Skip to main content

Enforced encryption of data in transit for Stax-created S3 buckets

Stax
Stax
Stax Team

As per AWS best practices, all S3 buckets created by the Stax platform in customer AWS Accounts will have enforced encryption of data in transit using HTTPS (TLS).

This change does not impact buckets created by Stax customers either within the AWS Console/SDK/API, or via the Stax Workloads service.

This change applies to the following S3 buckets in your AWS Accounts:

  • stax-cloudtrail-<org-id>

  • stax-cloudtrail-accesslogs-<org-id>

  • stax-staxtrail-<org-id>

  • stax-staxtrail-accesslogs-<org-id>

  • stax-config-<org-id>

  • stax-config-accesslogs-<org-id>

  • stax-billing-<org-id>

  • stax-billing-accesslogs-<org-id>

  • stax-session-manager-<org-id>

  • stax-idam-waflogs-<account-id>

Update Workloads API Schema Implementation

Stax
Stax
Stax Team

A bug has been resolved with the Workloads API's Update Workload method's schema implementation.

The Update Workload schema has been adjusted to remove the CatalogueVersionId as a mandatory property. It also adds CatalogueId and Parameters to the schema documentation to reflect the implementation.

  • Changed: CatalogueVersionId is now optional

  • Added: CatalogueId is now defined in the schema

  • Added: Parameters are now defined in the schema

Stax Foundation Compliance Rule Bundle

Stax
Stax
Stax Team

Stax has released the Stax Foundation Compliance Rule Bundle which assesses the compliance of your AWS accounts against enterprise-grade security controls. The Rule Bundle is a collection of AWS Well-Architected, CIS AWS Foundations Benchmark and Stax best-practice security controls, which will help you to track the safety and security of your accounts.

Head to the Stax Foundation Compliance Rule Bundle on the Rules page within the Stax Console to check it out.

Improvements to attaching and Detaching Stax Policies to Account Types

Stax
Stax
Stax Team

Stax has made it easier to attach and detach Stax Policies to/from your Stax Account Types using the Stax API.

Changed Error Code when validating Account Type or Policy

If you attempt to attach a Policy to an Account Type and the Account Type or Policy does not already exist, the API will return a 404 (Not Found) response, instead of a generic 400 (Bad Request) response.

Added validation for attaching and detaching policies

When you attach or detact a Policy to/from an Account Type, the Stax API will now verify if the Policy is already attached or detached. An error will be returned if this occurs.

Added validation for Stax Policies limits

Only four Stax Policies can be attached to any specific Account Type. If you attempt to attach Policies that would exceed this limit, the API will now validate that and reject the request.

Stax Events

Stax
Stax
Stax Team

Stax has partnered with AWS to provide Stax customers with a Stax Events AWS EventBridge integration.

Stax Events published to AWS EventBridge will allow customers to monitor and automate actions within their Stax-managed AWS accounts. Customers will be able to receive events about Stax usage, as well as, priority AWS events enriched with contextual Stax information. Leveraging the power of AWS serverless services, such as, AWS Lambda or AWS Step Functions will allow for additional actions to be taken as a result of these events.

In addition to publishing these events to AWS EventBridge, events will also be stored in your logging account's StaxTrail S3 bucket. These new event details will be available at the following path within the S3 bucket: StaxTrail/year/month/day/StaxEventId.gz.

For more details about Stax Events, check out the docs.

Workloads API documentation update

Stax
Stax
Stax Team

A bug has been resolved with the Workloads API's Update Workload method's documentation.

The Update Workload documentation has been clarified to properly reflect the capability to Protect Workloads using the Protection property, as well as mandating the CatalogueVersionId property to ensure the update process occurs correctly.

  • Added: Protection property (boolean)

  • Changed: CatalogueVersionId is now mandatory

  • Changed: Tags now has a more defined object schema

  • Removed: Name property as it was unused

There is no change to the underlying functionality of the API, this is strictly a documentation/definition update.

Stax Policies has received a number of bug fixes

Stax
Stax
Stax Team

A number of bug fixes have been released for Stax Policies.

Reject duplicate Organization Policies

Users will now receive an immediate failure response from the Stax API when trying to attach an Organization Policy that has already been attached to the organization. This is to prevent duplicate attachments from occurring.

Prevent duplicate Organization Policy entries

The Stax platform will no longer allow duplicate Organization Policies to be attached to a customer's organization. This is to resolve a problem where detaching a policy from an Organization that had the policy attached more than once would result in a detachment failure.

Stax Policy error feedback

Improvements have been made to correctly report failures when using Stax Policies. This fix will result in an accurate Failure status being returned for the relevant Task Id.

S3 versioning is now enabled for all Stax platform managed buckets

Stax
Stax
Stax Team

As per AWS best practices, all S3 buckets created by the Stax platform in customer AWS Accounts will have versioning enabled. This applies to both existing buckets and new buckets. This change will be progressively rolled out to all customers over the coming days.

This change does not impact buckets created by Stax customers either within the AWS Console/SDK/API, or via the Stax Workloads service.

Stax Policies will now process policy removal before attachment

Stax
Stax
Stax Team

A bug fix has been released for the PUT account-types/policies route where the Stax platform would process any requested policy attachments before policy removal. This would result in a failure if the number of requested attachments, in addition to policies yet to be removed, exceeded the policy limit of four policies per Account Type. This fix ensures that policies are removed before new policies are attached to avoid future failures.

Stax Version tag no longer applied to Workloads

Stax
Stax
Stax Team

The stax:version tag will no longer be applied to CloudFormation stacks within new Workload deployments in Stax. This change has been introduced to improve the speed and reliability of Workload deployments.

Prior to this change, the tag was applied to all CloudFormation stacks deployed as part of a Workload.

Newly deployed Workloads will notice this change immediately. Any running Workload will retain this tag until the next Workload update, at which point it will be automatically removed by Stax.

The stax:version tag did not relate in any way to the version of the Workload deployed, rather it was used for Stax-internal purposes only.