This repository contains a library of open source Flexera Policy Templates. All contributions are shared under the MIT license.
Please contact sales@flexera.com to learn more.
These templates can generate savings estimates for your environment.
- AWS GP3 Upgradeable Volumes
- AWS Idle Compute Instances
- AWS Idle NAT Gateways
- AWS Old Snapshots
- AWS Reserved Instances Recommendations
- AWS Resources Under Extended Support
- AWS Rightsize EBS Volumes
- AWS Rightsize EC2 Instances
- AWS Rightsize ElastiCache
- AWS Rightsize RDS Instances
- AWS Rightsize Redshift
- AWS Savings Plan Recommendations
- AWS Superseded EBS Volumes
- AWS Superseded EC2 Instances
- AWS Untagged Resources
- AWS Unused Application Load Balancers
- AWS Unused Classic Load Balancers
- AWS Unused IP Addresses
- AWS Unused Network Load Balancers
- AWS Unused RDS Instances
- AWS Unused Volumes
- Turbonomic Allocate Virtual Machine Recommendations AWS
- Turbonomic Buy Reserved Instances Recommendations AWS
- Turbonomic Delete Unattached Volumes Recommendations AWS
- Turbonomic Rightsize Databases Recommendations AWS
- Turbonomic Rightsize Virtual Machines Recommendations AWS
- Turbonomic Rightsize Virtual Volumes Recommendations AWS
- Azure Databricks Rightsize Compute Instances
- Azure Hybrid Use Benefit for Windows Server
- Azure Idle Compute Instances
- Azure Old Snapshots
- Azure Reserved Instances Recommendations
- Azure Rightsize Compute Instances
- Azure Rightsize Managed Disks
- Azure Rightsize MySQL Flexible Servers
- Azure Rightsize MySQL Single Servers
- Azure Rightsize NetApp Resources
- Azure Rightsize SQL Database Storage
- Azure Rightsize SQL Databases
- Azure Rightsize SQL Managed Instance Storage
- Azure Rightsize SQL Managed Instances
- Azure Rightsize Synapse SQL Pools
- Azure Savings Plan Recommendations
- Azure Superseded Compute Instances
- Azure Unused App Service Plans
- Azure Unused Firewalls
- Azure Unused IP Addresses
- Azure Unused Load Balancers
- Azure Unused SQL Databases
- Azure Unused Volumes
- Turbonomic Allocate Virtual Machine Recommendations Azure
- Turbonomic Buy Reserved Instances Recommendations Azure
- Turbonomic Delete Unattached Volumes Recommendations Azure
- Turbonomic Rightsize Databases Recommendations Azure
- Turbonomic Rightsize Virtual Machines Recommendations Azure
- Turbonomic Rightsize Virtual Volumes Recommendations Azure
- Google Committed Use Discount Recommender
- Google Idle Cloud SQL Instance Recommender
- Google Idle IP Address Recommender
- Google Idle Persistent Disk Recommender
- Google Idle VM Recommender
- Google Old Snapshots
- Google Recommenders
- Google Rightsize Cloud SQL Recommender
- Google Rightsize VM Recommender
- Turbonomic Allocate Virtual Machine Recommendations Google
- Turbonomic Delete Unattached Volumes Recommendations Google
- Turbonomic Rightsize Virtual Machines Recommendations Google
-
Compute
-
IAM
-
Organization
-
RDS
-
All
-
Compute
-
IAM
-
Cloud Cost Optimization
-
IT Asset Management
-
Identity & Access Management
-
Git
-
All
-
CloudTrail
-
Compute
- AWS Burstable EC2 Instances
- AWS EC2 Instances Time Stopped Report
- AWS EKS Clusters Without Spot Instances
- AWS Expiring Reserved Instances
- AWS Expiring Savings Plans
- AWS Idle Compute Instances
- AWS Inefficient Instance Utilization using CloudWatch
- AWS Reserved Instances Coverage
- AWS Reserved Instances Recommendations
- AWS Reserved Instances Utilization
- AWS Rightsize EC2 Instances
- AWS Savings Plan Recommendations
- AWS Savings Plan Utilization
- AWS Savings Realized From Rate Reduction Purchases
- AWS Schedule Instance
- AWS Superseded EBS Volumes
- AWS Superseded EC2 Instances
- AWS Unused IP Addresses
- Reserved Instance Report by Billing Center
- Turbonomic Allocate Virtual Machine Recommendations AWS
- Turbonomic Rightsize Virtual Machines Recommendations AWS
-
Database
-
EBS
-
Marketplace
-
Network
-
RDS
-
Storage
-
Usage Discount
-
All
-
Compute
- Azure Compute Instances Time Powered Off Report
- Azure Expiring Reserved Instances
- Azure Expiring Savings Plans
- Azure Hybrid Use Benefit for Linux Server
- Azure Hybrid Use Benefit for Windows Server
- Azure Idle Compute Instances
- Azure Inefficient Instance Utilization using Log Analytics
- Azure Reserved Instances Recommendations
- Azure Reserved Instances Utilization
- Azure Reserved Instances Utilization MCA
- Azure Rightsize Compute Instances
- Azure Savings Plan Recommendations
- Azure Savings Plan Utilization
- Azure Savings Realized from Reservations
- Azure Schedule Instance
- Azure Superseded Compute Instances
- Azure Unused IP Addresses
- Turbonomic Allocate Virtual Machine Recommendations Azure
- Turbonomic Rightsize Virtual Machines Recommendations Azure
-
Databricks
-
Managed Disks
-
Marketplace
-
MySQL
-
NetApp Files
-
Network
-
PaaS
-
SQL
-
Storage
-
Storage Accounts
-
Usage Discount
-
Common Bill Ingestion
-
Cloud Cost Optimization
- Budget Alerts
- Budget Alerts by Cloud Account
- Budget vs Actual Spend Report
- Cheaper Regions
- Cloud Cost Anomaly Alerts
- Cloud Spend Forecast - Straight-Line
- Cloud Spend Forecast - Straight-Line (Simple Model)
- Cloud Spend Moving Average Report
- Currency Conversion
- Email Cost Optimization Recommendations
- Flexera FOCUS Report
- Low Service Usage
- Low Usage Report
- New Usage
- Scheduled Report
- Superseded Instances
- Vendor Spend Commitment Forecast
-
Common Bill Ingestion
-
All
-
Compute
- Google Committed Use Discount Recommender
- Google Committed Use Discount Report
- Google Expiring Committed Use Discounts (CUD)
- Google Idle IP Address Recommender
- Google Idle VM Recommender
- Google Rightsize Cloud SQL Recommender
- Google Rightsize VM Recommender
- Google Schedule Instance
- Turbonomic Allocate Virtual Machine Recommendations Google
- Turbonomic Rightsize Virtual Machines Recommendations Google
-
SQL
-
Storage
-
Kubernetes
-
Common Bill Ingestion
-
Compute
- AWS Long Running Instances
- AWS Scheduled EC2 Events
- AWS Usage Forecast - Instance Time Used
- AWS Usage Forecast - Number of Instance Hours Used
- AWS Usage Forecast - Number of Instance vCPUs Used
- AWS Usage Report - Instance Time Used
- AWS Usage Report - Number of Instance Hours Used
- AWS Usage Report - Number of Instance vCPUs Used
-
PaaS
-
Tags
-
AKS
-
Compute
-
PaaS
-
Tags
-
Automation
-
Cloud Cost Optimization
-
FlexNet Manager
-
IT Asset Management
-
Identity & Access Management
-
SaaS Manager
- SaaS Manager - Deactivated Users
- SaaS Manager - Deactivated Users for Integrated Applications
- SaaS Manager - Duplicate User Accounts
- SaaS Manager - Redundant Apps
- SaaS Manager - Renewal Reminder
- SaaS Manager - Suspicious Users
- SaaS Manager - Unsanctioned Applications with Existing Contract
- SaaS Manager - Unsanctioned Spend
-
Office 365
-
CloudTrail
- AWS CloudTrail Not Enabled In All Regions
- AWS CloudTrail S3 Buckets Without Access Logging
- AWS CloudTrails Not Integrated With CloudWatch
- AWS CloudTrails Without Encrypted Logs
- AWS CloudTrails Without Log File Validation Enabled
- AWS CloudTrails Without Object-level Events Logging Enabled
- AWS Publicly Accessible CloudTrail S3 Buckets
-
Config
-
DBS
-
EBS
-
ELB
-
IAM
- AWS IAM Account Missing Support Role
- AWS IAM Attached Admin Policies
- AWS IAM Expired SSL/TLS Certificates
- AWS IAM Insufficient Required Password Length
- AWS IAM Password Policy Not Restricting Password Reuse
- AWS IAM Root Account Access Keys
- AWS IAM Root User Account Without Hardware MFA
- AWS IAM Root User Account Without MFA
- AWS IAM Root User Doing Everyday Tasks
- AWS IAM User Accounts Without MFA
- AWS IAM Users With Directly-Attached Policies
- AWS IAM Users With Multiple Active Access Keys
- AWS IAM Users With Old Access Keys
- AWS Regions Without Access Analyzer Enabled
- AWS Unused IAM Credentials
-
KMS
-
Network
-
RDS
-
S3
-
Storage
-
App Service
-
Compute
-
IAM
-
MySQL
-
Network Security Group
-
PostgreSQL
-
SQL
- Azure Publicly-Accessible SQL Managed Instances
- Azure SQL Databases Without Encryption
- Azure SQL Servers Vulnerability Assessment Does Not Notify Admins
- Azure SQL Servers Vulnerability Assessment Without Email Notifications
- Azure SQL Servers Vulnerability Assessment Without Periodic Scans
- Azure SQL Servers With Insufficient Auditing Retention
- Azure SQL Servers Without Active Directory Admin
- Azure SQL Servers Without Advanced Threat Protection (ATP)
- Azure SQL Servers Without Auditing Enabled
- Azure SQL Servers Without Vulnerability Assessment (VA) Enabled
-
Security
-
Storage
- Azure Blob Storage Accounts Without Logging Enabled
- Azure Blob Storage Accounts Without Soft Delete Enabled
- Azure Publicly-Accessible Blob Containers
- Azure Queue Storage Accounts Without Logging Enabled
- Azure Storage Accounts Allowing Default Network Access
- Azure Storage Accounts Without Secure TLS
- Azure Storage Accounts Without Secure Transfer
- Azure Storage Accounts Without Trusted Microsoft Services Access
- Azure Table Storage Accounts Without Logging Enabled
-
Storage Accounts
-
Storage
Some policies require external data sets to function. These data sets are stored in the data directory. The following data sets are available:
- AWS Regions
- AWS Instance Types
- Azure Instance Types
- Google Instance Types
- Currency Reference
- Azure SQL Service Tier Types
- Azure SQL Managed Instance Tier Types
- TZ database Timezone List
- The policy templates in the repo are the files that have a .pt extension.
- Select the desired policy template, click on the “Raw” button, and then right-click and choose “Save As” to save the file to your computer.
- To upload the template to your account, navigate over to the Templates page in the left nav bar in Governance. Ensure you have the role to access policy management in RightScale. Learn More about Policy Access Control.
- Click the “Upload Policy Template” button in the account you wish to test the policy and follow the instructions to upload the template you just downloaded.
- Getting Started
- Reference Documentation
- Policy Template Language
- Markdown Editor - Use this to test Markdown Syntax
- README GUIDELINE
Support for these policy templates will be provided though GitHub Issues and the Flexera Community. Visit Flexera Community to join!
Github issues contain a template for three types of requests(Bugs, New Features to an existing Policy Template, New Policy Template Request)
- Bugs: Any issue you are having with an existing policy template not functioning correctly, this does not include missing features, or actions.
- New Feature Request: Any feature(Field, Action, Link, Output, etc) that are to be added to an existing policy template.
- New Policy Template Request: Request for a new policy template.
- You can test against a pull request via:
bundle exec danger pr https://github.com/flexera-public/policy_templates/pull/73 --pry
- Danger Troubleshooting