AWS accounts can now be closed using the Stax API. This functionality will be available in the Stax Console in the future. Read more.

An update has been applied to Stax Workloads to improve performance and reliability:

• Fixed an issue where a Stax Workloads manifest would fail schema validation when using the ProtectedResources key.

These changes have been applied automatically by Stax. There is no impact to service expected as a result of this update. Should you experience any issues, please raise a support case.

Stax has changed how Rules relating to S3 buckets being publicly open are evaluated by including the FULL_CONTROL**is not granted to groupsAllUsers**orAllAuthenticatedUsers check.

If you observe buckets that were previously compliant now showing as non-compliant, it is likely due to the stricter requirement for the bucket to meet the additional control described above. For more information and remediation, visit S3 Buckets shouldn't be Publicly Open.

A number of Rule names have been updated to improve usability and clarity. This change applies to the following Rule Bundles:

• APRA, version 1.0

• EC2 Best Practice, version 1.0

• IAM Best Practice, version 1.0

• RDS Best Practice, version 1.0

• SNS Best Practice, versions 1.0 and 1.1

• SQS Best Practice, versions 1.0 and 1.1

• S3 Best Practice, versions 1.0 and 1.1

• Stax Foundation Compliance, version 1.0

In addition to these changes, Stax has added more detail to Rule descriptions, across all Rule Bundles, to provide a more detailed understanding of each Rule's intent and evaluation. These changes do not impact how Rules are evaluated.

If you have any questions regarding this change, please reach out to your Customer Success Manager or raise a support case with your inquiry.

An update has been applied to the Stax Identity Service to improve performance and reliability.

The update implements security and stability updates to the underlying software, as well as some visual updates to various screens. No functional changes have been introduced.

These changes have been applied automatically by Stax during the advertised maintenance window. There is no impact to service expected as a result of this upgrade. Should you experience any issues, please raise a support case.

To ensure you receive notice of upcoming changes to Stax, make sure you're subscribed to the status page.

A new Rule has been released to allow organizations to check that all Lambda Functions are in use, defined by a configurable threshold.

To enable this Rule, see Add a Rule from the Catalog.

You can now use Stax to manage peering between your Stax Networking Hub and another Stax Networking Hub, or with a standalone AWS Transit Gateway. Read more.

A new Rule has been released to allow organizations to validate that Security Hub is enabled in all Stax-managed AWS accounts in all regions with active resources.

To enable this Rule, see Add a Rule from the Catalog.

The Stax team is aware of the recently disclosed vulnerability within the popular Java Spring Framework and related software components being referred to as Spring4Shell (CVE-2022-22965).

Stax’s security and development teams have analysed the components of Stax that are Java based. Despite the Spring Framework being present in the codebase, no usage of known vulnerable functions was identified.

Stax is continuing to monitor the situation and related component announcements.

The customer carbon footprint tool is now available in all Stax-managed AWS Organizations.