Stax has released a new version of the Cost & Compliance module's service and billing roles, version 33. The following permissions have been added to the roles:

• backup:Describe*

• backup:Get*

• backup:List*

• cloudtrail:List*

• waf-regional:Get*

• waf-regional:List*

If your AWS accounts are Stax-managed, then you don't need to take any action. Stax will automatically update this role in the coming days.

If you're subscribed only to the Stax Cost & Compliance module, you will need to apply the update yourself.

For any questions about this change, or if you need assistance deploying the updated role, please raise a support case.

The latest v0.0.7 release of the Stax Terraform provider (Developer preview) now supports managing Users and Group Membership using Terraform. Customers can create Users, associate them with a group and then use this group with a permission set to grant access to AWS accounts, all from Terraform.

For more information and to get started, see About the Stax Terraform Provider.

A new Rule "S3 block public bucket account setting should be enabled" has been introduced to the S3 Best Practice Version 1.1 and PCI DSS Rule Bundles.

The rule checks whether the block public access setting is enabled at the account level.

To add this rule to your Organization Rule Bundle, head to the Rules Catalog page.

The National Institute of Standards and Technology (NIST) Privacy Framework Rule Bundle is now available in private preview. This Bundle is designed to help organizations improve their privacy practices through effective risk management. To learn more about the private preview, refer to our guide.

Stax has released a new version of the Cost & Compliance module's service and billing roles, version 32. The following permissions have been added to the roles:

• backup:GetBackupSelection

• backup:ListBackupPlans

• backup:ListBackupSelections

If your AWS accounts are Stax-managed, then you don't need to take any action. Stax will automatically update this role in the coming days.

If you're subscribed only to the Stax Cost & Compliance module, you will need to apply the update yourself.

For any questions about this change, or if you need assistance deploying the updated role, please raise a support case.

The latest v0.0.5 release of the Stax Terraform provider now supports managing permission sets using Terraform. Customers can create Permission Sets, then link them to a Stax Account Type and Stax Group.

For more information and to get started, see About the Stax Terraform Provider.

The Stax Terraform provider will aid organizations using infrastructure-as-code to manage their AWS environments. The first release of this provider is now available and is released as a developer preview. It is not yet feature-complete and is not considered to be production-ready, rather exclusively for evaluation and feedback purposes.

For more information and to get started, see About the Stax Terraform Provider.

The new Partner Hosted Foundational Technical Review (FTR) Rule Bundle is designed to assist organizations to prepare for the AWS Partner Hosted FTR. This bundle provides evidence to support the AWS FTR self-assessment, ensuring a smooth and streamlined compliance process.

The Partner Hosted FTR bundle is now available to all organizations. Add the Bundle to Stax to get going. Once added, Stax will perform an initial evaluation and automatically populate the Rules page with the latest results.

Permission Sets now supports the ability to reference AWS managed policies when defining granular permissions for your roles. This can be used in combination with an inline policy to define longer policies.

See Create a permission set for details on how to reference AWS managed policies.

The "Unused Amazon EC2 security groups should be removed" rule is available to help organizations manage their use of security groups.

On 27 June 2023, a fix will be released to correct the outdated logic of this rule which may impact related compliance scores.

The following bundles will be affected:

• EC2 Best Practices (version 1.0)

• APRA (versions 1.0, 1.1)

• The custom organization-level rule, if in use

These changes will be applied automatically by Stax. There will be no impact to service expected as a result of this update.

If you have any questions about this change and what it means for you, please contact support.