Stax has introduced filtering and sorting to the Permission Sets and Permission Set Assignment views.

This makes it easier to find relevant Permission Sets or Assignments.

• By default Permission Sets are filtered to show only those with a status of Active, and are shown in descending order by Created Date

• Multiple Permission Set filters can be added or removed for the Created By and Status properties

• By default Permission Set Assignments are filtered to show only those with a status of Deployment Complete and are shown in descending order by Created Date

• Multiple Permission Set Assignment filters can be added or removed for the Account Type, Created By, Group, and Status properties

• Both Permission Sets and Permission Set Assignments can be sorted by clicking on the relevant column heading

To get started, see Permission Sets in the docs.

Stax now supports using /31 CIDR blocks when using Stax to create virtual interfaces for use with for AWS Direct Connect.

Previously, only CIDR blocks of size /30 or larger could be used for virtual interfaces.

To make use of this change, enter a CIDR block of size /31 when creating a virtual interface.

Stax has introduced changes to Stax Workloads API endpoints to improve support for pagination.

This makes it easier to deal with large volumes of Workloads and Workload Catalog Items when using the Stax API.

• Fixed pagination on the Fetch Workloads API endpoint. This endpoint now correctly returns all matching results based on filters and accurately reports the correct total number of results: stax-au1 stax-us1 stax-eu1

• Added pagination on the Fetch Catalog Items API endpoint. This endpoint now supports pagination in a consistent manner with the rest of the Workloads API endpoints: stax-au1 stax-us1 stax-eu1

These changes have been applied automatically by Stax. Should you experience any issues, please raise a support case.

Improvements have been released to Stax's Accounts API endpoints with a focus on account alias management, AWS account ID filtering, and pagination.

• Account Alias management: The Accounts API endpoints (stax-au1 stax-eu1 stax-us1) now support creating and updating account aliases for Stax-managed AWS accounts. This is enabled by way of the AwsAccountAlias request parameter. Account aliases must comply with AWS requirements.

• AWS account ID filtering: The Accounts API endpoints (stax-au1 stax-eu1 stax-us1) now support filtering AWS accounts by their AWS account ID. The previous behaviour required that filtering be performed based on the Stax UUID for accounts. This is enabled by way of the aws_account_id_filter request parameter.

• Pagination improvements: A bug impacting pagination of the Fetch Accounts API endpoint has been fixed. Previously, a GET request to the Fetch Accounts (stax-au1 stax-eu1 stax-us1) endpoint would return some pages of empty results when a filter was applied. With this resolution, empty results are removed from responses and only resources identified by the filter are returned.

The security foundation account has been delegated as the AWS Firewall Manager administrator for Stax-managed AWS Organizations.

This change means that the security foundation account can now be used to centrally manage Firewall Manager policies.

For organizations where the AWS Firewall Manager administrator role has already been delegated to an account other than the security foundation account, this configuration remains unaltered. Should there be a requirement to change the AWS Firewall Manager administrator delegated account from its existing account to the security foundation account, please raise a support case.

Stax has deprecated its automatic CloudFormation template validation for Workload Catalog items.

When deploying a Workload Manifest file, Stax will validate the structure of the Manifest, ensure that all CloudFormation templates are reachable, and that the CloudFormation templates themselves are valid JSON or YAML. It will no longer query AWS's Validate Template API to validate the CloudFormation template(s) when a manifest is uploaded.

This feature has been deprecated as, in some instances, it prevented deployment of sophisticated Workloads and templates that relied on specific AWS account and region combinations.

The API endpoints affected are:

• Create Workload Catalog Item: stax-au1 stax-us1 stax-eu1

• Update Workload Catalog Item: stax-au1 stax-us1 stax-eu1

Consider leveraging the AWS CLI/API directly when developing CloudFormation templates to ensure their validity.

These changes have been applied automatically by Stax. Should you experience any issues, please raise a support case.

Stax Permission Sets now supports increased limits for Assignments. The maximum number of Assignments for a Permission Set is now 50. Previously this limit was 10.

An assignment defines who can utilize the Permission Set and where. This increase enables you to assign access in a more granular fashion to suit your requirements.

To get started, see Permission Sets in the docs.

An update has been applied to Stax Workloads:

• Fixed enforcement of the maxmimum number of resources (AWS CloudFormation templates) allowed. Previously the limit was not properly enforced.

• The resource limit has been revised to 10 based on customer usage patterns and performance evaluation. See Create a workload manifest for more.

• Improved Workloads resilience to network connectivity issues. Workloads will now re-attempt deployment tasks for up to 20 minutes in situations where network connectivity is impaired.

These changes have been applied automatically by Stax. There is no impact to service expected as a result of this upgrade. Should you experience any issues, please raise a support case.

Stax has released several improvements to the Cost & Compliance module. This enhances the functionality of the Rules page, as well as changes to make the Views capability suit some use cases better.

CIS Benchmark Rules added to Rule Catalog​

Traditionally, the only way to consume Rules from the CIS Benchmark was to enable the entire Rule Bundle. This update enables the individual Rules to be selected and enabled from the Catalog.

Rule Filtering Now Supports Search by ARN Prefix​

When filtering rules by resource Amazon Resource Names (ARNs), you can now search by ARN prefix, allowing for more precise results to be returned. ARN filtering supports matching both the full ARN, or a subset of characters.

Hide Unallocated Segments from Global Filters View​

Stax now supports hiding the default Unallocated segments on the Global Filters menu. This setting is enabled on a per-View basis from the View's settings page.

An update has been applied to Stax Workloads to improve performance and reliability:

• Fixed an issue where the Workloads API would accept invalid characters for the Workload name. Workload names will now be correctly validated against the pattern ^[a-zA-Z][-a-zA-Z0-9]*$. If the Workload name is invalid, the API will return a 400 "Bad Request" response, along with an error payload detailing the schema error.

• Fixed an issue where the Workloads API would accept invalid parameter formats. If an invalid parameter format is provided, the API will now return a 400 "Bad Request" response, along with an error payload detailing the schema error.

These changes have been applied automatically by Stax. There is no impact to service expected as a result of this upgrade. Should you experience any issues, please raise a support case.