This repository contains a library of open source Flexera CMP Policy Templates to provide governance via automation across Cost, Security, Operational, and Compliance categories. All contributions are shared under the MIT license.
Please contact [email protected] to learn more.
- Billing Center Cost Anomaly
- Budget Alerts
- Budget Alerts by Cloud Account
- Cheaper Regions
- Downsize Instances
- Inefficient Instance Utilization using RightLink
- Old Snapshots
- Running Instance Count Anomaly
- Unattached IP Addresses
- Unattached Volumes
- Schedule Instances
- Scheduled Report
- Scheduled Report with Estimates
- Scheduled Report with Markups & Markdowns
- Superseded Instances
- Superseded Instance Remediation
- Terminate Instances with End Date
- AWS Burstable Instance CloudWatch Utilization
- AWS Expiring Reserved Instances
- AWS Idle Compute Instances
- AWS Inefficient Instance Utilization using CloudWatch
- AWS Reserved Instances Utilization
- AWS Reserved Instance Reservation Coverage
- AWS Reserved Instances Report by Billing Center
- AWS Reserved Instance Recommendations
- AWS Savings Plan Recommendations
- AWS Schedule Instance
- AWS Unused IP Addresses
- AWS Bucket Size Check
- AWS Unused Volumes
- AWS S3 Buckets without Server Access Logging
- AWS Object Storage Optimization
- AWS Old Snapshots
- AWS S3 Bucket Intelligent Tiering Check
- Azure Hybrid Use Benefit
- Azure Hybrid Use Benefit for Linux
- Azure Hybrid Use Benefit for SQL
- Azure Idle Compute Instances
- Azure Inefficient Instance Utilization using Log Analytics
- Azure Expiring Reserved Instances
- Azure Reserved Instance Utilization
- Azure Reserved Instance Recommendations
- Azure Unused IP Addresses
- Azure Schedule Instance
- Azure MCA Reserved Instance Recommendations
- Azure Blob Storage Optimization
- Azure Old Snapshots
- Azure Unused Volumes
- Azure Storage Accounts without Lifecycle Management Policies
- Google Inefficient Instance Utilization using StackDriver
- Google Committed Use Discount (CUD)
- Google Idle Compute Instances
- Google Expiring Committed Use Discount (CUD)
- Google Schedule Instance
- Security Group: ICMP Enabled
- Security Group: Rules Without Description
- Security Group: High Open Ports
- Security Groups With Ports Open To The World
- AWS Internet-facing ELBs & ALBs
- AWS Unencrypted ELB Listeners (CLB)
- AWS Unencrypted ELB Listeners (ALB/NLB)
- AWS Disallowed Regions
- AWS Unused ECS Clusters
- AWS EC2 Instances not running FlexNet Inventory Agent
- AWS Long-stopped Instances
- AWS Untagged Resources
- AWS Service Control Policy Audit
- AWS IAM Role Audit
- Azure AHUB Utilization with Manual Entry
- Azure Disallowed Regions
- Azure Instances not running FlexNet Inventory Agent
- Azure Long Stopped Instances
- Azure Policy Audit
- Azure Regulatory Compliance
- Azure Subscription Access
- Azure Tag Resources with Resource Group Name
- Azure Untagged Resources
- FlexNet Manager Licenses At Risk
- FlexNet Manager Low Available Licenses
- GitHub.com Available Seats
- GitHub.com Unpermitted Outside Collaborators
- GitHub.com Unpermitted Repository Names
- GitHub.com Unpermitted Top-Level Teams
- GitHub.com Unpermitted Sized Repositories
- GitHub.com Repository Branches without Protection
- GitHub.com Repositories without Admin Team
- Policy Update Notification
- AWS Cloud Credentials Rotation
- AWS RDS Backup Settings
- AWS Subnet Name Tag Sync
- AWS VPC Name Tag Sync
- AWS Long Running Instances
- AWS Instance Scheduled Events
- AWS Lambda Functions with high error rate
- Azure VMs Not Using Managed Disks
- Azure Migrate Integration
- AzureAD Group Sync
- Azure Sync Tags with Optima
- Azure SQL Databases without Elastic Pools
- Okta Inactive Users
- ServiceNow Inactive Approvers
- Office 365 Security Alerts
- SaaS Manager - Renewal Reminder
- SaaS Manager - User Status Change
- SaaS Manager - Suspicious Users
- SaaS Manager - Unsanctioned Spend
- SaaS Manager - Redundant Apps
- SaaS Manager - Inactive Users
- SaaS Manager - Duplicate User Accounts
- SaaS Manager - Unsanctioned Applications with Existing Contract
- SaaS Manager - SaaS App User Report by Category
- AWS Regions
- AWS Instance Types
- Azure Instance Types
- Google Instance Types
- Currency Reference
- Azure SQL Service Tier Types
- TZ database Timezone List
- The policy templates in the repo are the files that have a .pt extension.
- Select the desired policy template, click on the “Raw” button, and then right-click and choose “Save As” to save the file to your computer.
- To upload the template to your account, navigate over to the Templates page in the left nav bar in Governance. Ensure you have the role to access policy management in RightScale. Learn More about Policy Access Control.
- Click the “Upload Policy Template” button in the account you wish to test the policy and follow the instructions to upload the template you just downloaded.
- Getting Started
- Reference Documentation
- Policy Template Language
- Markdown Editor - Use this to test Markdown Syntax
- Libraries
- README GUIDELINE
Support for these policy templates will be provided though GitHub Issues and the Flexera Community. Visit Flexera Community to join!
Github issues contain a template for three types of requests(Bugs, New Features to an existing Policy Template, New Policy Template Request)
- Bugs: Any issue you are having with an existing policy template not functioning correctly, this does not include missing features, or actions.
- New Feature Request: Any feature(Field, Action, Link, Output, etc) that are to be added to an existing policy template.
- New Policy Template Request: Request for a new policy template.
- You can test against a pull request via:
bundle exec danger pr https://github.com/flexera/policy_templates/pull/73 --pry - Danger Troubleshooting