Metadata
The first section of a policy template provides generic information about the policy such as its name, a short and long description as well as the policy severity and category:
name "Instance Quota"
rs_pt_ver 20180301
type "policy"
short_description "Limit the total number of VMs running in a project."
# Optional metadata
default_frequency "daily"
long_description <<-EOF
The Instance Quota policy sends an email to developer@company.com when the
number of VMs running in the RightScale project exceeds 1,000.
EOF
severity "medium"
category "Cost"
tenancy "single"
info(
"version": "1.1",
"provider": "aws",
"service": "ec2"
)
| • | name defines the policy template name. It must be unique in the project. |
| • | rs_pt_ver indicates the policy template language version. The value must be 20180301. |
| • | type must be "policy" |
| • | short_description provides a short description of what the policy does. |
The following definitions are optional:
| • | default_frequency sets the interval between policy evaluations if another value is not selected by the person applying the policy. It must be one of "15 minutes" (default), "hourly", "daily", "weekly" or "monthly". |
| • | long_description is a long description of what the policy does. |
| • | severity indicates the policy severity, it must be one of "low" (default), "medium", "high" or "critical". |
| • | category is an arbitrary value used to group policies into categories, for example "Cost", "Compliance" or "Security". |
| • | info specifies an arbitrary list of metadata attached to the policy and should be an mapping of string to string. For the List of Flexera Policies, the standard is to use the following metadata fields: |
| • | version —Version of the template, using semantic versioning. Updated every time a policy template is changed. |
| • | provider—An identifier for which provider the policy applies to, such as AWS. |
| • | service—Where applicable, which service of the provider the policy applies to, such as EC2 |
| • | tenancy specifies whether this policy can be applied to more than one project at a time and how incidents are grouped together. It must be one of "multi", or "single". If a policy has a credential declaration in it, only single is supported and is the default if not specified. If a policy does not have such a declaration, then this defaults to multi. Generally speaking this should only be set manually in the case where the policy acts on organization-wide resources such as Cloud Cost Optimization APIs, in which case it should be set to single. Otherwise the default is sufficient and this can be omitted. |