From fd93327c64aa6a1e2384a4216dd03d01425ed907 Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" <41898282+github-actions[bot]@users.noreply.github.com> Date: Fri, 8 Dec 2023 12:29:59 -0600 Subject: [PATCH 1/2] Update Master Policy Permissions List (#1676) Co-authored-by: nia-vf1 --- .../master_policy_permissions_list.json | 3075 +++++++++++++++++ 1 file changed, 3075 insertions(+) create mode 100644 data/policy_permissions_list/master_policy_permissions_list.json diff --git a/data/policy_permissions_list/master_policy_permissions_list.json b/data/policy_permissions_list/master_policy_permissions_list.json new file mode 100644 index 0000000000..0883cfd6f9 --- /dev/null +++ b/data/policy_permissions_list/master_policy_permissions_list.json @@ -0,0 +1,3075 @@ +{ + "values": [ + { + "id": "./automation/google/google_rbd_from_label/google_rbd_from_label.pt", + "name": "Google Rule-Based Dimension From Project Labels", + "providers": [ + { + "name": "flexera", + "permissions": [ + "common:org:own", + "optima:rule_based_dimension" + ] + } + ] + }, + { + "id": "./automation/azure/azure_rbd_from_tag/azure_rbd_from_tag.pt", + "name": "Azure Rule-Based Dimension From Subscription Tags", + "providers": [ + { + "name": "flexera", + "permissions": [ + "common:org:own", + "optima:rule_based_dimension" + ] + } + ] + }, + { + "id": "./automation/azure/azure_rbd_from_rg_tag/azure_rbd_from_rg_tag.pt", + "name": "Azure Rule-Based Dimension From Resource Group Tags", + "providers": [ + { + "name": "flexera", + "permissions": [ + "common:org:own", + "optima:rule_based_dimension" + ] + } + ] + }, + { + "id": "./automation/aws/aws_rbd_from_tag/aws_rbd_from_tag.pt", + "name": "AWS Rule-Based Dimension From Account Tags", + "providers": [ + { + "name": "flexera", + "permissions": [ + "common:org:own", + "optima:rule_based_dimension" + ] + } + ] + }, + { + "id": "./compliance/disallowed_images/disallowed_cloud_images.pt", + "name": "Disallowed Cloud Images", + "providers": [ + + ] + }, + { + "id": "./compliance/billing_center_access_report/bc_access_report.pt", + "name": "Billing Center Access Report", + "providers": [ + { + "name": "flexera", + "permissions": [ + "billing_center_viewer", + "enterprise_manager" + ] + } + ] + }, + { + "id": "./compliance/google/long_stopped_instances/google_long_stopped_instances.pt", + "name": "Google Long-stopped instances", + "providers": [ + + ] + }, + { + "id": "./compliance/google/unlabeled_resources/unlabeled_resources.pt", + "name": "Google Unlabeled Resources", + "providers": [ + + ] + }, + { + "id": "./compliance/fnms/fnms_low_licenses_available/fnms-low-available-licenses.pt", + "name": "FlexNet Manager Low Available Licenses", + "providers": [ + + ] + }, + { + "id": "./compliance/fnms/vms_missing_hostid/vms_missing_hostid.pt", + "name": "ITAM VMs Missing Host ID", + "providers": [ + { + "name": "flexera", + "permissions": [ + "fnms_user" + ] + } + ] + }, + { + "id": "./compliance/fnms/overused_licenses/overused_licenses.pt", + "name": "ITAM Overused Licenses", + "providers": [ + { + "name": "flexera", + "permissions": [ + "fnms_user" + ] + } + ] + }, + { + "id": "./compliance/fnms/fnms_licenses_expiring/expiring_licenses.pt", + "name": "ITAM Expiring Licenses", + "providers": [ + { + "name": "flexera", + "permissions": [ + "fnms_user" + ] + } + ] + }, + { + "id": "./compliance/fnms/ignored_recent_inventory_dates/ignored_recent_inventory_dates.pt", + "name": "ITAM Ignored Recent Inventory Dates", + "providers": [ + { + "name": "flexera", + "permissions": [ + "fnms_user" + ] + } + ] + }, + { + "id": "./compliance/fnms/fnms_licenses_at_risk/fnms-at-risk-licenses.pt", + "name": "FlexNet Manager Licenses At Risk", + "providers": [ + + ] + }, + { + "id": "./compliance/fnms/missing_active_machines/missing_active_machines.pt", + "name": "ITAM Missing Active Machines", + "providers": [ + { + "name": "flexera", + "permissions": [ + "fnms_user" + ] + } + ] + }, + { + "id": "./compliance/azure/azure_long_stopped_instances/long_stopped_instances_azure_meta_parent.pt", + "name": "Azure Long Stopped Instances Meta Parent", + "providers": [ + { + "name": "azure", + "permissions": [ + "Microsoft.Compute/virtualMachines/read", + "Microsoft.Compute/virtualMachines/delete" + ] + }, + { + "name": "flexera", + "permissions": [ + "billing_center_viewer" + ] + } + ] + }, + { + "id": "./compliance/azure/azure_disallowed_regions/azure_disallowed_regions.pt", + "name": "Azure Disallowed Regions", + "providers": [ + { + "name": "azure", + "permissions": [ + "Microsoft.Resources/subscriptions/resources/read", + "Microsoft.Resources/subscriptions/resources/delete" + ] + }, + { + "name": "flexera", + "permissions": [ + "billing_center_viewer" + ] + } + ] + }, + { + "id": "./compliance/azure/compliance_score/azure_regulatory_compliance_report.pt", + "name": "Azure Regulatory Compliance", + "providers": [ + + ] + }, + { + "id": "./compliance/azure/ahub_manual/azure_ahub_utilization_with_manual_entry.pt", + "name": "Azure AHUB Utilization with Manual Entry", + "providers": [ + { + "name": "azure", + "permissions": [ + "Microsoft.Compute/virtualMachines/read", + "Microsoft.Compute/locations/vmSizes/read" + ] + }, + { + "name": "flexera", + "permissions": [ + "billing_center_viewer" + ] + } + ] + }, + { + "id": "./compliance/azure/azure_policy_audit/azure_policy_audit.pt", + "name": "Azure Policy Audit", + "providers": [ + + ] + }, + { + "id": "./compliance/azure/instances_without_fnm_agent/azure_instances_not_running_flexnet_inventory_agent_meta_parent.pt", + "name": "Azure Instances not running FlexNet Inventory Agent Meta Parent", + "providers": [ + { + "name": "azure", + "permissions": [ + "Microsoft.Compute/virtualMachines/read" + ] + }, + { + "name": "flexera", + "permissions": [ + "Web Service" + ] + } + ] + }, + { + "id": "./compliance/azure/subscription_access/azure_subscription_access.pt", + "name": "Azure Subscription Access", + "providers": [ + + ] + }, + { + "id": "./compliance/azure/azure_untagged_resources/untagged_resources.pt", + "name": "Azure Untagged Resources", + "providers": [ + + ] + }, + { + "id": "./compliance/policy_update_notification/policy_update_notification.pt", + "name": "Policy Update Notification", + "providers": [ + + ] + }, + { + "id": "./compliance/unapproved_instance_types/unapproved_instance_types.pt", + "name": "Unapproved Instance Types", + "providers": [ + + ] + }, + { + "id": "./compliance/aws/long_stopped_instances/aws_long_stopped_instances.pt", + "name": "AWS Long-stopped Instances", + "providers": [ + { + "name": "aws", + "permissions": [ + "ec2:DescribeRegions", + "ec2:DescribeInstances", + "cloudwatch:GetMetricStatistics" + ] + }, + { + "name": "flexera", + "permissions": [ + "billing_center_viewer" + ] + } + ] + }, + { + "id": "./compliance/aws/disallowed_regions/aws_disallowed_regions_meta_parent.pt", + "name": "AWS Disallowed Regions Meta Parent", + "providers": [ + { + "name": "aws", + "permissions": [ + "ecs:DescribeInstances" + ] + }, + { + "name": "flexera", + "permissions": [ + "billing_center_viewer" + ] + } + ] + }, + { + "id": "./compliance/aws/iam_role_audit/aws_iam_role_audit.pt", + "name": "AWS IAM Role Audit", + "providers": [ + + ] + }, + { + "id": "./compliance/aws/instances_without_fnm_agent/aws_instances_not_running_flexnet_inventory_agent_meta_parent.pt", + "name": "AWS EC2 Instances not running FlexNet Inventory Agent Meta Parent", + "providers": [ + { + "name": "aws", + "permissions": [ + "ec2:DescribeRegions", + "ec2:DescribeInstances" + ] + }, + { + "name": "flexera", + "permissions": [ + "Web Service" + ] + } + ] + }, + { + "id": "./compliance/aws/scp_audit/aws_scp_audit.pt", + "name": "AWS Service Control Policy Audit", + "providers": [ + + ] + }, + { + "id": "./compliance/aws/ecs_unused/aws_unused_ecs_clusters.pt", + "name": "AWS Unused ECS Clusters", + "providers": [ + + ] + }, + { + "id": "./compliance/aws/untagged_resources/aws_untagged_resources.pt", + "name": "AWS Untagged Resources", + "providers": [ + { + "name": "aws", + "permissions": [ + "tag:GetResources", + "tag:TagResources", + "ec2:DescribeRegions", + "ec2:CreateTags", + "rds:AddTagsToResources", + "config:TagResource" + ] + }, + { + "name": "flexera", + "permissions": [ + "billing_center_viewer" + ] + } + ] + }, + { + "id": "./compliance/flexera/iam_explicit_user_roles/flexera_iam_explicit_user_roles.pt", + "name": "Flexera IAM Explicit User Roles", + "providers": [ + { + "name": "flexera", + "permissions": [ + "enterprise_manager" + ] + } + ] + }, + { + "id": "./compliance/github/repository_size/repository_size.pt", + "name": "GitHub.com Unpermitted Sized Repositories", + "providers": [ + + ] + }, + { + "id": "./compliance/github/repository_branch_protection/repository_branch_protection.pt", + "name": "GitHub.com Repository Branches without Protection", + "providers": [ + + ] + }, + { + "id": "./compliance/github/repository_admin_team/repository_admin_team.pt", + "name": "GitHub.com Repositories without Admin Team", + "providers": [ + + ] + }, + { + "id": "./compliance/github/toplevel_teams/toplevel_teams.pt", + "name": "GitHub.com Unpermitted Top-Level Teams", + "providers": [ + + ] + }, + { + "id": "./compliance/github/available_seats/available_seats.pt", + "name": "GitHub.com Available Seats Report", + "providers": [ + + ] + }, + { + "id": "./compliance/github/repository_naming/repository_naming.pt", + "name": "GitHub.com Unpermitted Repository Names", + "providers": [ + + ] + }, + { + "id": "./compliance/github/outside_collaborators/outside_collaborators.pt", + "name": "GitHub.com Unpermitted Outside Collaborators", + "providers": [ + + ] + }, + { + "id": "./compliance/tags/azure_rg_tags/azure_resource_group_tags.pt", + "name": "Azure Tag Resources with Resource Group Name", + "providers": [ + + ] + }, + { + "id": "./compliance/tags/tag_checker/tag_checker.pt", + "name": "Untagged Resources", + "providers": [ + + ] + }, + { + "id": "./cost/oracle/oracle_cbi/oracle_cbi.pt", + "name": "Oracle Cloud Common Bill Ingestion", + "providers": [ + + ] + }, + { + "id": "./cost/superseded_instance_remediation/superseded_instance_remediation.pt", + "name": "Superseded Instance Remediation", + "providers": [ + + ] + }, + { + "id": "./cost/currency_conversion/currency_conversion.pt", + "name": "Currency Conversion", + "providers": [ + { + "name": "flexera", + "permissions": [ + "enterprise_manager" + ] + } + ] + }, + { + "id": "./cost/superseded_instance/superseded_instance.pt", + "name": "Superseded Instances", + "providers": [ + { + "name": "flexera", + "permissions": [ + "billing_center_viewer" + ] + } + ] + }, + { + "id": "./cost/forecasting/commitment_forecast/commitment_forecast.pt", + "name": "Vendor Commitment Forecast", + "providers": [ + { + "name": "flexera", + "permissions": [ + "billing_center_viewer" + ] + } + ] + }, + { + "id": "./cost/forecasting/moving_average/moving_average_forecast.pt", + "name": "Cloud Spend Forecast - Moving Average", + "providers": [ + { + "name": "flexera", + "permissions": [ + "billing_center_viewer" + ] + } + ] + }, + { + "id": "./cost/forecasting/straight_line_forecast/linear_regression/straight_line_forecast_linear_regression.pt", + "name": "Cloud Spend Forecast - Straight-Line (Linear Regression Model)", + "providers": [ + { + "name": "flexera", + "permissions": [ + "billing_center_viewer" + ] + } + ] + }, + { + "id": "./cost/forecasting/straight_line_forecast/simple/straight_line_forecast_simple.pt", + "name": "Cloud Spend Forecast - Straight-Line (Simple Model)", + "providers": [ + { + "name": "flexera", + "permissions": [ + "billing_center_viewer" + ] + } + ] + }, + { + "id": "./cost/unattached_addresses/unattached_addresses.pt", + "name": "Unattached IP Addresses", + "providers": [ + + ] + }, + { + "id": "./cost/cloud_cost_anomaly_alerts/cloud_cost_anomaly_alerts.pt", + "name": "Cloud Cost Anomaly Alerts", + "providers": [ + + ] + }, + { + "id": "./cost/low_service_usage/low_service_usage.pt", + "name": "Low Service Usage", + "providers": [ + { + "name": "flexera", + "permissions": [ + "billing_center_viewer", + "policy_designer", + "policy_manager", + "policy_publisher" + ] + } + ] + }, + { + "id": "./cost/budget_alerts_by_account/budget_alerts_by_account.pt", + "name": "Budget Alerts by Cloud Account", + "providers": [ + { + "name": "flexera", + "permissions": [ + "billing_center_viewer" + ] + } + ] + }, + { + "id": "./cost/turbonomics/delete_unattached_volumes/azure/turbonomics_delete_virtual_volumes.pt", + "name": "Turbonomic Delete Unattached Volumes Recommendations Azure", + "providers": [ + + ] + }, + { + "id": "./cost/turbonomics/delete_unattached_volumes/aws/turbonomics_delete_virtual_volumes.pt", + "name": "Turbonomic Delete Unattached Volumes Recommendations AWS", + "providers": [ + + ] + }, + { + "id": "./cost/turbonomics/delete_unattached_volumes/gcp/turbonomics_delete_virtual_volumes.pt", + "name": "Turbonomic Delete Unattached Volumes Recommendations Google", + "providers": [ + + ] + }, + { + "id": "./cost/turbonomics/allocate_virtual_machines_recommendations/azure/turbonomics_allocate_virtual_machines.pt", + "name": "Turbonomic Allocate Virtual Machine Recommendations Azure", + "providers": [ + + ] + }, + { + "id": "./cost/turbonomics/allocate_virtual_machines_recommendations/aws/turbonomics_allocate_virtual_machines.pt", + "name": "Turbonomic Allocate Virtual Machine Recommendations AWS", + "providers": [ + + ] + }, + { + "id": "./cost/turbonomics/allocate_virtual_machines_recommendations/gcp/turbonomics_allocate_virtual_machines.pt", + "name": "Turbonomic Allocate Virtual Machine Recommendations Google", + "providers": [ + + ] + }, + { + "id": "./cost/turbonomics/buy_reserved_instances_recommendations/azure/turbonomics_buy_reserved_instances.pt", + "name": "Turbonomic Buy Reserved Instances Recommendations Azure", + "providers": [ + + ] + }, + { + "id": "./cost/turbonomics/buy_reserved_instances_recommendations/aws/turbonomics_buy_reserved_instances.pt", + "name": "Turbonomic Buy Reserved Instances Recommendations AWS", + "providers": [ + + ] + }, + { + "id": "./cost/turbonomics/rightsize_databases_recommendations/azure/turbonomics_rightsize_databases_recommendations.pt", + "name": "Turbonomic Rightsize Databases Recommendations Azure", + "providers": [ + + ] + }, + { + "id": "./cost/turbonomics/rightsize_databases_recommendations/aws/turbonomics_rightsize_databases_recommendations.pt", + "name": "Turbonomic Rightsize Databases Recommendations AWS", + "providers": [ + + ] + }, + { + "id": "./cost/turbonomics/rightsize_databases_recommendations/gcp/turbonomics_rightsize_databases_recommendations.pt", + "name": "Turbonomic Rightsize Databases Recommendations Google", + "providers": [ + + ] + }, + { + "id": "./cost/turbonomics/scale_virtual_machines_recommendations/azure/turbonomics_scale_virtual_machines.pt", + "name": "Turbonomic Rightsize Virtual Machines Recommendations Azure", + "providers": [ + + ] + }, + { + "id": "./cost/turbonomics/scale_virtual_machines_recommendations/aws/turbonomics_scale_virtual_machines.pt", + "name": "Turbonomic Rightsize Virtual Machines Recommendations AWS", + "providers": [ + + ] + }, + { + "id": "./cost/turbonomics/scale_virtual_machines_recommendations/gcp/turbonomics_scale_virtual_machines.pt", + "name": "Turbonomic Rightsize Virtual Machines Recommendations Google", + "providers": [ + + ] + }, + { + "id": "./cost/turbonomics/credential_refresh/turbonomic_cred_refresh.pt", + "name": "Turbonomic Credential Refresh", + "providers": [ + + ] + }, + { + "id": "./cost/turbonomics/rightsize_virtual_volumes_recommendations/azure/turbonomics_rightsize_virtual_volumes_recommendations.pt", + "name": "Turbonomic Rightsize Virtual Volumes Recommendations Azure", + "providers": [ + + ] + }, + { + "id": "./cost/turbonomics/rightsize_virtual_volumes_recommendations/aws/turbonomics_rightsize_virtual_volumes_recommendations.pt", + "name": "Turbonomic Rightsize Virtual Volumes Recommendations AWS", + "providers": [ + + ] + }, + { + "id": "./cost/turbonomics/rightsize_virtual_volumes_recommendations/gcp/turbonomics_rightsize_virtual_volumes_recommendations.pt", + "name": "Turbonomic Rightsize Virtual Volumes Recommendations Google", + "providers": [ + + ] + }, + { + "id": "./cost/volumes/unattached_volumes/uav_policy.pt", + "name": "Unattached Volumes", + "providers": [ + + ] + }, + { + "id": "./cost/volumes/old_snapshots/old_snapshot.pt", + "name": "Discover Old Snapshots", + "providers": [ + + ] + }, + { + "id": "./cost/scheduled_report_markupsdowns/scheduled_report_markpsdowns.pt", + "name": "Scheduled Report with Markups and Markdowns", + "providers": [ + + ] + }, + { + "id": "./cost/google/cud_expiration/google_cud_expiration_report.pt", + "name": "Google Expiring Committed Use Discount (CUD)", + "providers": [ + + ] + }, + { + "id": "./cost/google/unutilized_ip_addresses/google_unutilized_ip_addresses.pt", + "name": "Google Unutilized IP Addresses", + "providers": [ + + ] + }, + { + "id": "./cost/google/idle_vm_recommendations/google_vm_recommendations.pt", + "name": "Google Idle VM Recommender", + "providers": [ + + ] + }, + { + "id": "./cost/google/unattached_volumes/google_delete_unattached_volumes.pt", + "name": "Google Unused Volumes", + "providers": [ + + ] + }, + { + "id": "./cost/google/cud_report/google_committed_usediscount_report.pt", + "name": "Google Committed Use Discount (CUD)", + "providers": [ + + ] + }, + { + "id": "./cost/google/instances_stackdriver_utilization/google_instances_stackdriver_utilization.pt", + "name": "Google Inefficient Instance Utilization using StackDriver", + "providers": [ + + ] + }, + { + "id": "./cost/google/rightsize_vm_recommendations/google_rightsize_vm_recommendations.pt", + "name": "Google Rightsize VM Recommender", + "providers": [ + { + "name": "gcp", + "permissions": [ + "recommender.computeInstanceMachineTypeRecommendations.list", + "recommender.computeInstanceIdleResourceRecommendations.list", + "resourcemanager.projects.get", + "monitoring.metricDescriptors.list", + "monitoring.timeSeries.list", + "compute.instances.list", + "compute.instances.get", + "compute.instances.start", + "compute.instances.stop", + "compute.instances.setMachineType", + "compute.instances.delete" + ], + "roles": [ + "Monitoring Viewer", + "Compute Recommender Viewer", + "Compute Recommender Admin" + ] + }, + { + "name": "flexera", + "permissions": [ + "billing_center_viewer" + ] + } + ] + }, + { + "id": "./cost/google/schedule_instance/google_schedule_instance.pt", + "name": "Google Schedule Instance", + "providers": [ + + ] + }, + { + "id": "./cost/google/idle_persistent_disk_recommendations/google_idle_persistent_disk_recommendations.pt", + "name": "Google Idle Persistent Disk Recommender", + "providers": [ + { + "name": "gcp", + "permissions": [ + "recommender.computeDiskIdleResourceRecommendations.list", + "resourcemanager.projects.get", + "compute.disks.list", + "compute.disks.createSnapshot", + "compute.disks.delete", + "compute.globalOperations.get" + ], + "roles": [ + "Monitoring Viewer", + "Compute Recommender Viewer", + "Compute Recommender Admin" + ] + }, + { + "name": "flexera", + "permissions": [ + "billing_center_viewer" + ] + } + ] + }, + { + "id": "./cost/google/unused_cloudsql_instances/google_unused_cloudsql_instances.pt", + "name": "Google Unused CloudSQL Instances", + "providers": [ + + ] + }, + { + "id": "./cost/google/cloud_sql_idle_instance_recommendations/google_sql_idle_instance_recommendations.pt", + "name": "Google Idle Cloud SQL Instance Recommender", + "providers": [ + { + "name": "gcp", + "permissions": [ + "recommender.cloudsqlIdleInstanceRecommendations.list", + "resourcemanager.projects.get", + "cloudsql.instances.list", + "cloudsql.instances.update", + "cloudsql.instances.delete" + ], + "roles": [ + "Cloud SQL Recommender Viewer", + "Cloud SQL Recommender Admin" + ] + }, + { + "name": "flexera", + "permissions": [ + "billing_center_viewer" + ] + } + ] + }, + { + "id": "./cost/google/idle_ip_address_recommendations/google_idle_ip_address_recommendations_meta_parent.pt", + "name": "Google Idle IP Address Recommender Meta Parent", + "providers": [ + { + "name": "gcp", + "permissions": [ + "recommender.computeAddressIdleResourceRecommendations.list", + "resourcemanager.projects.get", + "compute.addresses.list", + "compute.addresses.delete" + ], + "roles": [ + "Compute Recommender Viewer", + "Compute Recommender Admin" + ] + }, + { + "name": "flexera", + "permissions": [ + "billing_center_viewer" + ] + } + ] + }, + { + "id": "./cost/google/old_snapshots/google_delete_old_snapshots.pt", + "name": "Google Old Snapshots", + "providers": [ + { + "name": "gcp", + "permissions": [ + "resourcemanager.projects.get", + "compute.snapshots.get", + "compute.snapshots.list", + "compute.snapshots.delete" + ] + }, + { + "name": "flexera", + "permissions": [ + "billing_center_viewer" + ] + } + ] + }, + { + "id": "./cost/google/object_storage_optimization/google_object_storage_optimization.pt", + "name": "Google Object Storage Optimization", + "providers": [ + + ] + }, + { + "id": "./cost/google/idle_compute_instances/google_idle_compute_instances.pt", + "name": "Google Idle Compute Instances", + "providers": [ + + ] + }, + { + "id": "./cost/google/cud_recommendations/google_committed_use_discount_recommendations_meta_parent.pt", + "name": "Google Committed Use Discount Recommender Meta Parent", + "providers": [ + { + "name": "gcp", + "permissions": [ + "resourcemanager.projects.get", + "recommender.usageCommitmentRecommendations.list", + "billing.resourceCosts.get", + "billing.accounts.getSpendingInformation" + ], + "roles": [ + "Project Usage Commitment Recommender Viewer" + ] + }, + { + "name": "flexera", + "permissions": [ + "billing_center_viewer" + ] + } + ] + }, + { + "id": "./cost/google/cloudsql_rightsizing/google_cloudsql_rightsizing.pt", + "name": "Google Rightsize CloudSQL Instances", + "providers": [ + + ] + }, + { + "id": "./cost/google/recommender/recommender.pt", + "name": "Google Recommender Policy", + "providers": [ + + ] + }, + { + "id": "./cost/low_account_usage/low_account_usage.pt", + "name": "Low Account Usage", + "providers": [ + { + "name": "flexera", + "permissions": [ + "billing_center_viewer", + "policy_designer", + "policy_manager", + "policy_publisher" + ] + } + ] + }, + { + "id": "./cost/downsize_instance/downsize_instance.pt", + "name": "Downsize Instances", + "providers": [ + + ] + }, + { + "id": "./cost/azure/unused_sql_databases/azure_unused_sql_databases_meta_parent.pt", + "name": "Azure Unused SQL Databases Meta Parent", + "providers": [ + { + "name": "azure", + "permissions": [ + "Microsoft.Sql/servers/databases/read", + "Microsoft.Sql/servers/databases/metrics/read", + "Microsoft.Insights/metrics/read", + "Microsoft.Sql/servers/databases/delete" + ] + }, + { + "name": "flexera", + "permissions": [ + "billing_center_viewer" + ] + } + ] + }, + { + "id": "./cost/azure/savings_plan/recommendations/azure_savings_plan_recommendations.pt", + "name": "Azure Savings Plan Recommendations", + "providers": [ + { + "name": "azure", + "permissions": [ + "Microsoft.CostManagement/benefitRecommendations/read" + ] + }, + { + "name": "flexera", + "permissions": [ + "billing_center_viewer" + ] + } + ] + }, + { + "id": "./cost/azure/hybrid_use_benefit_sql/ahub_sql_meta_parent.pt", + "name": "Azure Hybrid Use Benefit for SQL Meta Parent", + "providers": [ + { + "name": "azure", + "permissions": [ + "Microsoft.SqlVirtualMachine/sqlVirtualMachines/read", + "Microsoft.SqlVirtualMachine/sqlVirtualMachines/write", + "Microsoft.Sql/servers/read", + "Microsoft.Sql/servers/write", + "Microsoft.Sql/managedInstances/read", + "Microsoft.Sql/managedInstances/write" + ] + }, + { + "name": "flexera", + "permissions": [ + "billing_center_viewer" + ] + } + ] + }, + { + "id": "./cost/azure/databricks/rightsize_compute/azure_databricks_rightsize_compute_meta_parent.pt", + "name": "Azure Databricks Rightsize Compute Instances Meta Parent", + "providers": [ + { + "name": "azure", + "permissions": [ + "Microsoft.Compute/virtualMachines/read", + "Microsoft.Compute/skus/read", + "Microsoft.Insights/metrics/read" + ] + }, + { + "name": "flexera", + "permissions": [ + "billing_center_viewer" + ] + } + ] + }, + { + "id": "./cost/azure/reserved_instances/recommendations/azure_reserved_instance_recommendations.pt", + "name": "Azure Reserved Instances Recommendations", + "providers": [ + { + "name": "azure", + "permissions": [ + "Microsoft.Billing/billingAccounts/read", + "Microsoft.Consumption/reservationRecommendations/read" + ] + }, + { + "name": "flexera", + "permissions": [ + "billing_center_viewer" + ] + } + ] + }, + { + "id": "./cost/azure/reserved_instances/expiration/azure_reserved_instance_expiration.pt", + "name": "Azure Expiring Reserved Instances", + "providers": [ + { + "name": "flexera", + "permissions": [ + "ca_user" + ] + } + ] + }, + { + "id": "./cost/azure/reserved_instances/utilization/azure_reserved_instance_utilization.pt", + "name": "Azure Reserved Instances Utilization", + "providers": [ + + ] + }, + { + "id": "./cost/azure/reserved_instances/utilization_mca/azure_reserved_instance_utilization_mca.pt", + "name": "Azure Reserved Instances Utilization MCA", + "providers": [ + + ] + }, + { + "id": "./cost/azure/hybrid_use_benefit/azure_hybrid_use_benefit_meta_parent.pt", + "name": "Azure Hybrid Use Benefit for Windows Server Meta Parent", + "providers": [ + { + "name": "azure", + "permissions": [ + "Microsoft.Compute/virtualMachines/read", + "Microsoft.Compute/virtualMachines/write" + ] + }, + { + "name": "flexera", + "permissions": [ + "billing_center_viewer" + ] + } + ] + }, + { + "id": "./cost/azure/schedule_instance/azure_schedule_instance_meta_parent.pt", + "name": "Azure Schedule Instance Meta Parent", + "providers": [ + { + "name": "azure", + "permissions": [ + "Microsoft.Compute/virtualMachines/read", + "Microsoft.Compute/virtualMachines/write", + "Microsoft.Compute/virtualMachines/delete", + "Microsoft.Compute/virtualMachines/start/action", + "Microsoft.Compute/virtualMachines/deallocate/action" + ] + }, + { + "name": "flexera", + "permissions": [ + "billing_center_viewer" + ] + } + ] + }, + { + "id": "./cost/azure/rightsize_compute_instances/azure_compute_rightsizing_meta_parent.pt", + "name": "Azure Rightsize Compute Instances Meta Parent", + "providers": [ + { + "name": "azure", + "permissions": [ + "Microsoft.Compute/virtualMachines/read", + "Microsoft.Compute/virtualMachines/write", + "Microsoft.Compute/skus/read", + "Microsoft.Insights/metrics/read" + ] + }, + { + "name": "flexera", + "permissions": [ + "billing_center_viewer" + ] + } + ] + }, + { + "id": "./cost/azure/unused_volumes/azure_unused_volumes.pt", + "name": "Azure Unused Volumes", + "providers": [ + { + "name": "azure", + "permissions": [ + "Microsoft.Compute/disks/read", + "Microsoft.Compute/disks/write", + "Microsoft.Compute/snapshots/write", + "Microsoft.Compute/virtualMachines/read", + "Microsoft.Compute/virtualMachines/write", + "Microsoft.Insights/metrics/read" + ] + }, + { + "name": "flexera", + "permissions": [ + "billing_center_viewer" + ] + } + ] + }, + { + "id": "./cost/azure/instances_log_analytics_utilization/azure_instance_log_analytics_utilization.pt", + "name": "Azure Inefficient Instance Utilization using Log Analytics", + "providers": [ + + ] + }, + { + "id": "./cost/azure/azure_china_cbi/azure_china_cbi.pt", + "name": "Azure China Common Bill Ingestion", + "providers": [ + + ] + }, + { + "id": "./cost/azure/hybrid_use_benefit_linux/ahub_linux_meta_parent.pt", + "name": "Azure Hybrid Use Benefit for Linux Server Meta Parent", + "providers": [ + { + "name": "azure", + "permissions": [ + "Microsoft.Compute/virtualMachines/read", + "Microsoft.Compute/virtualMachines/write" + ] + }, + { + "name": "flexera", + "permissions": [ + "billing_center_viewer" + ] + } + ] + }, + { + "id": "./cost/azure/savings_realized/azure_savings_realized.pt", + "name": "Azure Savings Realized from Reservations", + "providers": [ + { + "name": "flexera", + "permissions": [ + "billing_center_viewer" + ] + } + ] + }, + { + "id": "./cost/azure/unused_ip_addresses/azure_unused_ip_addresses.pt", + "name": "Azure Unused IP Addresses", + "providers": [ + { + "name": "azure", + "permissions": [ + "Microsoft.Network/publicIPAddresses/read", + "Microsoft.Network/publicIPAddresses/delete", + "Microsoft.Insights/eventtypes/values/read" + ] + }, + { + "name": "flexera", + "permissions": [ + "billing_center_viewer" + ] + } + ] + }, + { + "id": "./cost/azure/superseded_instances/azure_superseded_instances_meta_parent.pt", + "name": "Azure Superseded Compute Instances Meta Parent", + "providers": [ + { + "name": "azure", + "permissions": [ + "Microsoft.Compute/virtualMachines/read", + "Microsoft.Compute/virtualMachines/write" + ] + }, + { + "name": "flexera", + "permissions": [ + "billing_center_viewer" + ] + } + ] + }, + { + "id": "./cost/azure/old_snapshots/azure_delete_old_snapshots.pt", + "name": "Azure Old Snapshots", + "providers": [ + { + "name": "azure", + "permissions": [ + "Microsoft.Compute/snapshots/read", + "Microsoft.Compute/snapshots/delete" + ] + }, + { + "name": "flexera", + "permissions": [ + "billing_center_viewer" + ] + } + ] + }, + { + "id": "./cost/azure/object_storage_optimization/azure_object_storage_optimization.pt", + "name": "Azure Blob Storage Optimization", + "providers": [ + + ] + }, + { + "id": "./cost/azure/storage_account_lifecycle_management/storage_account_lifecycle_management.pt", + "name": "Azure Storage Accounts without Lifecycle Management Policies", + "providers": [ + { + "name": "azure", + "permissions": [ + "Microsoft.Storage/storageAccounts/read" + ] + }, + { + "name": "flexera", + "permissions": [ + "billing_center_viewer" + ] + } + ] + }, + { + "id": "./cost/azure/idle_compute_instances/azure_idle_compute_instances.pt", + "name": "Azure Idle Compute Instances", + "providers": [ + { + "name": "azure", + "permissions": [ + "Microsoft.Compute/virtualMachines/read", + "Microsoft.Compute/virtualMachines/write", + "Microsoft.Insights/metrics/read" + ] + }, + { + "name": "flexera", + "permissions": [ + "billing_center_viewer" + ] + } + ] + }, + { + "id": "./cost/azure/rightsize_sql_instances/azure_rightsize_sql_instances.pt", + "name": "Azure Rightsize SQL Databases", + "providers": [ + { + "name": "azure", + "permissions": [ + "Microsoft.Sql/servers/databases/read", + "Microsoft.Sql/servers/databases/metrics/read", + "Microsoft.Sql/servers/databases/update", + "Microsoft.Sql/servers/databases/delete", + "Microsoft.Insights/metrics/read" + ] + }, + { + "name": "flexera", + "permissions": [ + "billing_center_viewer" + ] + } + ] + }, + { + "id": "./cost/new_service_usage/new_service_usage.pt", + "name": "New Service Usage", + "providers": [ + { + "name": "flexera", + "permissions": [ + "billing_center_viewer" + ] + } + ] + }, + { + "id": "./cost/billing_center_cost_anomaly/billing_center_cost_anomaly.pt", + "name": "Billing Center Cost Anomalies", + "providers": [ + { + "name": "flexera", + "permissions": [ + "billing_center_viewer", + "policy_manager" + ] + } + ] + }, + { + "id": "./cost/kubecost/sizing/kubecost_resizing_recommendation.pt", + "name": "Kubecost Request Rightsizing Recommendations", + "providers": [ + + ] + }, + { + "id": "./cost/kubecost/cluster/kubecost_cluster_rightsizing_recommendations.pt", + "name": "Kubecost Cluster Rightsizing Recommendations", + "providers": [ + + ] + }, + { + "id": "./cost/terminate_policy/instance_terminate.pt", + "name": "Terminate Instances with End Date", + "providers": [ + + ] + }, + { + "id": "./cost/instance_anomaly/instance_anomaly.pt", + "name": "Running Instance Count Anomaly", + "providers": [ + + ] + }, + { + "id": "./cost/scheduled_reports/scheduled_report.pt", + "name": "Scheduled Report", + "providers": [ + { + "name": "flexera", + "permissions": [ + "billing_center_viewer" + ] + } + ] + }, + { + "id": "./cost/aws/rightsize_ec2_instances/aws_rightsize_ec2_instances.pt", + "name": "AWS Rightsize EC2 Instances", + "providers": [ + { + "name": "aws", + "permissions": [ + "ec2:DescribeRegions", + "ec2:DescribeInstances", + "ec2:DescribeInstanceStatus", + "ec2:DescribeTags", + "ec2:ModifyInstanceAttribute", + "ec2:StartInstances", + "ec2:StopInstances", + "ec2:TerminateInstances", + "cloudwatch:GetMetricStatistics", + "cloudwatch:GetMetricData", + "cloudwatch:ListMetrics", + "sts:GetCallerIdentity" + ] + }, + { + "name": "flexera", + "permissions": [ + "billing_center_viewer" + ] + } + ] + }, + { + "id": "./cost/aws/unused_clbs/aws_unused_clbs.pt", + "name": "AWS Unused Classic Load Balancers", + "providers": [ + { + "name": "aws", + "permissions": [ + "sts:GetCallerIdentity", + "ec2:DescribeRegions", + "elasticloadbalancing:DescribeLoadBalancers", + "elasticloadbalancing:DescribeInstanceHealth", + "elasticloadbalancing:DescribeTags", + "elasticloadbalancing:DeleteLoadBalancer" + ] + }, + { + "name": "flexera", + "permissions": [ + "billing_center_viewer" + ] + } + ] + }, + { + "id": "./cost/aws/gp3_volume_upgrade/aws_upgrade_to_gp3_volume_meta_parent.pt", + "name": "AWS GP3 Upgradeable Volumes Meta Parent", + "providers": [ + { + "name": "aws", + "permissions": [ + "ec2:DescribeVolumes", + "ec2:DescribeRegions", + "pricing:GetProducts" + ] + }, + { + "name": "flexera", + "permissions": [ + "billing_center_viewer" + ] + } + ] + }, + { + "id": "./cost/aws/savings_plan/recommendations/aws_savings_plan_recommendations.pt", + "name": "AWS Savings Plan Recommendations", + "providers": [ + { + "name": "aws", + "permissions": [ + "ce:GetSavingsPlansPurchaseRecommendation" + ] + }, + { + "name": "flexera", + "permissions": [ + "billing_center_viewer" + ] + } + ] + }, + { + "id": "./cost/aws/savings_plan/expiration/aws_savings_plan_expiration.pt", + "name": "AWS Expiring Savings Plans", + "providers": [ + + ] + }, + { + "id": "./cost/aws/savings_plan/utilization/aws_savings_plan_utilization.pt", + "name": "AWS Savings Plan Utilization", + "providers": [ + { + "name": "aws", + "permissions": [ + "ce:*" + ] + }, + { + "name": "flexera", + "permissions": [ + "billing_center_viewer" + ] + } + ] + }, + { + "id": "./cost/aws/s3_storage_policy/aws_s3_bucket_policy_check.pt", + "name": "AWS S3 Bucket Intelligent Tiering Check", + "providers": [ + { + "name": "aws", + "permissions": [ + "s3:ListAllMyBuckets", + "s3:GetBucketlocation", + "s3:GetIntelligentTieringConfiguration", + "s3:GetBucketTagging" + ] + }, + { + "name": "flexera", + "permissions": [ + "billing_center_viewer" + ] + } + ] + }, + { + "id": "./cost/aws/unused_rds/unused_rds_meta_parent.pt", + "name": "AWS Unused RDS Instances Meta Parent", + "providers": [ + { + "name": "aws", + "permissions": [ + "ec2:DescribeRegions", + "cloudwatch:GetMetricData", + "cloudwatch:GetMetricStatistics", + "cloudwatch:ListMetrics", + "rds:DeleteDBInstance", + "rds:DescribeDBInstances", + "rds:ListTagsForResource", + "sts:GetCallerIdentity" + ] + }, + { + "name": "flexera", + "permissions": [ + "billing_center_viewer" + ] + } + ] + }, + { + "id": "./cost/aws/instance_cloudwatch_utilization/aws_instance_cloudwatch_utilization.pt", + "name": "AWS Inefficient Instance Utilization using CloudWatch", + "providers": [ + + ] + }, + { + "id": "./cost/aws/reserved_instances/recommendations/aws_reserved_instance_recommendations.pt", + "name": "AWS Reserved Instances Recommendations", + "providers": [ + { + "name": "aws", + "permissions": [ + "ce:GetReservationPurchaseRecommendation" + ] + }, + { + "name": "flexera", + "permissions": [ + "billing_center_viewer" + ] + } + ] + }, + { + "id": "./cost/aws/reserved_instances/expiration/expired_ris.pt", + "name": "AWS Expiring Reserved Instances", + "providers": [ + { + "name": "flexera", + "permissions": [ + "actor", + "observer", + "credential_viewer" + ] + } + ] + }, + { + "id": "./cost/aws/reserved_instances/coverage/reserved_instance_coverage.pt", + "name": "Reserved Instances Coverage", + "providers": [ + + ] + }, + { + "id": "./cost/aws/reserved_instances/utilization/utilization_ris.pt", + "name": "AWS Reserved Instances Utilization", + "providers": [ + { + "name": "flexera", + "permissions": [ + "billing_center_viewer" + ] + } + ] + }, + { + "id": "./cost/aws/reserved_instances/report_by_bc/ri_report_by_bc.pt", + "name": "Reserved Instance Report by Billing Center", + "providers": [ + { + "name": "flexera", + "permissions": [ + "actor", + "observer", + "credential_viewer" + ] + } + ] + }, + { + "id": "./cost/aws/reserved_instances/compute_purchase_recommendation/aws_reserved_instance_recommendations_with_purchase.pt", + "name": "AWS Reserved Instances Recommendations with Purchase", + "providers": [ + + ] + }, + { + "id": "./cost/aws/schedule_instance/aws_schedule_instance_meta_parent.pt", + "name": "AWS Schedule Instance Meta Parent", + "providers": [ + { + "name": "aws", + "permissions": [ + "ec2:DescribeInstances", + "ec2:StartInstances", + "ec2:StopInstances", + "ec2:TerminateInstances", + "ec2:CreateTags", + "ec2:DeleteTags", + "ec2:DescribeRegions" + ] + }, + { + "name": "flexera", + "permissions": [ + "billing_center_viewer" + ] + } + ] + }, + { + "id": "./cost/aws/unused_volumes/aws_delete_unused_volumes_meta_parent.pt", + "name": "AWS Unused Volumes Meta Parent", + "providers": [ + { + "name": "aws", + "permissions": [ + "ec2:DescribeRegions", + "ec2:DescribeVolumes", + "ec2:DescribeSnapshots", + "cloudwatch:GetMetricStatistics", + "cloudwatch:GetMetricData", + "ec2:CreateTags", + "ec2:CreateSnapshot", + "ec2:DetachVolume", + "ec2:DeleteVolume" + ] + }, + { + "name": "flexera", + "permissions": [ + "billing_center_viewer" + ] + } + ] + }, + { + "id": "./cost/aws/savings_realized/aws_savings_realized.pt", + "name": "AWS Savings Realized from Reservations", + "providers": [ + { + "name": "flexera", + "permissions": [ + "billing_center_viewer" + ] + } + ] + }, + { + "id": "./cost/aws/rightsize_rds_instances/aws_rightsize_rds_instances_meta_parent.pt", + "name": "AWS Rightsize RDS Instances Meta Parent", + "providers": [ + { + "name": "aws", + "permissions": [ + "sts:GetCallerIdentity", + "cloudwatch:GetMetricStatistics", + "cloudwatch:GetMetricData", + "ec2:DescribeRegions", + "rds:DescribeDBInstances", + "rds:ListTagsForResource", + "rds:DescribeOrderableDBInstanceOptions", + "rds:ModifyDBInstance", + "rds:DeleteDBInstance" + ] + }, + { + "name": "flexera", + "permissions": [ + "billing_center_viewer" + ] + } + ] + }, + { + "id": "./cost/aws/unused_ip_addresses/aws_unused_ip_addresses_meta_parent.pt", + "name": "AWS Unused IP Addresses Meta Parent", + "providers": [ + { + "name": "aws", + "permissions": [ + "ec2:DescribeRegions", + "ec2:DescribeAddresses", + "ec2:ReleaseAddress", + "pricing:GetProducts", + "sts:GetCallerIdentity" + ] + }, + { + "name": "flexera", + "permissions": [ + "billing_center_viewer" + ] + } + ] + }, + { + "id": "./cost/aws/s3_bucket_size/aws_bucket_size.pt", + "name": "AWS Bucket Size Check", + "providers": [ + + ] + }, + { + "id": "./cost/aws/superseded_instances/aws_superseded_instances_meta_parent.pt", + "name": "AWS Superseded EC2 Instances Meta Parent", + "providers": [ + { + "name": "aws", + "permissions": [ + "ec2:DescribeRegions", + "ec2:DescribeInstances", + "ec2:DescribeInstanceStatus", + "ec2:DescribeTags", + "ec2:ModifyInstanceAttribute", + "ec2:StartInstances", + "ec2:StopInstances", + "sts:GetCallerIdentity" + ] + }, + { + "name": "flexera", + "permissions": [ + "billing_center_viewer" + ] + } + ] + }, + { + "id": "./cost/aws/burstable_instance_cloudwatch_credit_utilization/aws_burstable_instance_cloudwatch_credit_utilization.pt", + "name": "AWS Burstable Instance CloudWatch Utilization", + "providers": [ + + ] + }, + { + "id": "./cost/aws/rightsize_ebs_volumes/aws_volumes_rightsizing_meta_parent.pt", + "name": "AWS Rightsize EBS Volumes Meta Parent", + "providers": [ + { + "name": "aws", + "permissions": [ + "ec2:DescribeRegions", + "ec2:DescribeVolumes", + "ec2:ModifyVolume", + "pricing:GetProducts" + ] + }, + { + "name": "flexera", + "permissions": [ + "billing_center_viewer" + ] + } + ] + }, + { + "id": "./cost/aws/old_snapshots/aws_delete_old_snapshots.pt", + "name": "AWS Old Snapshots", + "providers": [ + { + "name": "aws", + "permissions": [ + "ec2:DescribeRegions", + "ec2:DescribeImages", + "ec2:DescribeSnapshots", + "ec2:DeregisterImage", + "ec2:DeleteSnapshot", + "rds:DescribeDBInstances", + "rds:DescribeDBSnapshots", + "rds:DescribeDBClusters", + "rds:DescribeDBClusterSnapshots", + "rds:DeleteDBClusterSnapshot", + "rds:DeleteDBSnapshot", + "sts:GetCallerIdentity", + "cloudtrail:LookupEvents" + ] + }, + { + "name": "flexera", + "permissions": [ + "billing_center_viewer" + ] + } + ] + }, + { + "id": "./cost/aws/object_storage_optimization/aws_object_storage_optimization_meta_parent.pt", + "name": "AWS Object Storage Optimization Meta Parent", + "providers": [ + { + "name": "aws", + "permissions": [ + "s3:ListAllMyBuckets", + "s3:GetBucketLocation", + "s3:ListBucket", + "s3:GetObject", + "s3:GetObjectTagging", + "s3:PutObject", + "s3:DeleteObject" + ] + }, + { + "name": "flexera", + "permissions": [ + "billing_center_viewer" + ] + } + ] + }, + { + "id": "./cost/aws/rds_instance_license_info/rds_instance_license_info.pt", + "name": "AWS RDS Instances", + "providers": [ + { + "name": "aws", + "permissions": [ + "ec2:DescribeRegions", + "rds:DescribeDBInstances", + "sts:GetCallerIdentity" + ] + }, + { + "name": "flexera", + "permissions": [ + "billing_center_viewer" + ] + } + ] + }, + { + "id": "./cost/aws/idle_compute_instances/idle_compute_instances.pt", + "name": "AWS Idle Compute Instances", + "providers": [ + { + "name": "aws", + "permissions": [ + "ec2:DescribeRegions", + "ec2:DescribeInstances", + "ec2:DescribeTags", + "cloudwatch:GetMetricStatistics", + "cloudwatch:GetMetricData", + "cloudwatch:ListMetrics" + ] + }, + { + "name": "flexera", + "permissions": [ + "billing_center_viewer" + ] + } + ] + }, + { + "id": "./cost/budget_v_actual/monthly_budget_v_actual.pt", + "name": "Monthly Actual v. Budgeted Spend Report", + "providers": [ + { + "name": "flexera", + "permissions": [ + "billing_center_viewer" + ] + } + ] + }, + { + "id": "./cost/budget_report_alerts/budget_report_alerts.pt", + "name": "Budget Alerts", + "providers": [ + + ] + }, + { + "id": "./cost/scheduled_reports_with_estimates/costs_forecasting.pt", + "name": "Scheduled Report With Estimates", + "providers": [ + + ] + }, + { + "id": "./cost/budget_alerts/budget_alert.pt", + "name": "Budget Alerts (Legacy)", + "providers": [ + { + "name": "flexera", + "permissions": [ + "billing_center_viewer" + ] + } + ] + }, + { + "id": "./cost/cheaper_regions/cheaper_regions.pt", + "name": "Cheaper Regions", + "providers": [ + { + "name": "flexera", + "permissions": [ + "billing_center_viewer", + "policy_designer", + "policy_manager", + "policy_publisher" + ] + } + ] + }, + { + "id": "./cost/schedule_instances/schedule_instances.pt", + "name": "Schedule Instances", + "providers": [ + + ] + }, + { + "id": "./cost/email_recommendations/email_recommendations.pt", + "name": "Email Cost Optimization Recommendations", + "providers": [ + { + "name": "flexera", + "permissions": [ + "billing_center_viewer" + ] + } + ] + }, + { + "id": "./cost/rightlink_rightsize/rightlink_rightsize.pt", + "name": "Inefficient Instance Utilization using RightLink", + "providers": [ + + ] + }, + { + "id": "./operational/bill_processing_errors_notification/bill_processing_errors_notification.pt", + "name": "Bill Processing Error Notification", + "providers": [ + + ] + }, + { + "id": "./operational/dbaas/aws/rds_backup/aws_rds_backup.pt", + "name": "AWS RDS Backup Settings", + "providers": [ + + ] + }, + { + "id": "./operational/applied_policy_error_notification/applied_policy_error_notification.pt", + "name": "Applied Policy Error Notification", + "providers": [ + + ] + }, + { + "id": "./operational/vmware/instance_tag_sync/instance_tag_sync.pt", + "name": "VMWare Instance Tag Sync", + "providers": [ + + ] + }, + { + "id": "./operational/cloud_credentials/aws/aws_connection_key_rotation_policy.pt", + "name": "AWS Cloud Credentials Rotation", + "providers": [ + + ] + }, + { + "id": "./operational/fnms/schedule_fnms_reports/schedule-fnms-report.pt", + "name": "Schedule FlexNet Manager Report", + "providers": [ + { + "name": "flexera", + "permissions": [ + "Web Service" + ] + } + ] + }, + { + "id": "./operational/azure/azure_long_running_instances/azure_long_running_instances_meta_parent.pt", + "name": "Azure Long Running Instances Meta Parent", + "providers": [ + { + "name": "azure", + "permissions": [ + "Microsoft.Compute/virtualMachines/read", + "Microsoft.Compute/virtualMachines/write" + ] + }, + { + "name": "flexera", + "permissions": [ + "billing_center_viewer" + ] + } + ] + }, + { + "id": "./operational/azure/azure_migrate/risc-azure-migrate.pt", + "name": "Azure Migrate Integration", + "providers": [ + + ] + }, + { + "id": "./operational/azure/azuread_group_sync/azuread_group_sync.pt", + "name": "AzureAD Group Sync", + "providers": [ + + ] + }, + { + "id": "./operational/azure/aks_nodepools_without_zero_autoscaling/aks_nodepools_without_zero_autoscaling.pt", + "name": "AKS Node Pools Without Zero Autoscaling", + "providers": [ + + ] + }, + { + "id": "./operational/azure/marketplace_new_products/azure_marketplace_new_products.pt", + "name": "Azure New Marketplace Products", + "providers": [ + { + "name": "flexera", + "permissions": [ + "billing_center_viewer" + ] + } + ] + }, + { + "id": "./operational/azure/azure_sql_using_elastic_pool/azure_sql_instances_without_elastic_pools.pt", + "name": "Azure SQL Databases without Elastic Pools", + "providers": [ + + ] + }, + { + "id": "./operational/azure/network_flow/risc-netflow.pt", + "name": "NetFlow Top Talkers", + "providers": [ + + ] + }, + { + "id": "./operational/azure/sync_tags_with_optima/sync_azure_tags.pt", + "name": "Azure Sync Tags with Optima", + "providers": [ + { + "name": "azure", + "permissions": [ + "Reader" + ] + }, + { + "name": "flexera", + "permissions": [ + "enterprise_manager" + ] + } + ] + }, + { + "id": "./operational/azure/vms_without_managed_disks/azure_vms_without_managed_disks_meta_parent.pt", + "name": "Azure VMs Not Using Managed Disks Meta Parent", + "providers": [ + { + "name": "azure", + "permissions": [ + "Microsoft.Compute/virtualMachines/read" + ] + }, + { + "name": "flexera", + "permissions": [ + "billing_center_viewer" + ] + } + ] + }, + { + "id": "./operational/azure/aks_nodepools_without_autoscaling/aks_nodepools_without_autoscaling.pt", + "name": "AKS Node Pools Without Autoscaling", + "providers": [ + + ] + }, + { + "id": "./operational/azure/azure_certificates/azure_certificates_meta_parent.pt", + "name": "Expiring Azure Certificates Meta Parent", + "providers": [ + { + "name": "azure", + "permissions": [ + "Microsoft.Subscription/aliases/read", + "Microsoft.Web/certificates/Read" + ] + }, + { + "name": "flexera", + "permissions": [ + "billing_center_viewer" + ] + } + ] + }, + { + "id": "./operational/azure/tag_cardinality/azure_tag_cardinality_meta_parent.pt", + "name": "Azure Tag Cardinality Report Meta Parent", + "providers": [ + { + "name": "azure", + "permissions": [ + "Microsoft.Resources/subscriptions/resources/read", + "Microsoft.Resources/subscriptions/providers/read", + "Microsoft.Resources/subscriptions/read", + "Microsoft.Resources/resourceGroups/read", + "Microsoft.Resources/tags/read" + ] + }, + { + "name": "flexera", + "permissions": [ + "billing_center_viewer" + ] + } + ] + }, + { + "id": "./operational/stranded_servers/stranded_servers.pt", + "name": "Stranded Servers", + "providers": [ + + ] + }, + { + "id": "./operational/snapshots/no_recent_snapshots.pt", + "name": "No Recent Snapshots", + "providers": [ + + ] + }, + { + "id": "./operational/aws/vpc_name_sync/aws_vpc_name_sync.pt", + "name": "AWS VPC Name Tag Sync", + "providers": [ + + ] + }, + { + "id": "./operational/aws/marketplace_new_products/aws_marketplace_new_products.pt", + "name": "AWS New Marketplace Products", + "providers": [ + { + "name": "flexera", + "permissions": [ + "billing_center_viewer" + ] + } + ] + }, + { + "id": "./operational/aws/total_instance_hours/number_of_hours_per_instance_family.pt", + "name": "AWS Usage Report - Number of Instance Hours Used", + "providers": [ + { + "name": "flexera", + "permissions": [ + "billing_center_viewer" + ] + } + ] + }, + { + "id": "./operational/aws/long_running_instances/long_running_instances.pt", + "name": "AWS Long Running Instances", + "providers": [ + { + "name": "aws", + "permissions": [ + "ec2:DescribeRegions", + "ec2:DescribeInstances", + "ec2:DescribeInstanceStatus", + "ec2:StopInstances", + "ec2:TerminateInstances", + "sts:GetCallerIdentity" + ] + }, + { + "name": "flexera", + "permissions": [ + "billing_center_viewer" + ] + } + ] + }, + { + "id": "./operational/aws/total_instance_vcpus_forecast/aws_total_instance_vcpus_forecast.pt", + "name": "AWS Usage Forecast - Number of Instance vCPUs Used", + "providers": [ + { + "name": "flexera", + "permissions": [ + "billing_center_viewer" + ] + } + ] + }, + { + "id": "./operational/aws/total_instance_hours_forecast/aws_total_instance_hrs_forecast.pt", + "name": "AWS Usage Forecast - Number of Instance Hours Used", + "providers": [ + { + "name": "flexera", + "permissions": [ + "billing_center_viewer" + ] + } + ] + }, + { + "id": "./operational/aws/instance_scheduled_events/aws_instance_scheduled_events.pt", + "name": "AWS Instance Scheduled Events", + "providers": [ + + ] + }, + { + "id": "./operational/aws/lambda_functions_with_high_error_rate/lambda_functions_with_high_error_rate_meta_parent.pt", + "name": "AWS Lambda Functions with high error rate Meta Parent", + "providers": [ + { + "name": "aws", + "permissions": [ + "ec2:DescribeRegions", + "lambda:ListFunctions", + "lambda:ListTags", + "cloudwatch:GetMetricStatistics", + "cloudwatch:ListMetrics" + ] + }, + { + "name": "flexera", + "permissions": [ + "billing_center_viewer" + ] + } + ] + }, + { + "id": "./operational/aws/total_instance_vcpus/number_of_vcpus_per_instance_family.pt", + "name": "AWS Usage Report - Number of Instance vCPUs Used", + "providers": [ + { + "name": "flexera", + "permissions": [ + "billing_center_viewer" + ] + } + ] + }, + { + "id": "./operational/aws/subnet_name_sync/aws_subnet_name_sync.pt", + "name": "AWS Subnet Name Tag Sync", + "providers": [ + + ] + }, + { + "id": "./operational/aws/tag_cardinality/aws_tag_cardinality.pt", + "name": "AWS Tag Cardinality Report", + "providers": [ + + ] + }, + { + "id": "./operational/compute_instance_migration/risc-compute-instance-migration-recos.pt", + "name": "Application Migration Recommendations", + "providers": [ + + ] + }, + { + "id": "./operational/itam/schedule_itam_report/schedule-itam-report.pt", + "name": "Schedule ITAM Report", + "providers": [ + { + "name": "flexera", + "permissions": [ + "fnms_user" + ] + } + ] + }, + { + "id": "./saas/fsm/users_by_category/users_by_category.pt", + "name": "SaaS Manager - SaaS App User Report by Category", + "providers": [ + + ] + }, + { + "id": "./saas/fsm/renewal_reminder/fsm-renewal_reminder.pt", + "name": "SaaS Manager - Renewal Reminder", + "providers": [ + { + "name": "flexera", + "permissions": [ + "billing_center_viewer" + ] + } + ] + }, + { + "id": "./saas/fsm/unsanctioned_spend/fsm-unsanctioned_spend.pt", + "name": "SaaS Manager - Unsanctioned Spend", + "providers": [ + + ] + }, + { + "id": "./saas/fsm/deactivated_users/deactivated_users.pt", + "name": "SaaS Manager - Deactivated Users", + "providers": [ + + ] + }, + { + "id": "./saas/fsm/unsanctioned_apps_with_contract/fsm-unsanctioned_with_contract.pt", + "name": "SaaS Manager - Unsanctioned Applications with Existing Contract", + "providers": [ + + ] + }, + { + "id": "./saas/fsm/suspicious_users/fsm-suspicious_users.pt", + "name": "SaaS Manager - Suspicious Users", + "providers": [ + + ] + }, + { + "id": "./saas/fsm/duplicate_users/duplicate_users.pt", + "name": "SaaS Manager - Duplicate User Accounts", + "providers": [ + + ] + }, + { + "id": "./saas/fsm/deactivated_users_for_integrated_apps/deactivated_users_for_integrated_apps.pt", + "name": "SaaS Manager - Deactivated Users for Integrated Applications", + "providers": [ + + ] + }, + { + "id": "./saas/fsm/redundant_apps/fsm-redundant_apps.pt", + "name": "SaaS Manager - Redundant Apps", + "providers": [ + + ] + }, + { + "id": "./saas/fsm/user_status_change/fsm-user_status_change.pt", + "name": "SaaS Manager - User Status Change", + "providers": [ + + ] + }, + { + "id": "./saas/servicenow/inactive_approvers/servicenow_inactive_approvers.pt", + "name": "ServiceNow Inactive Approvers", + "providers": [ + + ] + }, + { + "id": "./saas/okta/inactive_users/okta-inactive-users.pt", + "name": "Okta Inactive Users", + "providers": [ + + ] + }, + { + "id": "./saas/office365/security_alerts/o365-security-alerts.pt", + "name": "Office 365 Security Alerts", + "providers": [ + + ] + }, + { + "id": "./security/security_groups/icmp_enabled/icmp_enabled.pt", + "name": "Security Groups with ICMP Enabled", + "providers": [ + + ] + }, + { + "id": "./security/security_groups/rules_without_descriptions/security_group_rules_without_descriptions.pt", + "name": "Security Group Rules without Descriptions", + "providers": [ + + ] + }, + { + "id": "./security/security_groups/world_open_ports/security_group_rules_with_world_open_ports.pt", + "name": "Security Group Rules with ports open to the world", + "providers": [ + + ] + }, + { + "id": "./security/security_groups/high_open_ports/open_ports.pt", + "name": "Security Group with High Open Ports", + "providers": [ + + ] + }, + { + "id": "./security/storage/google/public_buckets/google_public_buckets.pt", + "name": "Google Open Buckets", + "providers": [ + + ] + }, + { + "id": "./security/storage/azure/storage_account_https_enabled/azure_storage_account_https_enabled.pt", + "name": "Azure Storage Accounts Without HTTPs Enforced", + "providers": [ + + ] + }, + { + "id": "./security/storage/aws/public_buckets/aws_public_buckets_meta_parent.pt", + "name": "AWS Open S3 Buckets Meta Parent", + "providers": [ + { + "name": "aws", + "permissions": [ + "s3:ListAllMyBuckets", + "s3:GetBucketLocation", + "s3:GetBucketAcl", + "sts:GetCallerIdentity" + ] + }, + { + "name": "flexera", + "permissions": [ + "billing_center_viewer" + ] + } + ] + }, + { + "id": "./security/storage/aws/s3_buckets_without_server_access_logging/aws_s3_buckets_without_server_access_logging.pt", + "name": "AWS S3 Buckets without Server Access Logging", + "providers": [ + + ] + }, + { + "id": "./security/azure/sql_auditing_retention/sql_auditing_retention.pt", + "name": "Azure Ensure SQL Server Minimum Auditing Retention Of 90 Days", + "providers": [ + + ] + }, + { + "id": "./security/azure/pg_infra_encryption/pg_infra_encryption.pt", + "name": "Azure Ensure PostgreSQL Servers Infrastructure Encryption", + "providers": [ + + ] + }, + { + "id": "./security/azure/storage_trusted_services/storage_trusted_services.pt", + "name": "Azure Ensure Trusted Microsoft Services Enabled", + "providers": [ + + ] + }, + { + "id": "./security/azure/private_blob_containers/private_blob_containers.pt", + "name": "Azure Ensure Blob Containers Set To Private", + "providers": [ + + ] + }, + { + "id": "./security/azure/webapp_tls_version_support/azure_webapp_min_tls_version.pt", + "name": "Azure Web App Minimum TLS Version", + "providers": [ + + ] + }, + { + "id": "./security/azure/storage_tls_version/storage_tls_version.pt", + "name": "Azure Ensure Storage Accounts Require Secure TLS Version", + "providers": [ + + ] + }, + { + "id": "./security/azure/security_alert_owners/security_alert_owners.pt", + "name": "Azure Ensure Owners Receive Security Alerts", + "providers": [ + + ] + }, + { + "id": "./security/azure/sql_server_va_scans/sql_server_va_scans.pt", + "name": "Azure Ensure SQL Server VA Periodic Scans Enabled", + "providers": [ + + ] + }, + { + "id": "./security/azure/high_severity_alerts/high_severity_alerts.pt", + "name": "Azure Ensure High Severity Alerts", + "providers": [ + + ] + }, + { + "id": "./security/azure/sql_server_va_emails/sql_server_va_emails.pt", + "name": "Azure Ensure SQL Server VA Email Notifications", + "providers": [ + + ] + }, + { + "id": "./security/azure/mysql_ssl/mysql_ssl.pt", + "name": "Azure Ensure MySQL Servers Enforce SSL Connections", + "providers": [ + + ] + }, + { + "id": "./security/azure/queue_storage_logging/queue_storage_logging.pt", + "name": "Azure Ensure Storage Logging Enabled For Queue Service", + "providers": [ + + ] + }, + { + "id": "./security/azure/sql_ad_admin/sql_ad_admin.pt", + "name": "Azure Ensure SQL Server AD Admin Configured", + "providers": [ + + ] + }, + { + "id": "./security/azure/sql_db_encryption/sql_db_encryption.pt", + "name": "Azure Ensure SQL Database Encryption", + "providers": [ + + ] + }, + { + "id": "./security/azure/log_analytics_autoprovision/log_analytics_autoprovision.pt", + "name": "Azure Ensure Log Analytics Auto-Provisioning", + "providers": [ + + ] + }, + { + "id": "./security/azure/storage_soft_delete/storage_soft_delete.pt", + "name": "Azure Ensure Soft Delete Enabled For Azure Storage", + "providers": [ + + ] + }, + { + "id": "./security/azure/sql_publicly_accessible_managed_instance/check_for_publicly_accessible_azure_sql_managed_instance.pt", + "name": "Azure Publicly Accessible Managed SQL Instance", + "providers": [ + + ] + }, + { + "id": "./security/azure/sql_server_auditing/sql_server_auditing.pt", + "name": "Azure Ensure SQL Server Auditing Enabled", + "providers": [ + + ] + }, + { + "id": "./security/azure/guest_users/guest_users.pt", + "name": "Azure Guest Users Audit", + "providers": [ + + ] + }, + { + "id": "./security/azure/storage_network_deny/storage_network_deny.pt", + "name": "Azure Ensure Storage Account Default Network Access Set To Deny", + "providers": [ + + ] + }, + { + "id": "./security/azure/pg_conn_throttling/pg_conn_throttling.pt", + "name": "Azure Ensure PostgreSQL Servers Connection Throttling Enabled", + "providers": [ + + ] + }, + { + "id": "./security/azure/restrict_ssh_internet/azure_restrict_ssh_inet.pt", + "name": "Azure Network Security Groups With Inbound SSH Open", + "providers": [ + + ] + }, + { + "id": "./security/azure/sql_server_atp/sql_server_atp.pt", + "name": "Azure Ensure SQL Server ATP (Advanced Threat Protection) Enabled", + "providers": [ + + ] + }, + { + "id": "./security/azure/table_storage_logging/table_storage_logging.pt", + "name": "Azure Ensure Storage Logging Enabled For Table Service", + "providers": [ + + ] + }, + { + "id": "./security/azure/sql_server_va_admins/sql_server_va_admins.pt", + "name": "Azure Ensure SQL Server VA Notify Admins/Subscription Owners", + "providers": [ + + ] + }, + { + "id": "./security/azure/resources_with_public_ip_address/azure_open_ip_address_policy.pt", + "name": "Azure Resources with public IP address", + "providers": [ + + ] + }, + { + "id": "./security/azure/restrict_rdp_internet/azure_restrict_rdp_inet.pt", + "name": "Azure Network Security Groups With Inbound RDP Open", + "providers": [ + + ] + }, + { + "id": "./security/azure/pg_log_retention/pg_log_retention.pt", + "name": "Azure Ensure PostgreSQL Servers Sufficient Log Retention", + "providers": [ + + ] + }, + { + "id": "./security/azure/sql_server_va/sql_server_va.pt", + "name": "Azure Ensure SQL Server Vulnerability Assessment (VA) Enabled", + "providers": [ + + ] + }, + { + "id": "./security/azure/secure_transfer_required/secure_transfer_required.pt", + "name": "Azure Ensure Secure Transfer Required", + "providers": [ + + ] + }, + { + "id": "./security/azure/blob_storage_logging/blob_storage_logging.pt", + "name": "Azure Ensure Storage Logging Enabled For Blob Service", + "providers": [ + + ] + }, + { + "id": "./security/azure/mysql_tls_version/mysql_tls_version.pt", + "name": "Azure Ensure MySQL Flexible Servers Use Secure TLS", + "providers": [ + + ] + }, + { + "id": "./security/azure/security_contact_email/security_contact_email.pt", + "name": "Azure Ensure Security Contact Email", + "providers": [ + + ] + }, + { + "id": "./security/azure/pg_log_settings/pg_log_settings.pt", + "name": "Azure Ensure Correct PostgreSQL Servers Log Settings", + "providers": [ + + ] + }, + { + "id": "./security/aws/log_ensure_cloudtrail_bucket_object_logging/log_ensure_cloudtrail_bucket_object_logging.pt", + "name": "AWS Ensure Object-level Events Logging Enabled For CloudTrails", + "providers": [ + + ] + }, + { + "id": "./security/aws/rds_publicly_accessible/aws_publicly_accessible_rds_instances_meta_parent.pt", + "name": "AWS Publicly Accessible RDS Instances Meta Parent", + "providers": [ + { + "name": "aws", + "permissions": [ + "ec2:DescribeRegions", + "rds:DescribeDBInstances", + "rds:ListTagsForResource", + "rds:ModifyDBInstance*", + "rds:CreateDBClusterSnapshot*", + "rds:DescribeDBClusterSnapshots", + "rds:DeleteDBInstance*" + ] + }, + { + "name": "flexera", + "permissions": [ + "billing_center_viewer" + ] + } + ] + }, + { + "id": "./security/aws/iam_hwmfa_enabled_for_root/aws_iam_hwmfa_enabled.pt", + "name": "AWS IAM Report Root Accounts Without Hardware MFA", + "providers": [ + + ] + }, + { + "id": "./security/aws/clb_unencrypted/aws_clb_encryption.pt", + "name": "AWS Unencrypted ELB Listeners (CLB)", + "providers": [ + + ] + }, + { + "id": "./security/aws/iam_disable_45_day_creds/iam_disable_45_day_creds.pt", + "name": "AWS IAM Ensure Credentials Unused For >45 days Are Disabled", + "providers": [ + + ] + }, + { + "id": "./security/aws/iam_no_admin_iam_policies_attached/iam_no_admin_iam_policies_attached.pt", + "name": "AWS IAM Report Attached Admin IAM Policies", + "providers": [ + + ] + }, + { + "id": "./security/aws/ebs_ensure_encryption_default/ebs_ensure_encryption_default.pt", + "name": "AWS EBS Ensure Encryption By Default", + "providers": [ + + ] + }, + { + "id": "./security/aws/log_ensure_cloudtrail_bucket_access_logging/log_ensure_cloudtrail_bucket_access_logging.pt", + "name": "AWS Ensure CloudTrail S3 Buckets Have Access Logging", + "providers": [ + + ] + }, + { + "id": "./security/aws/log_ensure_cloudtrail_multiregion/log_ensure_cloudtrail_multiregion.pt", + "name": "AWS Ensure CloudTrail Enabled In All Regions", + "providers": [ + + ] + }, + { + "id": "./security/aws/s3_ensure_mfa_delete_enabled/s3_ensure_mfa_delete_enabled.pt", + "name": "AWS S3 Ensure MFA Delete Enabled For All Buckets", + "providers": [ + + ] + }, + { + "id": "./security/aws/kms_rotation/kms_rotation.pt", + "name": "AWS Ensure Rotation For Customer Master Keys (CMKs) Is Enabled", + "providers": [ + + ] + }, + { + "id": "./security/aws/iam_access_analyzer_enabled/iam_access_analyzer_enabled.pt", + "name": "AWS IAM Report Regions Without Access Analyzer", + "providers": [ + + ] + }, + { + "id": "./security/aws/unencrypted_s3_buckets/aws_unencrypted_s3_buckets.pt", + "name": "AWS Unencrypted S3 Buckets", + "providers": [ + + ] + }, + { + "id": "./security/aws/iam_users_perms_via_groups_only/iam_users_perms_via_groups_only.pt", + "name": "AWS Ensure IAM Users Receive Permissions Only Through Groups", + "providers": [ + + ] + }, + { + "id": "./security/aws/iam_mfa_enabled_for_root/iam_mfa_enabled.pt", + "name": "AWS IAM Report Root Accounts Without MFA", + "providers": [ + + ] + }, + { + "id": "./security/aws/elb_unencrypted/aws_elb_encryption.pt", + "name": "AWS Unencrypted ELB Listeners (ALB/NLB)", + "providers": [ + + ] + }, + { + "id": "./security/aws/iam_prevent_password_reuse/iam_prevent_password_reuse.pt", + "name": "AWS IAM Report Password Policy No Restrict Password Reuse", + "providers": [ + + ] + }, + { + "id": "./security/aws/s3_ensure_buckets_block_public_access/s3_ensure_buckets_block_public_access.pt", + "name": "AWS S3 Ensure 'Block Public Access' Configured For All Buckets", + "providers": [ + + ] + }, + { + "id": "./security/aws/iam_one_active_key_per_user/iam_one_active_key_per_user.pt", + "name": "AWS IAM Ensure One Active Key Per IAM User", + "providers": [ + + ] + }, + { + "id": "./security/aws/iam_no_root_access_keys/aws_iam_no_root_access_keys.pt", + "name": "AWS IAM Report Root Account Access Keys", + "providers": [ + + ] + }, + { + "id": "./security/aws/iam_rotate_access_keys/iam_rotate_access_keys.pt", + "name": "AWS IAM Ensure Access Keys Are Rotated", + "providers": [ + + ] + }, + { + "id": "./security/aws/log_ensure_cloudtrail_encrypted/log_ensure_cloudtrail_encrypted.pt", + "name": "AWS Ensure CloudTrail Logs Encrypted At Rest", + "providers": [ + + ] + }, + { + "id": "./security/aws/loadbalancer_internet_facing/aws_internet-facing_elbs.pt", + "name": "AWS Internet-facing ELBs & ALBs", + "providers": [ + + ] + }, + { + "id": "./security/aws/ebs_unencrypted_volumes/aws_unencrypted_volumes_meta_parent.pt", + "name": "AWS Unencrypted Volumes Meta Parent", + "providers": [ + { + "name": "aws", + "permissions": [ + "ec2:DescribeVolumes", + "ec2:DescribeRegions" + ] + }, + { + "name": "flexera", + "permissions": [ + "billing_center_viewer" + ] + } + ] + }, + { + "id": "./security/aws/log_cloudtrail_cloudwatch_integrated/log_cloudtrail_cloudwatch_integrated.pt", + "name": "AWS Ensure CloudTrail Integrated With Cloudwatch", + "providers": [ + + ] + }, + { + "id": "./security/aws/iam_no_root_for_tasks/iam_no_root_for_tasks.pt", + "name": "AWS IAM Report Root User Doing Everyday Tasks", + "providers": [ + + ] + }, + { + "id": "./security/aws/log_ensure_cloudtrail_bucket_not_public/log_ensure_cloudtrail_bucket_not_public.pt", + "name": "AWS Ensure CloudTrail S3 Buckets Non-Public", + "providers": [ + + ] + }, + { + "id": "./security/aws/log_file_validation_enabled/log_file_validation_enabled.pt", + "name": "AWS Ensure Log File Validation Enabled For All CloudTrails", + "providers": [ + + ] + }, + { + "id": "./security/aws/rds_unencrypted/aws_unencrypted_rds_instances.pt", + "name": "AWS Unencrypted RDS Instances", + "providers": [ + + ] + }, + { + "id": "./security/aws/iam_support_role_created/iam_support_role_created.pt", + "name": "AWS IAM Support Role Created", + "providers": [ + + ] + }, + { + "id": "./security/aws/aws_config_enabled/aws_config_enabled.pt", + "name": "AWS Ensure AWS Config Enabled In All Regions", + "providers": [ + + ] + }, + { + "id": "./security/aws/vpcs_without_flow_logs_enabled/aws_vpcs_without_flow_logs_enabled.pt", + "name": "AWS VPC's without FlowLogs Enabled", + "providers": [ + + ] + }, + { + "id": "./security/aws/iam_expired_ssl_certs/iam_expired_ssl_certs.pt", + "name": "AWS IAM Report Expired SSL/TLS Certificates", + "providers": [ + + ] + }, + { + "id": "./security/aws/iam_mfa_enabled_for_iam_users/iam_mfa_enabled_for_iam_users.pt", + "name": "AWS IAM Ensure MFA Enabled For IAM Users", + "providers": [ + + ] + }, + { + "id": "./security/aws/iam_min_password_length/iam_min_password_length.pt", + "name": "AWS IAM Report Insufficient Password Policy", + "providers": [ + + ] + }, + { + "id": "./security/aws/s3_buckets_deny_http/s3_buckets_deny_http.pt", + "name": "AWS S3 Ensure Bucket Policies Deny HTTP Requests", + "providers": [ + + ] + } + ] +} \ No newline at end of file From 2d95c9100c75eece95fd5879b84a956b0485631e Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" <41898282+github-actions[bot]@users.noreply.github.com> Date: Fri, 8 Dec 2023 12:31:21 -0600 Subject: [PATCH 2/2] Update Master Policy Permissions List (#1680) Co-authored-by: XOmniverse --- .../master_policy_permissions_list.json | 2398 ++++++++--------- 1 file changed, 1199 insertions(+), 1199 deletions(-) diff --git a/data/policy_permissions_list/master_policy_permissions_list.json b/data/policy_permissions_list/master_policy_permissions_list.json index 0883cfd6f9..f3ed3f7aee 100644 --- a/data/policy_permissions_list/master_policy_permissions_list.json +++ b/data/policy_permissions_list/master_policy_permissions_list.json @@ -1,8 +1,8 @@ { "values": [ { - "id": "./automation/google/google_rbd_from_label/google_rbd_from_label.pt", - "name": "Google Rule-Based Dimension From Project Labels", + "id": "./automation/aws/aws_rbd_from_tag/aws_rbd_from_tag.pt", + "name": "AWS Rule-Based Dimension From Account Tags", "providers": [ { "name": "flexera", @@ -40,8 +40,8 @@ ] }, { - "id": "./automation/aws/aws_rbd_from_tag/aws_rbd_from_tag.pt", - "name": "AWS Rule-Based Dimension From Account Tags", + "id": "./automation/google/google_rbd_from_label/google_rbd_from_label.pt", + "name": "Google Rule-Based Dimension From Project Labels", "providers": [ { "name": "flexera", @@ -53,39 +53,24 @@ ] }, { - "id": "./compliance/disallowed_images/disallowed_cloud_images.pt", - "name": "Disallowed Cloud Images", + "id": "./compliance/fnms/fnms_licenses_at_risk/fnms-at-risk-licenses.pt", + "name": "FlexNet Manager Licenses At Risk", "providers": [ ] }, { - "id": "./compliance/billing_center_access_report/bc_access_report.pt", - "name": "Billing Center Access Report", + "id": "./compliance/fnms/vms_missing_hostid/vms_missing_hostid.pt", + "name": "ITAM VMs Missing Host ID", "providers": [ { "name": "flexera", "permissions": [ - "billing_center_viewer", - "enterprise_manager" + "fnms_user" ] } ] }, - { - "id": "./compliance/google/long_stopped_instances/google_long_stopped_instances.pt", - "name": "Google Long-stopped instances", - "providers": [ - - ] - }, - { - "id": "./compliance/google/unlabeled_resources/unlabeled_resources.pt", - "name": "Google Unlabeled Resources", - "providers": [ - - ] - }, { "id": "./compliance/fnms/fnms_low_licenses_available/fnms-low-available-licenses.pt", "name": "FlexNet Manager Low Available Licenses", @@ -94,8 +79,8 @@ ] }, { - "id": "./compliance/fnms/vms_missing_hostid/vms_missing_hostid.pt", - "name": "ITAM VMs Missing Host ID", + "id": "./compliance/fnms/missing_active_machines/missing_active_machines.pt", + "name": "ITAM Missing Active Machines", "providers": [ { "name": "flexera", @@ -106,8 +91,8 @@ ] }, { - "id": "./compliance/fnms/overused_licenses/overused_licenses.pt", - "name": "ITAM Overused Licenses", + "id": "./compliance/fnms/fnms_licenses_expiring/expiring_licenses.pt", + "name": "ITAM Expiring Licenses", "providers": [ { "name": "flexera", @@ -118,8 +103,8 @@ ] }, { - "id": "./compliance/fnms/fnms_licenses_expiring/expiring_licenses.pt", - "name": "ITAM Expiring Licenses", + "id": "./compliance/fnms/ignored_recent_inventory_dates/ignored_recent_inventory_dates.pt", + "name": "ITAM Ignored Recent Inventory Dates", "providers": [ { "name": "flexera", @@ -130,8 +115,8 @@ ] }, { - "id": "./compliance/fnms/ignored_recent_inventory_dates/ignored_recent_inventory_dates.pt", - "name": "ITAM Ignored Recent Inventory Dates", + "id": "./compliance/fnms/overused_licenses/overused_licenses.pt", + "name": "ITAM Overused Licenses", "providers": [ { "name": "flexera", @@ -142,33 +127,22 @@ ] }, { - "id": "./compliance/fnms/fnms_licenses_at_risk/fnms-at-risk-licenses.pt", - "name": "FlexNet Manager Licenses At Risk", + "id": "./compliance/unapproved_instance_types/unapproved_instance_types.pt", + "name": "Unapproved Instance Types", "providers": [ ] }, { - "id": "./compliance/fnms/missing_active_machines/missing_active_machines.pt", - "name": "ITAM Missing Active Machines", - "providers": [ - { - "name": "flexera", - "permissions": [ - "fnms_user" - ] - } - ] - }, - { - "id": "./compliance/azure/azure_long_stopped_instances/long_stopped_instances_azure_meta_parent.pt", - "name": "Azure Long Stopped Instances Meta Parent", + "id": "./compliance/aws/long_stopped_instances/aws_long_stopped_instances_meta_parent.pt", + "name": "AWS Long-stopped Instances Meta Parent", "providers": [ { - "name": "azure", + "name": "aws", "permissions": [ - "Microsoft.Compute/virtualMachines/read", - "Microsoft.Compute/virtualMachines/delete" + "ec2:DescribeRegions", + "ec2:DescribeInstances", + "cloudwatch:GetMetricStatistics" ] }, { @@ -180,14 +154,18 @@ ] }, { - "id": "./compliance/azure/azure_disallowed_regions/azure_disallowed_regions.pt", - "name": "Azure Disallowed Regions", + "id": "./compliance/aws/untagged_resources/aws_untagged_resources.pt", + "name": "AWS Untagged Resources", "providers": [ { - "name": "azure", + "name": "aws", "permissions": [ - "Microsoft.Resources/subscriptions/resources/read", - "Microsoft.Resources/subscriptions/resources/delete" + "tag:GetResources", + "tag:TagResources", + "ec2:DescribeRegions", + "ec2:CreateTags", + "rds:AddTagsToResources", + "config:TagResource" ] }, { @@ -199,66 +177,59 @@ ] }, { - "id": "./compliance/azure/compliance_score/azure_regulatory_compliance_report.pt", - "name": "Azure Regulatory Compliance", - "providers": [ - - ] - }, - { - "id": "./compliance/azure/ahub_manual/azure_ahub_utilization_with_manual_entry.pt", - "name": "Azure AHUB Utilization with Manual Entry", + "id": "./compliance/aws/instances_without_fnm_agent/aws_instances_not_running_flexnet_inventory_agent_meta_parent.pt", + "name": "AWS EC2 Instances not running FlexNet Inventory Agent Meta Parent", "providers": [ { - "name": "azure", + "name": "aws", "permissions": [ - "Microsoft.Compute/virtualMachines/read", - "Microsoft.Compute/locations/vmSizes/read" + "ec2:DescribeRegions", + "ec2:DescribeInstances" ] }, { "name": "flexera", "permissions": [ - "billing_center_viewer" + "Web Service" ] } ] }, { - "id": "./compliance/azure/azure_policy_audit/azure_policy_audit.pt", - "name": "Azure Policy Audit", + "id": "./compliance/aws/iam_role_audit/aws_iam_role_audit.pt", + "name": "AWS IAM Role Audit", + "providers": [ + + ] + }, + { + "id": "./compliance/aws/ecs_unused/aws_unused_ecs_clusters.pt", + "name": "AWS Unused ECS Clusters", "providers": [ ] }, { - "id": "./compliance/azure/instances_without_fnm_agent/azure_instances_not_running_flexnet_inventory_agent_meta_parent.pt", - "name": "Azure Instances not running FlexNet Inventory Agent Meta Parent", + "id": "./compliance/aws/disallowed_regions/aws_disallowed_regions.pt", + "name": "AWS Disallowed Regions", "providers": [ { - "name": "azure", + "name": "aws", "permissions": [ - "Microsoft.Compute/virtualMachines/read" + "ecs:DescribeInstances" ] }, { "name": "flexera", "permissions": [ - "Web Service" + "billing_center_viewer" ] } ] }, { - "id": "./compliance/azure/subscription_access/azure_subscription_access.pt", - "name": "Azure Subscription Access", - "providers": [ - - ] - }, - { - "id": "./compliance/azure/azure_untagged_resources/untagged_resources.pt", - "name": "Azure Untagged Resources", + "id": "./compliance/aws/scp_audit/aws_scp_audit.pt", + "name": "AWS Service Control Policy Audit", "providers": [ ] @@ -271,22 +242,33 @@ ] }, { - "id": "./compliance/unapproved_instance_types/unapproved_instance_types.pt", - "name": "Unapproved Instance Types", + "id": "./compliance/azure/azure_long_stopped_instances/long_stopped_instances_azure_meta_parent.pt", + "name": "Azure Long Stopped Instances Meta Parent", "providers": [ - + { + "name": "azure", + "permissions": [ + "Microsoft.Compute/virtualMachines/read", + "Microsoft.Compute/virtualMachines/delete" + ] + }, + { + "name": "flexera", + "permissions": [ + "billing_center_viewer" + ] + } ] }, { - "id": "./compliance/aws/long_stopped_instances/aws_long_stopped_instances.pt", - "name": "AWS Long-stopped Instances", + "id": "./compliance/azure/azure_disallowed_regions/azure_disallowed_regions_meta_parent.pt", + "name": "Azure Disallowed Regions Meta Parent", "providers": [ { - "name": "aws", + "name": "azure", "permissions": [ - "ec2:DescribeRegions", - "ec2:DescribeInstances", - "cloudwatch:GetMetricStatistics" + "Microsoft.Resources/subscriptions/resources/read", + "Microsoft.Resources/subscriptions/resources/delete" ] }, { @@ -298,13 +280,14 @@ ] }, { - "id": "./compliance/aws/disallowed_regions/aws_disallowed_regions_meta_parent.pt", - "name": "AWS Disallowed Regions Meta Parent", + "id": "./compliance/azure/ahub_manual/azure_ahub_utilization_with_manual_entry.pt", + "name": "Azure AHUB Utilization with Manual Entry", "providers": [ { - "name": "aws", + "name": "azure", "permissions": [ - "ecs:DescribeInstances" + "Microsoft.Compute/virtualMachines/read", + "Microsoft.Compute/locations/vmSizes/read" ] }, { @@ -316,21 +299,20 @@ ] }, { - "id": "./compliance/aws/iam_role_audit/aws_iam_role_audit.pt", - "name": "AWS IAM Role Audit", + "id": "./compliance/azure/azure_policy_audit/azure_policy_audit.pt", + "name": "Azure Policy Audit", "providers": [ ] }, { - "id": "./compliance/aws/instances_without_fnm_agent/aws_instances_not_running_flexnet_inventory_agent_meta_parent.pt", - "name": "AWS EC2 Instances not running FlexNet Inventory Agent Meta Parent", + "id": "./compliance/azure/instances_without_fnm_agent/azure_instances_not_running_flexnet_inventory_agent.pt", + "name": "Azure Instances not running FlexNet Inventory Agent", "providers": [ { - "name": "aws", + "name": "azure", "permissions": [ - "ec2:DescribeRegions", - "ec2:DescribeInstances" + "Microsoft.Compute/virtualMachines/read" ] }, { @@ -342,194 +324,145 @@ ] }, { - "id": "./compliance/aws/scp_audit/aws_scp_audit.pt", - "name": "AWS Service Control Policy Audit", + "id": "./compliance/azure/compliance_score/azure_regulatory_compliance_report.pt", + "name": "Azure Regulatory Compliance", "providers": [ ] }, { - "id": "./compliance/aws/ecs_unused/aws_unused_ecs_clusters.pt", - "name": "AWS Unused ECS Clusters", + "id": "./compliance/azure/azure_untagged_resources/untagged_resources.pt", + "name": "Azure Untagged Resources", "providers": [ ] }, { - "id": "./compliance/aws/untagged_resources/aws_untagged_resources.pt", - "name": "AWS Untagged Resources", + "id": "./compliance/azure/subscription_access/azure_subscription_access.pt", + "name": "Azure Subscription Access", "providers": [ - { - "name": "aws", - "permissions": [ - "tag:GetResources", - "tag:TagResources", - "ec2:DescribeRegions", - "ec2:CreateTags", - "rds:AddTagsToResources", - "config:TagResource" - ] - }, - { - "name": "flexera", - "permissions": [ - "billing_center_viewer" - ] - } + ] }, { - "id": "./compliance/flexera/iam_explicit_user_roles/flexera_iam_explicit_user_roles.pt", - "name": "Flexera IAM Explicit User Roles", + "id": "./compliance/billing_center_access_report/bc_access_report.pt", + "name": "Billing Center Access Report", "providers": [ { "name": "flexera", "permissions": [ + "billing_center_viewer", "enterprise_manager" ] } ] }, { - "id": "./compliance/github/repository_size/repository_size.pt", - "name": "GitHub.com Unpermitted Sized Repositories", + "id": "./compliance/google/long_stopped_instances/google_long_stopped_instances.pt", + "name": "Google Long-stopped instances", "providers": [ ] }, { - "id": "./compliance/github/repository_branch_protection/repository_branch_protection.pt", - "name": "GitHub.com Repository Branches without Protection", + "id": "./compliance/google/unlabeled_resources/unlabeled_resources.pt", + "name": "Google Unlabeled Resources", "providers": [ ] }, { - "id": "./compliance/github/repository_admin_team/repository_admin_team.pt", - "name": "GitHub.com Repositories without Admin Team", + "id": "./compliance/disallowed_images/disallowed_cloud_images.pt", + "name": "Disallowed Cloud Images", "providers": [ ] }, { - "id": "./compliance/github/toplevel_teams/toplevel_teams.pt", - "name": "GitHub.com Unpermitted Top-Level Teams", + "id": "./compliance/github/repository_naming/repository_naming.pt", + "name": "GitHub.com Unpermitted Repository Names", "providers": [ ] }, { - "id": "./compliance/github/available_seats/available_seats.pt", - "name": "GitHub.com Available Seats Report", + "id": "./compliance/github/repository_size/repository_size.pt", + "name": "GitHub.com Unpermitted Sized Repositories", "providers": [ ] }, { - "id": "./compliance/github/repository_naming/repository_naming.pt", - "name": "GitHub.com Unpermitted Repository Names", + "id": "./compliance/github/outside_collaborators/outside_collaborators.pt", + "name": "GitHub.com Unpermitted Outside Collaborators", "providers": [ ] }, { - "id": "./compliance/github/outside_collaborators/outside_collaborators.pt", - "name": "GitHub.com Unpermitted Outside Collaborators", + "id": "./compliance/github/available_seats/available_seats.pt", + "name": "GitHub.com Available Seats Report", "providers": [ ] }, { - "id": "./compliance/tags/azure_rg_tags/azure_resource_group_tags.pt", - "name": "Azure Tag Resources with Resource Group Name", + "id": "./compliance/github/repository_admin_team/repository_admin_team.pt", + "name": "GitHub.com Repositories without Admin Team", "providers": [ ] }, { - "id": "./compliance/tags/tag_checker/tag_checker.pt", - "name": "Untagged Resources", + "id": "./compliance/github/repository_branch_protection/repository_branch_protection.pt", + "name": "GitHub.com Repository Branches without Protection", "providers": [ ] }, { - "id": "./cost/oracle/oracle_cbi/oracle_cbi.pt", - "name": "Oracle Cloud Common Bill Ingestion", + "id": "./compliance/github/toplevel_teams/toplevel_teams.pt", + "name": "GitHub.com Unpermitted Top-Level Teams", "providers": [ ] }, { - "id": "./cost/superseded_instance_remediation/superseded_instance_remediation.pt", - "name": "Superseded Instance Remediation", + "id": "./compliance/tags/azure_rg_tags/azure_resource_group_tags.pt", + "name": "Azure Tag Resources with Resource Group Name", "providers": [ ] }, { - "id": "./cost/currency_conversion/currency_conversion.pt", - "name": "Currency Conversion", - "providers": [ - { - "name": "flexera", - "permissions": [ - "enterprise_manager" - ] - } - ] - }, - { - "id": "./cost/superseded_instance/superseded_instance.pt", - "name": "Superseded Instances", - "providers": [ - { - "name": "flexera", - "permissions": [ - "billing_center_viewer" - ] - } - ] - }, - { - "id": "./cost/forecasting/commitment_forecast/commitment_forecast.pt", - "name": "Vendor Commitment Forecast", + "id": "./compliance/tags/tag_checker/tag_checker.pt", + "name": "Untagged Resources", "providers": [ - { - "name": "flexera", - "permissions": [ - "billing_center_viewer" - ] - } + ] }, { - "id": "./cost/forecasting/moving_average/moving_average_forecast.pt", - "name": "Cloud Spend Forecast - Moving Average", + "id": "./compliance/flexera/iam_explicit_user_roles/flexera_iam_explicit_user_roles.pt", + "name": "Flexera IAM Explicit User Roles", "providers": [ { "name": "flexera", "permissions": [ - "billing_center_viewer" + "enterprise_manager" ] } ] }, { - "id": "./cost/forecasting/straight_line_forecast/linear_regression/straight_line_forecast_linear_regression.pt", - "name": "Cloud Spend Forecast - Straight-Line (Linear Regression Model)", + "id": "./cost/instance_anomaly/instance_anomaly.pt", + "name": "Running Instance Count Anomaly", "providers": [ - { - "name": "flexera", - "permissions": [ - "billing_center_viewer" - ] - } + ] }, { - "id": "./cost/forecasting/straight_line_forecast/simple/straight_line_forecast_simple.pt", - "name": "Cloud Spend Forecast - Straight-Line (Simple Model)", + "id": "./cost/budget_alerts/budget_alert.pt", + "name": "Budget Alerts (Legacy)", "providers": [ { "name": "flexera", @@ -540,49 +473,15 @@ ] }, { - "id": "./cost/unattached_addresses/unattached_addresses.pt", - "name": "Unattached IP Addresses", - "providers": [ - - ] - }, - { - "id": "./cost/cloud_cost_anomaly_alerts/cloud_cost_anomaly_alerts.pt", - "name": "Cloud Cost Anomaly Alerts", + "id": "./cost/scheduled_report_markupsdowns/scheduled_report_markpsdowns.pt", + "name": "Scheduled Report with Markups and Markdowns", "providers": [ ] }, { - "id": "./cost/low_service_usage/low_service_usage.pt", - "name": "Low Service Usage", - "providers": [ - { - "name": "flexera", - "permissions": [ - "billing_center_viewer", - "policy_designer", - "policy_manager", - "policy_publisher" - ] - } - ] - }, - { - "id": "./cost/budget_alerts_by_account/budget_alerts_by_account.pt", - "name": "Budget Alerts by Cloud Account", - "providers": [ - { - "name": "flexera", - "permissions": [ - "billing_center_viewer" - ] - } - ] - }, - { - "id": "./cost/turbonomics/delete_unattached_volumes/azure/turbonomics_delete_virtual_volumes.pt", - "name": "Turbonomic Delete Unattached Volumes Recommendations Azure", + "id": "./cost/turbonomics/delete_unattached_volumes/gcp/turbonomics_delete_virtual_volumes.pt", + "name": "Turbonomic Delete Unattached Volumes Recommendations Google", "providers": [ ] @@ -595,36 +494,29 @@ ] }, { - "id": "./cost/turbonomics/delete_unattached_volumes/gcp/turbonomics_delete_virtual_volumes.pt", - "name": "Turbonomic Delete Unattached Volumes Recommendations Google", - "providers": [ - - ] - }, - { - "id": "./cost/turbonomics/allocate_virtual_machines_recommendations/azure/turbonomics_allocate_virtual_machines.pt", - "name": "Turbonomic Allocate Virtual Machine Recommendations Azure", + "id": "./cost/turbonomics/delete_unattached_volumes/azure/turbonomics_delete_virtual_volumes.pt", + "name": "Turbonomic Delete Unattached Volumes Recommendations Azure", "providers": [ ] }, { - "id": "./cost/turbonomics/allocate_virtual_machines_recommendations/aws/turbonomics_allocate_virtual_machines.pt", - "name": "Turbonomic Allocate Virtual Machine Recommendations AWS", + "id": "./cost/turbonomics/rightsize_virtual_volumes_recommendations/gcp/turbonomics_rightsize_virtual_volumes_recommendations.pt", + "name": "Turbonomic Rightsize Virtual Volumes Recommendations Google", "providers": [ ] }, { - "id": "./cost/turbonomics/allocate_virtual_machines_recommendations/gcp/turbonomics_allocate_virtual_machines.pt", - "name": "Turbonomic Allocate Virtual Machine Recommendations Google", + "id": "./cost/turbonomics/rightsize_virtual_volumes_recommendations/aws/turbonomics_rightsize_virtual_volumes_recommendations.pt", + "name": "Turbonomic Rightsize Virtual Volumes Recommendations AWS", "providers": [ ] }, { - "id": "./cost/turbonomics/buy_reserved_instances_recommendations/azure/turbonomics_buy_reserved_instances.pt", - "name": "Turbonomic Buy Reserved Instances Recommendations Azure", + "id": "./cost/turbonomics/rightsize_virtual_volumes_recommendations/azure/turbonomics_rightsize_virtual_volumes_recommendations.pt", + "name": "Turbonomic Rightsize Virtual Volumes Recommendations Azure", "providers": [ ] @@ -637,15 +529,8 @@ ] }, { - "id": "./cost/turbonomics/rightsize_databases_recommendations/azure/turbonomics_rightsize_databases_recommendations.pt", - "name": "Turbonomic Rightsize Databases Recommendations Azure", - "providers": [ - - ] - }, - { - "id": "./cost/turbonomics/rightsize_databases_recommendations/aws/turbonomics_rightsize_databases_recommendations.pt", - "name": "Turbonomic Rightsize Databases Recommendations AWS", + "id": "./cost/turbonomics/buy_reserved_instances_recommendations/azure/turbonomics_buy_reserved_instances.pt", + "name": "Turbonomic Buy Reserved Instances Recommendations Azure", "providers": [ ] @@ -658,22 +543,15 @@ ] }, { - "id": "./cost/turbonomics/scale_virtual_machines_recommendations/azure/turbonomics_scale_virtual_machines.pt", - "name": "Turbonomic Rightsize Virtual Machines Recommendations Azure", - "providers": [ - - ] - }, - { - "id": "./cost/turbonomics/scale_virtual_machines_recommendations/aws/turbonomics_scale_virtual_machines.pt", - "name": "Turbonomic Rightsize Virtual Machines Recommendations AWS", + "id": "./cost/turbonomics/rightsize_databases_recommendations/aws/turbonomics_rightsize_databases_recommendations.pt", + "name": "Turbonomic Rightsize Databases Recommendations AWS", "providers": [ ] }, { - "id": "./cost/turbonomics/scale_virtual_machines_recommendations/gcp/turbonomics_scale_virtual_machines.pt", - "name": "Turbonomic Rightsize Virtual Machines Recommendations Google", + "id": "./cost/turbonomics/rightsize_databases_recommendations/azure/turbonomics_rightsize_databases_recommendations.pt", + "name": "Turbonomic Rightsize Databases Recommendations Azure", "providers": [ ] @@ -686,112 +564,149 @@ ] }, { - "id": "./cost/turbonomics/rightsize_virtual_volumes_recommendations/azure/turbonomics_rightsize_virtual_volumes_recommendations.pt", - "name": "Turbonomic Rightsize Virtual Volumes Recommendations Azure", + "id": "./cost/turbonomics/scale_virtual_machines_recommendations/gcp/turbonomics_scale_virtual_machines.pt", + "name": "Turbonomic Rightsize Virtual Machines Recommendations Google", "providers": [ ] }, { - "id": "./cost/turbonomics/rightsize_virtual_volumes_recommendations/aws/turbonomics_rightsize_virtual_volumes_recommendations.pt", - "name": "Turbonomic Rightsize Virtual Volumes Recommendations AWS", + "id": "./cost/turbonomics/scale_virtual_machines_recommendations/aws/turbonomics_scale_virtual_machines.pt", + "name": "Turbonomic Rightsize Virtual Machines Recommendations AWS", "providers": [ ] }, { - "id": "./cost/turbonomics/rightsize_virtual_volumes_recommendations/gcp/turbonomics_rightsize_virtual_volumes_recommendations.pt", - "name": "Turbonomic Rightsize Virtual Volumes Recommendations Google", + "id": "./cost/turbonomics/scale_virtual_machines_recommendations/azure/turbonomics_scale_virtual_machines.pt", + "name": "Turbonomic Rightsize Virtual Machines Recommendations Azure", "providers": [ ] }, { - "id": "./cost/volumes/unattached_volumes/uav_policy.pt", - "name": "Unattached Volumes", + "id": "./cost/turbonomics/allocate_virtual_machines_recommendations/gcp/turbonomics_allocate_virtual_machines.pt", + "name": "Turbonomic Allocate Virtual Machine Recommendations Google", "providers": [ ] }, { - "id": "./cost/volumes/old_snapshots/old_snapshot.pt", - "name": "Discover Old Snapshots", + "id": "./cost/turbonomics/allocate_virtual_machines_recommendations/aws/turbonomics_allocate_virtual_machines.pt", + "name": "Turbonomic Allocate Virtual Machine Recommendations AWS", "providers": [ ] }, { - "id": "./cost/scheduled_report_markupsdowns/scheduled_report_markpsdowns.pt", - "name": "Scheduled Report with Markups and Markdowns", + "id": "./cost/turbonomics/allocate_virtual_machines_recommendations/azure/turbonomics_allocate_virtual_machines.pt", + "name": "Turbonomic Allocate Virtual Machine Recommendations Azure", "providers": [ ] }, { - "id": "./cost/google/cud_expiration/google_cud_expiration_report.pt", - "name": "Google Expiring Committed Use Discount (CUD)", + "id": "./cost/billing_center_cost_anomaly/billing_center_cost_anomaly.pt", + "name": "Billing Center Cost Anomalies", "providers": [ - + { + "name": "flexera", + "permissions": [ + "billing_center_viewer", + "policy_manager" + ] + } ] }, { - "id": "./cost/google/unutilized_ip_addresses/google_unutilized_ip_addresses.pt", - "name": "Google Unutilized IP Addresses", + "id": "./cost/aws/rightsize_ec2_instances/aws_rightsize_ec2_instances.pt", + "name": "AWS Rightsize EC2 Instances", "providers": [ - + { + "name": "aws", + "permissions": [ + "ec2:DescribeRegions", + "ec2:DescribeInstances", + "ec2:DescribeInstanceStatus", + "ec2:DescribeTags", + "ec2:ModifyInstanceAttribute", + "ec2:StartInstances", + "ec2:StopInstances", + "ec2:TerminateInstances", + "cloudwatch:GetMetricStatistics", + "cloudwatch:GetMetricData", + "cloudwatch:ListMetrics", + "sts:GetCallerIdentity" + ] + }, + { + "name": "flexera", + "permissions": [ + "billing_center_viewer" + ] + } ] }, { - "id": "./cost/google/idle_vm_recommendations/google_vm_recommendations.pt", - "name": "Google Idle VM Recommender", + "id": "./cost/aws/instance_cloudwatch_utilization/aws_instance_cloudwatch_utilization.pt", + "name": "AWS Inefficient Instance Utilization using CloudWatch", "providers": [ ] }, { - "id": "./cost/google/unattached_volumes/google_delete_unattached_volumes.pt", - "name": "Google Unused Volumes", + "id": "./cost/aws/s3_bucket_size/aws_bucket_size.pt", + "name": "AWS Bucket Size Check", "providers": [ ] }, { - "id": "./cost/google/cud_report/google_committed_usediscount_report.pt", - "name": "Google Committed Use Discount (CUD)", + "id": "./cost/aws/idle_compute_instances/idle_compute_instances.pt", + "name": "AWS Idle Compute Instances", "providers": [ - + { + "name": "aws", + "permissions": [ + "ec2:DescribeRegions", + "ec2:DescribeInstances", + "ec2:DescribeTags", + "cloudwatch:GetMetricStatistics", + "cloudwatch:GetMetricData", + "cloudwatch:ListMetrics" + ] + }, + { + "name": "flexera", + "permissions": [ + "billing_center_viewer" + ] + } ] }, { - "id": "./cost/google/instances_stackdriver_utilization/google_instances_stackdriver_utilization.pt", - "name": "Google Inefficient Instance Utilization using StackDriver", + "id": "./cost/aws/burstable_instance_cloudwatch_credit_utilization/aws_burstable_instance_cloudwatch_credit_utilization.pt", + "name": "AWS Burstable Instance CloudWatch Utilization", "providers": [ ] }, { - "id": "./cost/google/rightsize_vm_recommendations/google_rightsize_vm_recommendations.pt", - "name": "Google Rightsize VM Recommender", + "id": "./cost/aws/rightsize_rds_instances/aws_rightsize_rds_instances.pt", + "name": "AWS Rightsize RDS Instances", "providers": [ { - "name": "gcp", + "name": "aws", "permissions": [ - "recommender.computeInstanceMachineTypeRecommendations.list", - "recommender.computeInstanceIdleResourceRecommendations.list", - "resourcemanager.projects.get", - "monitoring.metricDescriptors.list", - "monitoring.timeSeries.list", - "compute.instances.list", - "compute.instances.get", - "compute.instances.start", - "compute.instances.stop", - "compute.instances.setMachineType", - "compute.instances.delete" - ], - "roles": [ - "Monitoring Viewer", - "Compute Recommender Viewer", - "Compute Recommender Admin" + "sts:GetCallerIdentity", + "cloudwatch:GetMetricStatistics", + "cloudwatch:GetMetricData", + "ec2:DescribeRegions", + "rds:DescribeDBInstances", + "rds:ListTagsForResource", + "rds:DescribeOrderableDBInstanceOptions", + "rds:ModifyDBInstance", + "rds:DeleteDBInstance" ] }, { @@ -803,30 +718,20 @@ ] }, { - "id": "./cost/google/schedule_instance/google_schedule_instance.pt", - "name": "Google Schedule Instance", - "providers": [ - - ] - }, - { - "id": "./cost/google/idle_persistent_disk_recommendations/google_idle_persistent_disk_recommendations.pt", - "name": "Google Idle Persistent Disk Recommender", + "id": "./cost/aws/superseded_instances/aws_superseded_instances_meta_parent.pt", + "name": "AWS Superseded EC2 Instances Meta Parent", "providers": [ { - "name": "gcp", + "name": "aws", "permissions": [ - "recommender.computeDiskIdleResourceRecommendations.list", - "resourcemanager.projects.get", - "compute.disks.list", - "compute.disks.createSnapshot", - "compute.disks.delete", - "compute.globalOperations.get" - ], - "roles": [ - "Monitoring Viewer", - "Compute Recommender Viewer", - "Compute Recommender Admin" + "ec2:DescribeRegions", + "ec2:DescribeInstances", + "ec2:DescribeInstanceStatus", + "ec2:DescribeTags", + "ec2:ModifyInstanceAttribute", + "ec2:StartInstances", + "ec2:StopInstances", + "sts:GetCallerIdentity" ] }, { @@ -838,28 +743,16 @@ ] }, { - "id": "./cost/google/unused_cloudsql_instances/google_unused_cloudsql_instances.pt", - "name": "Google Unused CloudSQL Instances", - "providers": [ - - ] - }, - { - "id": "./cost/google/cloud_sql_idle_instance_recommendations/google_sql_idle_instance_recommendations.pt", - "name": "Google Idle Cloud SQL Instance Recommender", + "id": "./cost/aws/s3_storage_policy/aws_s3_bucket_policy_check.pt", + "name": "AWS S3 Bucket Intelligent Tiering Check", "providers": [ { - "name": "gcp", + "name": "aws", "permissions": [ - "recommender.cloudsqlIdleInstanceRecommendations.list", - "resourcemanager.projects.get", - "cloudsql.instances.list", - "cloudsql.instances.update", - "cloudsql.instances.delete" - ], - "roles": [ - "Cloud SQL Recommender Viewer", - "Cloud SQL Recommender Admin" + "s3:ListAllMyBuckets", + "s3:GetBucketlocation", + "s3:GetIntelligentTieringConfiguration", + "s3:GetBucketTagging" ] }, { @@ -871,20 +764,20 @@ ] }, { - "id": "./cost/google/idle_ip_address_recommendations/google_idle_ip_address_recommendations_meta_parent.pt", - "name": "Google Idle IP Address Recommender Meta Parent", + "id": "./cost/aws/unused_rds/unused_rds.pt", + "name": "AWS Unused RDS Instances", "providers": [ { - "name": "gcp", + "name": "aws", "permissions": [ - "recommender.computeAddressIdleResourceRecommendations.list", - "resourcemanager.projects.get", - "compute.addresses.list", - "compute.addresses.delete" - ], - "roles": [ - "Compute Recommender Viewer", - "Compute Recommender Admin" + "ec2:DescribeRegions", + "cloudwatch:GetMetricData", + "cloudwatch:GetMetricStatistics", + "cloudwatch:ListMetrics", + "rds:DeleteDBInstance", + "rds:DescribeDBInstances", + "rds:ListTagsForResource", + "sts:GetCallerIdentity" ] }, { @@ -896,16 +789,21 @@ ] }, { - "id": "./cost/google/old_snapshots/google_delete_old_snapshots.pt", - "name": "Google Old Snapshots", + "id": "./cost/aws/unused_volumes/aws_delete_unused_volumes.pt", + "name": "AWS Unused Volumes", "providers": [ { - "name": "gcp", + "name": "aws", "permissions": [ - "resourcemanager.projects.get", - "compute.snapshots.get", - "compute.snapshots.list", - "compute.snapshots.delete" + "ec2:DescribeRegions", + "ec2:DescribeVolumes", + "ec2:DescribeSnapshots", + "cloudwatch:GetMetricStatistics", + "cloudwatch:GetMetricData", + "ec2:CreateTags", + "ec2:CreateSnapshot", + "ec2:DetachVolume", + "ec2:DeleteVolume" ] }, { @@ -917,33 +815,19 @@ ] }, { - "id": "./cost/google/object_storage_optimization/google_object_storage_optimization.pt", - "name": "Google Object Storage Optimization", - "providers": [ - - ] - }, - { - "id": "./cost/google/idle_compute_instances/google_idle_compute_instances.pt", - "name": "Google Idle Compute Instances", - "providers": [ - - ] - }, - { - "id": "./cost/google/cud_recommendations/google_committed_use_discount_recommendations_meta_parent.pt", - "name": "Google Committed Use Discount Recommender Meta Parent", + "id": "./cost/aws/object_storage_optimization/aws_object_storage_optimization.pt", + "name": "AWS Object Storage Optimization", "providers": [ { - "name": "gcp", + "name": "aws", "permissions": [ - "resourcemanager.projects.get", - "recommender.usageCommitmentRecommendations.list", - "billing.resourceCosts.get", - "billing.accounts.getSpendingInformation" - ], - "roles": [ - "Project Usage Commitment Recommender Viewer" + "s3:ListAllMyBuckets", + "s3:GetBucketLocation", + "s3:ListBucket", + "s3:GetObject", + "s3:GetObjectTagging", + "s3:PutObject", + "s3:DeleteObject" ] }, { @@ -955,52 +839,41 @@ ] }, { - "id": "./cost/google/cloudsql_rightsizing/google_cloudsql_rightsizing.pt", - "name": "Google Rightsize CloudSQL Instances", - "providers": [ - - ] - }, - { - "id": "./cost/google/recommender/recommender.pt", - "name": "Google Recommender Policy", - "providers": [ - - ] - }, - { - "id": "./cost/low_account_usage/low_account_usage.pt", - "name": "Low Account Usage", + "id": "./cost/aws/rightsize_ebs_volumes/aws_volumes_rightsizing_meta_parent.pt", + "name": "AWS Rightsize EBS Volumes Meta Parent", "providers": [ + { + "name": "aws", + "permissions": [ + "ec2:DescribeRegions", + "ec2:DescribeVolumes", + "ec2:ModifyVolume", + "pricing:GetProducts" + ] + }, { "name": "flexera", "permissions": [ - "billing_center_viewer", - "policy_designer", - "policy_manager", - "policy_publisher" + "billing_center_viewer" ] } ] }, { - "id": "./cost/downsize_instance/downsize_instance.pt", - "name": "Downsize Instances", + "id": "./cost/aws/savings_plan/expiration/aws_savings_plan_expiration.pt", + "name": "AWS Expiring Savings Plans", "providers": [ ] }, { - "id": "./cost/azure/unused_sql_databases/azure_unused_sql_databases_meta_parent.pt", - "name": "Azure Unused SQL Databases Meta Parent", + "id": "./cost/aws/savings_plan/utilization/aws_savings_plan_utilization.pt", + "name": "AWS Savings Plan Utilization", "providers": [ { - "name": "azure", + "name": "aws", "permissions": [ - "Microsoft.Sql/servers/databases/read", - "Microsoft.Sql/servers/databases/metrics/read", - "Microsoft.Insights/metrics/read", - "Microsoft.Sql/servers/databases/delete" + "ce:*" ] }, { @@ -1012,13 +885,13 @@ ] }, { - "id": "./cost/azure/savings_plan/recommendations/azure_savings_plan_recommendations.pt", - "name": "Azure Savings Plan Recommendations", + "id": "./cost/aws/savings_plan/recommendations/aws_savings_plan_recommendations.pt", + "name": "AWS Savings Plan Recommendations", "providers": [ { - "name": "azure", + "name": "aws", "permissions": [ - "Microsoft.CostManagement/benefitRecommendations/read" + "ce:GetSavingsPlansPurchaseRecommendation" ] }, { @@ -1030,18 +903,25 @@ ] }, { - "id": "./cost/azure/hybrid_use_benefit_sql/ahub_sql_meta_parent.pt", - "name": "Azure Hybrid Use Benefit for SQL Meta Parent", + "id": "./cost/aws/old_snapshots/aws_delete_old_snapshots.pt", + "name": "AWS Old Snapshots", "providers": [ { - "name": "azure", + "name": "aws", "permissions": [ - "Microsoft.SqlVirtualMachine/sqlVirtualMachines/read", - "Microsoft.SqlVirtualMachine/sqlVirtualMachines/write", - "Microsoft.Sql/servers/read", - "Microsoft.Sql/servers/write", - "Microsoft.Sql/managedInstances/read", - "Microsoft.Sql/managedInstances/write" + "ec2:DescribeRegions", + "ec2:DescribeImages", + "ec2:DescribeSnapshots", + "ec2:DeregisterImage", + "ec2:DeleteSnapshot", + "rds:DescribeDBInstances", + "rds:DescribeDBSnapshots", + "rds:DescribeDBClusters", + "rds:DescribeDBClusterSnapshots", + "rds:DeleteDBClusterSnapshot", + "rds:DeleteDBSnapshot", + "sts:GetCallerIdentity", + "cloudtrail:LookupEvents" ] }, { @@ -1053,101 +933,60 @@ ] }, { - "id": "./cost/azure/databricks/rightsize_compute/azure_databricks_rightsize_compute_meta_parent.pt", - "name": "Azure Databricks Rightsize Compute Instances Meta Parent", + "id": "./cost/aws/reserved_instances/expiration/expired_ris.pt", + "name": "AWS Expiring Reserved Instances", "providers": [ - { - "name": "azure", - "permissions": [ - "Microsoft.Compute/virtualMachines/read", - "Microsoft.Compute/skus/read", - "Microsoft.Insights/metrics/read" - ] - }, { "name": "flexera", "permissions": [ - "billing_center_viewer" + "actor", + "observer", + "credential_viewer" ] } ] }, { - "id": "./cost/azure/reserved_instances/recommendations/azure_reserved_instance_recommendations.pt", - "name": "Azure Reserved Instances Recommendations", + "id": "./cost/aws/reserved_instances/report_by_bc/ri_report_by_bc.pt", + "name": "Reserved Instance Report by Billing Center", "providers": [ - { - "name": "azure", - "permissions": [ - "Microsoft.Billing/billingAccounts/read", - "Microsoft.Consumption/reservationRecommendations/read" - ] - }, { "name": "flexera", "permissions": [ - "billing_center_viewer" + "actor", + "observer", + "credential_viewer" ] } ] }, { - "id": "./cost/azure/reserved_instances/expiration/azure_reserved_instance_expiration.pt", - "name": "Azure Expiring Reserved Instances", + "id": "./cost/aws/reserved_instances/utilization/utilization_ris.pt", + "name": "AWS Reserved Instances Utilization", "providers": [ { "name": "flexera", "permissions": [ - "ca_user" + "billing_center_viewer" ] } ] }, { - "id": "./cost/azure/reserved_instances/utilization/azure_reserved_instance_utilization.pt", - "name": "Azure Reserved Instances Utilization", - "providers": [ - - ] - }, - { - "id": "./cost/azure/reserved_instances/utilization_mca/azure_reserved_instance_utilization_mca.pt", - "name": "Azure Reserved Instances Utilization MCA", + "id": "./cost/aws/reserved_instances/compute_purchase_recommendation/aws_reserved_instance_recommendations_with_purchase.pt", + "name": "AWS Reserved Instances Recommendations with Purchase", "providers": [ ] }, { - "id": "./cost/azure/hybrid_use_benefit/azure_hybrid_use_benefit_meta_parent.pt", - "name": "Azure Hybrid Use Benefit for Windows Server Meta Parent", - "providers": [ - { - "name": "azure", - "permissions": [ - "Microsoft.Compute/virtualMachines/read", - "Microsoft.Compute/virtualMachines/write" - ] - }, - { - "name": "flexera", - "permissions": [ - "billing_center_viewer" - ] - } - ] - }, - { - "id": "./cost/azure/schedule_instance/azure_schedule_instance_meta_parent.pt", - "name": "Azure Schedule Instance Meta Parent", + "id": "./cost/aws/reserved_instances/recommendations/aws_reserved_instance_recommendations.pt", + "name": "AWS Reserved Instances Recommendations", "providers": [ { - "name": "azure", + "name": "aws", "permissions": [ - "Microsoft.Compute/virtualMachines/read", - "Microsoft.Compute/virtualMachines/write", - "Microsoft.Compute/virtualMachines/delete", - "Microsoft.Compute/virtualMachines/start/action", - "Microsoft.Compute/virtualMachines/deallocate/action" + "ce:GetReservationPurchaseRecommendation" ] }, { @@ -1159,39 +998,26 @@ ] }, { - "id": "./cost/azure/rightsize_compute_instances/azure_compute_rightsizing_meta_parent.pt", - "name": "Azure Rightsize Compute Instances Meta Parent", + "id": "./cost/aws/reserved_instances/coverage/reserved_instance_coverage.pt", + "name": "Reserved Instances Coverage", "providers": [ - { - "name": "azure", - "permissions": [ - "Microsoft.Compute/virtualMachines/read", - "Microsoft.Compute/virtualMachines/write", - "Microsoft.Compute/skus/read", - "Microsoft.Insights/metrics/read" - ] - }, - { - "name": "flexera", - "permissions": [ - "billing_center_viewer" - ] - } + ] }, { - "id": "./cost/azure/unused_volumes/azure_unused_volumes.pt", - "name": "Azure Unused Volumes", + "id": "./cost/aws/schedule_instance/aws_schedule_instance_meta_parent.pt", + "name": "AWS Schedule Instance Meta Parent", "providers": [ { - "name": "azure", + "name": "aws", "permissions": [ - "Microsoft.Compute/disks/read", - "Microsoft.Compute/disks/write", - "Microsoft.Compute/snapshots/write", - "Microsoft.Compute/virtualMachines/read", - "Microsoft.Compute/virtualMachines/write", - "Microsoft.Insights/metrics/read" + "ec2:DescribeInstances", + "ec2:StartInstances", + "ec2:StopInstances", + "ec2:TerminateInstances", + "ec2:CreateTags", + "ec2:DeleteTags", + "ec2:DescribeRegions" ] }, { @@ -1203,28 +1029,15 @@ ] }, { - "id": "./cost/azure/instances_log_analytics_utilization/azure_instance_log_analytics_utilization.pt", - "name": "Azure Inefficient Instance Utilization using Log Analytics", - "providers": [ - - ] - }, - { - "id": "./cost/azure/azure_china_cbi/azure_china_cbi.pt", - "name": "Azure China Common Bill Ingestion", - "providers": [ - - ] - }, - { - "id": "./cost/azure/hybrid_use_benefit_linux/ahub_linux_meta_parent.pt", - "name": "Azure Hybrid Use Benefit for Linux Server Meta Parent", + "id": "./cost/aws/gp3_volume_upgrade/aws_upgrade_to_gp3_volume_meta_parent.pt", + "name": "AWS GP3 Upgradeable Volumes Meta Parent", "providers": [ { - "name": "azure", + "name": "aws", "permissions": [ - "Microsoft.Compute/virtualMachines/read", - "Microsoft.Compute/virtualMachines/write" + "ec2:DescribeVolumes", + "ec2:DescribeRegions", + "pricing:GetProducts" ] }, { @@ -1236,8 +1049,8 @@ ] }, { - "id": "./cost/azure/savings_realized/azure_savings_realized.pt", - "name": "Azure Savings Realized from Reservations", + "id": "./cost/aws/savings_realized/aws_savings_realized.pt", + "name": "AWS Savings Realized from Reservations", "providers": [ { "name": "flexera", @@ -1248,15 +1061,15 @@ ] }, { - "id": "./cost/azure/unused_ip_addresses/azure_unused_ip_addresses.pt", - "name": "Azure Unused IP Addresses", + "id": "./cost/aws/rds_instance_license_info/rds_instance_license_info.pt", + "name": "AWS RDS Instances", "providers": [ { - "name": "azure", + "name": "aws", "permissions": [ - "Microsoft.Network/publicIPAddresses/read", - "Microsoft.Network/publicIPAddresses/delete", - "Microsoft.Insights/eventtypes/values/read" + "ec2:DescribeRegions", + "rds:DescribeDBInstances", + "sts:GetCallerIdentity" ] }, { @@ -1268,14 +1081,18 @@ ] }, { - "id": "./cost/azure/superseded_instances/azure_superseded_instances_meta_parent.pt", - "name": "Azure Superseded Compute Instances Meta Parent", + "id": "./cost/aws/unused_clbs/aws_unused_clbs_meta_parent.pt", + "name": "AWS Unused Classic Load Balancers Meta Parent", "providers": [ { - "name": "azure", + "name": "aws", "permissions": [ - "Microsoft.Compute/virtualMachines/read", - "Microsoft.Compute/virtualMachines/write" + "sts:GetCallerIdentity", + "ec2:DescribeRegions", + "elasticloadbalancing:DescribeLoadBalancers", + "elasticloadbalancing:DescribeInstanceHealth", + "elasticloadbalancing:DescribeTags", + "elasticloadbalancing:DeleteLoadBalancer" ] }, { @@ -1287,14 +1104,17 @@ ] }, { - "id": "./cost/azure/old_snapshots/azure_delete_old_snapshots.pt", - "name": "Azure Old Snapshots", + "id": "./cost/aws/unused_ip_addresses/aws_unused_ip_addresses_meta_parent.pt", + "name": "AWS Unused IP Addresses Meta Parent", "providers": [ { - "name": "azure", + "name": "aws", "permissions": [ - "Microsoft.Compute/snapshots/read", - "Microsoft.Compute/snapshots/delete" + "ec2:DescribeRegions", + "ec2:DescribeAddresses", + "ec2:ReleaseAddress", + "pricing:GetProducts", + "sts:GetCallerIdentity" ] }, { @@ -1306,22 +1126,9 @@ ] }, { - "id": "./cost/azure/object_storage_optimization/azure_object_storage_optimization.pt", - "name": "Azure Blob Storage Optimization", - "providers": [ - - ] - }, - { - "id": "./cost/azure/storage_account_lifecycle_management/storage_account_lifecycle_management.pt", - "name": "Azure Storage Accounts without Lifecycle Management Policies", + "id": "./cost/forecasting/straight_line_forecast/linear_regression/straight_line_forecast_linear_regression.pt", + "name": "Cloud Spend Forecast - Straight-Line (Linear Regression Model)", "providers": [ - { - "name": "azure", - "permissions": [ - "Microsoft.Storage/storageAccounts/read" - ] - }, { "name": "flexera", "permissions": [ @@ -1331,17 +1138,9 @@ ] }, { - "id": "./cost/azure/idle_compute_instances/azure_idle_compute_instances.pt", - "name": "Azure Idle Compute Instances", + "id": "./cost/forecasting/straight_line_forecast/simple/straight_line_forecast_simple.pt", + "name": "Cloud Spend Forecast - Straight-Line (Simple Model)", "providers": [ - { - "name": "azure", - "permissions": [ - "Microsoft.Compute/virtualMachines/read", - "Microsoft.Compute/virtualMachines/write", - "Microsoft.Insights/metrics/read" - ] - }, { "name": "flexera", "permissions": [ @@ -1351,19 +1150,9 @@ ] }, { - "id": "./cost/azure/rightsize_sql_instances/azure_rightsize_sql_instances.pt", - "name": "Azure Rightsize SQL Databases", + "id": "./cost/forecasting/commitment_forecast/commitment_forecast.pt", + "name": "Vendor Commitment Forecast", "providers": [ - { - "name": "azure", - "permissions": [ - "Microsoft.Sql/servers/databases/read", - "Microsoft.Sql/servers/databases/metrics/read", - "Microsoft.Sql/servers/databases/update", - "Microsoft.Sql/servers/databases/delete", - "Microsoft.Insights/metrics/read" - ] - }, { "name": "flexera", "permissions": [ @@ -1373,8 +1162,8 @@ ] }, { - "id": "./cost/new_service_usage/new_service_usage.pt", - "name": "New Service Usage", + "id": "./cost/forecasting/moving_average/moving_average_forecast.pt", + "name": "Cloud Spend Forecast - Moving Average", "providers": [ { "name": "flexera", @@ -1385,49 +1174,48 @@ ] }, { - "id": "./cost/billing_center_cost_anomaly/billing_center_cost_anomaly.pt", - "name": "Billing Center Cost Anomalies", + "id": "./cost/budget_v_actual/monthly_budget_v_actual.pt", + "name": "Monthly Actual v. Budgeted Spend Report", "providers": [ { "name": "flexera", "permissions": [ - "billing_center_viewer", - "policy_manager" + "billing_center_viewer" ] } ] }, { - "id": "./cost/kubecost/sizing/kubecost_resizing_recommendation.pt", - "name": "Kubecost Request Rightsizing Recommendations", + "id": "./cost/terminate_policy/instance_terminate.pt", + "name": "Terminate Instances with End Date", "providers": [ ] }, { - "id": "./cost/kubecost/cluster/kubecost_cluster_rightsizing_recommendations.pt", - "name": "Kubecost Cluster Rightsizing Recommendations", + "id": "./cost/cloud_cost_anomaly_alerts/cloud_cost_anomaly_alerts.pt", + "name": "Cloud Cost Anomaly Alerts", "providers": [ ] }, { - "id": "./cost/terminate_policy/instance_terminate.pt", - "name": "Terminate Instances with End Date", + "id": "./cost/schedule_instances/schedule_instances.pt", + "name": "Schedule Instances", "providers": [ ] }, { - "id": "./cost/instance_anomaly/instance_anomaly.pt", - "name": "Running Instance Count Anomaly", + "id": "./cost/scheduled_reports_with_estimates/costs_forecasting.pt", + "name": "Scheduled Report With Estimates", "providers": [ ] }, { - "id": "./cost/scheduled_reports/scheduled_report.pt", - "name": "Scheduled Report", + "id": "./cost/new_service_usage/new_service_usage.pt", + "name": "New Service Usage", "providers": [ { "name": "flexera", @@ -1438,24 +1226,25 @@ ] }, { - "id": "./cost/aws/rightsize_ec2_instances/aws_rightsize_ec2_instances.pt", - "name": "AWS Rightsize EC2 Instances", + "id": "./cost/downsize_instance/downsize_instance.pt", + "name": "Downsize Instances", + "providers": [ + + ] + }, + { + "id": "./cost/azure/hybrid_use_benefit_sql/ahub_sql_meta_parent.pt", + "name": "Azure Hybrid Use Benefit for SQL Meta Parent", "providers": [ { - "name": "aws", + "name": "azure", "permissions": [ - "ec2:DescribeRegions", - "ec2:DescribeInstances", - "ec2:DescribeInstanceStatus", - "ec2:DescribeTags", - "ec2:ModifyInstanceAttribute", - "ec2:StartInstances", - "ec2:StopInstances", - "ec2:TerminateInstances", - "cloudwatch:GetMetricStatistics", - "cloudwatch:GetMetricData", - "cloudwatch:ListMetrics", - "sts:GetCallerIdentity" + "Microsoft.SqlVirtualMachine/sqlVirtualMachines/read", + "Microsoft.SqlVirtualMachine/sqlVirtualMachines/write", + "Microsoft.Sql/servers/read", + "Microsoft.Sql/servers/write", + "Microsoft.Sql/managedInstances/read", + "Microsoft.Sql/managedInstances/write" ] }, { @@ -1467,18 +1256,15 @@ ] }, { - "id": "./cost/aws/unused_clbs/aws_unused_clbs.pt", - "name": "AWS Unused Classic Load Balancers", + "id": "./cost/azure/idle_compute_instances/azure_idle_compute_instances_meta_parent.pt", + "name": "Azure Idle Compute Instances Meta Parent", "providers": [ { - "name": "aws", + "name": "azure", "permissions": [ - "sts:GetCallerIdentity", - "ec2:DescribeRegions", - "elasticloadbalancing:DescribeLoadBalancers", - "elasticloadbalancing:DescribeInstanceHealth", - "elasticloadbalancing:DescribeTags", - "elasticloadbalancing:DeleteLoadBalancer" + "Microsoft.Compute/virtualMachines/read", + "Microsoft.Compute/virtualMachines/write", + "Microsoft.Insights/metrics/read" ] }, { @@ -1490,15 +1276,14 @@ ] }, { - "id": "./cost/aws/gp3_volume_upgrade/aws_upgrade_to_gp3_volume_meta_parent.pt", - "name": "AWS GP3 Upgradeable Volumes Meta Parent", + "id": "./cost/azure/superseded_instances/azure_superseded_instances_meta_parent.pt", + "name": "Azure Superseded Compute Instances Meta Parent", "providers": [ { - "name": "aws", + "name": "azure", "permissions": [ - "ec2:DescribeVolumes", - "ec2:DescribeRegions", - "pricing:GetProducts" + "Microsoft.Compute/virtualMachines/read", + "Microsoft.Compute/virtualMachines/write" ] }, { @@ -1510,13 +1295,13 @@ ] }, { - "id": "./cost/aws/savings_plan/recommendations/aws_savings_plan_recommendations.pt", - "name": "AWS Savings Plan Recommendations", + "id": "./cost/azure/storage_account_lifecycle_management/storage_account_lifecycle_management_meta_parent.pt", + "name": "Azure Storage Accounts without Lifecycle Management Policies Meta Parent", "providers": [ { - "name": "aws", + "name": "azure", "permissions": [ - "ce:GetSavingsPlansPurchaseRecommendation" + "Microsoft.Storage/storageAccounts/read" ] }, { @@ -1528,20 +1313,17 @@ ] }, { - "id": "./cost/aws/savings_plan/expiration/aws_savings_plan_expiration.pt", - "name": "AWS Expiring Savings Plans", - "providers": [ - - ] - }, - { - "id": "./cost/aws/savings_plan/utilization/aws_savings_plan_utilization.pt", - "name": "AWS Savings Plan Utilization", + "id": "./cost/azure/rightsize_sql_instances/azure_rightsize_sql_instances_meta_parent.pt", + "name": "Azure Rightsize SQL Databases Meta Parent", "providers": [ { - "name": "aws", + "name": "azure", "permissions": [ - "ce:*" + "Microsoft.Sql/servers/databases/read", + "Microsoft.Sql/servers/databases/metrics/read", + "Microsoft.Sql/servers/databases/update", + "Microsoft.Sql/servers/databases/delete", + "Microsoft.Insights/metrics/read" ] }, { @@ -1553,16 +1335,16 @@ ] }, { - "id": "./cost/aws/s3_storage_policy/aws_s3_bucket_policy_check.pt", - "name": "AWS S3 Bucket Intelligent Tiering Check", + "id": "./cost/azure/rightsize_compute_instances/azure_compute_rightsizing.pt", + "name": "Azure Rightsize Compute Instances", "providers": [ { - "name": "aws", + "name": "azure", "permissions": [ - "s3:ListAllMyBuckets", - "s3:GetBucketlocation", - "s3:GetIntelligentTieringConfiguration", - "s3:GetBucketTagging" + "Microsoft.Compute/virtualMachines/read", + "Microsoft.Compute/virtualMachines/write", + "Microsoft.Compute/skus/read", + "Microsoft.Insights/metrics/read" ] }, { @@ -1574,20 +1356,18 @@ ] }, { - "id": "./cost/aws/unused_rds/unused_rds_meta_parent.pt", - "name": "AWS Unused RDS Instances Meta Parent", + "id": "./cost/azure/unused_volumes/azure_unused_volumes_meta_parent.pt", + "name": "Azure Unused Volumes Meta Parent", "providers": [ { - "name": "aws", + "name": "azure", "permissions": [ - "ec2:DescribeRegions", - "cloudwatch:GetMetricData", - "cloudwatch:GetMetricStatistics", - "cloudwatch:ListMetrics", - "rds:DeleteDBInstance", - "rds:DescribeDBInstances", - "rds:ListTagsForResource", - "sts:GetCallerIdentity" + "Microsoft.Compute/disks/read", + "Microsoft.Compute/disks/write", + "Microsoft.Compute/snapshots/write", + "Microsoft.Compute/virtualMachines/read", + "Microsoft.Compute/virtualMachines/write", + "Microsoft.Insights/metrics/read" ] }, { @@ -1599,20 +1379,20 @@ ] }, { - "id": "./cost/aws/instance_cloudwatch_utilization/aws_instance_cloudwatch_utilization.pt", - "name": "AWS Inefficient Instance Utilization using CloudWatch", + "id": "./cost/azure/object_storage_optimization/azure_object_storage_optimization.pt", + "name": "Azure Blob Storage Optimization", "providers": [ ] }, { - "id": "./cost/aws/reserved_instances/recommendations/aws_reserved_instance_recommendations.pt", - "name": "AWS Reserved Instances Recommendations", + "id": "./cost/azure/savings_plan/recommendations/azure_savings_plan_recommendations.pt", + "name": "Azure Savings Plan Recommendations", "providers": [ { - "name": "aws", + "name": "azure", "permissions": [ - "ce:GetReservationPurchaseRecommendation" + "Microsoft.CostManagement/benefitRecommendations/read" ] }, { @@ -1624,30 +1404,54 @@ ] }, { - "id": "./cost/aws/reserved_instances/expiration/expired_ris.pt", - "name": "AWS Expiring Reserved Instances", + "id": "./cost/azure/old_snapshots/azure_delete_old_snapshots.pt", + "name": "Azure Old Snapshots", "providers": [ + { + "name": "azure", + "permissions": [ + "Microsoft.Compute/snapshots/read", + "Microsoft.Compute/snapshots/delete" + ] + }, { "name": "flexera", "permissions": [ - "actor", - "observer", - "credential_viewer" + "billing_center_viewer" ] } ] }, { - "id": "./cost/aws/reserved_instances/coverage/reserved_instance_coverage.pt", - "name": "Reserved Instances Coverage", + "id": "./cost/azure/reserved_instances/expiration/azure_reserved_instance_expiration.pt", + "name": "Azure Expiring Reserved Instances", + "providers": [ + { + "name": "flexera", + "permissions": [ + "ca_user" + ] + } + ] + }, + { + "id": "./cost/azure/reserved_instances/utilization/azure_reserved_instance_utilization.pt", + "name": "Azure Reserved Instances Utilization", "providers": [ ] }, { - "id": "./cost/aws/reserved_instances/utilization/utilization_ris.pt", - "name": "AWS Reserved Instances Utilization", + "id": "./cost/azure/reserved_instances/recommendations/azure_reserved_instance_recommendations.pt", + "name": "Azure Reserved Instances Recommendations", "providers": [ + { + "name": "azure", + "permissions": [ + "Microsoft.Billing/billingAccounts/read", + "Microsoft.Consumption/reservationRecommendations/read" + ] + }, { "name": "flexera", "permissions": [ @@ -1657,40 +1461,63 @@ ] }, { - "id": "./cost/aws/reserved_instances/report_by_bc/ri_report_by_bc.pt", - "name": "Reserved Instance Report by Billing Center", + "id": "./cost/azure/reserved_instances/utilization_mca/azure_reserved_instance_utilization_mca.pt", + "name": "Azure Reserved Instances Utilization MCA", + "providers": [ + + ] + }, + { + "id": "./cost/azure/schedule_instance/azure_schedule_instance.pt", + "name": "Azure Schedule Instance", "providers": [ + { + "name": "azure", + "permissions": [ + "Microsoft.Compute/virtualMachines/read", + "Microsoft.Compute/virtualMachines/write", + "Microsoft.Compute/virtualMachines/delete", + "Microsoft.Compute/virtualMachines/start/action", + "Microsoft.Compute/virtualMachines/deallocate/action" + ] + }, { "name": "flexera", "permissions": [ - "actor", - "observer", - "credential_viewer" + "billing_center_viewer" ] } ] }, { - "id": "./cost/aws/reserved_instances/compute_purchase_recommendation/aws_reserved_instance_recommendations_with_purchase.pt", - "name": "AWS Reserved Instances Recommendations with Purchase", + "id": "./cost/azure/savings_realized/azure_savings_realized.pt", + "name": "Azure Savings Realized from Reservations", + "providers": [ + { + "name": "flexera", + "permissions": [ + "billing_center_viewer" + ] + } + ] + }, + { + "id": "./cost/azure/instances_log_analytics_utilization/azure_instance_log_analytics_utilization.pt", + "name": "Azure Inefficient Instance Utilization using Log Analytics", "providers": [ ] }, { - "id": "./cost/aws/schedule_instance/aws_schedule_instance_meta_parent.pt", - "name": "AWS Schedule Instance Meta Parent", + "id": "./cost/azure/databricks/rightsize_compute/azure_databricks_rightsize_compute.pt", + "name": "Azure Databricks Rightsize Compute Instances", "providers": [ { - "name": "aws", + "name": "azure", "permissions": [ - "ec2:DescribeInstances", - "ec2:StartInstances", - "ec2:StopInstances", - "ec2:TerminateInstances", - "ec2:CreateTags", - "ec2:DeleteTags", - "ec2:DescribeRegions" + "Microsoft.Compute/virtualMachines/read", + "Microsoft.Compute/skus/read", + "Microsoft.Insights/metrics/read" ] }, { @@ -1702,21 +1529,15 @@ ] }, { - "id": "./cost/aws/unused_volumes/aws_delete_unused_volumes_meta_parent.pt", - "name": "AWS Unused Volumes Meta Parent", + "id": "./cost/azure/unused_ip_addresses/azure_unused_ip_addresses_meta_parent.pt", + "name": "Azure Unused IP Addresses Meta Parent", "providers": [ { - "name": "aws", + "name": "azure", "permissions": [ - "ec2:DescribeRegions", - "ec2:DescribeVolumes", - "ec2:DescribeSnapshots", - "cloudwatch:GetMetricStatistics", - "cloudwatch:GetMetricData", - "ec2:CreateTags", - "ec2:CreateSnapshot", - "ec2:DetachVolume", - "ec2:DeleteVolume" + "Microsoft.Network/publicIPAddresses/read", + "Microsoft.Network/publicIPAddresses/delete", + "Microsoft.Insights/eventtypes/values/read" ] }, { @@ -1728,9 +1549,16 @@ ] }, { - "id": "./cost/aws/savings_realized/aws_savings_realized.pt", - "name": "AWS Savings Realized from Reservations", + "id": "./cost/azure/hybrid_use_benefit/azure_hybrid_use_benefit.pt", + "name": "Azure Hybrid Use Benefit for Windows Server", "providers": [ + { + "name": "azure", + "permissions": [ + "Microsoft.Compute/virtualMachines/read", + "Microsoft.Compute/virtualMachines/write" + ] + }, { "name": "flexera", "permissions": [ @@ -1740,21 +1568,16 @@ ] }, { - "id": "./cost/aws/rightsize_rds_instances/aws_rightsize_rds_instances_meta_parent.pt", - "name": "AWS Rightsize RDS Instances Meta Parent", + "id": "./cost/azure/unused_sql_databases/azure_unused_sql_databases.pt", + "name": "Azure Unused SQL Databases", "providers": [ { - "name": "aws", + "name": "azure", "permissions": [ - "sts:GetCallerIdentity", - "cloudwatch:GetMetricStatistics", - "cloudwatch:GetMetricData", - "ec2:DescribeRegions", - "rds:DescribeDBInstances", - "rds:ListTagsForResource", - "rds:DescribeOrderableDBInstanceOptions", - "rds:ModifyDBInstance", - "rds:DeleteDBInstance" + "Microsoft.Sql/servers/databases/read", + "Microsoft.Sql/servers/databases/metrics/read", + "Microsoft.Insights/metrics/read", + "Microsoft.Sql/servers/databases/delete" ] }, { @@ -1766,17 +1589,14 @@ ] }, { - "id": "./cost/aws/unused_ip_addresses/aws_unused_ip_addresses_meta_parent.pt", - "name": "AWS Unused IP Addresses Meta Parent", + "id": "./cost/azure/hybrid_use_benefit_linux/ahub_linux_meta_parent.pt", + "name": "Azure Hybrid Use Benefit for Linux Server Meta Parent", "providers": [ { - "name": "aws", + "name": "azure", "permissions": [ - "ec2:DescribeRegions", - "ec2:DescribeAddresses", - "ec2:ReleaseAddress", - "pricing:GetProducts", - "sts:GetCallerIdentity" + "Microsoft.Compute/virtualMachines/read", + "Microsoft.Compute/virtualMachines/write" ] }, { @@ -1788,27 +1608,66 @@ ] }, { - "id": "./cost/aws/s3_bucket_size/aws_bucket_size.pt", - "name": "AWS Bucket Size Check", + "id": "./cost/azure/azure_china_cbi/azure_china_cbi.pt", + "name": "Azure China Common Bill Ingestion", "providers": [ ] }, { - "id": "./cost/aws/superseded_instances/aws_superseded_instances_meta_parent.pt", - "name": "AWS Superseded EC2 Instances Meta Parent", + "id": "./cost/budget_alerts_by_account/budget_alerts_by_account.pt", + "name": "Budget Alerts by Cloud Account", "providers": [ { - "name": "aws", + "name": "flexera", "permissions": [ - "ec2:DescribeRegions", - "ec2:DescribeInstances", - "ec2:DescribeInstanceStatus", - "ec2:DescribeTags", - "ec2:ModifyInstanceAttribute", - "ec2:StartInstances", - "ec2:StopInstances", - "sts:GetCallerIdentity" + "billing_center_viewer" + ] + } + ] + }, + { + "id": "./cost/superseded_instance/superseded_instance.pt", + "name": "Superseded Instances", + "providers": [ + { + "name": "flexera", + "permissions": [ + "billing_center_viewer" + ] + } + ] + }, + { + "id": "./cost/google/recommender/recommender.pt", + "name": "Google Recommender Policy", + "providers": [ + + ] + }, + { + "id": "./cost/google/rightsize_vm_recommendations/google_rightsize_vm_recommendations.pt", + "name": "Google Rightsize VM Recommender", + "providers": [ + { + "name": "gcp", + "permissions": [ + "recommender.computeInstanceMachineTypeRecommendations.list", + "recommender.computeInstanceIdleResourceRecommendations.list", + "resourcemanager.projects.get", + "monitoring.metricDescriptors.list", + "monitoring.timeSeries.list", + "compute.instances.list", + "compute.instances.get", + "compute.instances.start", + "compute.instances.stop", + "compute.instances.setMachineType", + "compute.instances.delete" + ], + "roles": [ + "Monitoring Viewer", + "Compute Recommender Viewer", + "Compute Recommender Admin" ] }, { @@ -1820,23 +1679,41 @@ ] }, { - "id": "./cost/aws/burstable_instance_cloudwatch_credit_utilization/aws_burstable_instance_cloudwatch_credit_utilization.pt", - "name": "AWS Burstable Instance CloudWatch Utilization", + "id": "./cost/google/unutilized_ip_addresses/google_unutilized_ip_addresses.pt", + "name": "Google Unutilized IP Addresses", "providers": [ ] }, { - "id": "./cost/aws/rightsize_ebs_volumes/aws_volumes_rightsizing_meta_parent.pt", - "name": "AWS Rightsize EBS Volumes Meta Parent", + "id": "./cost/google/idle_compute_instances/google_idle_compute_instances.pt", + "name": "Google Idle Compute Instances", + "providers": [ + + ] + }, + { + "id": "./cost/google/instances_stackdriver_utilization/google_instances_stackdriver_utilization.pt", + "name": "Google Inefficient Instance Utilization using StackDriver", + "providers": [ + + ] + }, + { + "id": "./cost/google/idle_ip_address_recommendations/google_idle_ip_address_recommendations.pt", + "name": "Google Idle IP Address Recommender", "providers": [ { - "name": "aws", + "name": "gcp", "permissions": [ - "ec2:DescribeRegions", - "ec2:DescribeVolumes", - "ec2:ModifyVolume", - "pricing:GetProducts" + "recommender.computeAddressIdleResourceRecommendations.list", + "resourcemanager.projects.get", + "compute.addresses.list", + "compute.addresses.delete" + ], + "roles": [ + "Compute Recommender Viewer", + "Compute Recommender Admin" ] }, { @@ -1848,25 +1725,19 @@ ] }, { - "id": "./cost/aws/old_snapshots/aws_delete_old_snapshots.pt", - "name": "AWS Old Snapshots", + "id": "./cost/google/cud_recommendations/google_committed_use_discount_recommendations_meta_parent.pt", + "name": "Google Committed Use Discount Recommender Meta Parent", "providers": [ { - "name": "aws", + "name": "gcp", "permissions": [ - "ec2:DescribeRegions", - "ec2:DescribeImages", - "ec2:DescribeSnapshots", - "ec2:DeregisterImage", - "ec2:DeleteSnapshot", - "rds:DescribeDBInstances", - "rds:DescribeDBSnapshots", - "rds:DescribeDBClusters", - "rds:DescribeDBClusterSnapshots", - "rds:DeleteDBClusterSnapshot", - "rds:DeleteDBSnapshot", - "sts:GetCallerIdentity", - "cloudtrail:LookupEvents" + "resourcemanager.projects.get", + "recommender.usageCommitmentRecommendations.list", + "billing.resourceCosts.get", + "billing.accounts.getSpendingInformation" + ], + "roles": [ + "Project Usage Commitment Recommender Viewer" ] }, { @@ -1878,19 +1749,56 @@ ] }, { - "id": "./cost/aws/object_storage_optimization/aws_object_storage_optimization_meta_parent.pt", - "name": "AWS Object Storage Optimization Meta Parent", + "id": "./cost/google/cud_expiration/google_cud_expiration_report.pt", + "name": "Google Expiring Committed Use Discount (CUD)", + "providers": [ + + ] + }, + { + "id": "./cost/google/unattached_volumes/google_delete_unattached_volumes.pt", + "name": "Google Unused Volumes", + "providers": [ + + ] + }, + { + "id": "./cost/google/cloudsql_rightsizing/google_cloudsql_rightsizing.pt", + "name": "Google Rightsize CloudSQL Instances", + "providers": [ + + ] + }, + { + "id": "./cost/google/object_storage_optimization/google_object_storage_optimization.pt", + "name": "Google Object Storage Optimization", + "providers": [ + + ] + }, + { + "id": "./cost/google/idle_vm_recommendations/google_vm_recommendations.pt", + "name": "Google Idle VM Recommender", + "providers": [ + + ] + }, + { + "id": "./cost/google/cloud_sql_idle_instance_recommendations/google_sql_idle_instance_recommendations.pt", + "name": "Google Idle Cloud SQL Instance Recommender", "providers": [ { - "name": "aws", + "name": "gcp", "permissions": [ - "s3:ListAllMyBuckets", - "s3:GetBucketLocation", - "s3:ListBucket", - "s3:GetObject", - "s3:GetObjectTagging", - "s3:PutObject", - "s3:DeleteObject" + "recommender.cloudsqlIdleInstanceRecommendations.list", + "resourcemanager.projects.get", + "cloudsql.instances.list", + "cloudsql.instances.update", + "cloudsql.instances.delete" + ], + "roles": [ + "Cloud SQL Recommender Viewer", + "Cloud SQL Recommender Admin" ] }, { @@ -1902,15 +1810,51 @@ ] }, { - "id": "./cost/aws/rds_instance_license_info/rds_instance_license_info.pt", - "name": "AWS RDS Instances", + "id": "./cost/google/old_snapshots/google_delete_old_snapshots_meta_parent.pt", + "name": "Google Old Snapshots Meta Parent", "providers": [ { - "name": "aws", + "name": "gcp", "permissions": [ - "ec2:DescribeRegions", - "rds:DescribeDBInstances", - "sts:GetCallerIdentity" + "resourcemanager.projects.get", + "compute.snapshots.get", + "compute.snapshots.list", + "compute.snapshots.delete" + ] + }, + { + "name": "flexera", + "permissions": [ + "billing_center_viewer" + ] + } + ] + }, + { + "id": "./cost/google/schedule_instance/google_schedule_instance.pt", + "name": "Google Schedule Instance", + "providers": [ + + ] + }, + { + "id": "./cost/google/idle_persistent_disk_recommendations/google_idle_persistent_disk_recommendations.pt", + "name": "Google Idle Persistent Disk Recommender", + "providers": [ + { + "name": "gcp", + "permissions": [ + "recommender.computeDiskIdleResourceRecommendations.list", + "resourcemanager.projects.get", + "compute.disks.list", + "compute.disks.createSnapshot", + "compute.disks.delete", + "compute.globalOperations.get" + ], + "roles": [ + "Monitoring Viewer", + "Compute Recommender Viewer", + "Compute Recommender Admin" ] }, { @@ -1922,31 +1866,71 @@ ] }, { - "id": "./cost/aws/idle_compute_instances/idle_compute_instances.pt", - "name": "AWS Idle Compute Instances", + "id": "./cost/google/cud_report/google_committed_usediscount_report.pt", + "name": "Google Committed Use Discount (CUD)", + "providers": [ + + ] + }, + { + "id": "./cost/google/unused_cloudsql_instances/google_unused_cloudsql_instances.pt", + "name": "Google Unused CloudSQL Instances", + "providers": [ + + ] + }, + { + "id": "./cost/email_recommendations/email_recommendations.pt", + "name": "Email Cost Optimization Recommendations", + "providers": [ + { + "name": "flexera", + "permissions": [ + "billing_center_viewer" + ] + } + ] + }, + { + "id": "./cost/superseded_instance_remediation/superseded_instance_remediation.pt", + "name": "Superseded Instance Remediation", + "providers": [ + + ] + }, + { + "id": "./cost/low_account_usage/low_account_usage.pt", + "name": "Low Account Usage", + "providers": [ + { + "name": "flexera", + "permissions": [ + "billing_center_viewer", + "policy_designer", + "policy_manager", + "policy_publisher" + ] + } + ] + }, + { + "id": "./cost/low_service_usage/low_service_usage.pt", + "name": "Low Service Usage", "providers": [ - { - "name": "aws", - "permissions": [ - "ec2:DescribeRegions", - "ec2:DescribeInstances", - "ec2:DescribeTags", - "cloudwatch:GetMetricStatistics", - "cloudwatch:GetMetricData", - "cloudwatch:ListMetrics" - ] - }, { "name": "flexera", "permissions": [ - "billing_center_viewer" + "billing_center_viewer", + "policy_designer", + "policy_manager", + "policy_publisher" ] } ] }, { - "id": "./cost/budget_v_actual/monthly_budget_v_actual.pt", - "name": "Monthly Actual v. Budgeted Spend Report", + "id": "./cost/scheduled_reports/scheduled_report.pt", + "name": "Scheduled Report", "providers": [ { "name": "flexera", @@ -1957,103 +1941,91 @@ ] }, { - "id": "./cost/budget_report_alerts/budget_report_alerts.pt", - "name": "Budget Alerts", + "id": "./cost/kubecost/cluster/kubecost_cluster_rightsizing_recommendations.pt", + "name": "Kubecost Cluster Rightsizing Recommendations", "providers": [ ] }, { - "id": "./cost/scheduled_reports_with_estimates/costs_forecasting.pt", - "name": "Scheduled Report With Estimates", + "id": "./cost/kubecost/sizing/kubecost_resizing_recommendation.pt", + "name": "Kubecost Request Rightsizing Recommendations", "providers": [ ] }, { - "id": "./cost/budget_alerts/budget_alert.pt", - "name": "Budget Alerts (Legacy)", + "id": "./cost/currency_conversion/currency_conversion.pt", + "name": "Currency Conversion", "providers": [ { "name": "flexera", "permissions": [ - "billing_center_viewer" + "enterprise_manager" ] } ] }, { - "id": "./cost/cheaper_regions/cheaper_regions.pt", - "name": "Cheaper Regions", + "id": "./cost/rightlink_rightsize/rightlink-rightsize-add-tags.pt", + "name": "Inefficient Instance Utilization using RightLink Add Tags", "providers": [ - { - "name": "flexera", - "permissions": [ - "billing_center_viewer", - "policy_designer", - "policy_manager", - "policy_publisher" - ] - } + ] }, { - "id": "./cost/schedule_instances/schedule_instances.pt", - "name": "Schedule Instances", + "id": "./cost/budget_report_alerts/budget_report_alerts.pt", + "name": "Budget Alerts", "providers": [ ] }, { - "id": "./cost/email_recommendations/email_recommendations.pt", - "name": "Email Cost Optimization Recommendations", + "id": "./cost/cheaper_regions/cheaper_regions.pt", + "name": "Cheaper Regions", "providers": [ { "name": "flexera", "permissions": [ - "billing_center_viewer" + "billing_center_viewer", + "policy_designer", + "policy_manager", + "policy_publisher" ] } ] }, { - "id": "./cost/rightlink_rightsize/rightlink_rightsize.pt", - "name": "Inefficient Instance Utilization using RightLink", - "providers": [ - - ] - }, - { - "id": "./operational/bill_processing_errors_notification/bill_processing_errors_notification.pt", - "name": "Bill Processing Error Notification", + "id": "./cost/volumes/unattached_volumes/uav_policy.pt", + "name": "Unattached Volumes", "providers": [ ] }, { - "id": "./operational/dbaas/aws/rds_backup/aws_rds_backup.pt", - "name": "AWS RDS Backup Settings", + "id": "./cost/volumes/old_snapshots/old_snapshot.pt", + "name": "Discover Old Snapshots", "providers": [ ] }, { - "id": "./operational/applied_policy_error_notification/applied_policy_error_notification.pt", - "name": "Applied Policy Error Notification", + "id": "./cost/unattached_addresses/unattached_addresses.pt", + "name": "Unattached IP Addresses", "providers": [ ] }, { - "id": "./operational/vmware/instance_tag_sync/instance_tag_sync.pt", - "name": "VMWare Instance Tag Sync", + "id": "./cost/oracle/oracle_cbi/oracle_cbi.pt", + "name": "Oracle Cloud Common Bill Ingestion", "providers": [ ] }, { - "id": "./operational/cloud_credentials/aws/aws_connection_key_rotation_policy.pt", - "name": "AWS Cloud Credentials Rotation", + "id": "./operational/snapshots/no_recent_snapshots.pt", + "name": "No Recent Snapshots", "providers": [ ] @@ -2071,48 +2043,41 @@ ] }, { - "id": "./operational/azure/azure_long_running_instances/azure_long_running_instances_meta_parent.pt", - "name": "Azure Long Running Instances Meta Parent", + "id": "./operational/itam/schedule_itam_report/schedule-itam-report.pt", + "name": "Schedule ITAM Report", "providers": [ - { - "name": "azure", - "permissions": [ - "Microsoft.Compute/virtualMachines/read", - "Microsoft.Compute/virtualMachines/write" - ] - }, { "name": "flexera", "permissions": [ - "billing_center_viewer" + "fnms_user" ] } ] }, { - "id": "./operational/azure/azure_migrate/risc-azure-migrate.pt", - "name": "Azure Migrate Integration", + "id": "./operational/compute_instance_migration/risc-compute-instance-migration-recos.pt", + "name": "Application Migration Recommendations", "providers": [ ] }, { - "id": "./operational/azure/azuread_group_sync/azuread_group_sync.pt", - "name": "AzureAD Group Sync", + "id": "./operational/vmware/instance_tag_sync/instance_tag_sync.pt", + "name": "VMWare Instance Tag Sync", "providers": [ ] }, { - "id": "./operational/azure/aks_nodepools_without_zero_autoscaling/aks_nodepools_without_zero_autoscaling.pt", - "name": "AKS Node Pools Without Zero Autoscaling", + "id": "./operational/aws/vpc_name_sync/aws_vpc_name_sync.pt", + "name": "AWS VPC Name Tag Sync", "providers": [ ] }, { - "id": "./operational/azure/marketplace_new_products/azure_marketplace_new_products.pt", - "name": "Azure New Marketplace Products", + "id": "./operational/aws/total_instance_vcpus_forecast/aws_total_instance_vcpus_forecast.pt", + "name": "AWS Usage Forecast - Number of Instance vCPUs Used", "providers": [ { "name": "flexera", @@ -2123,45 +2088,48 @@ ] }, { - "id": "./operational/azure/azure_sql_using_elastic_pool/azure_sql_instances_without_elastic_pools.pt", - "name": "Azure SQL Databases without Elastic Pools", + "id": "./operational/aws/total_instance_vcpus/number_of_vcpus_per_instance_family.pt", + "name": "AWS Usage Report - Number of Instance vCPUs Used", "providers": [ - + { + "name": "flexera", + "permissions": [ + "billing_center_viewer" + ] + } ] }, { - "id": "./operational/azure/network_flow/risc-netflow.pt", - "name": "NetFlow Top Talkers", + "id": "./operational/aws/subnet_name_sync/aws_subnet_name_sync.pt", + "name": "AWS Subnet Name Tag Sync", "providers": [ ] }, { - "id": "./operational/azure/sync_tags_with_optima/sync_azure_tags.pt", - "name": "Azure Sync Tags with Optima", + "id": "./operational/aws/total_instance_hours/number_of_hours_per_instance_family.pt", + "name": "AWS Usage Report - Number of Instance Hours Used", "providers": [ - { - "name": "azure", - "permissions": [ - "Reader" - ] - }, { "name": "flexera", "permissions": [ - "enterprise_manager" + "billing_center_viewer" ] } ] }, { - "id": "./operational/azure/vms_without_managed_disks/azure_vms_without_managed_disks_meta_parent.pt", - "name": "Azure VMs Not Using Managed Disks Meta Parent", + "id": "./operational/aws/lambda_functions_with_high_error_rate/lambda_functions_with_high_error_rate.pt", + "name": "AWS Lambda Functions with high error rate", "providers": [ { - "name": "azure", + "name": "aws", "permissions": [ - "Microsoft.Compute/virtualMachines/read" + "ec2:DescribeRegions", + "lambda:ListFunctions", + "lambda:ListTags", + "cloudwatch:GetMetricStatistics", + "cloudwatch:ListMetrics" ] }, { @@ -2173,21 +2141,44 @@ ] }, { - "id": "./operational/azure/aks_nodepools_without_autoscaling/aks_nodepools_without_autoscaling.pt", - "name": "AKS Node Pools Without Autoscaling", + "id": "./operational/aws/marketplace_new_products/aws_marketplace_new_products.pt", + "name": "AWS New Marketplace Products", + "providers": [ + { + "name": "flexera", + "permissions": [ + "billing_center_viewer" + ] + } + ] + }, + { + "id": "./operational/aws/tag_cardinality/aws_tag_cardinality_meta_parent.pt", + "name": "AWS Tag Cardinality Report Meta Parent", + "providers": [ + + ] + }, + { + "id": "./operational/aws/instance_scheduled_events/aws_instance_scheduled_events.pt", + "name": "AWS Instance Scheduled Events", "providers": [ ] }, { - "id": "./operational/azure/azure_certificates/azure_certificates_meta_parent.pt", - "name": "Expiring Azure Certificates Meta Parent", + "id": "./operational/aws/long_running_instances/long_running_instances_meta_parent.pt", + "name": "AWS Long Running Instances Meta Parent", "providers": [ { - "name": "azure", + "name": "aws", "permissions": [ - "Microsoft.Subscription/aliases/read", - "Microsoft.Web/certificates/Read" + "ec2:DescribeRegions", + "ec2:DescribeInstances", + "ec2:DescribeInstanceStatus", + "ec2:StopInstances", + "ec2:TerminateInstances", + "sts:GetCallerIdentity" ] }, { @@ -2199,19 +2190,9 @@ ] }, { - "id": "./operational/azure/tag_cardinality/azure_tag_cardinality_meta_parent.pt", - "name": "Azure Tag Cardinality Report Meta Parent", + "id": "./operational/aws/total_instance_hours_forecast/aws_total_instance_hrs_forecast.pt", + "name": "AWS Usage Forecast - Number of Instance Hours Used", "providers": [ - { - "name": "azure", - "permissions": [ - "Microsoft.Resources/subscriptions/resources/read", - "Microsoft.Resources/subscriptions/providers/read", - "Microsoft.Resources/subscriptions/read", - "Microsoft.Resources/resourceGroups/read", - "Microsoft.Resources/tags/read" - ] - }, { "name": "flexera", "permissions": [ @@ -2221,30 +2202,55 @@ ] }, { - "id": "./operational/stranded_servers/stranded_servers.pt", - "name": "Stranded Servers", + "id": "./operational/applied_policy_error_notification/applied_policy_error_notification.pt", + "name": "Applied Policy Error Notification", "providers": [ ] }, { - "id": "./operational/snapshots/no_recent_snapshots.pt", - "name": "No Recent Snapshots", + "id": "./operational/azure/azure_migrate/risc-azure-migrate.pt", + "name": "Azure Migrate Integration", "providers": [ ] }, { - "id": "./operational/aws/vpc_name_sync/aws_vpc_name_sync.pt", - "name": "AWS VPC Name Tag Sync", + "id": "./operational/azure/vms_without_managed_disks/azure_vms_without_managed_disks.pt", + "name": "Azure VMs Not Using Managed Disks", + "providers": [ + { + "name": "azure", + "permissions": [ + "Microsoft.Compute/virtualMachines/read" + ] + }, + { + "name": "flexera", + "permissions": [ + "billing_center_viewer" + ] + } + ] + }, + { + "id": "./operational/azure/azuread_group_sync/azuread_group_sync.pt", + "name": "AzureAD Group Sync", "providers": [ ] }, { - "id": "./operational/aws/marketplace_new_products/aws_marketplace_new_products.pt", - "name": "AWS New Marketplace Products", + "id": "./operational/azure/azure_long_running_instances/azure_long_running_instances.pt", + "name": "Azure Long Running Instances", "providers": [ + { + "name": "azure", + "permissions": [ + "Microsoft.Compute/virtualMachines/read", + "Microsoft.Compute/virtualMachines/write" + ] + }, { "name": "flexera", "permissions": [ @@ -2254,9 +2260,16 @@ ] }, { - "id": "./operational/aws/total_instance_hours/number_of_hours_per_instance_family.pt", - "name": "AWS Usage Report - Number of Instance Hours Used", + "id": "./operational/azure/azure_certificates/azure_certificates.pt", + "name": "Expiring Azure Certificates", "providers": [ + { + "name": "azure", + "permissions": [ + "Microsoft.Subscription/aliases/read", + "Microsoft.Web/certificates/Read" + ] + }, { "name": "flexera", "permissions": [ @@ -2266,43 +2279,40 @@ ] }, { - "id": "./operational/aws/long_running_instances/long_running_instances.pt", - "name": "AWS Long Running Instances", + "id": "./operational/azure/sync_tags_with_optima/sync_azure_tags.pt", + "name": "Azure Sync Tags with Optima", "providers": [ { - "name": "aws", + "name": "azure", "permissions": [ - "ec2:DescribeRegions", - "ec2:DescribeInstances", - "ec2:DescribeInstanceStatus", - "ec2:StopInstances", - "ec2:TerminateInstances", - "sts:GetCallerIdentity" + "Reader" ] }, { "name": "flexera", "permissions": [ - "billing_center_viewer" + "enterprise_manager" ] } ] }, { - "id": "./operational/aws/total_instance_vcpus_forecast/aws_total_instance_vcpus_forecast.pt", - "name": "AWS Usage Forecast - Number of Instance vCPUs Used", + "id": "./operational/azure/aks_nodepools_without_autoscaling/aks_nodepools_without_autoscaling.pt", + "name": "AKS Node Pools Without Autoscaling", + "providers": [ + + ] + }, + { + "id": "./operational/azure/azure_sql_using_elastic_pool/azure_sql_instances_without_elastic_pools.pt", + "name": "Azure SQL Databases without Elastic Pools", "providers": [ - { - "name": "flexera", - "permissions": [ - "billing_center_viewer" - ] - } + ] }, { - "id": "./operational/aws/total_instance_hours_forecast/aws_total_instance_hrs_forecast.pt", - "name": "AWS Usage Forecast - Number of Instance Hours Used", + "id": "./operational/azure/marketplace_new_products/azure_marketplace_new_products.pt", + "name": "Azure New Marketplace Products", "providers": [ { "name": "flexera", @@ -2313,24 +2323,24 @@ ] }, { - "id": "./operational/aws/instance_scheduled_events/aws_instance_scheduled_events.pt", - "name": "AWS Instance Scheduled Events", + "id": "./operational/azure/aks_nodepools_without_zero_autoscaling/aks_nodepools_without_zero_autoscaling.pt", + "name": "AKS Node Pools Without Zero Autoscaling", "providers": [ ] }, { - "id": "./operational/aws/lambda_functions_with_high_error_rate/lambda_functions_with_high_error_rate_meta_parent.pt", - "name": "AWS Lambda Functions with high error rate Meta Parent", + "id": "./operational/azure/tag_cardinality/azure_tag_cardinality.pt", + "name": "Azure Tag Cardinality Report", "providers": [ { - "name": "aws", + "name": "azure", "permissions": [ - "ec2:DescribeRegions", - "lambda:ListFunctions", - "lambda:ListTags", - "cloudwatch:GetMetricStatistics", - "cloudwatch:ListMetrics" + "Microsoft.Resources/subscriptions/resources/read", + "Microsoft.Resources/subscriptions/providers/read", + "Microsoft.Resources/subscriptions/read", + "Microsoft.Resources/resourceGroups/read", + "Microsoft.Resources/tags/read" ] }, { @@ -2342,53 +2352,36 @@ ] }, { - "id": "./operational/aws/total_instance_vcpus/number_of_vcpus_per_instance_family.pt", - "name": "AWS Usage Report - Number of Instance vCPUs Used", - "providers": [ - { - "name": "flexera", - "permissions": [ - "billing_center_viewer" - ] - } - ] - }, - { - "id": "./operational/aws/subnet_name_sync/aws_subnet_name_sync.pt", - "name": "AWS Subnet Name Tag Sync", + "id": "./operational/azure/network_flow/risc-netflow.pt", + "name": "NetFlow Top Talkers", "providers": [ ] }, { - "id": "./operational/aws/tag_cardinality/aws_tag_cardinality.pt", - "name": "AWS Tag Cardinality Report", + "id": "./operational/bill_processing_errors_notification/bill_processing_errors_notification.pt", + "name": "Bill Processing Error Notification", "providers": [ ] }, { - "id": "./operational/compute_instance_migration/risc-compute-instance-migration-recos.pt", - "name": "Application Migration Recommendations", + "id": "./operational/cloud_credentials/aws/aws_connection_key_rotation_policy.pt", + "name": "AWS Cloud Credentials Rotation", "providers": [ ] }, { - "id": "./operational/itam/schedule_itam_report/schedule-itam-report.pt", - "name": "Schedule ITAM Report", + "id": "./operational/dbaas/aws/rds_backup/aws_rds_backup.pt", + "name": "AWS RDS Backup Settings", "providers": [ - { - "name": "flexera", - "permissions": [ - "fnms_user" - ] - } + ] }, { - "id": "./saas/fsm/users_by_category/users_by_category.pt", - "name": "SaaS Manager - SaaS App User Report by Category", + "id": "./operational/stranded_servers/stranded_servers.pt", + "name": "Stranded Servers", "providers": [ ] @@ -2406,8 +2399,8 @@ ] }, { - "id": "./saas/fsm/unsanctioned_spend/fsm-unsanctioned_spend.pt", - "name": "SaaS Manager - Unsanctioned Spend", + "id": "./saas/fsm/unsanctioned_apps_with_contract/fsm-unsanctioned_with_contract.pt", + "name": "SaaS Manager - Unsanctioned Applications with Existing Contract", "providers": [ ] @@ -2420,57 +2413,57 @@ ] }, { - "id": "./saas/fsm/unsanctioned_apps_with_contract/fsm-unsanctioned_with_contract.pt", - "name": "SaaS Manager - Unsanctioned Applications with Existing Contract", + "id": "./saas/fsm/deactivated_users_for_integrated_apps/deactivated_users_for_integrated_apps.pt", + "name": "SaaS Manager - Deactivated Users for Integrated Applications", "providers": [ ] }, { - "id": "./saas/fsm/suspicious_users/fsm-suspicious_users.pt", - "name": "SaaS Manager - Suspicious Users", + "id": "./saas/fsm/duplicate_users/duplicate_users.pt", + "name": "SaaS Manager - Duplicate User Accounts", "providers": [ ] }, { - "id": "./saas/fsm/duplicate_users/duplicate_users.pt", - "name": "SaaS Manager - Duplicate User Accounts", + "id": "./saas/fsm/redundant_apps/fsm-redundant_apps.pt", + "name": "SaaS Manager - Redundant Apps", "providers": [ ] }, { - "id": "./saas/fsm/deactivated_users_for_integrated_apps/deactivated_users_for_integrated_apps.pt", - "name": "SaaS Manager - Deactivated Users for Integrated Applications", + "id": "./saas/fsm/users_by_category/users_by_category.pt", + "name": "SaaS Manager - SaaS App User Report by Category", "providers": [ ] }, { - "id": "./saas/fsm/redundant_apps/fsm-redundant_apps.pt", - "name": "SaaS Manager - Redundant Apps", + "id": "./saas/fsm/user_status_change/fsm-user_status_change.pt", + "name": "SaaS Manager - User Status Change", "providers": [ ] }, { - "id": "./saas/fsm/user_status_change/fsm-user_status_change.pt", - "name": "SaaS Manager - User Status Change", + "id": "./saas/fsm/unsanctioned_spend/fsm-unsanctioned_spend.pt", + "name": "SaaS Manager - Unsanctioned Spend", "providers": [ ] }, { - "id": "./saas/servicenow/inactive_approvers/servicenow_inactive_approvers.pt", - "name": "ServiceNow Inactive Approvers", + "id": "./saas/fsm/suspicious_users/fsm-suspicious_users.pt", + "name": "SaaS Manager - Suspicious Users", "providers": [ ] }, { - "id": "./saas/okta/inactive_users/okta-inactive-users.pt", - "name": "Okta Inactive Users", + "id": "./saas/servicenow/inactive_approvers/servicenow_inactive_approvers.pt", + "name": "ServiceNow Inactive Approvers", "providers": [ ] @@ -2483,267 +2476,289 @@ ] }, { - "id": "./security/security_groups/icmp_enabled/icmp_enabled.pt", - "name": "Security Groups with ICMP Enabled", + "id": "./saas/okta/inactive_users/okta-inactive-users.pt", + "name": "Okta Inactive Users", "providers": [ ] }, { - "id": "./security/security_groups/rules_without_descriptions/security_group_rules_without_descriptions.pt", - "name": "Security Group Rules without Descriptions", + "id": "./security/aws/iam_min_password_length/iam_min_password_length.pt", + "name": "AWS IAM Report Insufficient Password Policy", "providers": [ ] }, { - "id": "./security/security_groups/world_open_ports/security_group_rules_with_world_open_ports.pt", - "name": "Security Group Rules with ports open to the world", + "id": "./security/aws/log_cloudtrail_cloudwatch_integrated/log_cloudtrail_cloudwatch_integrated.pt", + "name": "AWS Ensure CloudTrail Integrated With Cloudwatch", "providers": [ ] }, { - "id": "./security/security_groups/high_open_ports/open_ports.pt", - "name": "Security Group with High Open Ports", + "id": "./security/aws/aws_config_enabled/aws_config_enabled.pt", + "name": "AWS Ensure AWS Config Enabled In All Regions", "providers": [ ] }, { - "id": "./security/storage/google/public_buckets/google_public_buckets.pt", - "name": "Google Open Buckets", + "id": "./security/aws/iam_access_analyzer_enabled/iam_access_analyzer_enabled.pt", + "name": "AWS IAM Report Regions Without Access Analyzer", "providers": [ ] }, { - "id": "./security/storage/azure/storage_account_https_enabled/azure_storage_account_https_enabled.pt", - "name": "Azure Storage Accounts Without HTTPs Enforced", + "id": "./security/aws/s3_ensure_mfa_delete_enabled/s3_ensure_mfa_delete_enabled.pt", + "name": "AWS S3 Ensure MFA Delete Enabled For All Buckets", "providers": [ ] }, { - "id": "./security/storage/aws/public_buckets/aws_public_buckets_meta_parent.pt", - "name": "AWS Open S3 Buckets Meta Parent", + "id": "./security/aws/iam_mfa_enabled_for_root/iam_mfa_enabled.pt", + "name": "AWS IAM Report Root Accounts Without MFA", "providers": [ - { - "name": "aws", - "permissions": [ - "s3:ListAllMyBuckets", - "s3:GetBucketLocation", - "s3:GetBucketAcl", - "sts:GetCallerIdentity" - ] - }, - { - "name": "flexera", - "permissions": [ - "billing_center_viewer" - ] - } + ] }, { - "id": "./security/storage/aws/s3_buckets_without_server_access_logging/aws_s3_buckets_without_server_access_logging.pt", - "name": "AWS S3 Buckets without Server Access Logging", + "id": "./security/aws/log_ensure_cloudtrail_encrypted/log_ensure_cloudtrail_encrypted.pt", + "name": "AWS Ensure CloudTrail Logs Encrypted At Rest", "providers": [ ] }, { - "id": "./security/azure/sql_auditing_retention/sql_auditing_retention.pt", - "name": "Azure Ensure SQL Server Minimum Auditing Retention Of 90 Days", + "id": "./security/aws/loadbalancer_internet_facing/aws_internet-facing_elbs.pt", + "name": "AWS Internet-facing ELBs & ALBs", "providers": [ ] }, { - "id": "./security/azure/pg_infra_encryption/pg_infra_encryption.pt", - "name": "Azure Ensure PostgreSQL Servers Infrastructure Encryption", + "id": "./security/aws/rds_unencrypted/aws_unencrypted_rds_instances.pt", + "name": "AWS Unencrypted RDS Instances", "providers": [ ] }, { - "id": "./security/azure/storage_trusted_services/storage_trusted_services.pt", - "name": "Azure Ensure Trusted Microsoft Services Enabled", + "id": "./security/aws/iam_prevent_password_reuse/iam_prevent_password_reuse.pt", + "name": "AWS IAM Report Password Policy No Restrict Password Reuse", "providers": [ ] }, { - "id": "./security/azure/private_blob_containers/private_blob_containers.pt", - "name": "Azure Ensure Blob Containers Set To Private", + "id": "./security/aws/iam_disable_45_day_creds/iam_disable_45_day_creds.pt", + "name": "AWS IAM Ensure Credentials Unused For >45 days Are Disabled", "providers": [ ] }, { - "id": "./security/azure/webapp_tls_version_support/azure_webapp_min_tls_version.pt", - "name": "Azure Web App Minimum TLS Version", + "id": "./security/aws/log_ensure_cloudtrail_bucket_object_logging/log_ensure_cloudtrail_bucket_object_logging.pt", + "name": "AWS Ensure Object-level Events Logging Enabled For CloudTrails", "providers": [ ] }, { - "id": "./security/azure/storage_tls_version/storage_tls_version.pt", - "name": "Azure Ensure Storage Accounts Require Secure TLS Version", + "id": "./security/aws/kms_rotation/kms_rotation.pt", + "name": "AWS Ensure Rotation For Customer Master Keys (CMKs) Is Enabled", "providers": [ ] }, { - "id": "./security/azure/security_alert_owners/security_alert_owners.pt", - "name": "Azure Ensure Owners Receive Security Alerts", + "id": "./security/aws/iam_no_admin_iam_policies_attached/iam_no_admin_iam_policies_attached.pt", + "name": "AWS IAM Report Attached Admin IAM Policies", "providers": [ ] }, { - "id": "./security/azure/sql_server_va_scans/sql_server_va_scans.pt", - "name": "Azure Ensure SQL Server VA Periodic Scans Enabled", + "id": "./security/aws/s3_buckets_deny_http/s3_buckets_deny_http.pt", + "name": "AWS S3 Ensure Bucket Policies Deny HTTP Requests", "providers": [ ] }, { - "id": "./security/azure/high_severity_alerts/high_severity_alerts.pt", - "name": "Azure Ensure High Severity Alerts", + "id": "./security/aws/iam_mfa_enabled_for_iam_users/iam_mfa_enabled_for_iam_users.pt", + "name": "AWS IAM Ensure MFA Enabled For IAM Users", "providers": [ ] }, { - "id": "./security/azure/sql_server_va_emails/sql_server_va_emails.pt", - "name": "Azure Ensure SQL Server VA Email Notifications", + "id": "./security/aws/iam_support_role_created/iam_support_role_created.pt", + "name": "AWS IAM Support Role Created", "providers": [ ] }, { - "id": "./security/azure/mysql_ssl/mysql_ssl.pt", - "name": "Azure Ensure MySQL Servers Enforce SSL Connections", + "id": "./security/aws/unencrypted_s3_buckets/aws_unencrypted_s3_buckets.pt", + "name": "AWS Unencrypted S3 Buckets", "providers": [ ] }, { - "id": "./security/azure/queue_storage_logging/queue_storage_logging.pt", - "name": "Azure Ensure Storage Logging Enabled For Queue Service", + "id": "./security/aws/iam_no_root_access_keys/aws_iam_no_root_access_keys.pt", + "name": "AWS IAM Report Root Account Access Keys", "providers": [ ] }, { - "id": "./security/azure/sql_ad_admin/sql_ad_admin.pt", - "name": "Azure Ensure SQL Server AD Admin Configured", + "id": "./security/aws/vpcs_without_flow_logs_enabled/aws_vpcs_without_flow_logs_enabled.pt", + "name": "AWS VPC's without FlowLogs Enabled", "providers": [ ] }, { - "id": "./security/azure/sql_db_encryption/sql_db_encryption.pt", - "name": "Azure Ensure SQL Database Encryption", + "id": "./security/aws/ebs_unencrypted_volumes/aws_unencrypted_volumes.pt", + "name": "AWS Unencrypted Volumes", "providers": [ - + { + "name": "aws", + "permissions": [ + "ec2:DescribeVolumes", + "ec2:DescribeRegions" + ] + }, + { + "name": "flexera", + "permissions": [ + "billing_center_viewer" + ] + } ] }, { - "id": "./security/azure/log_analytics_autoprovision/log_analytics_autoprovision.pt", - "name": "Azure Ensure Log Analytics Auto-Provisioning", + "id": "./security/aws/rds_publicly_accessible/aws_publicly_accessible_rds_instances.pt", + "name": "AWS Publicly Accessible RDS Instances", "providers": [ - + { + "name": "aws", + "permissions": [ + "ec2:DescribeRegions", + "rds:DescribeDBInstances", + "rds:ListTagsForResource", + "rds:ModifyDBInstance*", + "rds:CreateDBClusterSnapshot*", + "rds:DescribeDBClusterSnapshots", + "rds:DeleteDBInstance*" + ] + }, + { + "name": "flexera", + "permissions": [ + "billing_center_viewer" + ] + } ] }, { - "id": "./security/azure/storage_soft_delete/storage_soft_delete.pt", - "name": "Azure Ensure Soft Delete Enabled For Azure Storage", + "id": "./security/aws/iam_one_active_key_per_user/iam_one_active_key_per_user.pt", + "name": "AWS IAM Ensure One Active Key Per IAM User", "providers": [ ] }, { - "id": "./security/azure/sql_publicly_accessible_managed_instance/check_for_publicly_accessible_azure_sql_managed_instance.pt", - "name": "Azure Publicly Accessible Managed SQL Instance", + "id": "./security/aws/iam_rotate_access_keys/iam_rotate_access_keys.pt", + "name": "AWS IAM Ensure Access Keys Are Rotated", + "providers": [ + + ] + }, + { + "id": "./security/aws/ebs_ensure_encryption_default/ebs_ensure_encryption_default.pt", + "name": "AWS EBS Ensure Encryption By Default", "providers": [ ] }, { - "id": "./security/azure/sql_server_auditing/sql_server_auditing.pt", - "name": "Azure Ensure SQL Server Auditing Enabled", + "id": "./security/aws/log_ensure_cloudtrail_bucket_access_logging/log_ensure_cloudtrail_bucket_access_logging.pt", + "name": "AWS Ensure CloudTrail S3 Buckets Have Access Logging", "providers": [ ] }, { - "id": "./security/azure/guest_users/guest_users.pt", - "name": "Azure Guest Users Audit", + "id": "./security/aws/elb_unencrypted/aws_elb_encryption.pt", + "name": "AWS Unencrypted ELB Listeners (ALB/NLB)", "providers": [ ] }, { - "id": "./security/azure/storage_network_deny/storage_network_deny.pt", - "name": "Azure Ensure Storage Account Default Network Access Set To Deny", + "id": "./security/aws/log_ensure_cloudtrail_bucket_not_public/log_ensure_cloudtrail_bucket_not_public.pt", + "name": "AWS Ensure CloudTrail S3 Buckets Non-Public", "providers": [ ] }, { - "id": "./security/azure/pg_conn_throttling/pg_conn_throttling.pt", - "name": "Azure Ensure PostgreSQL Servers Connection Throttling Enabled", + "id": "./security/aws/clb_unencrypted/aws_clb_encryption.pt", + "name": "AWS Unencrypted ELB Listeners (CLB)", "providers": [ ] }, { - "id": "./security/azure/restrict_ssh_internet/azure_restrict_ssh_inet.pt", - "name": "Azure Network Security Groups With Inbound SSH Open", + "id": "./security/aws/iam_expired_ssl_certs/iam_expired_ssl_certs.pt", + "name": "AWS IAM Report Expired SSL/TLS Certificates", "providers": [ ] }, { - "id": "./security/azure/sql_server_atp/sql_server_atp.pt", - "name": "Azure Ensure SQL Server ATP (Advanced Threat Protection) Enabled", + "id": "./security/aws/log_file_validation_enabled/log_file_validation_enabled.pt", + "name": "AWS Ensure Log File Validation Enabled For All CloudTrails", "providers": [ ] }, { - "id": "./security/azure/table_storage_logging/table_storage_logging.pt", - "name": "Azure Ensure Storage Logging Enabled For Table Service", + "id": "./security/aws/iam_hwmfa_enabled_for_root/aws_iam_hwmfa_enabled.pt", + "name": "AWS IAM Report Root Accounts Without Hardware MFA", "providers": [ ] }, { - "id": "./security/azure/sql_server_va_admins/sql_server_va_admins.pt", - "name": "Azure Ensure SQL Server VA Notify Admins/Subscription Owners", + "id": "./security/aws/log_ensure_cloudtrail_multiregion/log_ensure_cloudtrail_multiregion.pt", + "name": "AWS Ensure CloudTrail Enabled In All Regions", "providers": [ ] }, { - "id": "./security/azure/resources_with_public_ip_address/azure_open_ip_address_policy.pt", - "name": "Azure Resources with public IP address", + "id": "./security/aws/s3_ensure_buckets_block_public_access/s3_ensure_buckets_block_public_access.pt", + "name": "AWS S3 Ensure 'Block Public Access' Configured For All Buckets", "providers": [ ] }, { - "id": "./security/azure/restrict_rdp_internet/azure_restrict_rdp_inet.pt", - "name": "Azure Network Security Groups With Inbound RDP Open", + "id": "./security/aws/iam_no_root_for_tasks/iam_no_root_for_tasks.pt", + "name": "AWS IAM Report Root User Doing Everyday Tasks", "providers": [ ] }, { - "id": "./security/azure/pg_log_retention/pg_log_retention.pt", - "name": "Azure Ensure PostgreSQL Servers Sufficient Log Retention", + "id": "./security/aws/iam_users_perms_via_groups_only/iam_users_perms_via_groups_only.pt", + "name": "AWS Ensure IAM Users Receive Permissions Only Through Groups", "providers": [ ] @@ -2756,317 +2771,302 @@ ] }, { - "id": "./security/azure/secure_transfer_required/secure_transfer_required.pt", - "name": "Azure Ensure Secure Transfer Required", + "id": "./security/azure/sql_ad_admin/sql_ad_admin.pt", + "name": "Azure Ensure SQL Server AD Admin Configured", "providers": [ ] }, { - "id": "./security/azure/blob_storage_logging/blob_storage_logging.pt", - "name": "Azure Ensure Storage Logging Enabled For Blob Service", + "id": "./security/azure/mysql_ssl/mysql_ssl.pt", + "name": "Azure Ensure MySQL Servers Enforce SSL Connections", "providers": [ ] }, { - "id": "./security/azure/mysql_tls_version/mysql_tls_version.pt", - "name": "Azure Ensure MySQL Flexible Servers Use Secure TLS", + "id": "./security/azure/restrict_rdp_internet/azure_restrict_rdp_inet.pt", + "name": "Azure Network Security Groups With Inbound RDP Open", "providers": [ ] }, { - "id": "./security/azure/security_contact_email/security_contact_email.pt", - "name": "Azure Ensure Security Contact Email", + "id": "./security/azure/pg_conn_throttling/pg_conn_throttling.pt", + "name": "Azure Ensure PostgreSQL Servers Connection Throttling Enabled", "providers": [ ] }, { - "id": "./security/azure/pg_log_settings/pg_log_settings.pt", - "name": "Azure Ensure Correct PostgreSQL Servers Log Settings", + "id": "./security/azure/storage_trusted_services/storage_trusted_services.pt", + "name": "Azure Ensure Trusted Microsoft Services Enabled", "providers": [ ] }, { - "id": "./security/aws/log_ensure_cloudtrail_bucket_object_logging/log_ensure_cloudtrail_bucket_object_logging.pt", - "name": "AWS Ensure Object-level Events Logging Enabled For CloudTrails", + "id": "./security/azure/sql_server_va_admins/sql_server_va_admins.pt", + "name": "Azure Ensure SQL Server VA Notify Admins/Subscription Owners", "providers": [ ] }, { - "id": "./security/aws/rds_publicly_accessible/aws_publicly_accessible_rds_instances_meta_parent.pt", - "name": "AWS Publicly Accessible RDS Instances Meta Parent", + "id": "./security/azure/secure_transfer_required/secure_transfer_required.pt", + "name": "Azure Ensure Secure Transfer Required", "providers": [ - { - "name": "aws", - "permissions": [ - "ec2:DescribeRegions", - "rds:DescribeDBInstances", - "rds:ListTagsForResource", - "rds:ModifyDBInstance*", - "rds:CreateDBClusterSnapshot*", - "rds:DescribeDBClusterSnapshots", - "rds:DeleteDBInstance*" - ] - }, - { - "name": "flexera", - "permissions": [ - "billing_center_viewer" - ] - } + ] }, { - "id": "./security/aws/iam_hwmfa_enabled_for_root/aws_iam_hwmfa_enabled.pt", - "name": "AWS IAM Report Root Accounts Without Hardware MFA", + "id": "./security/azure/private_blob_containers/private_blob_containers.pt", + "name": "Azure Ensure Blob Containers Set To Private", "providers": [ ] }, { - "id": "./security/aws/clb_unencrypted/aws_clb_encryption.pt", - "name": "AWS Unencrypted ELB Listeners (CLB)", + "id": "./security/azure/storage_tls_version/storage_tls_version.pt", + "name": "Azure Ensure Storage Accounts Require Secure TLS Version", "providers": [ ] }, { - "id": "./security/aws/iam_disable_45_day_creds/iam_disable_45_day_creds.pt", - "name": "AWS IAM Ensure Credentials Unused For >45 days Are Disabled", + "id": "./security/azure/storage_soft_delete/storage_soft_delete.pt", + "name": "Azure Ensure Soft Delete Enabled For Azure Storage", "providers": [ ] }, { - "id": "./security/aws/iam_no_admin_iam_policies_attached/iam_no_admin_iam_policies_attached.pt", - "name": "AWS IAM Report Attached Admin IAM Policies", + "id": "./security/azure/guest_users/guest_users.pt", + "name": "Azure Guest Users Audit", "providers": [ ] }, { - "id": "./security/aws/ebs_ensure_encryption_default/ebs_ensure_encryption_default.pt", - "name": "AWS EBS Ensure Encryption By Default", + "id": "./security/azure/table_storage_logging/table_storage_logging.pt", + "name": "Azure Ensure Storage Logging Enabled For Table Service", "providers": [ ] }, { - "id": "./security/aws/log_ensure_cloudtrail_bucket_access_logging/log_ensure_cloudtrail_bucket_access_logging.pt", - "name": "AWS Ensure CloudTrail S3 Buckets Have Access Logging", + "id": "./security/azure/sql_db_encryption/sql_db_encryption.pt", + "name": "Azure Ensure SQL Database Encryption", "providers": [ ] }, { - "id": "./security/aws/log_ensure_cloudtrail_multiregion/log_ensure_cloudtrail_multiregion.pt", - "name": "AWS Ensure CloudTrail Enabled In All Regions", + "id": "./security/azure/pg_log_retention/pg_log_retention.pt", + "name": "Azure Ensure PostgreSQL Servers Sufficient Log Retention", "providers": [ ] }, { - "id": "./security/aws/s3_ensure_mfa_delete_enabled/s3_ensure_mfa_delete_enabled.pt", - "name": "AWS S3 Ensure MFA Delete Enabled For All Buckets", + "id": "./security/azure/pg_log_settings/pg_log_settings.pt", + "name": "Azure Ensure Correct PostgreSQL Servers Log Settings", "providers": [ ] }, { - "id": "./security/aws/kms_rotation/kms_rotation.pt", - "name": "AWS Ensure Rotation For Customer Master Keys (CMKs) Is Enabled", + "id": "./security/azure/resources_with_public_ip_address/azure_open_ip_address_policy.pt", + "name": "Azure Resources with public IP address", "providers": [ ] }, { - "id": "./security/aws/iam_access_analyzer_enabled/iam_access_analyzer_enabled.pt", - "name": "AWS IAM Report Regions Without Access Analyzer", + "id": "./security/azure/sql_auditing_retention/sql_auditing_retention.pt", + "name": "Azure Ensure SQL Server Minimum Auditing Retention Of 90 Days", "providers": [ ] }, { - "id": "./security/aws/unencrypted_s3_buckets/aws_unencrypted_s3_buckets.pt", - "name": "AWS Unencrypted S3 Buckets", + "id": "./security/azure/pg_infra_encryption/pg_infra_encryption.pt", + "name": "Azure Ensure PostgreSQL Servers Infrastructure Encryption", "providers": [ ] }, { - "id": "./security/aws/iam_users_perms_via_groups_only/iam_users_perms_via_groups_only.pt", - "name": "AWS Ensure IAM Users Receive Permissions Only Through Groups", + "id": "./security/azure/log_analytics_autoprovision/log_analytics_autoprovision.pt", + "name": "Azure Ensure Log Analytics Auto-Provisioning", "providers": [ ] }, { - "id": "./security/aws/iam_mfa_enabled_for_root/iam_mfa_enabled.pt", - "name": "AWS IAM Report Root Accounts Without MFA", + "id": "./security/azure/high_severity_alerts/high_severity_alerts.pt", + "name": "Azure Ensure High Severity Alerts", "providers": [ ] }, { - "id": "./security/aws/elb_unencrypted/aws_elb_encryption.pt", - "name": "AWS Unencrypted ELB Listeners (ALB/NLB)", + "id": "./security/azure/sql_server_va_emails/sql_server_va_emails.pt", + "name": "Azure Ensure SQL Server VA Email Notifications", "providers": [ ] }, { - "id": "./security/aws/iam_prevent_password_reuse/iam_prevent_password_reuse.pt", - "name": "AWS IAM Report Password Policy No Restrict Password Reuse", + "id": "./security/azure/mysql_tls_version/mysql_tls_version.pt", + "name": "Azure Ensure MySQL Flexible Servers Use Secure TLS", "providers": [ ] }, { - "id": "./security/aws/s3_ensure_buckets_block_public_access/s3_ensure_buckets_block_public_access.pt", - "name": "AWS S3 Ensure 'Block Public Access' Configured For All Buckets", + "id": "./security/azure/sql_publicly_accessible_managed_instance/check_for_publicly_accessible_azure_sql_managed_instance.pt", + "name": "Azure Publicly Accessible Managed SQL Instance", "providers": [ ] }, { - "id": "./security/aws/iam_one_active_key_per_user/iam_one_active_key_per_user.pt", - "name": "AWS IAM Ensure One Active Key Per IAM User", + "id": "./security/azure/webapp_tls_version_support/azure_webapp_min_tls_version.pt", + "name": "Azure Web App Minimum TLS Version", "providers": [ ] }, { - "id": "./security/aws/iam_no_root_access_keys/aws_iam_no_root_access_keys.pt", - "name": "AWS IAM Report Root Account Access Keys", + "id": "./security/azure/blob_storage_logging/blob_storage_logging.pt", + "name": "Azure Ensure Storage Logging Enabled For Blob Service", "providers": [ ] }, { - "id": "./security/aws/iam_rotate_access_keys/iam_rotate_access_keys.pt", - "name": "AWS IAM Ensure Access Keys Are Rotated", + "id": "./security/azure/security_contact_email/security_contact_email.pt", + "name": "Azure Ensure Security Contact Email", "providers": [ ] }, { - "id": "./security/aws/log_ensure_cloudtrail_encrypted/log_ensure_cloudtrail_encrypted.pt", - "name": "AWS Ensure CloudTrail Logs Encrypted At Rest", + "id": "./security/azure/restrict_ssh_internet/azure_restrict_ssh_inet.pt", + "name": "Azure Network Security Groups With Inbound SSH Open", "providers": [ ] }, { - "id": "./security/aws/loadbalancer_internet_facing/aws_internet-facing_elbs.pt", - "name": "AWS Internet-facing ELBs & ALBs", + "id": "./security/azure/storage_network_deny/storage_network_deny.pt", + "name": "Azure Ensure Storage Account Default Network Access Set To Deny", "providers": [ ] }, { - "id": "./security/aws/ebs_unencrypted_volumes/aws_unencrypted_volumes_meta_parent.pt", - "name": "AWS Unencrypted Volumes Meta Parent", + "id": "./security/azure/security_alert_owners/security_alert_owners.pt", + "name": "Azure Ensure Owners Receive Security Alerts", "providers": [ - { - "name": "aws", - "permissions": [ - "ec2:DescribeVolumes", - "ec2:DescribeRegions" - ] - }, - { - "name": "flexera", - "permissions": [ - "billing_center_viewer" - ] - } + ] }, { - "id": "./security/aws/log_cloudtrail_cloudwatch_integrated/log_cloudtrail_cloudwatch_integrated.pt", - "name": "AWS Ensure CloudTrail Integrated With Cloudwatch", + "id": "./security/azure/sql_server_atp/sql_server_atp.pt", + "name": "Azure Ensure SQL Server ATP (Advanced Threat Protection) Enabled", "providers": [ ] }, { - "id": "./security/aws/iam_no_root_for_tasks/iam_no_root_for_tasks.pt", - "name": "AWS IAM Report Root User Doing Everyday Tasks", + "id": "./security/azure/sql_server_va_scans/sql_server_va_scans.pt", + "name": "Azure Ensure SQL Server VA Periodic Scans Enabled", "providers": [ ] }, { - "id": "./security/aws/log_ensure_cloudtrail_bucket_not_public/log_ensure_cloudtrail_bucket_not_public.pt", - "name": "AWS Ensure CloudTrail S3 Buckets Non-Public", + "id": "./security/azure/queue_storage_logging/queue_storage_logging.pt", + "name": "Azure Ensure Storage Logging Enabled For Queue Service", "providers": [ ] }, { - "id": "./security/aws/log_file_validation_enabled/log_file_validation_enabled.pt", - "name": "AWS Ensure Log File Validation Enabled For All CloudTrails", + "id": "./security/azure/sql_server_auditing/sql_server_auditing.pt", + "name": "Azure Ensure SQL Server Auditing Enabled", "providers": [ ] }, { - "id": "./security/aws/rds_unencrypted/aws_unencrypted_rds_instances.pt", - "name": "AWS Unencrypted RDS Instances", + "id": "./security/security_groups/high_open_ports/open_ports.pt", + "name": "Security Group with High Open Ports", "providers": [ ] }, { - "id": "./security/aws/iam_support_role_created/iam_support_role_created.pt", - "name": "AWS IAM Support Role Created", + "id": "./security/security_groups/rules_without_descriptions/security_group_rules_without_descriptions.pt", + "name": "Security Group Rules without Descriptions", "providers": [ ] }, { - "id": "./security/aws/aws_config_enabled/aws_config_enabled.pt", - "name": "AWS Ensure AWS Config Enabled In All Regions", + "id": "./security/security_groups/icmp_enabled/icmp_enabled.pt", + "name": "Security Groups with ICMP Enabled", "providers": [ ] }, { - "id": "./security/aws/vpcs_without_flow_logs_enabled/aws_vpcs_without_flow_logs_enabled.pt", - "name": "AWS VPC's without FlowLogs Enabled", + "id": "./security/security_groups/world_open_ports/security_group_rules_with_world_open_ports.pt", + "name": "Security Group Rules with ports open to the world", "providers": [ ] }, { - "id": "./security/aws/iam_expired_ssl_certs/iam_expired_ssl_certs.pt", - "name": "AWS IAM Report Expired SSL/TLS Certificates", + "id": "./security/storage/aws/public_buckets/aws_public_buckets_meta_parent.pt", + "name": "AWS Open S3 Buckets Meta Parent", "providers": [ - + { + "name": "aws", + "permissions": [ + "s3:ListAllMyBuckets", + "s3:GetBucketLocation", + "s3:GetBucketAcl", + "sts:GetCallerIdentity" + ] + }, + { + "name": "flexera", + "permissions": [ + "billing_center_viewer" + ] + } ] }, { - "id": "./security/aws/iam_mfa_enabled_for_iam_users/iam_mfa_enabled_for_iam_users.pt", - "name": "AWS IAM Ensure MFA Enabled For IAM Users", + "id": "./security/storage/aws/s3_buckets_without_server_access_logging/aws_s3_buckets_without_server_access_logging.pt", + "name": "AWS S3 Buckets without Server Access Logging", "providers": [ ] }, { - "id": "./security/aws/iam_min_password_length/iam_min_password_length.pt", - "name": "AWS IAM Report Insufficient Password Policy", + "id": "./security/storage/azure/storage_account_https_enabled/azure_storage_account_https_enabled.pt", + "name": "Azure Storage Accounts Without HTTPs Enforced", "providers": [ ] }, { - "id": "./security/aws/s3_buckets_deny_http/s3_buckets_deny_http.pt", - "name": "AWS S3 Ensure Bucket Policies Deny HTTP Requests", + "id": "./security/storage/google/public_buckets/google_public_buckets.pt", + "name": "Google Open Buckets", "providers": [ ]