An update has been applied to Stax's Compliance module to improve performance and reliability.
The update implements stability updates to the underlying software and lays the foundation for upcoming feature releases.
No functional changes have been introduced. Should you experience any issues, please raise a support case.
Stax has changed how Rules relating to S3 buckets being publicly open are evaluated by including the FULL_CONTROL is not granted to groups AllUsers or AllAuthenticatedUsers check.
If you observe buckets that were previously compliant now showing as non-compliant, it is likely due to the stricter requirement for the bucket to meet the additional control described above. For more information and remediation, visit S3 Buckets shouldn't be Publicly Open.
| Impacted Rule Name | Impacted Bundles
|
| S3 Buckets should not be Publicly Open for Reads |
|
| S3 Buckets should not be Publicly Open for Reads and Writes (Previously: S3 Buckets should not be Publicly Open) |
|
| S3 Buckets should not be Publicly Open for Writes |
|
| S3 Buckets should not be publicly open for read operations |
|
| S3 Buckets should not be publicly open for read and write operations (Previously: S3 Buckets should not be publicly open) |
|
A number of Rule names have been updated to improve usability and clarity. This change applies to the following Rule Bundles:
In addition to these changes, Stax has added more detail to Rule descriptions, across all Rule Bundles, to provide a more detailed understanding of each Rule's intent and evaluation. These changes do not impact how Rules are evaluated.
If you have any questions regarding this change, please reach out to your Customer Success Manager or raise a support case with your inquiry.
An update has been applied to the Stax Identity Service to improve performance and reliability.
The update implements security and stability updates to the underlying software, as well as some visual updates to various screens. No functional changes have been introduced.
These changes have been applied automatically by Stax during the advertised maintenance window. There is no impact to service expected as a result of this upgrade. Should you experience any issues, please raise a support case.
To ensure you receive notice of upcoming changes to Stax, make sure you're subscribed to the status page.
Managing Views in Stax is now simpler with improvements released today. A Manage Segments button has been added to simplify adding, editing, and deleting a View's segments. For multi-dimensional Views, the interface has been simplified to rename Dimensions to Columns and Conditions to Rows. This makes it easier to understand your multi-dimensional Views and how they will be segmented.
Version 1.2.0 of the Python SDK has been released.
This change sets the default logging level from DEBUG to INFO. It also removes the configuration of loggers that were out of scope of this SDK, such as boto3, botocore, nose and urllib3. Previously these loggers were being configured to level WARNING. Users of the SDK should check and ensure the logging of these libraries is configured to their desired level.
See Stax Python SDK for more details.
Stax Permission Sets now supports increased limits for Permission Sets and Assignments. The maximum number of Permission Sets is now 50. Previously this limit was 10. The maximum number of Assignments for a Permission Set is now 100. Previously this limit was 50.
To get started, see Permission Sets in the docs.
Permission Sets allows for fine-grained control of permissions when users log in to Stax-managed AWS accounts. The feature has been accessible in Preview Mode for some time, but is now generally available.
See Permission Sets to get started.
Limited access to the Management account is now available for Stax-managed AWS Organizations using an account ownership model in which the management account is owned by a reseller. The account is available and can be logged into from the list of Stax-managed AWS accounts in the Stax Console.
This change allows for configuration and visibility of services that are only available in the Management account of AWS Organizations.
For information on the Management account, see Accounts.
To enable users to access the Management account, grant access by assigning one or more of the three built-in roles to a group of users. See Manage Groups for specific guidance. At this time, the Permission Sets feature is not supported for the Management account.
Stax has updated the SNS topics are not exposed Rule to allow SNS topics shared with a specific AWS Organization or AWS Account to pass the Rule. This means that the Rule will only fail for SNS topics that are shared with no limitations.
The Rule now checks for the existance of a condition checking for a condition restricting access to a specific aws:PrincipalOrgId or aws:PrincipalAccount.