A new Guardrail has been added under the AWS IAM Identity Center header titled Block creation of account-level instances for IAM Identity Center.

This Guardrail will prevent member AWS accounts for creating any account-level instances of IAM Identity Center, ensuring that only a centrally managed IAM Identity Centre exists within the AWS management account.

To enable this visit the configurable service page Configurable Guardrails.

Version 1.4.0 of the Stax Python SDK has been released, which resolves some dependency issues relating to the use of the SDK.

Changes in this version include:

• Unpin underlying dependencies, allowing users to use the SDK out of the box without needing to explicitly pin other dependencies for compatibility.
• Python version classifiers have also been updated in the Python Package Index. Python 3.9 is now the new minimum version supported by the Stax Python SDK.
• SDK operations are now derived from a new endpoint in the Stax API. The previous endpoint will continue to exist for now, but it may be retired in the future. Stax recommends using the newest version of the Stax Python SDK to minimise disruption.
  • Due to the above change, the teams.ReadApiTokens operation may take the optional access_key keyword argument (previously named AccessKey).

For more details about the Stax Python SDK, see the repository on GitHub.

Version 1.5.5 of stax2aws has been released. See how to upgrade stax2aws.

Changes:

• Updated dependencies and security patches
• Internal tooling improvements

A new configurable service for AWS Organization has been added. This configurable service allows customization for enabling/disabling cross-region Bedrock access.

For more information, refer to the documentation on Configure AWS Organization.

Stax will now automatically enable AWS Organizations trusted access for the AWS User Notification service. Additionally the security account is added as a delegated administrator for the AWS Organization service.

For more information, refer to the documentation on AWS User Notifications.

The Accounts page now supports filtering accounts by Account Type. The Add Filter button now has a Type sub-menu which allows searching and filtering by Account Type.

Version 1.5.4 of stax2aws has been released. See how to upgrade stax2aws.

Changes:

• Windows binaries are now signed
• Updated dependencies and security patches

Users of Workloads can now search the list of deployed Workloads by name, including using partial name matches. For example, searching for "myapp" will return results for "myapp" and "myapplication".

Previously the name search worked by filtering results client-side. This search capability is now performed server-side which allows searching much larger sets of results.

You can now enable the AWS Foundations Benchmark version 5.0.0 standard in AWS Security Hub using Stax with the Stax-managed Security Hub using the Stax Console, API, and SDK.

For more information, see Using Stax-managed Security Hub in the docs.

Stax is updating its existing implementation of the AWS S3 Block Public Access functionality.

Currently Stax will enable the AWS account level setting to Block Public Access in each of your Stax-managed AWS Accounts.

Going forward Stax will apply this protection using the recently announced organization-level enforcement with an Organization S3 Policy.

You can read more about the AWS Announcement here.

Stax will now automatically create a new empty Organization S3 Policy named stax-managed-policy within your AWS Organization. This S3 Policy will be automatically attached to the Root of the AWS Organization. When you enable this protection Stax will set the public_access_block_configuration to all.

For more information on eanbling this, refer to the documentation on Configure AWS Accounts.

If you have any questions or concerns in advance of this, please contact your Customer Success Manager or raise a support case.