Stax-managed AWS Organizations can now use the AWS Organizations declarative policies feature to centrally declare and enforce desired configuration for a given AWS service at scale across an organization. See the documentation for more details on how Stax assists with this here.
Version 1.5.2 of stax2aws has been released. See how to upgrade stax2aws.
Changes:
AWS recently announced central management for root user credentials for AWS Organizations. This new security best practice greatly improves security for accounts within AWS Organizations by supporting removal of their root user credentials.
On Monday, 2 December 2024, Stax will enable this functionality for all AWS Organizations utilizing Stax.
For existing accounts within Stax-managed AWS Organizations, you may choose to remove the root user credential yourself by following AWS's guidance. For new AWS accounts created using the Stax Accounts feature, root user credentials will no longer be provisioned.
See Centralized root access for member accounts for more information.
A new Operations role has been added to Stax to grant a level of access to Stax resources suitable for highly privileged users requiring a level of access in excess of User, but without the full functionality of the Admin. This role is accessible for both users and API tokens via the Stax console, API, and SDK.
For more information on the roles available within Stax, see About Identity and Access. To make use of this role when utilising single sign-on, you'll need to update your configuration to support it. Review the single sign-on configuration guidance for your identity provider here.
The Cost and Compliance modules of Stax are being shut down at the end of March 2025. This means that Stax will no longer ingest or process cost and compliance information from your AWS Organization(s), and the Cost, Wastage, Compliance, and Notifications headings will be removed from the Stax console.
Please see the announcement for more details, including specific timelines and recommended alternatives.
The other components of Stax are not impacted by this change (Accounts, Networks, Workloads, Identity features).
Using the Stax Console, API, or SDK, you can now update the alternate contact details for Stax-managed AWS accounts. Contact details will be set for all active accounts, and for any AWS accounts you create using Stax in the future. See Update AWS Account Contact Details for more information and to get started.
Stax now configures AI opt-out policies for organizations under management that do not already have a policy in place on the root OU. See AWS AI services opt-out policies to learn more.
To improve the performance of Stax Workloads deployment and update operations, concurrency capacity for these operations has been increased by 200%.
Organizations utilizing Workloads should now find that bulk Workloads operations complete more quickly.
You can now enable the Center for Internet Security (CIS) AWS Foundations Benchmark version 3.0 in AWS Security Hub using Stax with the Stax-managed Security Hub using the Stax Console, API, and SDK.
For more information, see Using Stax-managed Security Hub in the docs.
The Stax Terraform Provider, which was previously in developer preview status, has been deprecated. No further development will occur, and the module remains unsupported for production use.
Stax's guidance is not to use this module for production workloads, and to instead consider deployment using the Stax API or Python SDK.
Please note that while the Terraform provider will remain available on the Terraform Registry, there will be no further updates or development undertaken at this time.
Please raise a support case or contact your Customer Success Manager if you have any questions.