The Rules SQS queues have a dead letter queue, and SQS queues should have a dead-letter queue (DLQ), have been updated to ignore queues with a *Redrive Access Policy.*This change means that DLQs that have been configured with a Redrive Access Policy will be ignored and will no longer be evaluated as part of this rule.
To add this rule to your Organization Rule Bundle, head to the Rules Catalog page.
Stax has released Stax-managed Security Hub which gives you the ability to configure AWS Security Hub and its prepackaged standards for all accounts in your AWS Organization within all supported regions.
See Using Stax-managed Security Hub for details on how to enable it.
The Rule EC2 instances have IAM instance profiles in the EC2 Best Practice Rule Bundle (version 1.0) has been updated to ignore persisting recently terminated instances.
To add this rule to you Organization Rule Bundle, head to the Rules Catalog page.
A Stax-generated Event is created when an account is closed within Stax. The event schema can be found here. For more information about Stax-generated Events, please read the documentation.
The Rule RDS instances should not be in public subnets in the RDS Best Practice Rule Bundle (version 1.0) has been renamed to RDS instances in a subnet should not have internet access to improve usability and clarity.
To add this rule to your Organization Rule Bundle, head to the Rules Catalog page.
A fix has been applied to the UserAuthenticationEvent Stax generated event to conform to the schema.
The value has changed from **"status": "Success" to ** "status": "SUCCESS".
For further information on Stax generated events, please see Stax Generated Events Schema.
The Stax Foundation Compliance Rule Bundle is a collection of AWS Well-Architected, CIS AWS Foundations Benchmark and Stax best-practice security controls, which helps you to track the safety and security of your accounts. It helps you to assess the compliance of your AWS accounts against enterprise-grade security controls that are applied to Stax-managed resources by default.
For organizations whose AWS accounts are Stax-managed, this Rule Bundle is already enabled. For organizations who are subscribed only to the Cost & Compliance module, head to the Rules Bundle page within the Stax Console to active the Stax Foundation Compliance Rule Bundle.
The Data page now includes additional AWS Fargate cost data allowing you to differentiate between on-demand and spot usage of Fargate.
On the Data page, filter by AWS Service: Fargate to see the usage codes (cpu_usage, memory_usage, and data_storage) split by on-demand or spot Payment Option Code.
On 3 January 2023, there will be a change to the period of data that can be viewed in Stax's Cost module. After the change, cost data from greater than 3 years ago will no longer be available. Read More
The Wastage feature in the Cost module now supports the Memory % Committed Bytes In Use AWS CloudWatch Agent memory metric when evaluating utilization of EC2 Windows instances. Read more.