A new Operations role has been added to Stax to grant a level of access to Stax resources suitable for highly privileged users requiring a level of access in excess of User, but without the full functionality of the Admin. This role is accessible for both users and API tokens via the Stax console, API, and SDK.

For more information on the roles available within Stax, see About Identity and Access. To make use of this role when utilising single sign-on, you'll need to update your configuration to support it. Review the single sign-on configuration guidance for your identity provider here.

The Cost and Compliance modules of Stax are being shut down at the end of March 2025. This means that Stax will no longer ingest or process cost and compliance information from your AWS Organization(s), and the Cost, Wastage, Compliance, and Notifications headings will be removed from the Stax console.

Please see the announcement for more details, including specific timelines and recommended alternatives.

The other components of Stax are not impacted by this change (Accounts, Networks, Workloads, Identity features).

Using the Stax Console, API, or SDK, you can now update the alternate contact details for Stax-managed AWS accounts. Contact details will be set for all active accounts, and for any AWS accounts you create using Stax in the future. See Update AWS Account Contact Details for more information and to get started.

Stax now configures AI opt-out policies for organizations under management that do not already have a policy in place on the root OU. See AWS AI services opt-out policies to learn more.

To improve the performance of Stax Workloads deployment and update operations, concurrency capacity for these operations has been increased by 200%.

Organizations utilizing Workloads should now find that bulk Workloads operations complete more quickly.

You can now enable the Center for Internet Security (CIS) AWS Foundations Benchmark version 3.0 in AWS Security Hub using Stax with the Stax-managed Security Hub using the Stax Console, API, and SDK.

For more information, see Using Stax-managed Security Hub in the docs.

The Stax Terraform Provider, which was previously in developer preview status, has been deprecated. No further development will occur, and the module remains unsupported for production use.

Stax's guidance is not to use this module for production workloads, and to instead consider deployment using the Stax API or Python SDK.

Please note that while the Terraform provider will remain available on the Terraform Registry, there will be no further updates or development undertaken at this time.

Please raise a support case or contact your Customer Success Manager if you have any questions.

In an effort to maintain industry certifications that best reflect and align with the requirements of Stax's customers, Stax regularly reviews the certifications it maintains. After consideration, Stax will no longer be seeking to retain its PCI-DSS Service Provider certification.

Stax will continue to maintain its annual SOC2 Type II audits in line with Compliance for customers and partners.

This change does not impact the PCI-DSS Rule Bundle available to customers through the Compliance module.

Should you have any questions, please contact your Customer Success Manager or raise a support case.

Tagging of Service Control Policies in Stax is now supported in the Stax Console, Stax API, and SDK. Visit Using Service Control Policies in Stax to find out more.

A fix has been applied to the Rule DynamoDB point-in-time recovery is enabled which was causing the control to incorrectly evaluate all DynamoDB resources as non-compliant. Following the fix, the Rule now accurately assesses resources as compliant when point-in-time recovery is enabled on DynamoDB tables.