Stax Changelog logo

Changelog

Back to Homepage Subscribe to Updates

Labels

  • All Posts
  • Fix
  • changed
  • added
  • deprecated
  • removed
  • security

Jump to Month

  • July 2022
  • June 2022
  • May 2022
  • April 2022
  • March 2022
  • February 2022
  • January 2022
  • December 2021
  • November 2021
  • October 2021
  • September 2021
  • August 2021
  • July 2021
  • June 2021
  • May 2021
  • April 2021
  • March 2021
  • February 2021
  • January 2021
  • December 2020
  • November 2020
  • October 2020
  • September 2020
  • August 2020
  • July 2020
  • June 2020
added
7 months ago11/24/2021

Permission Sets Are Now Automatically Deployed to New Accounts

Stax has introduced new functionality to improve the behavior of Permission Sets when creating and updating Stax-managed AWS accounts.

When an account is created within an Account Type that has a Permission Set Assignment targeted to it, the Permission Set will be automatically deployed to the account during creation. When an account is moved to a different Account Type, any relevant Permission Sets will be added or removed based on the Assignments in place.

Additionally, deleting groups and Account Types is no longer possible when they are in use by Permission Sets. The API will reject requests with an HTTP 400 error and a message identifying how many attachements are preventing deletion.

added
7 months ago11/24/2021

New Changelog Widget and Updated Starred Accounts Widget

Stax is uplifting the Activity page to provide meaningful information and the ability to easily perform common tasks.

The Starred Accounts widget has been updated to allow you to quickly log in to Stax-managed AWS accounts you have starred from the Accounts page.

The Changelog widget has been added to provide access to the most recent entries on the Stax changelog.

added
7 months ago11/22/2021

Amazon EBS Encryption by default

Stax has released an update requiring Amazon Elastic Block Store (EBS) volume encryption in management accounts in all regions supported by Stax. This is to comply with CIS AWS Foundations Benchmark v1.4 control 2.2.1.

Stax uses the default aws/ebs encryption key. You can modify the default encryption key as required in the AWS Console.

added
7 months ago11/18/2021

Additional Stax Networks EBS Interface VPC Endpoint

Stax Networks now supports the EBS Interface VPC Endpoint for VPCs that are part of a Networking Hub.

You can enable the EBS Interface VPC Endpoints for new and existing Networking Hubs using the Stax Console, API, or SDK. See Manage Networking Hubs for more.

added
7 months ago11/15/2021

Search Resources on Rule Results Page

The results page for any given rule now supports searching of resources.

Enter a value into the search box then press enter to search the results. You can search by any field displayed in the table of results.

addeddeprecated
7 months ago11/12/2021

AWS Config Organizational Aggregator

Stax has released a new Config Aggregator named stax-assurance-<stax_organization_id> in your security foundation account. It is an organizational aggregator with the intention of deprecating the current multi-account aggregator juma-assurance-<security_aws_account_id>, to simplify the configuration and management. You will find the aggregator in the AWS region according to your Stax Installation region.

For organizations where the security foundation account is not set up as the organization's delegated administrator account for AWS Config (with service principal config.amazonaws.com), this aggregator will not be created.

During the week beginning 29 November 2021, Stax will start the process of removing the aggregator juma-assurance-<security_aws_account_id> from your security foundation account.

Update: The juma-assurance-<security_aws_account_id> aggregator removal work has been completed for all Stax tenancies.

Fixadded
7 months ago11/12/2021

Stax Workloads Update

An update has been applied to Stax Workloads to improve performance and reliability:

  • Added a new default tag stax:organisation_alias to Workloads CloudFormation stacks
  • Fixed an issue where Stax Workloads could be deployed to Stax-managed AWS accounts that are not active. If the account is not active, the Workloads API will now return a 400 "Bad Request" response, along with an error payload detailing the error.
  • Fixed an issue where the Workloads Catalog could display a failed Catalog Version as the latest Catalog Version available for deployment. The Workloads Catalog will now only show the latest active Catalog Version, or null, if no active Catalog Versions are available. If trying to deploy a Workload Catalog with no latest version, the API will now return a 400 "Bad Request" response, along with an error payload detailing the error.

These changes have been applied automatically by Stax. There is no impact to service expected as a result of this update. Should you experience any issues, please raise a support case.

added
7 months ago11/09/2021

AWS Firewall Manager Notification Channel

Following the delegation of FMS administrator account, Stax has now configured an SNS topic in each supported region in the security foundation account. These topics will allow you to subscribe to receive notifications of possible DDoS attacks.

The topic ARNs are found by logging in to the foundation security account's AWS console, then browsing to the FMS settings page. To receive notifications, navigate to the AWS SNS console, locate the topic, then configure appropriate subscriptions.

For organizations where the AWS Firewall Manager administrator account is delegated to an account other than the security foundation account, this configuration will not be applied to your own delegate.

added
8 months ago10/26/2021

Add Reason When Disabling Rules in Stax

Stax has introduced new compliance Rules functionality that supports adding a reason to explain why a given Rule has been disabled.

This change helps provide your organization with greater oversight and visibility of disabled Rules.

To get started, see Disabling a Rule in Stax.

changed
8 months ago10/20/2021

Additional CloudFormation Outputs in VPC Stacks

When creating networks using Stax Networks, several CloudFormation stacks are created for provisioning these resources. To allow for easier downstream consumption of resources created as part of these deployments, Stax has added additional outputs to the CloudFormation stacks.

The following fields have been added to both VPC and Transit VPC stacks:

  • IGWId (Internet Gateway ID)

The following fields have been added to Transit VPC stack only:

  • NATGatewayOne
  • NATGatewayTwo
  • NATGatewayThree

These outputs are created under certain conditions:

  • The IGWId output is only created if Internet Gateway is enabled
  • NATGatewayOne is only created if NAT Gateway is enabled
  • NATGatewayTwo and NATGatewayThree are only created if redundant NAT is enabled