Version 1.1.2 of the Python SDK has been released.
This is an update to lock the dependency openapi-spec-validator to version 0.2.9. This is due to breaking validation changes being introduced in the most recent versions of the dependency.
For more details about the Python SDK, check it out on Github.
Version 1.3.0 of stax2aws has been released. This update adds a new argument that allows users to specify the ARN of a role to assume.
This is useful when regularly logging in to one or more accounts and roles.
Before you can use this new feature, you must upgrade stax2aws to version 1.3.0 or later.
When using stax2aws, simply add the --role-arn (-r) argument specifying the ARN of the role to assume. stax2aws will then suppress the role selection prompt and automatically assume the specified role.
shell
stax2aws login \
-i stax-au1 -o mega-corp -p my-stax2aws-profile \
-r arn:aws:iam::123456789012:role/staxid-readonly-role
stax2aws will update the profile in its configuration to use this role. Future invocations will not require the role ARN to be specified. If you need to change the role ARN to be assumed by a particular profile, simply issue the --role-arn argument again.
The "Security groups should be used actively" rule is available to help organizations manage their use of security groups.
AWS prevents users from deleting the default security groups. To prevent against false positives from being raised because of this, Stax has updated the rule definition. The rule no longer considers default security groups as in-scope, and as such will not cause failures if default security groups are unused.
This change affects the following bundles:
These changes have been applied automatically by Stax. There is no impact to service expected as a result of this update.
If you have any questions about this change and what it means for you, please contact support.
You can now find out who created/onboarded Stax-managed AWS accounts using the Stax API or SDK. This allows for enhanced visibility into your AWS accounts and where they originated.
For accounts created using Stax, the CreatedBy field will now return the UUID of the user that created the account. For accounts onboarded into Stax, the CreatedBy field will reflect the identity of the user who performed the onboarding action. You can retrieve this information using the Fetch Accounts API endpoint or ReadAccounts in the SDK. This can be further resolved to the user's details using the Fetch Stax Users, Federated Users and API Tokens API endpoint, or ReadUsers in the SDK.
Check out your installation's API documentation to find out more about how to use the Fetch Accounts endpoint:
Check out the SDK examples to find out more about how to use the ReadAccounts and ReadUsers methods.
The Stax roles Cost & Compliance Admin & Read Only now allow users to request a password reset for their own Stax user account. Users in these roles no longer have to rely on an administrator to reset their password.
For more information on the roles available within Stax, see Accessing Stax.
In addition to Stax's recent updates to AWS credits support, the Data page now shows each credit item's description.
Now, when you filter by Kind: credit, you can review the Item Description column to see an explanation of the credit as provided by AWS. Additionally, grouping by the Item Description column allows for a summary by credit type to be displayed. This enables much greater insight into your AWS credits than ever before.
An update has been applied to Stax Workloads to improve performance and reliability:
These changes have been applied automatically by Stax. There is no impact to service expected as a result of this upgrade. Should you experience any issues, please raise a support case.
You can now use Stax to provision your Site-to-Site VPN resources and manage connectivity from your on-premises environment to your Stax Networks. You can deploy an AWS VPN Customer Gateway and share the connection to your Stax Hubs and VPCs, depending on your network requirements.
Stax Networks supports Virtual Private Gateway and Transit Gateway Site-to-Site VPN Connections.
With a Transit Gateway Site-to-Site VPN Connection, your VPN Customer Gateway is connected to your Networking Hub's Transit Gateway, providing connectivity to all VPCs within your Hub.
You can also connect your VPN Customer Gateway to an individual VPC's Virtual Private Gateway to provide direct connectivity.
For more information about Stax Networks and Site-to-Site VPN, check out the docs.
Sometimes you may wish to grant a user full access to the Cost & Compliance components of Stax without also granting access to the Accounts, Networks and Workloads functionality. A new role has been introduced to permit this.
Users who have their role in Stax set to Cost & Compliance Admin can administer Cost & Compliance module features. They have read-only access to all the other components of Stax.
For more information on the roles available within Stax, see Accessing Stax.
An update has been applied to Stax Workloads to improve performance and reliability.
These changes have been applied automatically by Stax. There is no impact to service expected as a result of this upgrade. Should you experience any issues, please raise a support case.