Changes have been applied to Stax-managed AWS Organizational Units in accordance with Release 1 from the published release plan. This was initially announced on 4 April 2023.

On 1 May 2023 at 1300 UTC (2 May 2023 at 2300 AEST), the following changes will be made to the GET /20190206/users API route:

1. This route will no longer return API tokens. The GET /20190206/api-tokens route should be used instead

2. This route will no longer return DELETED users by default. The existing behavior was to return all users regardless of their status. To get a list of deleted users, you will need to explicitly request it with the status_filter query string, e.g. /users?status_filter=DELETED

3. The GET /20190206/users/{user_id} route will return a 404 HTTP status code if the user_id provided has the status of DELETED. Previously, this would return the archived record

If you have questions or concerns regarding the changes, please reach out by raising a support case.

Stax manages AWS Organizations in alignment with established best practices. As a result, Stax-managed AWS Organizations will be uplifted to adhere to the organizational structure recommended in the AWS Security Reference Architecture and the Organizing Your AWS Environment Using Multiple Accounts whitepaper. In addition to this, new functionality will be introduced to allow tenancies to better utilize Organizational Units (OUs) and service control policies (SCPs).

These changes will be released over the next 8 weeks. For a detailed outline of these changes, see the release plan here.

The Payment Card Industry Data Security Standard (PCI DSS) v3.2.1 Rule Bundle is now available in private preview. This Bundle is designed to help organizations maintain the security of cardholder data and protect against fraudulent activities.

The preview Bundle version provides access to a subset of the full set of Rules and guidelines that will be included in the final release. Read more here.

Stax has released a fix to the following rules to remediate an issue resulting in access keys being incorrectly evaluated. This issue only affected the evaluation of credentials for IAM users with multiple access keys. This change may impact the compliance score of these rules.

The Stax console now features a redesigned navigation interface. This new interface is designed to bring the most used features of Stax to the front, so you're able to access them easily.

For a detailed breakdown of the changes, see the docs.

On 21 March 2023, Stax will be releasing a change to the following rule to align with AWS definitions of public and private. Snapshots shared with specific AWS account IDs will no longer be marked as "public". This only affected the evaluation of public EBS snapshots, and may impact the compliance score of these rules.

On 21 March 2023, Stax will be releasing a fix to the following rules to remediate an issue resulting in access keys being incorrectly evaluated. This issue only affected the evaluation of credentials for IAM users with multiple access keys. This change may impact the compliance score of these rules.

It's now possible to discover AWS accounts in your AWS organization that are not yet managed by Stax within the Stax Console. See the documentation on how to run account discovery*.*

On 28 February 2023 at 0200 UTC (Tuesday, 28 February 1300 AEDT), Stax will update lifecycle configuration to expire non-current S3 object versions on the following S3 buckets in logging foundation account:

• stax-config-<org-uuid>

• stax-config-accesslogs-<org-uuid>

In each case above, the <org-uuid> placeholder is replaced by the UUID representing your Stax tenancy/AWS organization within Stax.

These S3 buckets are created and managed by Stax, and the usage of them is defined in the docs.