Flexera Policy Templates
This repository contains a library of open source Flexera Policy Templates. All contributions are shared under the MIT license.
Please contact sales@flexera.com to learn more.
Released Policy Templates
Categories
Policy Templates for Optimization
These templates can generate savings estimates for your environment.
AWS
- AWS GP3 Upgradeable Volumes
- AWS Idle Compute Instances
- AWS Idle NAT Gateways
- AWS Old Snapshots
- AWS Reserved Instances Recommendations
- AWS Resources Under Extended Support
- AWS Rightsize EBS Volumes
- AWS Rightsize EC2 Instances
- AWS Rightsize RDS Instances
- AWS Rightsize Redshift
- AWS Savings Plan Recommendations
- AWS Superseded EBS Volumes
- AWS Superseded EC2 Instances
- AWS Untagged Resources
- AWS Unused Application Load Balancers
- AWS Unused Classic Load Balancers
- AWS Unused IP Addresses
- AWS Unused Network Load Balancers
- AWS Unused RDS Instances
- AWS Unused Volumes
- Turbonomic Allocate Virtual Machine Recommendations AWS
- Turbonomic Buy Reserved Instances Recommendations AWS
- Turbonomic Delete Unattached Volumes Recommendations AWS
- Turbonomic Rightsize Databases Recommendations AWS
- Turbonomic Rightsize Virtual Machines Recommendations AWS
- Turbonomic Rightsize Virtual Volumes Recommendations AWS
Azure
- Azure Databricks Rightsize Compute Instances
- Azure Hybrid Use Benefit for Windows Server
- Azure Idle Compute Instances
- Azure Old Snapshots
- Azure Reserved Instances Recommendations
- Azure Rightsize Compute Instances
- Azure Rightsize Managed Disks
- Azure Rightsize MySQL Flexible Servers
- Azure Rightsize MySQL Single Servers
- Azure Rightsize NetApp Resources
- Azure Rightsize SQL Database Storage
- Azure Rightsize SQL Databases
- Azure Rightsize SQL Managed Instance Storage
- Azure Rightsize SQL Managed Instances
- Azure Rightsize Synapse SQL Pools
- Azure Savings Plan Recommendations
- Azure Superseded Compute Instances
- Azure Unused App Service Plans
- Azure Unused Firewalls
- Azure Unused IP Addresses
- Azure Unused Load Balancers
- Azure Unused SQL Databases
- Azure Unused Volumes
- Turbonomic Allocate Virtual Machine Recommendations Azure
- Turbonomic Buy Reserved Instances Recommendations Azure
- Turbonomic Delete Unattached Volumes Recommendations Azure
- Turbonomic Rightsize Databases Recommendations Azure
- Turbonomic Rightsize Virtual Machines Recommendations Azure
- Turbonomic Rightsize Virtual Volumes Recommendations Azure
Flexera
- Google Committed Use Discount Recommender
- Google Idle Cloud SQL Instance Recommender
- Google Idle IP Address Recommender
- Google Idle Persistent Disk Recommender
- Google Idle VM Recommender
- Google Old Snapshots
- Google Recommenders
- Google Rightsize Cloud SQL Recommender
- Google Rightsize VM Recommender
- Turbonomic Allocate Virtual Machine Recommendations Google
- Turbonomic Delete Unattached Volumes Recommendations Google
- Turbonomic Rightsize Virtual Machines Recommendations Google
Kubecost
Policy Templates for Compliance
AWS
Compute
IAM
Organization
RDS
Azure
All
Compute
IAM
Flexera
Cloud Cost Optimization
IT Asset Management
Identity & Access Management
GitHub
Git
Policy Templates for Cost
AWS
All
CloudTrail
Compute
- AWS Burstable EC2 Instances
- AWS EC2 Instances Time Stopped Report
- AWS EKS Clusters Without Spot Instances
- AWS Expiring Reserved Instances
- AWS Expiring Savings Plans
- AWS Idle Compute Instances
- AWS Inefficient Instance Utilization using CloudWatch
- AWS Reserved Instances Coverage
- AWS Reserved Instances Recommendations
- AWS Reserved Instances Utilization
- AWS Rightsize EC2 Instances
- AWS Savings Plan Recommendations
- AWS Savings Plan Utilization
- AWS Savings Realized From Rate Reduction Purchases
- AWS Schedule Instance
- AWS Superseded EBS Volumes
- AWS Superseded EC2 Instances
- AWS Unused IP Addresses
- Reserved Instance Report by Billing Center
- Turbonomic Allocate Virtual Machine Recommendations AWS
- Turbonomic Rightsize Virtual Machines Recommendations AWS
Database
EBS
Marketplace
Network
RDS
Storage
Usage Discount
Azure
All
Compute
- Azure Compute Instances Time Powered Off Report
- Azure Expiring Reserved Instances
- Azure Expiring Savings Plans
- Azure Hybrid Use Benefit for Linux Server
- Azure Hybrid Use Benefit for Windows Server
- Azure Idle Compute Instances
- Azure Inefficient Instance Utilization using Log Analytics
- Azure Reserved Instances Recommendations
- Azure Reserved Instances Utilization
- Azure Reserved Instances Utilization MCA
- Azure Rightsize Compute Instances
- Azure Savings Plan Recommendations
- Azure Savings Plan Utilization
- Azure Savings Realized from Reservations
- Azure Schedule Instance
- Azure Superseded Compute Instances
- Azure Unused IP Addresses
- Turbonomic Allocate Virtual Machine Recommendations Azure
- Turbonomic Rightsize Virtual Machines Recommendations Azure
Databricks
Managed Disks
Marketplace
MySQL
NetApp Files
Network
PaaS
SQL
Storage
Storage Accounts
Usage Discount
Azure China
Common Bill Ingestion
Flexera
Cloud Cost Optimization
- Budget Alerts
- Budget Alerts by Cloud Account
- Budget vs Actual Spend Report
- Cheaper Regions
- Cloud Cost Anomaly Alerts
- Cloud Spend Forecast - Straight-Line
- Cloud Spend Forecast - Straight-Line (Simple Model)
- Cloud Spend Moving Average Report
- Currency Conversion
- Email Cost Optimization Recommendations
- Flexera FOCUS Report
- Low Service Usage
- Low Usage Report
- New Usage
- Scheduled Report
- Superseded Instances
- Vendor Spend Commitment Forecast
Common Bill Ingestion
Flexera Optima
GCE
All
Compute
- Google Committed Use Discount Recommender
- Google Committed Use Discount Report
- Google Expiring Committed Use Discounts (CUD)
- Google Idle IP Address Recommender
- Google Idle VM Recommender
- Google Rightsize Cloud SQL Recommender
- Google Rightsize VM Recommender
- Google Schedule Instance
- Turbonomic Allocate Virtual Machine Recommendations Google
- Turbonomic Rightsize Virtual Machines Recommendations Google
SQL
Storage
Kubecost
Kubernetes
Oracle
Common Bill Ingestion
Policy Templates for Operational
AWS
Compute
- AWS Long Running Instances
- AWS Scheduled EC2 Events
- AWS Usage Forecast - Instance Time Used
- AWS Usage Forecast - Number of Instance Hours Used
- AWS Usage Forecast - Number of Instance vCPUs Used
- AWS Usage Report - Instance Time Used
- AWS Usage Report - Number of Instance Hours Used
- AWS Usage Report - Number of Instance vCPUs Used
PaaS
Tags
Azure
AKS
Compute
PaaS
Tags
Flexera
Automation
Cloud Cost Optimization
FlexNet Manager
IT Asset Management
Identity & Access Management
Policy Templates for SaaS Management
Flexera
SaaS Manager
- SaaS Manager - Deactivated Users
- SaaS Manager - Deactivated Users for Integrated Applications
- SaaS Manager - Duplicate User Accounts
- SaaS Manager - Redundant Apps
- SaaS Manager - Renewal Reminder
- SaaS Manager - Suspicious Users
- SaaS Manager - Unsanctioned Applications with Existing Contract
- SaaS Manager - Unsanctioned Spend
Microsoft
Office 365
Okta
ServiceNow
Policy Templates for Security
AWS
CloudTrail
- AWS CloudTrail Not Enabled In All Regions
- AWS CloudTrail S3 Buckets Without Access Logging
- AWS CloudTrails Not Integrated With CloudWatch
- AWS CloudTrails Without Encrypted Logs
- AWS CloudTrails Without Log File Validation Enabled
- AWS CloudTrails Without Object-level Events Logging Enabled
- AWS Publicly Accessible CloudTrail S3 Buckets
Config
DBS
EBS
ELB
IAM
- AWS IAM Account Missing Support Role
- AWS IAM Attached Admin Policies
- AWS IAM Expired SSL/TLS Certificates
- AWS IAM Insufficient Required Password Length
- AWS IAM Password Policy Not Restricting Password Reuse
- AWS IAM Root Account Access Keys
- AWS IAM Root User Account Without Hardware MFA
- AWS IAM Root User Account Without MFA
- AWS IAM Root User Doing Everyday Tasks
- AWS IAM User Accounts Without MFA
- AWS IAM Users With Directly-Attached Policies
- AWS IAM Users With Multiple Active Access Keys
- AWS IAM Users With Old Access Keys
- AWS Regions Without Access Analyzer Enabled
- AWS Unused IAM Credentials
KMS
Network
RDS
S3
Storage
Azure
App Service
Compute
IAM
MySQL
Network Security Group
PostgreSQL
SQL
- Azure Publicly-Accessible SQL Managed Instances
- Azure SQL Databases Without Encryption
- Azure SQL Servers Vulnerability Assessment Does Not Notify Admins
- Azure SQL Servers Vulnerability Assessment Without Email Notifications
- Azure SQL Servers Vulnerability Assessment Without Periodic Scans
- Azure SQL Servers With Insufficient Auditing Retention
- Azure SQL Servers Without Active Directory Admin
- Azure SQL Servers Without Advanced Threat Protection (ATP)
- Azure SQL Servers Without Auditing Enabled
- Azure SQL Servers Without Vulnerability Assessment (VA) Enabled
Security
Storage
- Azure Blob Storage Accounts Without Logging Enabled
- Azure Blob Storage Accounts Without Soft Delete Enabled
- Azure Publicly-Accessible Blob Containers
- Azure Queue Storage Accounts Without Logging Enabled
- Azure Storage Accounts Allowing Default Network Access
- Azure Storage Accounts Without Secure TLS
- Azure Storage Accounts Without Secure Transfer
- Azure Storage Accounts Without Trusted Microsoft Services Access
- Azure Table Storage Accounts Without Logging Enabled
Storage Accounts
Storage
Tools
Policy Data Sets
Some policies require external data sets to function. These data sets are stored in the data directory. The following data sets are available:
- AWS Regions
- AWS Instance Types
- Azure Instance Types
- Google Instance Types
- Currency Reference
- Azure SQL Service Tier Types
- TZ database Timezone List
Instructions to upload policy templates to Flexera CMP Policies
- The policy templates in the repo are the files that have a .pt extension.
- Select the desired policy template, click on the “Raw” button, and then right-click and choose “Save As” to save the file to your computer.
- To upload the template to your account, navigate over to the Templates page in the left nav bar in Governance. Ensure you have the role to access policy management in RightScale. Learn More about Policy Access Control.
- Click the “Upload Policy Template” button in the account you wish to test the policy and follow the instructions to upload the template you just downloaded.
Policy Template Documentation
- Getting Started
- Reference Documentation
- Policy Template Language
- Markdown Editor - Use this to test Markdown Syntax
- README GUIDELINE
Getting Help
Support for these policy templates will be provided though GitHub Issues and the Flexera Community. Visit Flexera Community to join!
Opening an Issue
Github issues contain a template for three types of requests(Bugs, New Features to an existing Policy Template, New Policy Template Request)
- Bugs: Any issue you are having with an existing policy template not functioning correctly, this does not include missing features, or actions.
- New Feature Request: Any feature(Field, Action, Link, Output, etc) that are to be added to an existing policy template.
- New Policy Template Request: Request for a new policy template.
Troubleshooting Danger Locally
- You can test against a pull request via:
bundle exec danger pr https://github.com/flexera-public/policy_templates/pull/73 --pry
- Danger Troubleshooting