You can now stay informed about more events occurring within your environment. Stax Events has been enhanced to include 8 new event types.

Event Name	Details
PolicyCreateEvent	Stax Policy created
PolicyUpdateEvent	Stax Policy updated
PolicyDeleteEvent	Stax Policy deleted
PolicyAttachToOrganizationEvent	Stax Policy attached to Stax Organization
PolicyDetachFromOrganizationEvent	Stax Policy detached from Stax Organization
ApiTokenCreateEvent	Stax API token created
ApiTokenUpdateEvent	Stax API token updated
ApiTokenDeleteEvent	Stax API token deleted

For more details about Stax Events, check out the docs.

You can now use Stax to provision your Direct Connect resources and manage the associations of your Stax Networks to a Direct Connect connection.

Stax Networks supports Hosted and Dedicated Direct Connect connections. It enables you to create Private or Transit virtual interfaces depending on your network requirements.

You can create a Transit virtual interface to enable Direct Connect connectivity to your entire Stax Networking Hub or a Private virtual interface to connect individual VPCs.

For more details about Stax Networks and Direct Connect, check out the docs.

You can now stay informed about more events occurring within your environment. Stax Events has been enhanced to include 5 new event types. These events inform you about changes to Accounts and Account Types within Stax.

| Event Name | Details | | ------------------------ | ------------------------- | | AccountCreateEvent | AWS account created | | AccountUpdateEvent | AWS account updated | | AccountTypeCreateEvent | Stax account type created | | AccountTypeUpdateEvent | Stax account type updated | | AccountTypeDeleteEvent | Stax account type deleted |

For more details about Stax Events, check out the docs.

You can now stay informed about more events occurring within your environment. Stax Events has been enhanced to include 10 new event types. These events inform you about changes to Users and Groups within Stax.

| Event Name | Details | --- | --- | UserCreateEvent | Stax user created | UserUpdateEvent | Stax user updated | UserDeleteEvent | Stax user deleted | UserPasswordResetEvent | Password reset email sent to Stax user | UserEmailVerificationEvent | Email address verification email sent to Stax user | GroupCreateEvent | Stax group created | GroupUpdateEvent | Stax group updated | GroupDeleteEvent | Stax group deleted | GroupAddMemberEvent | Stax user added to Stax group | GroupRemoveMemberEvent | Stax user removed from Stax group

For more details about Stax Events, check out the docs.

To further ensure the security of your AWS accounts Stax will begin forwarding CloudTrail events for Stax resources within your AWS accounts to Stax infrastructure.

In a future release of Stax, these events will be used to pre-emptively raise tickets for the Stax team to action.

• Added: New CloudWatch Alarms based on CloudWatch Metrics for the CloudTrail CloudWatch Log Group within each AWS account

• Added: New Stax role to perform FilterLog on the CloudTrail CloudWatch Log Group within each AWS account

• Added: New SNS Topic and Lambda Function to forward these events to Stax infrastructure within the foundation Logging AWS account

If you have any questions regarding this change, please raise a support case with your enquiry.

When VPCs are created within the Stax Networks feature, VPC flow logging is enabled. Logs are stored in an S3 bucket in your logging account. To improve the compliance posture of this information, Stax has increased the log retention duration of the VPC flow logs from the default of 90 days to a new value of 365 days.

If you have any questions regarding this change, please raise a support case with your enquiry.

Stax is always working to ensure the security of the platform and our customers. As a result, from time to time, changes are introduced to remove insecure or outdated technology. Transport Layer Security (TLS) 1.2 is the industry-agreed recommended minimum cryptographic protocol for HTTP traffic. As a result, SSL and TLS versions older than TLS 1.2 are no longer supported by the Stax API.

From 2020-09-11 the Stax API will require all communication to use TLS 1.2. We maintain support of the following cipher suites: Supported SSL/TLS protocols and ciphers for regional, private, and WebSocket API endpoints in API Gateway.

What does this mean for me?​

Ensure any app or integration you've built to use the Stax API supports TLS 1.2. While most applications and programming languages have supported TLS 1.2 for several years, if yours doesn't, you may need to upgrade your application.

If you're using the Stax SDK, you should not need to make any changes. The Stax SDK requires Python 3.6+, which has built in support for TLS 1.2 (as do most modern programming language versions).

If you have any questions regarding this change, please raise a support case with your enquiry.

To improve the user experience when creating Stax Account Types, two improvements have been introduced.

• Added: Reuse of old Account Type names. Previously, Stax Account Type names could not be reused after an Account Type is deleted. This behavior has been changed to permit name reuse.

• Fixed: Improved error handling for Account Type creation. In the event that an attempt was made to create an Account Type with the same name as an existing Account Type, the operation would fail silently with no error. An error will now be displayed.

A change has been introduced to the Stax Console and API to allow additional control over federated users within the Stax identity service. These users can now be disabled within the Stax API and Console, not only via a federated identity provider.

Additionally, the deprecated concept of Stax root users has been removed from the identity service.

• Changed: Federated users can now be deactivated through the Stax console

• Changed: Federated users can now be deactivated through the Stax API/SDK

• Removed: Root users are no longer included in the response to a GET request for the Stax API's /users endpoint

• Removed: Stax no longer supports filtering on root users

As part of our ongoing commitment to security and reliability, we've made some changes to your IDAM service with release 9.0.3-8-1272a06:

• IDAM now runs in a high availability configuration giving you single-AZ (Availability Zone) redundancy

• Some changes to the network configuration of IDAM have been made to better meet our recommended best practice approach

• Some changes have been made to the IDAM log storage bucket to enforce encryption in line with best practice

These changes have been applied automatically by Stax during our advertised maintenance period.