142 posts tagged with "Added"

The Data page now has a date picker to make it easier to select a time range. You can choose either a single month, or a range of months.

Navigate to the Data page now to try it out!

The Notifications page has been redesigned to provide a more intuitive and simple user experience. Notifications are now managed through a tabulated window, with each delivery channel located on a seperate tab.

Stax also now supports sending notifications via Microsoft Teams, in addition to the existing email, webhook, and Slack delivery channels. Simply create an incoming webhook for your Teams channel and select the notifications you'd like to receive. For more information, see the documentation.

When deploying Networking Hubs using Stax Networks, a NAT Gateway can be deployed for egress connectivity from private subnets. By default, when enabled, Stax provisions a single NAT Gateway which resides in a single Availability Zone (AZ). An outage of that AZ would result in egress connectivity failing for private subnets in that Networking Hub.

Stax has introduced a new feature to allow deployment of highly available NAT Gateways that are redundant at the Availability Zone level. These can be deployed into networks provisioned using Stax Networks. You can make use of this feature when creating a new, or updating an existing, Networking Hub.

At this time, the feature is available via the Stax API and the Python SDK.

In addition to Stax's recent updates to AWS credits support, the Data page now shows each credit item's description.

Now, when you filter by Kind: credit, you can review the Item Description column to see an explanation of the credit as provided by AWS. Additionally, grouping by the Item Description column allows for a summary by credit type to be displayed. This enables much greater insight into your AWS credits than ever before.

You can now use Stax to provision your Site-to-Site VPN resources and manage connectivity from your on-premises environment to your Stax Networks. You can deploy an AWS VPN Customer Gateway and share the connection to your Stax Hubs and VPCs, depending on your network requirements.

Stax Networks supports Virtual Private Gateway and Transit Gateway Site-to-Site VPN Connections.

With a Transit Gateway Site-to-Site VPN Connection, your VPN Customer Gateway is connected to your Networking Hub's Transit Gateway, providing connectivity to all VPCs within your Hub.

You can also connect your VPN Customer Gateway to an individual VPC's Virtual Private Gateway to provide direct connectivity.

For more information about Stax Networks and Site-to-Site VPN, check out the docs.

Sometimes you may wish to grant a user full access to the Cost & Compliance components of Stax without also granting access to the Accounts, Networks and Workloads functionality. A new role has been introduced to permit this.

Users who have their role in Stax set to Cost & Compliance Admin can administer Cost & Compliance module features. They have read-only access to all the other components of Stax.

For more information on the roles available within Stax, see Accessing Stax.

Stax has released an officially supported Command Line Interface (CLI) for AWS access called stax2aws.

This replaces the existing command line-based access that required use of unsupported tooling.

Leveraging Open Authentication Standards and the Stax Identity Broker, Stax now provides a native client that supports the ability to initiate a request for temporary AWS credentials from the CLI without complex tooling and intimate knowledge of your company’s corporate identity setup.

Check out the guide to getting started with stax2aws.

Stax's Cost & Compliance Rule Bundles functionality now provides versioning to support the addition and removal of rules within a bundle, as well as to stay aligned to industry standards.

You can use this feature in two ways:

• Stay locked to a version by turning off Auto updates. Until you manually activate a different version, nothing will change
• Opt in to Auto updates, and we will automatically upgrade you to the latest version when one becomes available. You may always downgrade to a previous version at any stage, and any compliance history will be preserved.

In this initial release, the following Rule Bundles have new versions available: - CIS Benchmark (both 1.2.0 and 1.3.0) - S3 Best Practice - SNS Best Practice - SQS Best Practice

Navigate to the details page for each Rule Bundle to see a more detailed changelog that outlines exactly what has changed:

We're always working to improve Stax to make it more useful for our customers. Today, two new features have been released for Networks in the Stax Console, with the aim of making networking features more accessible.

View VPC Config Items For Each VPC​

The VPCs page now shows which items have been configured for all your VPCs at a glance. Without inspecting each VPC individually, you can now see when the following VPC Config items are enabled:

• Internet Gateway (IGW)
• NAT Gateway (NGW)
• Virtual Private Gateway (VPGW)
• CloudWatch VPC Flow Logs (CFL)

The full name of VPC Config item can be viewed by hovering your mouse cursor over the label.

Enable and Disable CloudWatch VPC Flow Logs on Stax VPCs​

When you create or edit a Networking Hub or VPC using [Stax Networks]((/hc/en-us/articles/4452164778383), you can now choose to enable CloudWatch Logs for VPC Flow Logs in the Stax Console.

When you enable this feature, Stax will automatically save your VPC's flow logs to CloudWatch Log Groups. These logs reside in the same account as your VPC or Transit VPC, making them easy to access when working with the VPC in question.

We'd love to hear what you think of these new features. If you have any questions about these new features, please raise a support case with your thoughts.

Stax has added a new Stax Workload default parameter, StaxAwsOrgId, to allow access to your AWS Organization ID when deploying Stax Workloads.

Use this new parameter to easily access your AWS Organization ID value to allow Organization-wide IAM permissions.

For more information on using AWS Organizational IAM permissions, see this blog post from AWS.

Example:​

The following example grants s3:GetObject on a S3 bucket access to all accounts in your AWS Organization. ```yaml AWSTemplateFormatVersion: "2010-09-09" Parameters: StaxAwsOrgId: Type: "String" Resources: S3Bucket: Type: "AWS::S3::Bucket" Properties: BucketName: "my-s3-bucket" S3BucketPolicy: Type: "AWS::S3::BucketPolicy" Properties: Bucket: !Ref S3Bucket PolicyDocument: Statement: - Action: - "s3:GetObject" Effect: Allow Resource: Fn::Join: - "" - - "arn:aws:s3:::" - !Ref S3Bucket - /Principal: "" Condition: StringEquals: aws:PrincipalOrgID: - !Ref StaxAwsOrgId