Stax Changelog logo

Changelog

Back to Homepage Subscribe to Updates

Labels

  • All Posts
  • Fix
  • changed
  • added
  • deprecated
  • removed
  • security

Jump to Month

  • July 2022
  • June 2022
  • May 2022
  • April 2022
  • March 2022
  • February 2022
  • January 2022
  • December 2021
  • November 2021
  • October 2021
  • September 2021
  • August 2021
  • July 2021
  • June 2021
  • May 2021
  • April 2021
  • March 2021
  • February 2021
  • January 2021
  • December 2020
  • November 2020
  • October 2020
  • September 2020
  • August 2020
  • July 2020
  • June 2020
added
a year ago03/22/2021

Simpler Date Selection on Data Page

The Data page now has a date picker to make it easier to select a time range. You can choose either a single month, or a range of months.

Navigate to the Data page now to try it out!

changedadded
a year ago03/19/2021

Updated Notifications Experience and Microsoft Teams Functionality

The Notifications page has been redesigned to provide a more intuitive and simple user experience. Notifications are now managed through a tabulated window, with each delivery channel located on a seperate tab.

Stax also now supports sending notifications via Microsoft Teams, in addition to the existing email, webhook, and Slack delivery channels. Simply create an incoming webhook for your Teams channel and select the notifications you'd like to receive. For more information, see the documentation.

added
a year ago03/15/2021

Stax Networks Redundant NAT Gateways

When deploying Networking Hubs using Stax Networks, a NAT Gateway can be deployed for egress connectivity from private subnets. By default, when enabled, Stax provisions a single NAT Gateway which resides in a single Availability Zone (AZ). An outage of that AZ would result in egress connectivity failing for private subnets in that Networking Hub.

Stax has introduced a new feature to allow deployment of highly available NAT Gateways that are redundant at the Availability Zone level. These can be deployed into networks provisioned using Stax Networks. You can make use of this feature when creating a new, or updating an existing, Networking Hub.

At this time, the feature is available via the Stax API and the Python SDK.

security
a year ago03/15/2021

Revised Cost & Compliance Role Permissions

Stax has released a new version of the Cost & Compliance module's service and billing roles, version 30. In keeping with our principle of least-privilege, Stax has revised the permissions this role requires.

Specifically, Stax no longer requires access to AWS Support APIs to complete compliance discovery tasks.

If your AWS accounts are Stax-managed, then you don't need to take any action. Stax will automatically update this role in the coming days.

If you're subscribed only to the Stax Cost & Compliance module, you will need to apply the update yourself.

As always, Stax recommends that you regularly review your IAM permissions. It is important to confirm that they align with the principle of least-privilege, and with the AWS Well-Architected Framework. For any questions around this change, or if you need assistance deploying the updated role, please raise a support case.

changed
a year ago03/05/2021

New Region Osaka Blocked

AWS has had a Local Zone in Osaka for some time (ap-northeast-3). Recently, this region has been increased in capacity and released to the general public for use.

This region does not yet meet Stax's minimum requirements for a new region. In line with our AWS Region Policy, we have disabled activity in the region for Stax-managed AWS accounts using a Stax Policy. This restriction is in place until such a time as the region does meet Stax's minimum requirements.

If you anticipate this restriction impacting you, or if you have intentions to use this region, please raise a support case.

changed
a year ago03/01/2021

Tag Validation Added to Stax Networks

Stax is enhancing the validation around tags applied to networking resources created using Stax Networks. Stax Networks supports tagging networking resources to allow enhanced flexibility in how you identify resources it creates.

The Stax API will now perform additional validation against tags supplied for your these resources. The validation is designed to help you comply with AWS's guidance for tagging EC2 resources.

The updated API schema for your region (stax-au1, stax-eu1, stax-us1) provides more information.

If you have any questions about how this change may impact you, please raise a support case.

changed
a year ago02/26/2021

Stax Python SDK v1.1.2 released

Version 1.1.2 of the Python SDK has been released.

This is an update to lock the dependency openapi-spec-validator to version 0.2.9. This is due to breaking validation changes being introduced in the most recent versions of the dependency.

For more details about the Python SDK, check it out on Github.

changed
a year ago02/25/2021

stax2aws v1.3.0 released

Version 1.3.0 of stax2aws has been released. This update adds a new argument that allows users to specify the ARN of a role to assume.

This is useful when regularly logging in to one or more accounts and roles.

Before you can use this new feature, you must upgrade stax2aws to version 1.3.0 or later.

When using stax2aws, simply add the --role-arn (-r) argument specifying the ARN of the role to assume. stax2aws will then suppress the role selection prompt and automatically assume the specified role.

shell stax2aws login \ -i stax-au1 -o mega-corp -p my-stax2aws-profile \ -r arn:aws:iam::123456789012:role/staxid-readonly-role

stax2aws will update the profile in its configuration to use this role. Future invocations will not require the role ARN to be specified. If you need to change the role ARN to be assumed by a particular profile, simply issue the --role-arn argument again.

changed
a year ago02/25/2021

Exclude default security groups from "Security groups should be used actively" rule

The "Security groups should be used actively" rule is available to help organizations manage their use of security groups.

AWS prevents users from deleting the default security groups. To prevent against false positives from being raised because of this, Stax has updated the rule definition. The rule no longer considers default security groups as in-scope, and as such will not cause failures if default security groups are unused.

This change affects the following bundles:

  • EC2 Best Practices (version 1.0)
  • APRA (version 1.0)
  • The custom organization-level rule, if in use

These changes have been applied automatically by Stax. There is no impact to service expected as a result of this update.

If you have any questions about this change and what it means for you, please contact support.

Fix
a year ago02/23/2021

Discover Who Created AWS Accounts

You can now find out who created/onboarded Stax-managed AWS accounts using the Stax API or SDK. This allows for enhanced visibility into your AWS accounts and where they originated.

For accounts created using Stax, the CreatedBy field will now return the UUID of the user that created the account. For accounts onboarded into Stax, the CreatedBy field will reflect the identity of the user who performed the onboarding action. You can retrieve this information using the Fetch Accounts API endpoint or ReadAccounts in the SDK. This can be further resolved to the user's details using the Fetch Stax Users, Federated Users and API Tokens API endpoint, or ReadUsers in the SDK.

Check out your installation's API documentation to find out more about how to use the Fetch Accounts endpoint:

  • stax-au1
  • stax-eu1
  • stax-us1

Check out the SDK examples to find out more about how to use the ReadAccounts and ReadUsers methods.

Considerations

  • This update applies to all Stax-managed AWS accounts created or onboarded on or after 23 February 2021. Accounts created or onboarded prior to this date will not return any CreatedBy information.