more.
Azure Ensure Log Analytics Auto-Provisioning2.0Report if auto-provisioning of Log Analytics agent for Azure VMs is disabled. See the [README](https://github.com/flexera/policy_templates/tree/master/security/azure/log_analytics_autoprovision) and [docs.rightscale.com/policies](https://docs.rightscale.com/policies/) to learn more.
Azure Ensure MySQL Flexible Servers Use Secure TLS2.0Report if any MySQL flexible server instances do not use a secure TLS version. See the [README](https://github.com/flexera/policy_templates/tree/master/security/azure/mysql_tls_version/) and [docs.rightscale.com/policies](https://docs.rightscale.com/policies/) to learn more.
Azure Ensure MySQL Servers Enforce SSL Connections2.0Report if any MySQL server instances do not enforce SSL connections. See the [README](https://github.com/flexera/policy_templates/tree/master/security/azure/mysql_ssl/) and [docs.rightscale.com/policies](https://docs.rightscale.com/policies/) to learn more.
Azure Ensure Owners Receive Security Alerts2.0Report if any subscriptions are not configured to send security alerts to their owners. See the [README](https://github.com/flexera/policy_templates/tree/master/security/azure/security_alert_owners) and [docs.rightscale.com/policies](https://docs.rightscale.com/policies/) to learn more.
Azure Ensure PostgreSQL Servers Infrastructure Encryption2.0Report if any PostgreSQL server instances do not have infrastructure encryption enabled. See the [README](https://github.com/flexera/policy_templates/tree/master/security/azure/pg_infra_encryption) and [docs.rightscale.com/policies](https://docs.rightscale.com/policies/) to learn more.
Azure Ensure SQL Server AD Admin Configured2.0Report if any SQL server instances do not have an AD (Active Directory) Admin configured. See the [README](https://github.com/flexera/policy_templates/tree/master/security/azure/sql_ad_admin/) and [docs.rightscale.com/policies](https://docs.rightscale.com/policies/) to learn more.
Azure Ensure SQL Server Auditing Enabled2.0Report if any SQL server instances do not have auditing enabled. See the [README](https://github.com/flexera/policy_templates/tree/master/security/azure/sql_server_auditing) and [docs.rightscale.com/policies](https://docs.rightscale.com/policies/) to learn more.
Azure Ensure SQL Server VA Email Notifications2.0Report if any SQL server instances do not have notification emails configured for VA. See the [README](https://github.com/flexera/policy_templates/tree/master/security/azure/sql_server_va_emails) and [docs.rightscale.com/policies](https://docs.rightscale.com/policies/) to learn more.
Azure Ensure SQL Server VA Notify Admins/Subscription Owners2.0Report if any SQL server instances are not configured in VA to also notify admins and subscription owners. See the [README](https://github.com/flexera/policy_templates/tree/master/security/azure/sql_server_va_admins) and [docs.rightscale.com/policies](https://docs.rightscale.com/policies/) to learn more.
Azure Ensure SQL Server Vulnerability Assessment (VA) Enabled2.0Report if any SQL server instances do not have Vulnerability Assessment (VA) enabled. See the [README](https://github.com/flexera/policy_templates/tree/master/security/azure/sql_server_va) and [docs.rightscale.com/policies](https://docs.rightscale.com/policies/) to learn more.
Azure Ensure Secure Transfer Required2.0Report if any storage accounts are not configured to require secure transfers. See the [README](https://github.com/flexera/policy_templates/tree/master/security/azure/secure_transfer_required) and [docs.rightscale.com/policies](https://docs.rightscale.com/policies/) to learn more.
Azure Ensure Security Contact Email2.0Report if any subscriptions lack a security contact email address. See the [README](https://github.com/flexera/policy_templates/tree/master/security/azure/security_contact_email) and [docs.rightscale.com/policies](https://docs.rightscale.com/policies/) to learn more.
Azure Ensure Soft Delete Enabled For Azure Storage2.0Report if the storage service does not have soft delete enabled. See the [README](https://github.com/flexera/policy_templates/tree/master/security/azure/storage_soft_delete/) and [docs.rightscale.com/policies](https://docs.rightscale.com/policies/) to learn more.
Azure Ensure Storage Account Default Network Access Set To Deny2.0Report if any storage accounts do not have their default network access set to 'deny'. See the [README](https://github.com/flexera/policy_templates/tree/master/security/azure/storage_network_deny) and [docs.rightscale.com/policies](https://docs.rightscale.com/policies/) to learn more.
Azure Ensure Storage Accounts Require Secure TLS Version2.0Report if any storage accounts are not configured to require TLS 1.2. See the [README](https://github.com/flexera/policy_templates/tree/master/security/azure/storage_tls_version) and [docs.rightscale.com/policies](https://docs.rightscale.com/policies/) to learn more.
Azure Ensure Storage Logging Enabled For Blob Service2.0Report if any blob storage accounts are not configured to log read, write, and delete requests. See the [README](https://github.com/flexera/policy_templates/tree/master/security/azure/blob_storage_logging) and [docs.rightscale.com/policies](https://docs.rightscale.com/policies/) to learn more.
Azure Ensure Storage Logging Enabled For Queue Service2.0Report if any storage queue accounts are not configured to log read, write, and delete requests. See the [README](https://github.com/flexera/policy_templates/tree/master/security/azure/queue_storage_logging) and [docs.rightscale.com/policies](https://docs.rightscale.com/policies/) to learn more.
Azure Ensure Storage Logging Enabled For Table Service2.0Report if any storage table accounts are not configured to log read, write, and delete requests. See the [README](https://github.com/flexera/policy_templates/tree/master/security/azure/table_storage_logging) and [docs.rightscale.com/policies](https://docs.rightscale.com/policies/) to learn more.
Azure Ensure Trusted Microsoft Services Enabled2.0Report if any storage accounts do not have access enabled for Trusted Microsoft Services. See the [README](https://github.com/flexera/policy_templates/tree/master/security/azure/storage_trusted_services/) and [docs.rightscale.com/policies](https://docs.rightscale.com/policies/) to learn more.
Azure Guest Users Audit2.0Report if any guest users exist so that they can be reviewed. See the [README](https://github.com/flexera/policy_templates/tree/master/security/azure/guest_users) and [docs.rightscale.com/policies](https://docs.rightscale.com/policies/) to learn more.
Azure Network Security Groups With Inbound RDP Open2.0Reports when an Azure Network Security Group has RDP open to the internet. See the [README](https://github.com/flexera/policy_templates/tree/master/security/azure/restrict_rdp_internet) and [docs.flexera.com/flexera/EN/Automation](https://docs.flexera.com/flexera/EN/Automation/AutomationGS.htm) to learn more.
Azure Network Security Groups With Inbound SSH Open2.0Reports when an Azure Network Security Group has ssh (port 22) open to the internet. See the [README](https://github.com/flexera/policy_templates/tree/master/security/azure/restrict_ssh_internet) and [docs.flexera.com/flexera/EN/Automation](https://docs.flexera.com/flexera/EN/Automation/AutomationGS.htm) to learn more.
Azure Publicly Accessible Managed SQL Instance2.6Check for database services that are publicly accessible and terminate them after approval. See the [README](https://github.com/flexera/policy_templates/tree/master/security/azure/sql_publicly_accessible_managed_instance) and [docs.flexera.com/flexera/EN/Automation](https://docs.flexera.com/flexera/EN/Automation/AutomationGS.htm) to learn more.
Azure Resources with public IP address2.2Get the Resource Group or any resources with public IP address. See the [docs.flexera.com/flexera/EN/Automation](https://docs.flexera.com/flexera/EN/Automation/AutomationGS.htm) to learn more.
Azure Storage Accounts Without HTTPs Enforced2.2Checks for Azure Storage Accounts with HTTPs not enforced. See the [README](https://github.com/flexera/policy_templates/tree/master/security/storage/azure/storage_account_https_enabled) and [docs.flexera.com/flexera/EN/Automation](https://docs.flexera.com/flexera/EN/Automation/AutomationGS.htm) to learn more.
Azure Web App Minimum TLS Version2.3Checks for Azure Web Apps with a minimum TLS version less that the value specified. See the [README](https://github.com/flexera/policy_templates/tree/master/security/azure/webapp_tls_version_support) and [docs.flexera.com/flexera/EN/Automation](https://docs.flexera.com/flexera/EN/Automation/AutomationGS.htm) to learn more.
Google Open Buckets2.4Checks for buckets that are open to the public. See the [README](https://github.com/flexera/policy_templates/tree/master/security/storage/google/public_buckets) and [docs.flexera.com/flexera/EN/Automation](https://docs.flexera.com/flexera/EN/Automation/AutomationGS.htm) to learn more.

Operational Policies

Save valuable human time and investment by automating everyday IT operations. Running an automated and efficient cloud infrastructure frees up expensive resources on high ROI projects like scaling, growth, and deliver value faster than anyone else.

NameVersionDescription
AKS Node Pools Without Autoscaling2.2Raise an incident if there are any AKS user node pools without autoscaling enabled. See the [README](https://github.com/flexera/policy_templates/tree/master/operational/azure/aks_nodepools_without_autoscaling) and [docs.flexera.com/flexera/EN/Automation](https://docs.flexera.com/flexera/EN/Automation/AutomationGS.htm) to learn more.
AKS Node Pools Without Zero Autoscaling2.2Raise an incident if there are any AKS user node pools without zero autoscaling enabled. See the [README](https://github.com/flexera/policy_templates/tree/master/operational/azure/aks_nodepools_without_autoscaling) and [docs.flexera.com/flexera/EN/Automation](https://docs.flexera.com/flexera/EN/Automation/AutomationGS.htm) to learn more.
AWS Instance Scheduled Events2.7Report on any AWS scheduled event that will impact instance availability. See the [README](https://github.com/rightscale/policy_templates/tree/master/operational/aws/instance_scheduled_events) and [docs.flexera.com/flexera/EN/Automation](https://docs.flexera.com/flexera/EN/Automation/AutomationGS.htm) to learn more.
AWS Lambda Functions with high error rate2.3Report any functions with error rate over parameter. See the [README](https://github.com/rightscale/policy_templates/tree/master/operational/aws/lambda_functions_with_high_error_rate) and [docs.flexera.com/flexera/EN/Automation](https://docs.flexera.com/flexera/EN/Automation/AutomationGS.htm) to learn more.
AWS Long Running Instances2.8Checks for running instances that have been running longer than the `Days Old` parameter. See the [README](https://github.com/flexera/policy_templates/tree/master/operational/aws/long_running_instances/) and [docs.flexera.com/flexera/EN/Automation](https://docs.flexera.com/flexera/EN/Automation/AutomationGS.htm) to learn more.
AWS RDS Backup Settings2.5Checks for RDS Instances that have unapproved backup settings. See the [README](https://github.com/flexera/policy_templates/tree/master/operational/dbaas/aws/rds_backup) and [docs.flexera.com/flexera/EN/Automation](https://docs.flexera.com/flexera/EN/Automation/AutomationGS.htm) to learn more.
AWS Usage Forecast - Number of Instance Hours Used2.0This policy uses a linear-regression model to produce a forecast of the number of hours used for AWS instances, categorized by Instance Family. See the [README](https://github.com/flexera/policy_templates/tree/master/operational/aws/total_instance_hours_forecast) and [docs.flexera.com/flexera/EN/Automation](https://docs.flexera.com/flexera/EN/Automation/AutomationGS.htm) to learn more.
AWS Usage Forecast - Number of Instance vCPUs Used2.0This policy uses a linear-regression model to produce a forecast of the number of vCPUs used for AWS instances, categorized by Instance Family. See the [README](https://github.com/flexera/policy_templates/tree/master/operational/aws/total_instance_vcpus_forecast) and [docs.flexera.com/flexera/EN/Automation](https://docs.flexera.com/flexera/EN/Automation/AutomationGS.htm) to learn more.
AWS Usage Report - Number of Instance Hours Used2.2This policy produces a usage report showing the number of Hours used for each AWS Instance Family. See the [README](https://github.com/flexera/policy_templates/tree/master/operational/aws/total_instance_hours) and [docs.flexera.com/flexera/EN/Automation](https://docs.flexera.com/flexera/EN/Automation/AutomationGS.htm) to learn more.
AWS Usage Report - Number of Instance vCPUs Used2.2This policy produces a usage report showing the number of vCPUs used for each AWS Instance Family. See the [README](https://github.com/flexera/policy_templates/tree/master/operational/aws/total_instance_vcpus) and [docs.flexera.com/flexera/EN/Automation](https://docs.flexera.com/flexera/EN/Automation/AutomationGS.htm) to learn more.
Application Migration Recommendations1.4This Policy Template will analyze RISC CloudScape data and will generate recommendations for migrating application stacks to the most cost effective for each cloud providers & regions. See the [README](https://github.com/flexera/policy_templates/tree/master/operational/compute_instance_migration) and [docs.flexera.com/flexera/EN/Automation](https://docs.flexera.com/flexera/EN/Automation/AutomationGS.htm) to learn more.
Azure Migrate Integration1.2This Policy will collect the resources from a RISC Foundations assessment and seed Azure Migrate with the discovered servers. See the [README](https://github.com/rightscale/policy_templates/tree/master/operational/azure/azure_migrate) and [docs.flexera.com/flexera/EN/Automation](https://docs.flexera.com/flexera/EN/Automation/AutomationGS.htm) to learn more.
Azure Sync Tags with Optima2.4Identify all Azure Tag Keys and add them as custom dimensions in Flexera Optima. See the [README](https://github.com/flexera/policy_templates/tree/master/operational/azure/sync_tags_with_optima) and [docs.flexera.com/flexera/EN/Automation](https://docs.flexera.com/flexera/EN/Automation/AutomationGS.htm) to learn more.
Azure VMs Not Using Managed Disks2.6Report any VMs that are not using managed disks in Azure. See the [README](https://github.com/rightscale/policy_templates/tree/master/operational/azure/vms_without_managed_disks) and [docs.flexera.com/flexera/EN/Automation](https://docs.flexera.com/flexera/EN/Automation/AutomationGS.htm) to learn more.
AzureAD Group Sync2.3Synchronizes AzureAD Groups to Flexera Governance Groups. See the [README](https://github.com/flexera/policy_templates/tree/master/operational/azure/azuread_group_sync) and [docs.flexera.com/flexera/EN/Automation](https://docs.flexera.com/flexera/EN/Automation/AutomationGS.htm) to learn more.
Expiring Azure Certificates2.2Raise an incident if there are expired and almost expired certificates on the Azure account in active use. See the [README](https://github.com/flexera/policy_templates/tree/master/operational/azure/azure_certificates) and [docs.flexera.com/flexera/EN/Automation](https://docs.flexera.com/flexera/EN/Automation/AutomationGS.htm) to learn more.
NetFlow Top Talkers1.4This Policy Template will analyze RISC Foundations NetFlow data and will leverage these traffic patterns to identify the top communication routes from each application stack to external dependencies. See the [README](https://github.com/rightscale/policy_templates/tree/master/operational/network_flow) and [docs.flexera.com/flexera/EN/Automation](https://docs.flexera.com/flexera/EN/Automation/AutomationGS.htm) to learn more.
Schedule FlexNet Manager Report2.4Schedule a FlexNet Manager report (Custom view) and send it as a email to one or more recipients. See the [README](https://github.com/flexera/policy_templates/tree/master/operational/fnms/schedule_fnms_reports) and [docs.flexera.com/flexera/EN/Automation](https://docs.flexera.com/flexera/EN/Automation/AutomationGS.htm) to learn more.

Compliance Policies

Enterprises typically have multiple compliance requirements but struggle to automate them which leads to downtime as well as resource waste. By having a strong compliance strategy but also ability to quickly automate it provides peace of mind and avoids business interruption.

NameVersionDescription
AWS Disallowed Regions2.6Check for instances that are outside of an allowed region with the option to terminate them. See the [README](https://github.com/flexera/policy_templates/tree/master/compliance/aws/disallowed_regions) and [docs.flexera.com/flexera/EN/Automation](https://docs.flexera.com/flexera/EN/Automation/AutomationGS.htm) to learn more.
AWS EC2 Instances not running FlexNet Inventory Agent2.8Check instances that are not running the FlexNet Inventory Agent. See the [README](https://github.com/flexera/policy_templates/tree/master/compliance/aws/instances_without_fnm_agent) and [docs.flexera.com/flexera/EN/Automation](https://docs.flexera.com/flexera/EN/Automation/AutomationGS.htm) to learn more.
AWS IAM Role Audit2.4This policy checks to see if the provided roles exist in an account. See the [README](https://github.com/flexera/policy_templates/tree/master/compliance/aws/iam_role_audit) and [docs.flexera.com/flexera/EN/Automation](https://docs.flexera.com/flexera/EN/Automation/AutomationGS.htm) to learn more.
AWS Long-stopped Instances2.7Check for instances that have been stopped for a long time with the option to terminates them after approval. See the [README](https://github.com/flexera/policy_templates/tree/master/compliance/aws/long_stopped_instances) and [docs.flexera.com/flexera/EN/Automation](https://docs.flexera.com/flexera/EN/Automation/AutomationGS.htm) to learn more.
AWS Service Control Policy Audit2.5This policy checks to see if the provided service control policy is applied across all accounts in an AWS organization. See the [README](https://github.com/flexera/policy_templates/tree/master/compliance/aws/scp_audit) and [docs.flexera.com/flexera/EN/Automation](https://docs.flexera.com/flexera/EN/Automation/AutomationGS.htm) to learn more.
AWS Untagged Resources2.6Find all AWS resources missing any of the user provided tags with the option to update the resources with the missing tags. See the [README](https://github.com/flexera/policy_templates/tree/master/compliance/aws/untagged_resources/) and [docs.flexera.com/flexera/EN/Automation](https://docs.flexera.com/flexera/EN/Automation/AutomationGS.htm) to learn more.
AWS Unused ECS Clusters2.7Report and remediate any ECS clusters that are not currently in use. See the [README](https://github.com/flexera/policy_templates/tree/master/compliance/aws/ecs_unused) and [docs.flexera.com/flexera/EN/Automation](https://docs.flexera.com/flexera/EN/Automation/AutomationGS.htm) to learn more.
Azure AHUB Utilization with Manual Entry2.6Report when AHUB usage in Azure falls outside or inside the number of licenses specified by the user. See the [README](https://github.com/flexera/policy_templates/tree/master/compliance/azure/ahub_manual) and [docs.flexera.com/flexera/EN/Automation](https://docs.flexera.com/flexera/EN/Automation/AutomationGS.htm) to learn more.
Azure Disallowed Regions2.6Check for instances that are in a disallowed region with the option to terminate them. See the [README](https://github.com/flexera/policy_templates/tree/master/compliance/azure/azure_disallowed_regions) and [docs.flexera.com/flexera/EN/Automation](https://docs.flexera.com/flexera/EN/Automation/AutomationGS.htm) to learn more.
Azure Instances not running FlexNet Inventory Agent2.6Check instances that are not running the FlexNet Inventory Agent. See the [README](https://github.com/flexera/policy_templates/tree/master/compliance/azure/instances_without_fnm_agent) and [docs.flexera.com/flexera/EN/Automation](https://docs.flexera.com/flexera/EN/Automation/AutomationGS.htm) to learn more.
Azure Long Stopped Instances2.6Check for instances that have been stopped for a long time with the option to terminates them after approval. See the [README](https://github.com/flexera/policy_templates/tree/master/compliance/azure/azure_long_stopped_instances) and [docs.flexera.com/flexera/EN/Automation](https://docs.flexera.com/flexera/EN/Automation/AutomationGS.htm) to learn more.
Azure Policy Audit2.3Check for policies applied to Azure Subscriptions. See the [README](https://github.com/flexera/policy_templates/tree/master/compliance/azure/azure_policy_audit) and [docs.flexera.com/flexera/EN/Automation](https://docs.flexera.com/flexera/EN/Automation/AutomationGS.htm) to learn more.
Azure Regulatory Compliance2.6This Policy will provide an overview for the various Regulatory Compliance controls and generate an email with the results. See the [README](https://github.com/rightscale/policy_templates/tree/master/compliance/azure/compliance_score) and [docs.flexera.com/flexera/EN/Automation](https://docs.flexera.com/flexera/EN/Automation/AutomationGS.htm) to learn more.
Azure Subscription Access2.6Lists anyone who has been granted Owner or Contributor access to an Azure subscription. See the [README](https://github.com/flexera/policy_templates/tree/master/compliance/azure/subscription_access) and [docs.flexera.com/flexera/EN/Automation](https://docs.flexera.com/flexera/EN/Automation/AutomationGS.htm) to learn more.
Azure Tag Resources with Resource Group Name2.3Scan all resources in an Azure Subscription, raise an incident if any resources are not tagged with the name of their Resource Group, and remediate by tagging the resource. See the [README](https://github.com/rightscale/policy_templates/tree/master/compliance/tags/azure_rg_tags) and [docs.flexera.com/flexera/EN/Automation](https://docs.flexera.com/flexera/EN/Automation/AutomationGS.htm) to learn more.
Azure Untagged Resources2.9Find all Azure resources missing any of the user provided tags with the option to update the resources with the missing tags. See the [README](https://github.com/flexera/policy_templates/tree/master/compliance/azure/azure_untagged_resources) and [docs.flexera.com/flexera/EN/Automation](https://docs.flexera.com/flexera/EN/Automation/AutomationGS.htm) to learn more.
Billing Center Access Report1.7This policy generates an access report by Billing Center. See the [README](https://github.com/rightscale/policy_templates/tree/master/compliance/billing_center_access_report/) and [docs.flexera.com/flexera/EN/Automation](https://docs.flexera.com/flexera/EN/Automation/AutomationGS.htm) to learn more.
FlexNet Manager Licenses At Risk2.4Looks up Flexnet Manager Licenses "At Risk" and sends the result as an email. See the [README](https://github.com/flexera/policy_templates/tree/master/compliance/fnms/fnms_licenses_at_risk) and [docs.flexera.com/flexera/EN/Automation](https://docs.flexera.com/flexera/EN/Automation/AutomationGS.htm) to learn more.
FlexNet Manager Low Available Licenses2.3Looks up Flexnet Manager Licenses and finds all Flexnet Manager Licenses with available count less than user provide percentage, and sends the result as an email. See the [README](https://github.com/flexera/policy_templates/tree/master/compliance/fnms/fnms_low_licenses_available) and [docs.flexera.com/flexera/EN/Automation](https://docs.flexera.com/flexera/EN/Automation/AutomationGS.htm) to learn more.
Flexera IAM Explicit User Roles2.1Identifies users in Flexera IAM that have explicit user roles assigned. See the [README](https://github.com/flexera/policy_templates/tree/master/compliance/flexera/iam_explicit_user_roles) and [docs.flexera.com/flexera/EN/Automation](https://docs.flexera.com/flexera/EN/Automation/AutomationGS.htm) to learn more.
GitHub.com Available Seats Report2.3Gets the number of available seats for a licensed GitHub Org and creates an incident if they are out of the policy range. See the [README](https://github.com/flexera/policy_templates/tree/master/compliance/github/available_seats) and [docs.flexera.com/flexera/EN/Automation](https://docs.flexera.com/flexera/EN/Automation/AutomationGS.htm) to learn more.
GitHub.com Repositories without Admin Team2.3Gets the repositories under a GitHub.com Organization and creates incidents for any that do not have at least 1 Team assigned with `admin` role. See the [README](https://github.com/flexera/policy_templates/tree/master/compliance/github/repository_admin_team) and [docs.flexera.com/flexera/EN/Automation](https://docs.flexera.com/flexera/EN/Automation/AutomationGS.htm) to learn more.
GitHub.com Repository Branches without Protection2.4Gets the repositories under a list of GitHub.com Organizations and creates incidents for any that do not have protection enabled for selected branches. See the [README](https://github.com/flexera/policy_templates/tree/master/compliance/github/repository_branch_protection) and [docs.flexera.com/flexera/EN/Automation](https://docs.flexera.com/flexera/EN/Automation/AutomationGS.htm) to learn more.
GitHub.com Unpermitted Outside Collaborators2.3Gets all the Outside Collaborators (User that have been granted access to a repository, but are not a Member of the repository owner's Organization) under GitHub.com Organization(s) and creates an incident for each that are not included in the specified username whitelist. See the [README](https://github.com/flexera/policy_templates/tree/master/compliance/github/outside_collaborators) and [docs.flexera.com/flexera/EN/Automation](https://docs.flexera.com/flexera/EN/Automation/AutomationGS.htm) to learn more.
GitHub.com Unpermitted Repository Names2.3Gets the names of all repositories under GitHub.com Organization(s) and creates incidents for any that do not match any of the whitelisted regex strings. See the [README](https://github.com/flexera/policy_templates/tree/master/compliance/github/repository_naming) and [docs.flexera.com/flexera/EN/Automation](https://docs.flexera.com/flexera/EN/Automation/AutomationGS.htm) to learn more.
GitHub.com Unpermitted Sized Repositories2.3Gets all repositories under GitHub.com Organization(s) and creates incidents for any that were created longer than a specified number of days ago, and are smaller than a specified size. See the [README](https://github.com/flexera/policy_templates/tree/master/compliance/github/repository_size) and [docs.flexera.com/flexera/EN/Automation](https://docs.flexera.com/flexera/EN/Automation/AutomationGS.htm) to learn more.
GitHub.com Unpermitted Top-Level Teams2.3Gets the top-level / parent Teams for a GitHub.com Org and creates an incident if any do not match the whitelisted values. See the [README](https://github.com/flexera/policy_templates/tree/master/compliance/github/toplevel_teams) and [docs.flexera.com/flexera/EN/Automation](https://docs.flexera.com/flexera/EN/Automation/AutomationGS.htm) to learn more.
Google Long-stopped instances2.6Report on any google instances that have been stopped for a long time with the option to Terminate them. See the [README](https://github.com/flexera/policy_templates/tree/master/compliance/google/long_stopped_instances) and [docs.flexera.com/flexera/EN/Automation](https://docs.flexera.com/flexera/EN/Automation/AutomationGS.htm) to learn more.
Google Unlabeled Resources2.3Find all Google Cloud resources(disks, images, instances, snapshots, buckets, vpnGateways), missing any of the user provided labels with the option to update the resources with the missing labels. See the [README](https://github.com/flexera/policy_templates/tree/master/compliance/google/unlabeled_resources) and [docs.flexera.com/flexera/EN/Automation](https://docs.flexera.com/flexera/EN/Automation/AutomationGS.htm) to learn more.
ITAM Expiring Licenses2.0Looks up Active Flexnet Manager Licenses Expiring within set Time Period and sends the result as an email. See the [README](https://github.com/flexera/policy_templates/tree/master/compliance/fnms/fnms_licenses_expiring) and [docs.flexera.com/flexera/EN/Automation](https://docs.flexera.com/flexera/EN/Automation/AutomationGS.htm) to learn more.
ITAM Ignored Recent Inventory Dates2.0Looks for machines that are ignored but have been invenotry recently and sends the result as an email. See the [README](https://github.com/flexera/policy_templates/tree/master/compliance/fnms/ignored_recent_inventory_dates/) and [docs.flexera.com/flexera/EN/Automation](https://docs.flexera.com/flexera/EN/Automation/AutomationGS.htm) to learn more.
ITAM Missing Active Machines2.0Looks for machines that are active but haven't checked in and sends the result as an email. See the [README](https://github.com/flexera/policy_templates/tree/master/compliance/fnms/missing_active_machines/) and [docs.flexera.com/flexera/EN/Automation](https://docs.flexera.com/flexera/EN/Automation/AutomationGS.htm) to learn more.
ITAM Overused Licenses2.0Looks up software licenses and reports in email any licenses that are overused. See the [README](https://github.com/flexera/policy_templates/tree/master/compliance/fnms/overused_licenses) and [docs.flexera.com/flexera/EN/Automation](https://docs.flexera.com/flexera/EN/Automation/AutomationGS.htm) to learn more.
ITAM VMs Missing Host ID2.0Looks for machines that are active but missing a Host ID. See the [README](https://github.com/flexera/policy_templates/tree/master/compliance/fnms/vms_missing_hostid/) and [docs.flexera.com/flexera/EN/Automation](https://docs.flexera.com/flexera/EN/Automation/AutomationGS.htm) to learn more.

SaaS Management Policies

As your technology landscape matures, SaaS becomes a larger part of your spend between all of the services used for backoffice and for delivering applications. These policies help you monitor your SaaS tools for cost, compliance, and security purposes.

NameVersionDescription
Office 365 Security Alerts2.3This policy will identify Security Alerts that have been raised in Office 365. Policy Managers can minimize the notifications by choosing to only be alerted by certain severity level(s). See the [README](https://github.com/flexera/policy_templates/tree/master/saas/office365/security_alerts/) and [docs.flexera.com/flexera/EN/Automation](https://docs.flexera.com/flexera/EN/Automation/AutomationGS.htm) to learn more.
Okta Inactive Users2.3This policy will identify Okta users that have not logged in within a specified number of days and deactivate the users upon approval. See the [README](https://github.com/flexera/policy_templates/tree/master/saas/okta/inactive_users/) and [docs.flexera.com/flexera/EN/Automation](https://docs.flexera.com/flexera/EN/Automation/AutomationGS.htm) to learn more.
SaaS Manager - Duplicate User Accounts2.4This policy will create an incident when Flexera SaaS Manager identifies duplicate user accounts within a single managed SaaS application. See the [README](https://github.com/flexera/policy_templates/tree/master/saas/fsm/duplicate_users/) and [docs.flexera.com/flexera/EN/Automation](https://docs.flexera.com/flexera/EN/Automation/AutomationGS.htm) to learn more.
SaaS Manager - Inactive Users by Department2.6This policy will create an incident when Flexera SaaS Manager identifies inactive or never active users for managed applications. See the [README](https://github.com/flexera/policy_templates/tree/master/saas/fsm/inactive_users_by_dept/) and [docs.flexera.com/flexera/EN/Automation](https://docs.flexera.com/flexera/EN/Automation/AutomationGS.htm) to learn more.
SaaS Manager - Inactive Users for Integrated Applications2.1Gets inactive users for the Integrated Applications of the specified Managed SaaS Application.
SaaS Manager - Redundant Apps2.5This policy will create an incident when Flexera SaaS Manager identifies application categories with an excessive number of applications. See the [README](https://github.com/flexera/policy_templates/tree/master/saas/fsm/redundant_apps/) and [docs.flexera.com/flexera/EN/Automation](https://docs.flexera.com/flexera/EN/Automation/AutomationGS.htm) to learn more.
SaaS Manager - Renewal Reminder2.4This policy will create an incident when Flexera SaaS Manager identifies applications whose expiration date is approaching. See the [README](https://github.com/flexera/policy_templates/tree/master/saas/fsm/renewal_reminder/) and [docs.flexera.com/flexera/EN/Automation](https://docs.flexera.com/flexera/EN/Automation/AutomationGS.htm) to learn more.
SaaS Manager - SaaS App User Report by Category2.3This policy will create an incident when Flexera SaaS Manager identifies users entitled to SaaS apps within a specified department. See the [README](https://github.com/flexera/policy_templates/tree/master/saas/fsm/users_by_category/) and [docs.flexera.com/flexera/EN/Automation](https://docs.flexera.com/flexera/EN/Automation/AutomationGS.htm) to learn more.
SaaS Manager - Suspicious Users2.5This policy will create an incident when Flexera SaaS Manager identifies suspicious users logging into SaaS applications. See the [README](https://github.com/flexera/policy_templates/tree/master/saas/fsm/suspicious_users/) and [docs.flexera.com/flexera/EN/Automation](https://docs.flexera.com/flexera/EN/Automation/AutomationGS.htm) to learn more.
SaaS Manager - Unsanctioned Applications with Existing Contract2.4This policy will create an incident when Flexera SaaS Manager identifies unsanctioned SaaS purchases for managed applications under an existing license contract. See the [README](https://github.com/flexera/policy_templates/tree/master/saas/fsm/unsanctioned_apps_with_contract/) and [docs.flexera.com/flexera/EN/Automation](https://docs.flexera.com/flexera/EN/Automation/AutomationGS.htm) to learn more.
SaaS Manager - Unsanctioned Spend2.5This policy will create an incident when Flexera SaaS Manager identifies unsanctioned spend on SaaS applications. See the [README](https://github.com/flexera/policy_templates/tree/master/saas/fsm/unsanctioned_spend/) and [docs.flexera.com/flexera/EN/Automation](https://docs.flexera.com/flexera/EN/Automation/AutomationGS.htm) to learn more.
SaaS Manager - User Status Change2.5This policy will create an incident when Flexera SaaS Manager identifies users whose status in the HR roster changes to inactive. See the [README](https://github.com/flexera/policy_templates/tree/master/saas/fsm/user_status_change/) and [docs.flexera.com/flexera/EN/Automation](https://docs.flexera.com/flexera/EN/Automation/AutomationGS.htm) to learn more.
ServiceNow Inactive Approvers2.2This policy will identify ServiceNow Approvers that have not logged in within a specified number of days. See the [README](https://github.com/rightscale/policy_templates/tree/master/saas/servicenow/inactive_approvers/) and [docs.flexera.com/flexera/EN/Automation](https://docs.flexera.com/flexera/EN/Automation/AutomationGS.htm) to learn more.