134 posts tagged with "Added"

Improvements have been released to Stax's Accounts API endpoints with a focus on account alias management, AWS account ID filtering, and pagination.

• Account Alias management: The Accounts API endpoints (stax-au1 stax-eu1 stax-us1) now support creating and updating account aliases for Stax-managed AWS accounts. This is enabled by way of the AwsAccountAlias request parameter. Account aliases must comply with AWS requirements.

• AWS account ID filtering: The Accounts API endpoints (stax-au1 stax-eu1 stax-us1) now support filtering AWS accounts by their AWS account ID. The previous behaviour required that filtering be performed based on the Stax UUID for accounts. This is enabled by way of the aws_account_id_filter request parameter.

• Pagination improvements: A bug impacting pagination of the Fetch Accounts API endpoint has been fixed. Previously, a GET request to the Fetch Accounts (stax-au1 stax-eu1 stax-us1) endpoint would return some pages of empty results when a filter was applied. With this resolution, empty results are removed from responses and only resources identified by the filter are returned.

The security foundation account has been delegated as the AWS Firewall Manager administrator for Stax-managed AWS Organizations.

This change means that the security foundation account can now be used to centrally manage Firewall Manager policies.

For organizations where the AWS Firewall Manager administrator role has already been delegated to an account other than the security foundation account, this configuration remains unaltered. Should there be a requirement to change the AWS Firewall Manager administrator delegated account from its existing account to the security foundation account, please raise a support case.

Stax has released several improvements to the Cost & Compliance module. This enhances the functionality of the Rules page, as well as changes to make the Views capability suit some use cases better.

CIS Benchmark Rules added to Rule Catalog​

Traditionally, the only way to consume Rules from the CIS Benchmark was to enable the entire Rule Bundle. This update enables the individual Rules to be selected and enabled from the Catalog.

Rule Filtering Now Supports Search by ARN Prefix​

When filtering rules by resource Amazon Resource Names (ARNs), you can now search by ARN prefix, allowing for more precise results to be returned. ARN filtering supports matching both the full ARN, or a subset of characters.

Hide Unallocated Segments from Global Filters View​

Stax now supports hiding the default Unallocated segments on the Global Filters menu. This setting is enabled on a per-View basis from the View's settings page.

Customers subscribed only to the Stax Cost & Compliance module can now set notification preferences when inviting new users. Admins can customize the user's default notifications to align with their needs.

After joining Stax, users can manage their notifications and make changes to their preferences.

Permission Sets allows for fine-grained control of permissions when users log in to Stax-managed AWS accounts.

This new feature allows for users in Stax groups to be assigned AWS IAM Policies defining their level of access to accounts in Stax Account Types. Each Permission Set consists of a policy document and a number of (zero or more) assignments. The policy document defines what someone utilizing the Permission Set can do, and the assignment defines who can utilize the Permission Set and where.

To get started, see Permission Sets in the docs.

Stax account tags are now applied to cost and compliance data in Stax. This enriched data allows you to organize, view, and group your resources using account tags to better meet your business needs.

As a result of Stax's improvement to propagate account tags to AWS accounts, these tags are now available in Stax's cost and compliance data. This means they can be used with Views on the Dashboard, Cost, Data and Rules pages of Stax. Within 24 hours of adding or modifying an account tag, the tag will be applied to all of that account's resources represented in Stax's cost and compliance data. Tags added via Stax take the format of stax:user:<tag_key>.

If you're subscribed only to the Stax Cost & Compliance module, you can make use of this feature by tagging AWS account resources directly. Tags will propagate to all resources in cost and compliance data in the same <tag_key> format as they appear in AWS.

While changes made to account tags directly within AWS will be represented in cost and compliance data, it is recommended that changes are made to Stax-managed account tags from within Stax using the console, API, or SDK.

Account tags in Stax will now propagate to the AWS account in AWS Organizations.

Since inception, Stax has permitted assigning tags to Stax-managed accounts. Those tags will now be propagated to the underlying AWS account. Tags will be in the format of stax:user:<tag_key>.

In addition to any tags you create, Stax assigns other tags to Stax-managed AWS accounts, including:

• stax:organisationid (The identifier for your Stax tenancy, in UUID format)

• stax:accounttypeid (The identifier for the account's Account Type, in UUID format)

• stax:accounttypename (The name of the account's Account Type)

• stax:accountname (The name of the account)

It is important to note that changes made to account tags directly within AWS will not be reflected in Stax, so it is recommended that you make changes to account tags from within Stax using the console, API, or SDK.

Advanced Routing for Stax Networks allows for modification of Transit Gateway and VPC subnet route tables using prefix lists.

This new feature allows for configuration of route table entries in both Networking Hubs or VPCs directly. These entries can direct traffic to other VPCs, VPNs, on-premises networks, or black holes.

To get started, see Advanced Routing in the docs. You'll need to have at least one Stax Networking Hub already in place.

Stax Networks will now create an additional *.s3.{region}.amazonaws.com wildcard Hosted Zone record when enabling the S3 Interface Endpoint.

This additional hosted zone record will simplify the use of the S3 Interface Endpoint and allow it to work with other AWS services, such as AWS SSM Session Manager.

If you are currently using an S3 Interface Endpoint, then you can edit your Networking Hub to toggle the S3 Interface Endpoint off, then on to perform the update.

Stax Networks now supports the Lambda Interface Endpoint for VPCs that are part of a Networking Hub.

You can enable the Lambda Interface Endpoints for new and existing Networking Hubs using the Stax Console, API, or SDK. See Manage Networking Hubs for more.