Stax's Cost & Compliance Rule Bundles functionality now provides versioning to support the addition and removal of rules within a bundle, as well as to stay aligned to industry standards.

You can use this feature in two ways:

• Stay locked to a version by turning off Auto updates. Until you manually activate a different version, nothing will change

• Opt in to Auto updates, and we will automatically upgrade you to the latest version when one becomes available. You may always downgrade to a previous version at any stage, and any compliance history will be preserved.

In this initial release, the following Rule Bundles have new versions available: - CIS Benchmark (both 1.2.0 and 1.3.0) - S3 Best Practice - SNS Best Practice - SQS Best Practice

Navigate to the details page for each Rule Bundle to see a more detailed changelog that outlines exactly what has changed:

An update has been applied to Stax Workloads to improve performance and reliability.

These changes have been applied automatically by Stax. There is no impact to service expected as a result of this upgrade. Should you experience any issues, please raise a support case.

We're always working to improve Stax to make it more useful for our customers. Today, two new features have been released for Networks in the Stax Console, with the aim of making networking features more accessible.

View VPC Config Items For Each VPC​

The VPCs page now shows which items have been configured for all your VPCs at a glance. Without inspecting each VPC individually, you can now see when the following VPC Config items are enabled:

• Internet Gateway (IGW)

• NAT Gateway (NGW)

• Virtual Private Gateway (VPGW)

• CloudWatch VPC Flow Logs (CFL)

The full name of VPC Config item can be viewed by hovering your mouse cursor over the label.

Enable and Disable CloudWatch VPC Flow Logs on Stax VPCs​

When you create or edit a Networking Hub or VPC using [Stax Networks]((/hc/en-us/articles/4452164778383), you can now choose to enable CloudWatch Logs for VPC Flow Logs in the Stax Console.

When you enable this feature, Stax will automatically save your VPC's flow logs to CloudWatch Log Groups. These logs reside in the same account as your VPC or Transit VPC, making them easy to access when working with the VPC in question.

We'd love to hear what you think of these new features. If you have any questions about these new features, please raise a support case with your thoughts.

An update has been applied to Stax Workloads to improve performance and reliability.

These changes have been applied automatically by Stax. There is no impact to service expected as a result of this upgrade. Should you experience any issues, please raise a support case.

Version 1.0.6 of the Python SDK has been released, reducing the installation size and complexity through the removal of an unnecessary dependancy.

For more details about the Python SDK, check it out on Github

An update has been applied to the Stax Identity Service to improve performance and reliability.

These changes have been applied automatically by Stax during the advertised maintenance window. There is no impact to service expected as a result of this upgrade. Should you experience any issues, please raise a support case.

Stax has added a new Stax Workload default parameter, StaxAwsOrgId, to allow access to your AWS Organization ID when deploying Stax Workloads.

Use this new parameter to easily access your AWS Organization ID value to allow Organization-wide IAM permissions.

For more information on using AWS Organizational IAM permissions, see this blog post from AWS.

Example:​

The following example grants s3:GetObject on a S3 bucket access to all accounts in your AWS Organization. ```yaml AWSTemplateFormatVersion: "2010-09-09" Parameters: StaxAwsOrgId: Type: "String" Resources: S3Bucket: Type: "AWS::S3::Bucket" Properties: BucketName: "my-s3-bucket" S3BucketPolicy: Type: "AWS::S3::BucketPolicy" Properties: Bucket: !Ref S3Bucket PolicyDocument: Statement: - Action: - "s3:GetObject" Effect: Allow Resource: Fn::Join: - "" - - "arn:aws:s3:::" - !Ref S3Bucket - /Principal: "" Condition: StringEquals: aws:PrincipalOrgID: - !Ref StaxAwsOrgId

Stax has added new functionality to the Data page which allows you to group your costs.

With this new functionality, you can quickly and easily drill into the different areas of your AWS spend. Group your costs by pre-configured views, AWS accounts, tags values, or any other field on the Data page.

Multiple groups can be applied. Some scenarios of this which we have found helpful include:

• Grouping by account and then by service for a quick breakdown of the how we are using AWS

• Filtering to RDS and grouping by ARN to view the costs of our specific databases

• Grouping by kind to show the breakdown between AWS credits, saving plan charges, and our usage

Stax has made changes to the Stax Workloads API to make it easier to find Workloads you have deployed into your Stax-managed AWS accounts. These filters are available in the API and the SDK.

The new filters available are:

| Filter Name | Description | | --- | --- | | account_names | Comma-delimited list of Stax Account Names. Returns all Workloads deployed to these Accounts Names. | | account_types | Comma-delimited list of Stax Account Types. Returns all Workloads deployed to these Account Types. | | account_ids | Comma-delimited list of Stax Account IDs. Returns all Workloads deployed to these Account IDs. | | catalogue_names | Comma-delimited list of Stax Workload Catalogue Names. Returns all Workloads deployed with these Workload Catalogue Names. | | catalogue_ids | Comma-delimited list of Stax Workload Catalogue IDs. Returns all Workloads deployed with these Catalogue IDs. | | catalogue_version | Only return Workloads launched from this Stax Workload Catalogue Version (eg. 1.0.0). Requires catalogue_ids to also be provided. |

Examples​

Example 1: Return all Stax Workloads deployed to accounts of type 'billing'​

GET https://api.au1.staxapp.cloud/20190206/workloads?account_types=billing

Example 2: Return all Stax Workloads with a specific Catalog ID and Version​

GET https://api.au1.staxapp.cloud/20190206/workloads?catalogue_ids=b5e1c1a5-ee96-4ea3-8343-8704f5f67596&catalogue_version=2.0.1

AWS VPC Flow Logs must be directed to a CloudWatch Log group within the same AWS account, and same AWS region as the VPC.

A bug has been resolved where the CloudWatch Log group only existed in the Stax Tenancy's AWS region in the format vpcflowlogs-{AwsAccountId}. A change to Stax Networking will now create these CloudWatch Log groups on demand and per-region with the format vpcflowlogs-{AwsAccountId}-{Region}.

Existing Stax Networking VPCs will continue to log to the legacy destination but upon next update of the VPC, the VPC Flow Log destination will be updated to the new CloudWatch Log group. Log entries that have been created in the existing CloudWatch Log group will not be deleted.

If you have any questions about how this change may impact you, please raise a support case.