🗃️ Onboarding and Offboarding
7 items
📄️ AWS AI services opt-out policies
AWS customers can opt out of having their content stored or used for AWS AI service improvements using an opt-out policy. Read more about this at AI services opt-out policies.
📄️ AWS Config Shows the "Set up AWS Config" Wizard
When you use Stax, many AWS services within AWS accounts are configured on your behalf. One of these is AWS Config, which is set up when your accounts are created.
📄️ Configurable Guardrails
Configurable Guardrails allow you to harden all accounts in your Stax-managed AWS Organization using AWS best practice protections. These protections can be enabled or disabled so that you can improve and fine-tune your organization's security posture in just a few clicks.
📄️ Configure Amazon GuardDuty within Stax
Stax Assurance configures Amazon GuardDuty on your behalf across your entire AWS Organization. By default, Stax takes three actions:
📄️ Consume AWS Service Logs in the Logging Account
Stax provisions S3 buckets for storing AWS service logs as part of the Stax Assurance process. For each of these services a bucket is created in the logging account. Each S3 bucket has a corresponding SNS topic which allows for receiving notifications when files are created. Subscribe to SNS topics to integrate these logs with other systems.
📄️ Consuming StaxTrail
StaxTrail is Stax's centralized logging component. Logging and audit information from Stax is recorded in the staxtrail bucket in your logging account. You can, alternatively, subscribe to the staxtrail SNS topic in the logging account.
📄️ Declarative Policies
Stax-managed AWS Organizations support the use of AWS Organizations' declarative policies feature to centrally declare and enforce desired configuration for a given AWS service at scale across an organization. See the documentation for more information on declarative policies.
📄️ Enable Organizational View for Trusted Advisor
Trusted Advisor can be accessed in individual AWS accounts or, via the Management account, for the entire AWS Organization.
📄️ Foundation Accounts
There are three Foundation AWS Accounts in all Stax-managed AWS Organizations: Management, Security, and Logging. Each provides important functionality for the environment.
📄️ Service Control Policies for Global Protection
Stax implements Service Control Policies (SCPs) to protect critical Stax resources within AWS accounts. Working within the boundaries of these SCPs requires some basic consideration.
📄️ Stax Assurance
The Stax Assurance process applies hardening to minimize security risks and vulnerabilities within your AWS accounts.
📄️ Understanding Stax GuardDuty Findings
Reviewing Amazon GuardDuty findings (centralized in your foundation security account) on a regular basis is a key step to safely operating in the cloud. It is important to have an understanding of what is occurring in your AWS environment, and who is taking those actions. This is a key principle of the Shared Responsibility Model.
📄️ Understanding the StaxManagement Role
From time to time, Stax automation will make updates to Stax-managed AWS accounts. Updates are most commonly applied by the Stax Assurance process. The updates may include improved security controls, additional features, or just routine maintenance. Stax leverages IAM roles to apply these updates and manages these roles in accordance with the principle of least privilege. There are different roles used from time to time for specific tasks. A list of these is available by reviewing Stax Management Roles below.
📄️ Using Stax-managed GuardDuty
Amazon GuardDuty is a threat detection service that monitors for malicious or unauthorized behavior within your AWS accounts. It also detects compromised AWS resources.
📄️ Using Stax-managed Security Hub
Stax-managed Security Hub allows you to implement and manage AWS Security Hub central configuration capabilities to ensure any new and existing accounts are consistently being assessed for security threats and best practices.