Stax Tag Compliance Rules now include support for additional resource types, allowing users to track the tag compliance across a wider range of AWS products and services. For a complete list of supported AWS resource types, visit our guide.

Updated Rules

• Resource tag keys should have specified values

• Resource tag keys should not have specified values

• Resource should have specified tag keys

• Resource should not have specified tag keys

New supported resources

• dynamodb-table

• dynamodb-backup

• rds-cluster

• rds-cluster-param-group

• rds-cluster-snapshot

• rds-param-group

• rds-proxy

• rds-reserved

• sns-topic

• sns-subscription

For more information and to get started, see Monitoring Tag Compliance.

On 12 February 2024, changes will be made to how Stax-managed Security Hub is configured. This update will align the Stax-managed Security Hub service with the new AWS Security Hub capability announced by AWS.

After the change, Stax will only enable and configure cross-region aggregation for Security Hub in regions that are explicitly enabled in Stax-managed Security Hub.

Previously, Stax enabled Security Hub and configured cross-region aggregation for every available region in every account. While supported Security Hub standards and controls were only enabled in the regions explicitly enabled in Stax-managed Security Hub.

If you have already enabled Stax-managed Security Hub and would like the service to continue to be enabled with cross-region aggregation in everyavailable region, ensure that you update your current Stax-managed Security Hub configuration by toggling on the "All Regions" option or selecting individual AWS regions from the list.

To avoid interruption to service,  update your Stax-managed Security Hub configuration before 12 February 2024. If no action is taken, Stax will only enable and aggregate Security Hub in regions enabled in the Stax-managed Security Hub service.

For more information, see Using Stax-managed Security Hub.

On Sunday 11 February at 0200 UTC (Monday 12 February at 1300 AEDT), the following deprecated Stax API endpoints will be removed from stax-au1, stax-us1, and stax-eu1 and will no longer be supported by Stax API/SDK:

**- Fetch IDAM Users **GET /20190206/idam/user

**- Fetch IDAM User ** GET /20190206/idam/user/{org_id}

The following endpoints should be used instead which now includes the user's MFA status.

-** Fetch Stax Users and Federated Users** GET /20190206/users

• Fetch Stax User and Federated User GET /20190206/users/{user_id}

To avoid interruption to service switch to these replacement API endpoints before 11 February 2024. Refer to the Stax API documentation for up-to-date API schema details.

If you have any concerns, please raise a support case.

Stax has introduced changes to the Fetch ** Stax Users and Federated User(s) API endpoints in **stax-au1, stax-eu1, and stax-us1. This change helps identify Stax users with multi-factor authentication (MFA) enabled.

Update Endpoints:

-** Fetch Stax Users and Federated Users** GET /20190206/users

• **Fetch Stax User and Federated User **GET /20190206/users/{user_id}

The endpoint's response schema (teams) now includes the MFAEnabled parameter. For more information, refer to our Stax API documentation.

Viewing a user's MFA status in the Stax Console will be released in early 2024.

The stax-audit-bus EventBridge rule has been deprecated and will be removed from all Stax-managed AWS accounts on ** 05**** Feb 2024. **To continue receiving events that the stax-audit-busEventBridge rule is sending to the Security account, please review our guide to prepare for the change.

Stax-managed Security Hub now supports the NIST Special Publication 800-53 Revision 5 standard in all Stax-supported regions. This NIST standard can be activated in Stax-managed Security Hub using the Stax API and SDK. Stax Console support for the standard will be available in early 2024.

On Thursday, the 30th of November 2023, an update will be applied to Stax Compliance to improve performance and reliability.

The update implements security and stability updates to the underlying software. No functional changes will be introduced.

There will be no impact to service expected as a result of this upgrade. Should you experience any issues, please raise a support case.

To ensure you receive notice of upcoming changes to Stax, make sure you're subscribed to the status page.

Stax Workloads are now deployable in any region enabled within the Foundational Service Stax-managed AWS Regions. When initiating a new workload deployment through the Stax Console or SDK, you can choose from default and enabled opt-in regions, such as Melbourne (ap-southeast-4). Visit our help docs for a comprehensive list of all currently supported AWS regions.

Stax now supports enabling AWS opt-in Regions for your Stax tenancy. Configuring an opt-in Region, such as Melbourne (ap-southeast-4), enables the region for all accounts within your Organization and brings them in line with security and best practices through the Stax Assurance process.

See Using Stax-managed AWS Regions for details on configuring AWS opt-in Regions.

Stax Rule Bundles now provide AWS Console remediation guidance, offering organizations actionable steps to address rule violations and maintain compliance. Refer to our guide for more details.