128 posts tagged with "Added"

To support the use of IAM Access Analyzer policy generation, changes are being introduced to the way Stax configures certain policies in AWS, as summarised below. These changes are not expected to cause any operational impact, however some security tools may make a note of their alteration.

On 6 February 2025 at 2200 UTC (Friday, 7 February 9:00 AM AEDT), these changes will commence rolling out across Stax-managed AWS Organizations. The rollout is expected to complete within 3 hours, complete by 7 February 2025 at 0100 UTC.

• The Stax-managed CloudTrail S3 bucket now disables ACLs to align with AWS's S3 recommendedations and bucket defaults
• An additional statement is added to the CloudTrail S3 Bucket Policy to allow read access to the CloudTrail bucket for the /service-role/AccessAnalyzerMonitorServiceRole* IAM role pattern
• An additional statement is added to the CloudTrail KMS Key Policy to allow decryption by the /service-role/AccessAnalyzerMonitorServiceRole* IAM role pattern
• A new role named /service-role/AccessAnalyzerMonitorServiceRole_stax is added to each Stax-managed AWS Account for use by IAM Access Analyzer Policy generation

For more information about the Stax configuration, see Using IAM Access Analyzer Policy Generation with Stax.

Please raise a support case or contact your Customer Success Manager if you have any questions.

Stax-managed AWS Organizations can now use the AWS Organizations declarative policies feature to centrally declare and enforce desired configuration for a given AWS service at scale across an organization. See the documentation for more details on how Stax assists with this here.

AWS recently announced central management for root user credentials for AWS Organizations. This new security best practice greatly improves security for accounts within AWS Organizations by supporting removal of their root user credentials.

On Monday, 2 December 2024, Stax will enable this functionality for all AWS Organizations utilizing Stax.

For existing accounts within Stax-managed AWS Organizations, you may choose to remove the root user credential yourself by following AWS's guidance. For new AWS accounts created using the Stax Accounts feature, root user credentials will no longer be provisioned.

See Centralized root access for member accounts for more information.

A new Operations role has been added to Stax to grant a level of access to Stax resources suitable for highly privileged users requiring a level of access in excess of User, but without the full functionality of the Admin. This role is accessible for both users and API tokens via the Stax console, API, and SDK.

For more information on the roles available within Stax, see About Identity and Access. To make use of this role when utilising single sign-on, you'll need to update your configuration to support it. Review the single sign-on configuration guidance for your identity provider here.

Using the Stax Console, API, or SDK, you can now update the alternate contact details for Stax-managed AWS accounts. Contact details will be set for all active accounts, and for any AWS accounts you create using Stax in the future. See Update AWS Account Contact Details for more information and to get started.

Stax now configures AI opt-out policies for organizations under management that do not already have a policy in place on the root OU. See AWS AI services opt-out policies to learn more.

You can now enable the Center for Internet Security (CIS) AWS Foundations Benchmark version 3.0 in AWS Security Hub using Stax with the Stax-managed Security Hub using the Stax Console, API, and SDK.

For more information, see Using Stax-managed Security Hub in the docs.

Tagging of Service Control Policies in Stax is now supported in the Stax Console, Stax API, and SDK. Visit Using Service Control Policies in Stax to find out more.

Stax local user accounts' multi-factor authentication (MFA) status is now available on the Users page in the Stax Console. This update simplifies the process of identifying local Stax users with MFA enabled.

To explore this feature, visit the Users page in the Stax Console or refer to our Stax API and SDK documentation.

Please note, this status check is not refreshed immediately and can take up to four hours for the updated information to appear.

The NIST Special Publication 800-53 Revision 5 standard can now be enabled in Stax-managed Security Hub using the Stax Console, Stax API, and SDK.

For more information and to get started, see Using Stax-managed Security Hub.