Organizations with a resold account ownership model, now have access to Stax-managed Cost and Usage Reports (CUR) in S3, in both CSV and parquet formats. Find out more here.

On 1 May 2023 at 1300 UTC (2 May 2023 at 2300 AEST), the GET /20190206/groups/{group_id} route will return a 404 HTTP status code if the group_id provided has the status of DELETED or does not exist.

Previously, the archived record would be returned for a deleted group and "Groups": [] would be returned if the group did not exist.

Changes have been applied to Stax-managed AWS Organizational Units in accordance with Release 1 from the published release plan. This was initially announced on 4 April 2023.

On 1 May 2023 at 1300 UTC (2 May 2023 at 2300 AEST), the following changes will be made to the GET /20190206/users API route:

1. This route will no longer return API tokens. The GET /20190206/api-tokens route should be used instead
2. This route will no longer return DELETED users by default. The existing behavior was to return all users regardless of their status. To get a list of deleted users, you will need to explicitly request it with the status_filter query string, e.g. /users?status_filter=DELETED
3. The GET /20190206/users/{user_id} route will return a 404 HTTP status code if the user_id provided has the status of DELETED. Previously, this would return the archived record

If you have questions or concerns regarding the changes, please reach out by raising a support case.

Stax manages AWS Organizations in alignment with established best practices. As a result, Stax-managed AWS Organizations will be uplifted to adhere to the organizational structure recommended in the AWS Security Reference Architecture and the Organizing Your AWS Environment Using Multiple Accounts whitepaper. In addition to this, new functionality will be introduced to allow tenancies to better utilize Organizational Units (OUs) and service control policies (SCPs).

These changes will be released over the next 8 weeks. For a detailed outline of these changes, see the release plan here.

The Payment Card Industry Data Security Standard (PCI DSS) v3.2.1 Rule Bundle is now available in private preview. This Bundle is designed to help organizations maintain the security of cardholder data and protect against fraudulent activities.

The preview Bundle version provides access to a subset of the full set of Rules and guidelines that will be included in the final release. Read more here.

Stax has released a fix to the following rules to remediate an issue resulting in access keys being incorrectly evaluated. This issue only affected the evaluation of credentials for IAM users with multiple access keys. This change may impact the compliance score of these rules.

The Stax console now features a redesigned navigation interface. This new interface is designed to bring the most used features of Stax to the front, so you're able to access them easily.

For a detailed breakdown of the changes, see the docs.

On 21 March 2023, Stax will be releasing a change to the following rule to align with AWS definitions of public and private. Snapshots shared with specific AWS account IDs will no longer be marked as "public". This only affected the evaluation of public EBS snapshots, and may impact the compliance score of these rules.

On 21 March 2023, Stax will be releasing a fix to the following rules to remediate an issue resulting in access keys being incorrectly evaluated. This issue only affected the evaluation of credentials for IAM users with multiple access keys. This change may impact the compliance score of these rules.