📄️ About Accounts
The Stax Accounts feature allows you to securely and easily create, view and centrally manage your AWS Accounts and get started deploying applications, workloads and resources. You can create and manage accounts within the Stax console or via the Stax API to gather detailed information about your accounts, onboard any existing accounts living outside of Stax, and apply AWS service control policies. You have SSO access to the AWS Console/CLI for these accounts through Stax if you wish to natively utilize the AWS services.
📄️ Access AWS Account Root User Credentials
See Centralized root access for member accounts for details on securing the root user credentials of your member accounts.
📄️ Access Stax-managed AWS Accounts if Stax is Unavailable
Stax manages your access to AWS accounts. If Stax is unavailable, we suggest that you follow the below advice to gain access to Stax-managed AWS accounts. Monitor Stax's Status Page for updates on its status.
📄️ Centralized root access for member accounts
AWS supports centralized management of root user credentials for AWS Organizations. Stax enables this capability for all Stax-managed AWS Organizations.
📄️ Check the provisioning status of an AWS account
To check the provisioning status of an AWS account created in Stax, review the Accounts page:
📄️ Close a Stax-Managed AWS Account
When an AWS account reaches the end of its lifespan in your organization, you may wish to remove it from service.
📄️ Create an AWS Account
Creating an AWS account through Stax gives you a head-start to deploying your applications, workloads and resources, along with peace of mind in knowing the account will be created securely and follow AWS's recommended approach. Stax applies security hardening configurations that help you to achieve compliance with the CIS AWS Foundations Benchmark. This hardening is applied using the Stax Assurance process every time you create an account.
📄️ Edit a Stax-Managed AWS Account
You can edit the details of your Stax-managed AWS accounts at any time. You can update the account's Name, Type, and any Tags assigned to it.
📄️ How to Apply AWS Support Plans to your AWS Accounts
AWS offers several tiers of AWS Support Plan. Any of these can be used in conjunction with Stax, however certain considerations apply.
📄️ Increasing Service Quotas
Amazon Web Services Service Quotas (formerly known as limits) are imposed by AWS to help guarantee availability and quality of resources and services, as well as to prevent against bill shock. From time to time, requirements arise to modify the quotas in place for an AWS account.
📄️ Manage Account Types
Use Account Types to group your accounts and manage AWS access permissions. Account Types can be allocated to User Groups and AWS roles can be applied to these mappings. These settings can be managed from the Manage Account Types page.
📄️ New AWS account stuck in "INITIALIZING" status
When accounts are created in Stax, the Stax Assurance process takes some time to implement its controls and functionality in your new account before it becomes available for use. Generally this completes in under 30 minutes, but sometimes can take longer. If an account is in the INITIALIZING state for more than 30 minutes, consider the following actions:
📄️ Stax-managed AWS Account Email Address Format
Stax requires an email address template to be specified as part of onboarding new and existing AWS organizations.
📄️ "This account has access restrictions" when modifying an AWS account
You may see the message This account has access restrictions when modifying an AWS account in the Stax console.
📄️ Unable to Validate Encryption on Amazon S3 Bucket
When attempting to start a Systems Manager session to an EC2 instance within an AWS account managed by Stax, you may receive an error message similar to the below:
📄️ Understanding the Stax Account Pool
You may notice AWS accounts in your Stax-managed AWS Organization that do not have names or resources provisioned into them. These AWS accounts, typically, are part of the Stax-managed accounts pool.
📄️ Update AWS Account Contact Details
You can update your Stax-managed AWS accounts' alternate contact details via the Stax Console, API, and SDK. You can update the primary account contact details for your Stax-managed AWS accounts from the AWS Organization's management account.
📄️ Using IAM Access Analyzer Policy Generation with Stax
Stax provides a preconfigured service role that can be used with IAM Access Analyzer's policy generation
📄️ Using Organizational Units in Stax
Stax provides users with the ability to manage AWS Organizational Units (OUs) natively within the console or API/SDK. OUs are important building blocks that allow you to organize your accounts into a hierarchy and apply management controls against that heirarchy. Stax recommends that you utilise OUs as part of your Organizational structure and adhere to the best practices outlined by AWS. An important use case for OUs is the management of AWS account access permissions, which can be done via service control policies (SCPs).
📄️ Using Service Control Policies in Stax
Service control policies (SCPs) allow you to manage permissions within your Organization. Stax allows you to create and attach SCPs to your Organization, Organizational Units (OUs) and Accounts. In addition, Stax attaches several default SCPs to entities within your Organization in order to protect Stax resources and maintain the integrity of the platform. These SCPs cannot be removed.
📄️ Using Stax-managed AWS Regions
Stax-managed AWS Regions allows you to view and enable AWS opt-in Regions for all accounts within your Stax Organization. This provides flexibility and seamless enablement of opt-in regions, bringing them in line with security and best practices through the Stax Assurance process.
📄️ View AWS Accounts in the Stax Console
Stax provides a variety of features to help you view and manage your AWS accounts centrally in the Stax Console.