Skip to main content

Enforce Single Sign-On by Disabling User Invitations

Stax
Stax
Stax Team

Stax now supports disabling invitations for local users. A local user is one which does not authenticate via a configured Single Sign-On Identity Provider (SSO IdP).

By default, administrators of a Stax tenancy can invite users directly to Stax, at which point they can create a password and log into Stax. Alternatively, administrators can grant users access to Stax via the organization's SSO IdP. Users logging in to Stax via Single Sign-On are created just-in-time and do not need to be invited to Stax first.

If you wish to disable the ability for administrators to invite new local users to Stax, please raise a support case.

See Enforce Single Sign-On for more detail.

Access to AWS Backup for Stax-Managed Organizations Enabled

Stax
Stax
Stax Team

For Stax-managed AWS Organizations with an account ownership model whereby the management account is owned by a reseller, AWS Backup can now be configured in member accounts.

For those with customer-owned management accounts, AWS Backup has been configurable for some time. If AWS Backup is already enabled, no change has been made.

If not already enabled, the cross-account feature of AWS Backup has been enabled for all member accounts in Stax-managed AWS Organizations. This allows for secure copying of backups across one or more AWS accounts in your AWS Organization.

Stax Permission Sets Limit Update

Stax
Stax
Stax Team

Stax Permission Sets now supports increased limits for Permission Sets and Assignments. The maximum number of Permission Sets is now 50. Previously this limit was 10. The maximum number of Assignments for a Permission Set is now 100. Previously this limit was 50.

To get started, see Permission Sets in the docs.

Management Account Now Accessible to Organizations With Reseller-Owned Accounts

Stax
Stax
Stax Team

Limited access to the Management account is now available for Stax-managed AWS Organizations using an account ownership model in which the management account is owned by a reseller. The account is available and can be logged into from the list of Stax-managed AWS accounts in the Stax Console.

This change allows for configuration and visibility of services that are only available in the Management account of AWS Organizations.

For information on the Management account, see Foundation Accounts.

To enable users to access the Management account, grant access by assigning one or more of the three built-in roles to a group of users. See Manage Groups for specific guidance. At this time, the Permission Sets feature is not supported for the Management account.

Monitor Public Resources with the Public Exposure Rule Bundle

Stax
Stax
Stax Team

Stax's new Public Exposure Rule Bundle contains Rule definitions designed to help you monitor your environment for common misconfigurations that can cause resources and information to be inadvertently exposed.

Combined with Real-Time Rule Alerts and Notifications, this Bundle allows you to be easily notified when a resource enters a state of non-compliance. Rules provided by this Bundle aim to provide guidance around keeping private your EC2, EBS, RDS, ElasticSearch, and other native AWS resources.

Add the Bundle to Stax to get going. Once added, Stax will perform an initial evaluation and populate the Rules page with new results. You can filter the page to show only results from the Public Exposure Bundle if preferred.

SNS Topics are not Exposed Rule Improved

Stax
Stax
Stax Team

Stax has updated the SNS topics are not exposed Rule to allow SNS topics shared with a specific AWS Organization or AWS Account to pass the Rule. This means that the Rule will only fail for SNS topics that are shared with no limitations.

The Rule now checks for the existance of a condition checking for a condition restricting access to a specific aws:PrincipalOrgId or aws:PrincipalAccount.

New Changelog Widget and Updated Starred Accounts Widget

Stax
Stax
Stax Team

Stax is uplifting the Activity page to provide meaningful information and the ability to easily perform common tasks.

The Starred Accounts widget has been updated to allow you to quickly log in to Stax-managed AWS accounts you have starred from the Accounts page.

The Changelog widget has been added to provide access to the most recent entries on the Stax changelog.

Permission Sets Are Now Automatically Deployed to New Accounts

Stax
Stax
Stax Team

Stax has introduced new functionality to improve the behavior of Permission Sets when creating and updating Stax-managed AWS accounts.

When an account is created within an Account Type that has a Permission Set Assignment targeted to it, the Permission Set will be automatically deployed to the account during creation. When an account is moved to a different Account Type, any relevant Permission Sets will be added or removed based on the Assignments in place.

Additionally, deleting groups and Account Types is no longer possible when they are in use by Permission Sets. The API will reject requests with an HTTP 400 error and a message identifying how many attachements are preventing deletion.