Added
View All Tags
Stax will now automatically enable AWS Organizations trusted access for the AWS User Notification service. Additionally the security account is added as a delegated administrator for the AWS Organization service.
For more information, refer to the documentation on AWS User Notifications.
The Accounts page now supports filtering accounts by Account Type. The Add Filter button now has a Type sub-menu which allows searching and filtering by Account Type.
Users of Workloads can now search the list of deployed Workloads by name, including using partial name matches. For example, searching for "myapp" will return results for "myapp" and "myapplication".
Previously the name search worked by filtering results client-side. This search capability is now performed server-side which allows searching much larger sets of results.
You can now enable the AWS Foundations Benchmark version 5.0.0 standard in AWS Security Hub using Stax with the Stax-managed Security Hub using the Stax Console, API, and SDK.
For more information, see Using Stax-managed Security Hub in the docs.
Configuration options have been added to the AWS Accounts Foundation Services page to allow you to fine-tune security protections for all Stax-managed AWS Accounts.
A new toggle to require Instance Metadata Service Version 2 (IMDSv2) has been added. IMDSv2 compliance is included in the CIS AWS Foundations Benchmark.
Before enabling this protection please ensure that your AWS environment is compatible with IMDSv2
This can be further enforced by appling the two Guardrails:
For more information, refer to the documentation on Configure AWS Accounts.
Further configuration options have been added to the AWS Accounts configurable service page to allow you to fine-tune security protections for all Stax-managed AWS Accounts.
A new toggle to block SSM Document public sharing has been added.
This can be further enforced by appling the Guardrail Block changes to AWS Systems Manager public sharing settings.
For more information, refer to the documentation on Configure AWS Accounts.
You can now enable the NIST SP 800-171 Revision 2 standard in AWS Security Hub using Stax with the Stax-managed Security Hub using the Stax Console, API, and SDK.
For more information, see Using Stax-managed Security Hub in the docs.
Using the Stax Console, API, or SDK, you can now update the AWS Account name of Stax-managed AWS accounts. A new field will display the AWS Account name for a Stax-managed AWS account when viewing, onboarding or updating a Stax-managed account.
When a new Stax-managed AWS account is provisioned, Stax will name this AWS Account the same as the provided Stax name. When a new Stax-managed AWS account is onboarded through discovery the additional AWS Account name field allows you to rename the AWS Account at the same time as it becomes Stax-managed.
See Edit a Stax-Managed AWS Account for more information and to get started.
Stax-managed AWS Organizations can now disable regions via the Stax console, providing protections against access to regions that are not used by your Stax-managed AWS Organization.
As part of this feature, all Stax-managed AWS Organizations will also see the following changes to their Service Control Policies:
stax-protection-unsupported-region/stax-protection-unsupported-resell will be removed from the AWS Organization rootFullAWSAccess will be removed from the AWS Organization rootStaxFullAWSAccess will be created and attached to the AWS Organization root. This policy is a combination of the two aforementioned policies, allowing more service control policies to be attached to the Organization root.For more information, refer to the documentation on Using Stax-managed AWS Regions.
You can now enable the AWS Resource Tagging Standard v1.0.0 and PCI DSS v4.0.1 standards in AWS Security Hub using Stax with the Stax-managed Security Hub using the Stax Console, API, and SDK.
For more information, see Using Stax-managed Security Hub in the docs.