Version 1.5.5 of stax2aws has been released. See how to upgrade stax2aws.

Changes:

• Updated dependencies and security patches
• Internal tooling improvements

A new configurable service for AWS Organization has been added. This configurable service allows customization for enabling/disabling cross-region Bedrock access.

For more information, refer to the documentation on Configure AWS Organization.

Stax will now automatically enable AWS Organizations trusted access for the AWS User Notification service. Additionally the security account is added as a delegated administrator for the AWS Organization service.

For more information, refer to the documentation on AWS User Notifications.

The Accounts page now supports filtering accounts by Account Type. The Add Filter button now has a Type sub-menu which allows searching and filtering by Account Type.

Version 1.5.4 of stax2aws has been released. See how to upgrade stax2aws.

Changes:

• Windows binaries are now signed
• Updated dependencies and security patches

Users of Workloads can now search the list of deployed Workloads by name, including using partial name matches. For example, searching for "myapp" will return results for "myapp" and "myapplication".

Previously the name search worked by filtering results client-side. This search capability is now performed server-side which allows searching much larger sets of results.

You can now enable the AWS Foundations Benchmark version 5.0.0 standard in AWS Security Hub using Stax with the Stax-managed Security Hub using the Stax Console, API, and SDK.

For more information, see Using Stax-managed Security Hub in the docs.

Stax is updating its existing implementation of the AWS S3 Block Public Access functionality.

Currently Stax will enable the AWS account level setting to Block Public Access in each of your Stax-managed AWS Accounts.

Going forward Stax will apply this protection using the recently announced organization-level enforcement with an Organization S3 Policy.

You can read more about the AWS Announcement here.

Stax will now automatically create a new empty Organization S3 Policy named stax-managed-policy within your AWS Organization. This S3 Policy will be automatically attached to the Root of the AWS Organization. When you enable this protection Stax will set the public_access_block_configuration to all.

For more information on eanbling this, refer to the documentation on Configure AWS Accounts.

If you have any questions or concerns in advance of this, please contact your Customer Success Manager or raise a support case.

Stax is adding additional write permissions to the S3 Bucket Policy of the AWS CloudTrail stax-assurance-cloudtrail S3 logging destination. These additional permissions will allow you to leverage the existing Customer managed AWS KMS key and Trail log bucket for additional CloudTrail Trails for the purpose of capturing highly configurable Data events.

Please see AWS CloudTrail for additional details and configuration steps.

On Tuesday 7th October 2025, Stax will be removing legacy resources in your Stax-managed AWS Accounts that exist to meet earlier version of the CIS AWS Foundations Benchmark.

New resources will be deployed that make use of AWS Organization features to centralize these recommendations to the Management and Security AWS Accounts.

These changes are aimed to reduce the time taken to perform Stax Assurance and reduce the number of Stax-managed resources in your AWS Accounts. This will in turn result in a decrease in cost for your AWS Accounts.

A new SNS Topic named stax-cis-benchmark will be created in the Security account. All CIS recommendations will be forwarding their alarm state to this SNS Topic.

If you are currently subscribed to the existing decentralized stax-assurance-cis-benchmark-EventIngestTopic SNS Topics in each AWS account, you must create a new subscription to the new topic.

You can read more about how Stax and the CIS AWS Foundations Benchmark work together.

If you have any questions or concerns in advance of this, please contact your Customer Success Manager or raise a support case.