Stax Networks will now create an additional *.s3.{region}.amazonaws.com wildcard Hosted Zone record when enabling the S3 Interface Endpoint.

This additional hosted zone record will simplify the use of the S3 Interface Endpoint and allow it to work with other AWS services, such as AWS SSM Session Manager.

If you are currently using an S3 Interface Endpoint, then you can edit your Networking Hub to toggle the S3 Interface Endpoint off, then on to perform the update.

Stax Networks now supports the Lambda Interface Endpoint for VPCs that are part of a Networking Hub.

You can enable the Lambda Interface Endpoints for new and existing Networking Hubs using the Stax Console, API, or SDK. See Manage Networking Hubs for more.

An update has been applied to Stax Workloads to improve performance and reliability:

• Fixed a bug where the deployment tasks where not queued correctly. Workloads will now correctly execute a maximum of 50 deployments concurrently, per Stax organization. Additional deploy requests will be queued and actioned once capacity becomes available.

These changes have been applied automatically by Stax. There is no impact to service expected as a result of this upgrade.

On the 15th of April 2021, Codecov notified its users of a security event that had impacted its systems.

At Stax, we believe that security and transparency is of the upmost importance and as such are informing our customers of this event.

No customer action is required, and no customer data has been impacted as a result of this advisory.

Stax's exposure is limited to the use of a GitHub action on the Python SDK code repository. This event has no impact on the Stax platform.

We have responded by following the recommendations provided by Codecov. Artefacts produced by our CI/CD pipeline have been audited and no indicators of compromise were found.

Stax Networks has created an additional NACL entry for the Restricted Subnet. This allows return TCP traffic from the Networking Hub's Endpoint subnets.

By allowing this return traffic your resources within the Restricted Subnet will be able to utilize the Networking Hub's Interface Endpoints.

The new NACL entry will be created as rule number 130 on the Restrict subnet NACL and will be created on the next update of your VPC with Stax.

If you would like to update your VPC without making any changes to its configuration, you can edit your Networking Hub to modify the tags and trigger an update.

Stax Networks now supports enabling five additional Interface Endpoints for VPCs that are part of a Networking Hub:

• CodeDeploy (codedeploy)

• CodeDeploy Commands Secure (codedeploy-commands-secure)

• RDS (rds)

• RDS Data (rds-data)

• S3 (s3-interface)

You can enable these Interface Endpoints for new and existing Networking Hubs using the Stax Console, API, or SDK. See Manage Networking Hubs for more.

The Data page now has a date picker to make it easier to select a time range. You can choose either a single month, or a range of months.

Navigate to the Data page now to try it out!

The Notifications page has been redesigned to provide a more intuitive and simple user experience. Notifications are now managed through a tabulated window, with each delivery channel located on a seperate tab.

Stax also now supports sending notifications via Microsoft Teams, in addition to the existing email, webhook, and Slack delivery channels. Simply create an incoming webhook for your Teams channel and select the notifications you'd like to receive. For more information, see the documentation.

Stax has released a new version of the Cost & Compliance module's service and billing roles, version 30. In keeping with our principle of least-privilege, Stax has revised the permissions this role requires.

Specifically, Stax no longer requires access to AWS Support APIs to complete compliance discovery tasks.

If your AWS accounts are Stax-managed, then you don't need to take any action. Stax will automatically update this role in the coming days.

If you're subscribed only to the Stax Cost & Compliance module, you will need to apply the update yourself.

As always, Stax recommends that you regularly review your IAM permissions. It is important to confirm that they align with the principle of least-privilege, and with the AWS Well-Architected Framework. For any questions around this change, or if you need assistance deploying the updated role, please raise a support case.

When deploying Networking Hubs using Stax Networks, a NAT Gateway can be deployed for egress connectivity from private subnets. By default, when enabled, Stax provisions a single NAT Gateway which resides in a single Availability Zone (AZ). An outage of that AZ would result in egress connectivity failing for private subnets in that Networking Hub.

Stax has introduced a new feature to allow deployment of highly available NAT Gateways that are redundant at the Availability Zone level. These can be deployed into networks provisioned using Stax Networks. You can make use of this feature when creating a new, or updating an existing, Networking Hub.

At this time, the feature is available via the Stax API and the Python SDK.