The Stax Terraform provider will aid organizations using infrastructure-as-code to manage their AWS environments. The first release of this provider is now available and is released as a developer preview. It is not yet feature-complete and is not considered to be production-ready, rather exclusively for evaluation and feedback purposes.

For more information and to get started, see About the Stax Terraform Provider.

The new Partner Hosted Foundational Technical Review (FTR) Rule Bundle is designed to assist organizations to prepare for the AWS Partner Hosted FTR. This bundle provides evidence to support the AWS FTR self-assessment, ensuring a smooth and streamlined compliance process.

The Partner Hosted FTR bundle is now available to all organizations. Add the Bundle to Stax to get going. Once added, Stax will perform an initial evaluation and automatically populate the Rules page with the latest results.

Permission Sets now supports the ability to reference AWS managed policies when defining granular permissions for your roles. This can be used in combination with an inline policy to define longer policies.

See Create a permission set for details on how to reference AWS managed policies.

The "Unused Amazon EC2 security groups should be removed" rule is available to help organizations manage their use of security groups.

On 27 June 2023, a fix will be released to correct the outdated logic of this rule which may impact related compliance scores.

The following bundles will be affected:

• EC2 Best Practices (version 1.0)

• APRA (versions 1.0, 1.1)

• The custom organization-level rule, if in use

These changes will be applied automatically by Stax. There will be no impact to service expected as a result of this update.

If you have any questions about this change and what it means for you, please contact support.

The NIST Cybersecurity Framework Rule Bundle is now available in private preview. This Bundle consists of standards, guidelines and best practices designed to help organizations manage cybersecurity risks. Read more here.

As per the announcement last week, the "Lambdas must have unique roles" check has been deprecated and removed from the rules catalog.

This rule is only part of the Stax rule catalog, and is not used as part of any compliance or best practice rule bundles.

As announced on 12 May 2023, Stax now provides advanced configuration options for Amazon GuardDuty protection plans and settings.

See Using Stax-managed GuardDuty for details on using Stax-managed GuardDuty.

The rule “Lambdas have a unique role” will be deprecated in a rules update in 7 days. This rule has been a part of the Stax compliance module for many years, and after careful consideration, we have decided that it no longer serves its intended purpose.

This rule was originally intended to ensure that AWS Lambdas — cloud computing functions — had a unique role within the environment. As cloud computing and serverless functions have evolved, we have determined that this rule does not provide additional security and is no longer necessary.

This rule is only part of the Stax rule catalog, and is not used as part of any compliance or best practice rule bundles.

The Australian Cyber Security Centre (ACSC)'s Essential Eight Rule Bundle is now available in private preview. This Bundle is designed to help organizations protect against cyber security threats. Read more here.

As announced on 09 May 2023, a change has been released for the listed Rules that check if object-level logging is enabled for S3 buckets.

This Rule will now detect when S3 data event logging is enabled on CloudTrail trails configured in member accounts as well as when configured on Organization-level CloudTrail trails.

By default, Stax does not configure S3 object-level logging for Stax-managed accounts. An S3 bucket with a high workload could quickly generate thousands of logs in a short amount of time, resulting in increased AWS costs. Find out more about Enabling CloudTrail event logging for S3 buckets and objects.