Policies

New Features

  • Policies can now be restricted to only being applied in one account by the policy designer for those policies that do cross-account checks and actions. Avoid accidental policy applications across many accounts when each one will behave the exact same by using the tenancy attribute of the policy template language.

Changes to Existing Features

  • The policy Catalog and Dashboard page have been updated to show any category that is defined in the policy template instead of grouping them into an Other category.

New Policies

  • AWS Object Storage Optimization checks for S3 objects that haven't been updated outside of the specified timeframe and moves the object to Glacier or Glacier Deep Archive after user approval.
  • AWS Rightsize RDS Instances provides rightsizing recommendations for RDS instances by gathering AWS CloudWatch data on 30 day intervals and can rightsize the instances after user approval.
  • AWS Unused RDS Instances checks for unused RDS instances by reviewing the CloudWatch DBconnection metric for the last 30 days. If there have been no connections the RDS instance is reported can be automatically terminated after user approval.
  • Azure Blob Storage Optimization checks Azure Blob Storage for objects that haven't been updated outside of the specified timeframe and moves them to the Cool or Archive tier after user approval.
  • Azure Idle Compute Instances checks for idle virtual machines in Azure, as defined by CPU utilization, and optionally terminates the virtual machines after approval.
  • Azure Expiring Reserved Instances reports on active Azure RIs that are expiring within a user-provided window.
  • Azure Rightsize SQL Instances provides rightsizing recommendations for SQL instances based on CPU usage for the last 30 days.
  • Google Expiring Committed Use Discount (CUD) reports on active Google CUDs that are expiring within a user-provided window.
  • Google Object Storage Optimization checks for objects that haven't been updated outside of the specified timeframe and moves the object to nearline or coldline storage after user approval.
  • Google Unused CloudSQL Instances checks for unused CloudSQL instance in Google Compute Engine and terminates them upon approval.

Changes to Existing Policies