This document contains the last 100 policy template merges for the flexera-public/policy_templates
repository. Only merges that modify policy templates are included. Changes are sorted by the date the pull request was merged into the master
branch, with the most recent changes listed first. A JSON version with the full history all merges, not just the last 100 policy merges, is also available.
PR #2887: FLEX-5165 Add datalake optimization policy template
Initial implementation of a Policy (Azure Data Lake Optimization) which enables customers to run efficiently for Azure Data Lake. The policy type is Usage Reduction and provide the recommendations with Potential savings.
- Policies: Azure Data Lake Optimization, Meta Parent: Azure Data Lake Optimization
- Merged At: 2024-12-23 18:30:07 UTC
PR #2833: POL-1405 Replace deprecated Kubecost endpoints for Kubecost Cluster Policy
The endpoint we are currently using has been deprecated “/model/savings/clusterSizing" It still works but only returns one cluster rather than all clusters.
The new endpoint is returns a different response “/model/savings/clusterSizingETL" and simply adding ETL onto the end of our current end point in the policy returns null values in ds_cluster_sizing
This endpoint returns all cluster recommendations in one response.
The
ds_clusters
function has been created to include two new parameters in the Kubecost API call:
- param_allow_shared_core: This boolean parameter indicates whether shared cores should be allowed in the cluster sizing calculation. By default, Kubecost may not consider the shared cores between pods as part of the cost savings calculations. With this new parameter, the explicit inclusion of shared cores in the calculations can be enabled. This is useful for environments where resources are shared between multiple pods, and a more accurate estimate of potential savings is desired.
- Updated the function responsible for the API call to /model/savings/clusterSizing
- Added the param_allow_shared_core to the
ds_clusters
function.- Updated the HTTP call to send these parameters in the Request.
- Set the default values of these parameters to False, meaning shared cores will not be allowed.
How the response for the new endpoint differs from what we initially wanted: we modified it and added new functions to handle the response and convert it to the expected struct
- Deprecated endpoint from kubecost was replaced.
- https://flexera.atlassian.net/browse/POL-1405
- Policies: Kubecost Cluster Rightsizing Recommendation
- Merged At: 2024-12-19 15:58:27 UTC
PR #2869: POL-1414 Currency Conversion Functionality on Kubecost cluster rightsizing policy
This update introduces functionality to handle automatic currency conversion within Kubecost cluster rightsizing policy, ensuring that incidents reflect values across different currencies.
- Support for multiple currencies has been added to the system.
- If the kubecost config endpoint returns an empty currency, USD (United States Dollar) will be used as the default currency.
- A condition has been implemented where, if Kubecost's currency matches Flexera's, no currency conversion will take place.
Resolves the issue where currency discrepancies occurred between our template and Kubecost when they had different base currencies.
- Policies: Kubecost Cluster Rightsizing Recommendation
- Merged At: 2024-12-16 22:02:52 UTC
PR #2817: POL-1410 - Improve Scheduled Instance Notifications
Improved notifications related for the 3 Scheduled Instance Policy Templates
- Policies: AWS Schedule Instance, Azure Schedule Instance, Google Schedule Instance
- Merged At: 2024-12-11 19:42:39 UTC
PR #2876: POL-1428 Scheduled Report - fix +Inf issue related to incident creation
This change implements a fix for the Scheduled Report policy incident so that it is successfully created when the
Billing Term
parameter is set toWeek
.This PR resolves an issue where the Scheduled Report policy incident failed to generate due to a
+Inf
error.
- Policies: Scheduled Report
- Merged At: 2024-12-11 18:02:09 UTC
PR #2873: POL-1424 New CBI Bill Ingestion Policies
This creates two new policy templates for the catalog:
Common Bill Ingestion from AWS S3 Object Storage
andCommon Bill Ingestion from Azure Blob Storage
. These policies can automate the ingestion of either CBI or FOCUS formatted CSV files into Common Bill Ingestion from S3 Object Storage and Blob Storage respectively.Additionally, the functionality in the above policies to abort existing bill uploads prior to creating a new one has been added to the
Fixed Cost Common Bill Ingestion
policy template.Note: Some tweaks were also made to Dangerfile tests to properly account for Azure storage credentials. Some tweaks were also made to a small number of README files to correctly indicate specific permissions for Azure storage credentials.
- Policies: Not displayed due to PR with > 5 policies. Please see Github Pull Request for these details.
- Merged At: 2024-12-11 14:28:50 UTC
PR #2867: POL-1422 Fix AWS New Marketplace Products
AWS New Marketplace Products has an issue that was introduced during a mass code change that prevents the policy from completing execution. This fixes that issue.
- Policies: AWS New Marketplace Products
- Merged At: 2024-12-02 14:09:36 UTC
PR #2862: POL-1415 AWS Rightsize RDS Instances: Add Connections to Incident Table
This adds a daily average of connections to the RDS instance, labelled
Connections (Daily)
, to the incident table for both the idle and underutilized incidents.(This also includes some minor code refactoring to make similar changes in the future easier)
- Policies: AWS Rightsize RDS Instances, Meta Parent: AWS Rightsize RDS Instances
- Merged At: 2024-12-02 13:08:57 UTC
PR #2859: POL-1419 Bug Fix for Azure Publicly-Accessible Blob Containers
This fixes a bug in the Azure Publicly-Accessible Blob Containers policy template caused by an incorrectly named variable in a JavaScript block.
- Policies: Azure Publicly-Accessible Blob Containers, Meta Parent: Azure Publicly-Accessible Blob Containers
- Merged At: 2024-11-26 18:56:50 UTC
PR #2847: FOPTS-5666 Handle properly null values in Google Rightsize VM Recommender Policy
We had an issue sorting recommendations when cpuAvergae. cpuMinimum or cpuMaximum are nulls.
- Policies: Google Rightsize VM Recommender, Meta Parent: Google Rightsize VM Recommender
- Merged At: 2024-11-26 15:57:50 UTC
PR #2837: POL-1417 Azure Savings Realized from Reservations - fix NaN issue related to incident creation
Fixes a bug that produces this error preventing the policy incident from being created for an EU Customer:
incident service client: create incident: [Incident create]: failed to encode request body: json: unsupported value: NaN
Fixes a bug that produces this error preventing the policy incident from being created for an EU Customer:
incident service client: create incident: [Incident create]: failed to encode request body: json: unsupported value: NaN
- Policies: Azure Savings Realized from Reservations
- Merged At: 2024-11-22 13:32:40 UTC
PR #2841: POL-1416 New Policy: AWS S3 Incomplete Multi-Part Uploads
New policy template
AWS S3 Incomplete Multi-Part Uploads
that reports incomplete S3 multi-part uploads.
- Policies: AWS S3 Incomplete Multi-Part Uploads, Meta Parent: AWS S3 Incomplete Multi-Part Uploads
- Merged At: 2024-11-22 13:28:09 UTC
PR #2722: FOPTS-5124 Added batch processing for some Policies with high memory consumption
Added batch processing in AWS Object Storage Optimization, Azure Databricks Rightsize Compute Instances and Azure Reserved Instance Recommendations Policies
Following the release of batch processing for all organizations, it was decided to modify the templates with the highest memory consumption to make use of batch processing. These policies are:
- Azure Databricks Rightsize Compute Instances
- Azure Reserved Instance Recommendations
NOTE: For AWS Object Storage Optimization, I think there was a mistake in the parameters to run script $js_aws_s3_objects_with_storage_class. It was using $ds_aws_list_s3_objects but I think it should use, $ds_aws_s3_objects because it is the data source that has the objects filtered by tags if we use that param, and $ds_aws_s3_objects was not being used by any other datasource. I changed the data source used as input, but let me know if it was correct
- Policies: Azure Databricks Rightsize Compute Instances, Meta Parent: Azure Databricks Rightsize Compute Instances, Azure Reserved Instances Recommendations, Meta Parent: Azure Reserved Instances Recommendations
- Merged At: 2024-11-21 17:03:20 UTC
PR #2830: FOPTS-5507 Added hide_skip_approvals to All Active Policies
This PR marks the last update for the Hide Skip Approval task. ✅ The first phase, updating AWS Right Size policies, is complete in PR-2799. ✅ Additionally, the metaparent policy compiler and Rakefile have been successfully updated : PR-2813
Current Phase (Phase 2): In this phase, we have added the hide_skip_approvals field to the info section of policy templates that do not use the request approval option in any escalation. This field allows the UI to dynamically show or hide the "Skip Approval" option based on the policy’s configuration. Following the AWS Right Size policy updates, these changes have now been applied to all remaining active policies.
More context: Seeking Your Input: Proposed Solution for Conditional "Skip Approvals" Visibility
- Policies: Not displayed due to PR with > 5 policies. Please see Github Pull Request for these details.
- Merged At: 2024-11-14 19:54:59 UTC
PR #2829: FOPTS-5505 Fixed consumption calculation for ITAM Overused Licenses
An issue with consumption percentage calculation was fixed.
- Policies: ITAM Overused Licenses
- Merged At: 2024-11-14 16:49:56 UTC
PR #2818: POL-1413 Currency Separator Fix
This fixes the commonly-used formatNumber function present in many policy templates to ensure that it does not end up inserting the text "undefined" where comma separators are supposed to go.
(Warnings/errors are false positives unrelated to the specific change being made with this PR)
- Policies: Not displayed due to PR with > 5 policies. Please see Github Pull Request for these details.
- Merged At: 2024-11-11 18:09:26 UTC
PR #2813: FLEX-5397 - Modify Meta Parent Compiler to Conditionally Include hide_skip_approvals
This pull request enhances the Meta Parent Policy Template Compiler to conditionally include the hide_skip_approvals field in the generated meta parent policy templates when it exists in the child policy templates. It also removes prior manual modifications to meta parent policies : #2799
More context: Seeking Your Input: Proposed Solution for Conditional "Skip Approvals" Visibility
- Policies: Meta Parent: AWS Rightsize EBS Volumes, Meta Parent: AWS Rightsize EC2 Instances, Meta Parent: AWS Rightsize ElastiCache, Meta Parent: AWS Rightsize RDS Instances, Meta Parent: AWS Rightsize Redshift
- Merged At: 2024-11-08 19:46:42 UTC
PR #2808: POL-1402 Azure Rightsizing Compute: Consider Managed Disk
This updates the
Azure Rightsize Compute Instances
policy template so that it never recommends a downsize to a size that wouldn't support the current number of attached disks for an instance.The Virtual Machine Sizes - List API call is used during policy execution to get a list of resource types and the maximum number of attached disks. The policy template has been given a major version change since the above API call requires an additional permission.
- Policies: Azure Rightsize Compute Instances, Meta Parent: Azure Rightsize Compute Instances
- Merged At: 2024-11-07 13:07:23 UTC
PR #2799: FOPTS-4819 Added hide_skip_approvals
to AWS Right Size policies
Adding a new hide_skip_approvals field to the info section of policy templates that do not utilize the request approval option in any escalation. This field enables the UI to dynamically show or hide the "Skip Approval" option based on the policy configuration. Initially, these changes are applied to AWS Right Size policies, with plans to update additional policies in subsequent steps.
More context: Seeking Your Input: Proposed Solution for Conditional "Skip Approvals" Visibility
- Policies: Not displayed due to PR with > 5 policies. Please see Github Pull Request for these details.
- Merged At: 2024-11-05 22:00:13 UTC
PR #2802: POL-1397 Flexera One API Event Report
This is a new policy template that reports API requests made to the Flexera API with several filtering options.
- Policies: Flexera One API Event Report
- Merged At: 2024-11-04 13:12:12 UTC
PR #2800: POL-1408 AWS Account Credentials Meta Not Spawning Children
Fixes issue where the meta policy for AWS Account Credentials was not spawning children due to the policy not properly filtering out meta-specific parameters.
- Policies: Not displayed due to PR with no published policies. Please see Github Pull Request for details about unpublished policies.
- Merged At: 2024-10-31 17:48:14 UTC
PR #2737: POL-1378 Linting Updates: Cost Policies: Misc
Various small changes to Cost policies not associated with the big 3 hyperscalers to bring them up to current linting standards. Also removes known bad coding patterns to avoid their reuse.
- Policies: Not displayed due to PR with > 5 policies. Please see Github Pull Request for these details.
- Merged At: 2024-10-30 14:58:32 UTC
PR #2790: POL-1394 Downsize Multiple Sizes: Azure MySQL
Added support for downsizing multiple sizes where appropriate for the two Azure MySQL policy templates. Enabled via an optional parameter.
- Policies: Azure Rightsize MySQL Flexible Servers, Meta Parent: Azure Rightsize MySQL Flexible Servers, Azure Rightsize MySQL Single Servers, Meta Parent: Azure Rightsize MySQL Single Servers
- Merged At: 2024-10-30 12:04:39 UTC
PR #2792: POL-1407 Downsize Multiple Sizes: AWS Rightsize ElastiCache
Added support for downsizing multiple sizes where appropriate. Enabled via an optional parameter.
- Policies: AWS Rightsize ElastiCache, Meta Parent: AWS Rightsize ElastiCache
- Merged At: 2024-10-30 12:04:16 UTC
PR #2789: POL-1396 Downsize Multiple Sizes: Azure Rightsize SQL Managed Instances
Added support for downsizing multiple sizes where appropriate. Enabled via an optional parameter.
- Policies: Azure Rightsize SQL Managed Instances, Meta Parent: Azure Rightsize SQL Managed Instances
- Merged At: 2024-10-29 12:11:49 UTC
PR #2788: POL-1393 Downsize Multiple Sizes: Azure Rightsize SQL Databases
Added support for downsizing multiple sizes where appropriate. Enabled via an optional parameter.
- Policies: Azure Rightsize SQL Databases, Meta Parent: Azure Rightsize SQL Databases
- Merged At: 2024-10-29 12:11:23 UTC
PR #2787: POL-1406 AWS Rightsize RDS Instances Fix
Fixes issue where policy would fail if a "db.serverless" (or any other instance type not present in the mapping file) instance was found.
Also makes it so that the policy template does not bother to gather metrics for "db.serverless" instances, since we won't be making recommendations for these regardless, as they are not ordinary RDS instances.
- Policies: AWS Rightsize RDS Instances, Meta Parent: AWS Rightsize RDS Instances
- Merged At: 2024-10-29 12:11:04 UTC
PR #2747: POL-1385 - New Template: Billing Centers from Dimensions
This policy generates a billing center structure based on specified dimensions. It allows users to create a hierarchical billing center structure that reflects their organizational needs by using existing dimensions -- including custom Rule-Based Dimensions, Tag Dimensions, or Cloud Bill Dimensions like Vendor, Cloud Vendor Account Name.
- Policies: Flexera Billing Centers from Dimension Values
- Merged At: 2024-10-24 19:24:41 UTC
PR #2777: POL-1404 AWS Superseded EBS Volumes - Fix Currency Conversion Message in Policy Incident
This change fixes a bug in the policy incident of the AWS Superseded EBS Volumes policy in a customer's tenant.
This bug occurs when the customer’s native currency in the platform is not USD:
“Price and savings values are in USD due to a malfunction with Flexera's internal currency conversion API. Please contact Flexera support to report this issue.”
This message is incorrectly showing even though currency conversion was successful.
This change fixes this bug.
Fixes a bug where the Currency Conversion messaging in the policy incident is incorrectly showing.
- Policies: AWS Superseded EBS Volumes, Meta Parent: AWS Superseded EBS Volumes
- Merged At: 2024-10-24 06:58:29 UTC
PR #2774: POL-1400 Fix Invalid Recommendations: Azure Rightsize SQL Managed Instances
Azure Rightsize SQL Managed Instances would sometimes produce recommendations for invalid sizes. This is because it was using the existing SQL tier sizes list, and SQL Managed Instances are only available for a much smaller subset of these sizes.
This fixes the issue by creating a separate JSON asset specific to SQL Managed Instances with only the sizes used for that product, and a small modification of the policy template to make use of this new asset.
- Policies: Azure Rightsize SQL Managed Instances, Meta Parent: Azure Rightsize SQL Managed Instances
- Merged At: 2024-10-22 14:45:54 UTC
PR #2772: POL-1398 Azure Expiring Certificates - fix Days Until Expiration bug
Regardless of the threshold set, the Azure Expiring Certificates policy returns (in the incident) certificate resources that will expire months and years from now. The reason for this is an incorrect calculation which makes the 'Days Until Expiration' a negative number. This is a change to fix this.
- 'Days Until Expiration' no longer produces a negative value in the policy incident.
- Certificate resources outside of the threshold set are no longer returned in the policy incident.
- Policies: Azure Expiring Certificates, Meta Parent: Azure Expiring Certificates
- Merged At: 2024-10-22 14:45:40 UTC
PR #2763: POL-1392 AWS Rightsize RDS Instances: Downsize Multiple Tiers
Adds option to make recommendations to go down multiple sizes in the
AWS Rightsize RDS Instances
Instances policy template.
- Policies: AWS Rightsize RDS Instances, Meta Parent: AWS Rightsize RDS Instances
- Merged At: 2024-10-21 12:15:34 UTC
PR #2762: POL-1391 Azure Rightsize Compute Instances: Downsize Multiple Tiers
Adds option to make recommendations to go down multiple sizes in the
Azure Rightsize Compute Instances
policy template.
- Policies: Azure Rightsize Compute Instances, Meta Parent: Azure Rightsize Compute Instances
- Merged At: 2024-10-21 12:15:26 UTC
PR #2756: POL-1387 New Object Storage Lifecycle Policies / Deprecate Object Storage Optimization Policies
This adds two new policy templates,
AWS S3 Buckets Without Lifecycle Configuration
andGoogle Cloud Storage Without Lifecycle Configuration
, to the policy catalog. Additionally, it deprecates theAWS Object Storage Optimization
,Azure Blob Storage Optimization
, andGoogle Object Storage Optimization
policy templates. The READMEs for these policy templates now direct users to the appropriate lifecycle policy templates instead.Reason: Due to the scale involved, policy templates that attempt to manage individual objects within object storage buckets are not efficient or, in most cases, even able to run without errors on the Flexera platform. It is bad practice to attempt to micromanage individual objects anyway; users should instead be configuring their cloud environment to automate this via the lifecycle tools all three hyperscalers provide for their object storage solutions. The new policy templates ensure that we have a policy template solution available to users interested in enforcing the usage of lifecycle tools.
(Ignore the dead link warnings. Those links won't be dead once this PR is merged)
- Policies: Not displayed due to PR with > 5 policies. Please see Github Pull Request for these details.
- Merged At: 2024-10-21 12:15:19 UTC
PR #2759: POL-1390 AWS Rightsize EC2 Instances: Downsize Multiple Tiers
Adds option to make recommendations to go down multiple sizes in the
AWS Rightsize EC2 Instances
policy template.
- Policies: AWS Rightsize EC2 Instances, Meta Parent: AWS Rightsize EC2 Instances
- Merged At: 2024-10-21 12:04:19 UTC
PR #2745: POL-1383 New Policy: Google Missing Projects
New policy template,
Google Missing Projects
, that mirrors theAzure Missing Subscriptions
policy template. From the README:This policy template checks the stored Flexera CCO billing data for Google from 3 days ago to obtain a list of Google Projects that we have billing data for and compares that to the list of Google Projects returned by the Google Cloud Resource Manager API. An incident is raised and email sent containing any projects present in Flexera CCO but not returned by the Google Cloud Resource Manager API, as well as projects returned by the Google Cloud Resource Manager API but not present in Flexera CCO. The user can select which of those two reports they'd like to produce.
- Policies: Not displayed due to PR with no published policies. Please see Github Pull Request for details about unpublished policies.
- Merged At: 2024-10-16 17:15:30 UTC
PR #2738: POL-1380 Applied Policy Template Errors: Child Policy Support
This adds optional support for reporting child policy errors as a separate incident in the
Applied Policy Template Errors
policy template.
- Policies: Applied Policy Template Errors
- Merged At: 2024-10-16 17:04:31 UTC
PR #2734: POL-1378 Linting Updates: Cost Policies: AWS
Various small changes to Security policies to bring them up to current linting standards. Also removes known bad coding patterns to avoid their reuse.
- Policies: Not displayed due to PR with > 5 policies. Please see Github Pull Request for these details.
- Merged At: 2024-10-16 12:03:43 UTC
PR #2736: POL-1378 Linting Updates: Cost Policies: Google
Various small changes to Google Cost policies to bring them up to current linting standards. Also removes known bad coding patterns to avoid their reuse.
- Policies: Not displayed due to PR with > 5 policies. Please see Github Pull Request for these details.
- Merged At: 2024-10-16 12:03:35 UTC
PR #2735: POL-1378 Linting Updates: Cost Policies: Azure
Various small changes to Azure Cost policies to bring them up to current linting standards. Also removes known bad coding patterns to avoid their reuse.
- Policies: Not displayed due to PR with > 5 policies. Please see Github Pull Request for these details.
- Merged At: 2024-10-14 18:04:01 UTC
PR #2733: POL-1378 Linting Updates: SaaS Policies
- Policies: Not displayed due to PR with > 5 policies. Please see Github Pull Request for these details.
- Merged At: 2024-10-14 17:01:46 UTC
PR #2732: POL-1378 Linting Updates: Operational Policies
Various small changes to Security policies to bring them up to current linting standards. Also removes known bad coding patterns to avoid their reuse.
Dangerfile error is a false positive and can be ignored. The coding pattern causing it is sufficiently niche to not be worth the effort of coding the Dangerfile test around it.
- Policies: Not displayed due to PR with > 5 policies. Please see Github Pull Request for these details.
- Merged At: 2024-10-14 17:01:39 UTC
PR #2731: POL-1378 Linting Updates: Compliance Policies
Various small changes to Compliance policies to bring them up to current linting standards. Also removes known bad coding patterns to avoid their reuse.
Small tweak to Dangerfile to avoid a false positive for one of the tests.
- Policies: Not displayed due to PR with > 5 policies. Please see Github Pull Request for these details.
- Merged At: 2024-10-14 17:01:30 UTC
PR #2730: POL-1378 Linting Updates: Security Policies
Various small changes to Security policies to bring them up to current linting standards. Also removes known bad coding patterns to avoid their reuse.
- Policies: Not displayed due to PR with > 5 policies. Please see Github Pull Request for these details.
- Merged At: 2024-10-14 17:01:21 UTC
PR #2729: POL-1378 Linting Updates: Automation Policies
Various small updates to policy templates in the
automation
directory to bring them in conformance to current lint tests.Small tweak to Dangerfile test to avoid false positives for policies that legitimately have no parameters
- Policies: Not displayed due to PR with > 5 policies. Please see Github Pull Request for these details.
- Merged At: 2024-10-14 14:32:34 UTC
PR #2616: POL-1330 New Policy: AWS Account Credentials
This adds a new, unpublished policy template along with a custom meta parent. The purpose of this policy template is to test all of the various cross-account roles implied by an AWS credential to see if they were working as expected or not. Please see the README for more details.
(A custom meta parent is used because the policy engine does not allow you to ignore_status on a signing error, so the meta parent will compare the aggregated incident results to the status of the child policies to determine if the API request succeeded or failed.)
- Policies: Not displayed due to PR with no published policies. Please see Github Pull Request for details about unpublished policies.
- Merged At: 2024-10-11 19:31:30 UTC
PR #2728: POL-1379 Azure SQL MI Storage Pricing Automation
This adds automation to gather Azure SQL MI Storage Pricing and updates the Azure SQL MI Storage policy template to use this pricing data. In most cases, this will not matter (the generic SQL DB storage pricing is the same in most cases), but this ensures that any deviations in storage pricing specific to SQL MI are accounted for.
- Policies: Azure Rightsize SQL Managed Instance Storage, Meta Parent: Azure Rightsize SQL Managed Instance Storage
- Merged At: 2024-10-11 17:53:41 UTC
PR #2726: POL-1375 Google Label Cardinality Report: BigQuery Fix
Fixes an issue caused by the BigQuery API returning both the project ID and dataset ID in the "id" field when listing datasets. This caused errors when attempting to use this id to query for BigQuery tables in the dataset.
- Policies: Google Label Cardinality Report, Meta Parent: Google Label Cardinality Report
- Merged At: 2024-10-11 17:53:29 UTC
PR #2743: POL-1382 Currency Conversion: Multiple Dimension Support
Adds support for multiple dimension filters for the
Currency Conversion
policy template.
- Policies: Currency Conversion
- Merged At: 2024-10-11 13:18:16 UTC
PR #2712: POL-1139 New Policy: AWS S3 Usage Type Rule-Based Dimension
This new unpublished policy template,
AWS S3 Usage Type Rule-Based Dimension
, creates a single rule-based dimension based on the usage_type values for AWS S3. The intent is to provide a more general and human readable alternative to the built-in dimension, whose values tend to be very specific and not very human readable.
- Policies: Not displayed due to PR with no published policies. Please see Github Pull Request for details about unpublished policies.
- Merged At: 2024-10-10 18:09:28 UTC
PR #2702: POL-1355 New Policy: AWS Rightsize ElastiCache
New policy template to produce rightsizing recommendations for AWS ElastiCache clusters. See README for more details.
- Policies: AWS Rightsize ElastiCache, Meta Parent: AWS Rightsize ElastiCache
- Merged At: 2024-10-09 17:11:27 UTC
PR #2709: POL-1374 Email Cost Optimization Recommendations: Added Policy Support
Updates to Email Cost Optimization Recommendations. From the CHANGELOG:
- Added support for additional recommendation policy templates
- Changed "Disks" option to "Storage" for
Recommendation List
parameter to better reflect functionality- Added "PaaS" option to
Recommendation List
parameter
- Policies: Email Cost Optimization Recommendations
- Merged At: 2024-10-09 17:11:10 UTC
PR #2721: POL-1377 Cloud Bill Processing Error Notification: Fixes/Improvements
Fixes for
Cloud Bill Processing Error Notification
. From the CHANGELOG:
- Updated some API requests to use newer internal Flexera API
- Fixed error that sometimes caused functioning bill connections to appear in results
- Fixed error that sometimes caused the policy template to fail
- Modified incident table to include more useful information
- Policies: Cloud Bill Processing Error Notification
- Merged At: 2024-10-09 17:10:55 UTC
PR #2708: POL-1373 Update AWS Superseded EBS Volumes - fix incorrect "New Monthly List Price" value
This policy was previously showing incorrect values in the incident for "New Monthly List Price" and "Estimated Monthly Savings".
This change improves the querying of the AWS Price List API to capture all prices associated with GP3 volumes to provide an accurate value for both these fields in the policy incident.
Policy incident now shows accurate values for "New Monthly List Price" and "Estimated Monthly Savings" to the user.
- Policies: AWS Superseded EBS Volumes, Meta Parent: AWS Superseded EBS Volumes
- Merged At: 2024-10-03 17:34:23 UTC
PR #2713: POL-1329 Fix calculation of IOPS and Bandwith at Azure Rightsize Managed Disk
This addresses the issue when calculating the IOPS and Bandwith of Premium SSD V2 disk recommendations.
- Policies: Azure Rightsize Managed Disks
- Merged At: 2024-10-03 15:10:20 UTC
PR #2668: POL-1354 New Policy: AWS Rightsize Redshift
New policy template to report rightsizing recommendations for AWS Redshift Clusters
- Policies: AWS Rightsize Redshift, Meta Parent: AWS Rightsize Redshift
- Merged At: 2024-10-03 15:09:51 UTC
PR #2705: POL-1371 Azure Rightsize NetApp Resources Meta Parent Fix
Fixes an issue causing the consolidated incident in the meta parent to be misnamed.
- Policies: Azure Rightsize NetApp Resources, Meta Parent: Azure Rightsize NetApp Resources
- Merged At: 2024-10-02 12:41:33 UTC
PR #2649: POL-1361 Azure Rightsize NetApp Files: Add ignore_status / Misc fixes and Improvements
Azure Rightsize NetApp Files
: Add ignore_status fields to various datasources for parity with other Azure policy templatesOther misc. changes were also made. From the CHANGELOG:
- Renamed policy template to
Azure Rightsize NetApp Resources
to better reflect its functionality- Added ability to use regex to filter resources by tag
- Added
Recommendation
field to incident table for parity with other Azure policy templates- Added logic to skip gathering volume-level data if the user selects "Resize Pools"
- Several policy parameters updated to more clearly describe their function
- Incident subject now explicitly indicates that the resources found are oversized
- Fixed issue where policy template would fail to complete if some subscriptions and resources are inaccessible due to credential permissions
- Fixed issue where tag filtering was not working as intended
- Policies: Azure Rightsize NetApp Resources, Meta Parent: Azure Rightsize NetApp Resources
- Merged At: 2024-10-01 12:29:52 UTC
PR #2679: POL-1367 New Policy: Azure Rightsize SQL Managed Instance Storage
This is a new policy template: Azure Rightsize SQL Managed Instance Storage. It does what it says on the tin.
- Policies: Azure Rightsize SQL Managed Instance Storage, Meta Parent: Azure Rightsize SQL Managed Instance Storage
- Merged At: 2024-10-01 12:29:26 UTC
PR #2645: SQ-9955 Fix Cloud Cost Anomaly Alerts Policy
- Policies: Cloud Cost Anomaly Alerts
- Merged At: 2024-09-30 18:59:11 UTC
PR #2685: POL-1347 - fix: meta_parent_policy_compiler.rb no export block
https://github.com/flexera-public/policy_templates/actions/runs/11059501776 Workflow is currently failing on a PT
Writing parent policy template: ../../security/azure/sql_auditing_retention/sql_auditing_retention_meta_parent.pt meta_parent_policy_compiler.rb:334:in `block in compile_meta_parent_policy': undefined method `scan' for nil (NoMethodError) fields = export_block[0].scan(/(^.*field\s+\".*?\".*?end)/m).flatten ^^^^^ from meta_parent_policy_compiler.rb:314:in `each' from meta_parent_policy_compiler.rb:314:in `compile_meta_parent_policy' from meta_parent_policy_compiler.rb:467:in `block in <main>' from meta_parent_policy_compiler.rb:466:in `each' from meta_parent_policy_compiler.rb:466:in `<main>'
Modified Workflow Run Succesful: https://github.com/flexera-public/policy_templates/actions/runs/11059612277
Which resulted in these changes: #2687
- Policies: AWS Schedule Instance, Meta Parent: AWS Schedule Instance, Meta Parent: Azure Schedule Instance, Google Schedule Instance, Meta Parent: Google Schedule Instance
- Merged At: 2024-09-30 14:42:51 UTC
PR #2620: POL-1347 - feat: refactor AWS, Azure, and Google Schedule Instance Policy Templates
- remove next_stop, next_start tag requirements
- remove static zone to region mapping
- add task_labels and debugging for CWF actions
- add error capture, graceful timeout handling
- Policies: AWS Schedule Instance, Azure Schedule Instance, Google Schedule Instance
- Merged At: 2024-09-26 19:47:20 UTC
PR #2644: POL-1359 AWS Reserved Instances Recommendations: DynamoDB Support
This adds support for DynamoDB and MemoryDB to the
AWS Reserved Instances Recommendations
policy template.
- Policies: AWS Reserved Instances Recommendations
- Merged At: 2024-09-26 19:45:30 UTC
PR #2657: POL-1363 AWS EC2 Compute Optimizer Recommendations: Additional Options
From the
AWS EC2 Compute Optimizer Recommendations
CHANGELOG:
- Added option to filter out recommendations for EC2 instances based on OS family
- Added option to filter out either x86-64 (Intel/AMD) or ARM (Graviton) recommendations
- Policies: Not displayed due to PR with no published policies. Please see Github Pull Request for details about unpublished policies.
- Merged At: 2024-09-26 19:44:47 UTC
PR #2673: POL-1366 Currency Conversion: Add Arbitrary Dimension Support
This replaces the option to select a cloud provider in the
Currency Conversion
policy template with an option to specify any arbitrary Dimension=Value. The primary use case is to enable users to do per-bill source conversion, but this of course also enables any number of other possibilities while still retaining the original functionality.
- Policies: Currency Conversion
- Merged At: 2024-09-26 19:43:53 UTC
PR #2139: POL-1218 New Policy: Google Rightsize Cloud SQL Recommender
New policy to produce recommendations for both idle and underutilized Google Cloud SQL recommendations.
Also deprecates the now redundant
Google Idle Cloud SQL Instance Recommender
andGoogle Rightsize CloudSQL Instances
policies.
- Policies: Not displayed due to PR with > 5 policies. Please see Github Pull Request for these details.
- Merged At: 2024-09-25 14:06:51 UTC
PR #2640: POL-1351 Google Unlabeled Resources: Add Project Support
Adds option to report/update Project labels to
Google Unlabeled Resources
policy template
- Policies: Google Unlabeled Resources, Meta Parent: Google Unlabeled Resources
- Merged At: 2024-09-25 12:14:33 UTC
PR #2633: POL-1352 Outdated Applied Policies: Deprecated Policy Support
This updates the
Flexera Automation Outdated Applied Policies
policy template to also, optionally, report on deprecated policy templates. It also allows the user, via parameter, to allow for automated major version upgrades. Documentation has been updated accordingly.This also makes a very minor tweak to Dangerfile tests to address a false positive.
- Policies: Flexera Automation Outdated Applied Policies
- Merged At: 2024-09-24 14:04:10 UTC
PR #2639: POL-1357 Azure Hybrid Use Benefit Policy Actions
This updates the policy actions in two Azure Hybrid Use Benefit policy templates to correctly use task labels to log errors.
- Policies: Azure Hybrid Use Benefit for Windows Server, Meta Parent: Azure Hybrid Use Benefit for Windows Server, Azure Hybrid Use Benefit for Linux Server, Meta Parent: Azure Hybrid Use Benefit for Linux Server
- Merged At: 2024-09-24 12:10:41 UTC
PR #2638: POL-1356 AWS Rightsize EBS Volume: Type Filtering
Adds a parameter to
AWS Rightsize EBS Volume
to enable the user to filter any arbitrary volume type from the results if desired.
- Policies: AWS Rightsize EBS Volumes, Meta Parent: AWS Rightsize EBS Volumes
- Merged At: 2024-09-24 12:10:33 UTC
PR #2663: POL-1364 Update Azure Savings Plan Expiration - Fix Policy Set value
The policy_set field in the policy template metadata has been changed from its current value of "Savings Plan" to "Savings Plans" .
This does not change the functionality of the policy but it does help us internally with reporting on templates in our repository.
- Policies: Azure Expiring Savings Plans
- Merged At: 2024-09-23 17:07:43 UTC
PR #2656: POL-1013 Add Azure Expiring Savings Plans Policy
Pretty self-explanatory. This is a change to add Azure Expiring Savings Plans policy to the Catalog. This policy will be added to remain consistent with its AWS counterpart. This policy will report on Savings Plans that are expired and/or nearing expiration.
Maintains parity between AWS and Azure. Customers can now be alerted via email when Savings Plans are nearing expiration or have expired.
- Policies: Azure Expiring Savings Plans
- Merged At: 2024-09-23 15:53:39 UTC
PR #2624: POL-1349 Applied Policy Template Errors Revamp
This is a revamp of the
Applied Policy Error Notification
policy template. From the CHANGELOG:
- Renamed to
Applied Policy Template Errors
to conform to policy template naming conventions- Added ability to ignore specific applied policy templates by name or ID
- Parameters altered to be more descriptive and human-readable
- Added additional fields to incident table to provide more context
- Incident table now includes links to the problematic applied policy templates
- Streamlined code for better readability and faster execution
- Policy template is now published in the public catalog
- Policies: Applied Policy Template Errors
- Merged At: 2024-09-23 15:31:26 UTC
PR #2621: POL-1345 Azure Untagged Resources: Subscription/Resource Group Support
Adds support for reporting untagged Azure Subscriptions and Resource Groups to the
Azure Untagged Resources
policy template.
- Policies: Azure Untagged Resources, Meta Parent: Azure Untagged Resources
- Merged At: 2024-09-20 13:57:01 UTC
PR #2647: POL-1360 Meta Parent: Fix Deprecation Status
This fixes an issue where the "deprecated" field in the info() blocks of generated meta parent policy templates did not match the child.
- Policies: Not displayed due to PR with > 5 policies. Please see Github Pull Request for these details.
- Merged At: 2024-09-20 12:23:46 UTC
PR #2610: POL-1338 Validated Permissions
This PR makes several changes related to tracking policy permissions:
- Several policy templates that were missing have been validated and added. Where appropriate, these policy templates and their associated README files were updated.
- Automation has been added to track every non-deprecated policy template that is not in the validation list. This is to assist in completing this project by getting all of the missing policy templates added.
- A couple of deprecated policy templates were missing the deprecated: "true" field in the info block. This has been fixed.
- Minor tweaks made to changed files to pass current Dangerfile tests
- Policies: Not displayed due to PR with > 5 policies. Please see Github Pull Request for these details.
- Merged At: 2024-09-20 12:03:15 UTC
PR #2642: POL-1358 AWS Rule-Based Dimension From Account Tags: Tag Casing Fix
This updates the
AWS Rule-Based Dimension From Account Tags
policy template to fix an issue where tag keys were being ignored if they contained upper case letters.
- Policies: Not displayed due to PR with no published policies. Please see Github Pull Request for details about unpublished policies.
- Merged At: 2024-09-19 17:53:06 UTC
PR #2622: POL-1348 Cloud Bill Processing Error Notification: Ignore List
Cloud Bill Processing Error Notification: Added
Bill Connection Ignore List
parameter to allow user to ignore specific bill connections.
- Policies: Cloud Bill Processing Error Notification
- Merged At: 2024-09-19 13:06:52 UTC
PR #2634: POL-1353 New Policy: Azure Unused Load Balancers
New policy that reports on Azure Unused Load Balancers
- Policies: Azure Unused Load Balancers, Meta Parent: Azure Unused Load Balancers
- Merged At: 2024-09-17 17:19:02 UTC
PR #2565: POL-1327 New Policy: AWS Lambda Functions Without Provisioned Concurrency
New template
AWS Lambda Functions Without Provisioned Concurrency
does what it says on the tin.
- Policies: AWS Lambda Functions Without Provisioned Concurrency, Meta Parent: AWS Lambda Functions Without Provisioned Concurrency
- Merged At: 2024-09-16 17:17:03 UTC
PR #2556: POL-793 Azure MySQL Policy Templates
Two new policy templates:
Azure Rightsize MySQL Single Servers
andAzure Rightsize MySQL Flexible Servers
Two templates because of substantial differences between API requests and metrics between the two kinds of MySQL instances. Single servers are also an increasingly outdated instance type, so most users can likely just get away with using the latter policy template only.
- Policies: Not displayed due to PR with > 5 policies. Please see Github Pull Request for these details.
- Merged At: 2024-09-16 12:11:48 UTC
PR #2617: POL-1344 Account Support for AWS Untagged Resources Policy Template
AWS Untagged Resources
: This adds the option to include the AWS account itself in the results and adds the necessary cloud workflow logic to enable accounts to be tagged.Should natively work as expected with the meta parent, since each child incident would include one account, and the consolidated incident would include all of them.
Additionally, significant modifications were made to speed up policy execution when the savings option is enabled. The previous method took a very long time due to inefficient searching techniques.
- Policies: AWS Untagged Resources, Meta Parent: AWS Untagged Resources
- Merged At: 2024-09-12 12:21:20 UTC
PR #2576: POL-1331 New Policy: Azure Advisor Carbon Reduction Recommendations
This is a new policy to report all CO2 emissions reduction opportunities reported by Azure Advisor.
- Policies: Azure Advisor Carbon Reduction Recommendations, Meta Parent: Azure Advisor Carbon Reduction Recommendations
- Merged At: 2024-09-04 12:07:47 UTC
PR #2560: POL-411 Low Usage: Added Resource List
This adds a link to the Resource Analyzer Dashboard with the appropriate settings to the incident table to make it easy for the user to see the specific resources that exist in the dimension value with low usage.
- Policies: Low Usage Report
- Merged At: 2024-09-03 20:17:23 UTC
PR #2601: POL-1252 Cloud Cost Anomaly Alerts: Additional Parameters
New functionality added to
Cloud Cost Anomaly Alerts
policy template. From the CHANGELOG:
- Added
Minimum Period Spend Variance
parameter to optionally limit results based on amount of variance- Added
Anomalies To Report
parameter to optionally limit results based on whether the anomaly is upward or downward- Added
Variance From Average
field to incident table containing the difference (absolute value) between the total cost and the moving average
- Policies: Cloud Cost Anomaly Alerts
- Merged At: 2024-09-03 20:08:10 UTC
PR #2596: POL-1334 Meta Parent Fix: Empty Policy Responses
This is a fix for an issue with Meta Parents where the policy template would fail if no applied policies exist. To fix this issue, the jq statements that were causing the issue have been replaced with standard jmes_path statements, and any additional filtering has been moved to separate javascript blocks.
- Policies: Not displayed due to PR with > 5 policies. Please see Github Pull Request for these details.
- Merged At: 2024-09-03 18:11:14 UTC
PR #2597: POL-1336 AWS Savings Plan Recommendations: Remove "Any" Option From Savings Plan Term Parameter
Removes invalid "Any" option from the
Savings Plan Term
parameter in theAWS Savings Plan Recommendations
policy template. The only valid values for this parameter are 1 year and 3 year.A handful of other small changes were made to bring policy template into compliance with current Dangerfile tests.
- Policies: AWS Savings Plan Recommendations
- Merged At: 2024-09-03 18:06:30 UTC
PR #2584: POL-1335 Add ARN to AWS Recommendation Policy Template Incident Tables
This adds a resource ARN field to the incidents of all existing AWS recommendations policy templates. This is because the ARN is a useful value for other functionality that might build off of the incident or recommendations table, such as using the AWS tagging API to tag resources.
- Policies: Not displayed due to PR with > 5 policies. Please see Github Pull Request for these details.
- Merged At: 2024-09-03 13:10:25 UTC
PR #2544: POL-802 New Policy: Azure Unused Virtual Network Gateways
This is a new policy template to report on unused Azure Virtual Network Gateways.
Currently, savings is not reported because Azure billing data stored in Flexera does not appear to contain Virtual Network Gateway costs at the resource level. This may be added with a later update if a solution is found.
- Policies: Azure Unused Virtual Network Gateways, Meta Parent: Azure Unused Virtual Network Gateways
- Merged At: 2024-08-30 15:52:31 UTC
PR #2543: POL-803 New Policy: Azure Unused App Service Plans
This is a new policy template to report on unused App Service Plans in Azure.
- Policies: Azure Unused App Service Plans, Meta Parent: Azure Unused App Service Plans
- Merged At: 2024-08-30 12:05:05 UTC
PR #1917: POL-727 Azure Savings Plan Utilization v0.1.0
Adds Azure Savings Plan Utilization Report to bring parity with what we have for AWS
- Policies: Azure Savings Plan Utilization
- Merged At: 2024-08-27 13:30:34 UTC
PR #2567: POL-1325 AWS Oversized S3 Buckets: Switch to GetMetricData
This updates the
AWS Oversized S3 Buckets
policy template to use batched GetMetricData requests to gather metrics in order to speed up execution.Various small tweaks were also made to bring it in compliance with current Dangerfile tests.
- Policies: AWS Oversized S3 Buckets, Meta Parent: AWS Oversized S3 Buckets
- Merged At: 2024-08-22 18:51:35 UTC
PR #2566: POL-1324 AWS Burstable EC2 Instances: Switch to GetMetricData
This updates the
AWS Burstable EC2 Instances
policy template to use batched GetMetricData requests to gather metrics in order to speed up execution.Various small tweaks were also made to bring it in compliance with current Dangerfile tests.
- Policies: AWS Burstable EC2 Instances, Meta Parent: AWS Burstable EC2 Instances
- Merged At: 2024-08-22 18:51:26 UTC
PR #2557: POL-1323 - fix: AWS Rightsize EC2 get memory metrics for Autoscaling groups
Fix bug preventing Memory metrics from being included in result for some EC2 Instances created by Autoscaling Group
- Policies: AWS Rightsize EC2 Instances
- Merged At: 2024-08-20 13:21:54 UTC
PR #2531: POL-980 New AWS Load Balancer Policy Templates
This PR adds two new policy templates,
AWS Unused Application Load Balancers
andAWS Unused Network Load Balancers
. It also modifies the existingAWS Unused Classic Load Balancers
policy template to bring it more in alignment with the new policy templates.I opted for 3 separate templates because there are enough differences between the three, especially when it comes to Classic vs App/Network, that a single policy template for all of them would be complex and cumbersome to maintain. The simplest way to offer users an intuitive experience while making the templates themselves maintainable was to simply have a separate policy template for each.
- Policies: Not displayed due to PR with > 5 policies. Please see Github Pull Request for these details.
- Merged At: 2024-08-19 18:05:12 UTC
PR #2547: POL-1322 New Policy: Google Label Cardinality Report
This is a new policy that reports on Google Label Cardinality. This template has an important caveat that is unique to Google. From the README:
NOTE: Google Cloud does not offer a straight-forward way to list all resources in a given Project along with their labels. This report should not be considered complete and should be used for general guidance. A list of supported resources is provided below.
- Compute
- Disks
- Images
- IP Addresses
- Snapshots
- Storage Pools
- VPN Gateways
- VPN Tunnels
- Virtual Machines
- Database
- BigQuery Datasets
- BigQuery Tables
- Cloud SQL for MySQL Instances
- Storage
- Object Storage Buckets
- Policies: Google Label Cardinality Report, Meta Parent: Google Label Cardinality Report
- Merged At: 2024-08-16 20:22:13 UTC
PR #2521: POL-1318 New Policy: AWS CloudTrails With Read Logging Enabled
New policy template that reports CloudTrails with read logging enabled, with the option of disabling read logging.
- Policies: AWS CloudTrails With Read Logging Enabled, Meta Parent: AWS CloudTrails With Read Logging Enabled
- Merged At: 2024-08-16 13:06:21 UTC
PR #2485: POL-1262 - feat: scheduled report percent change, alert threshold
Adds percent change field to report fields (additional inform) and capabilities for sending this when a threshold is crossed (alerting use-case)
- Policies: Scheduled Report
- Merged At: 2024-08-14 14:33:46 UTC
PR #2511: POL-1308 New Policy: Flexera One User Access Report
New policy that produces a list of users and the various roles they have assigned to them in order to assist with auditing users in a Flexera org.
- Policies: Flexera One User Access Report
- Merged At: 2024-08-14 13:09:41 UTC
PR #2533: POL-1321 Meta Policy Unpublish Fix
This adds publish to the info block of meta parent policies that corresponds to the child policy. This is to prevent meta parent policies for unpublished child policies from themselves being published by mistake.
- Policies: Not displayed due to PR with > 5 policies. Please see Github Pull Request for these details.
- Merged At: 2024-08-13 19:13:27 UTC