131 posts tagged with "Added"

Stax now supports disabling invitations for local users. A local user is one which does not authenticate via a configured Single Sign-On Identity Provider (SSO IdP).

By default, administrators of a Stax tenancy can invite users directly to Stax, at which point they can create a password and log into Stax. Alternatively, administrators can grant users access to Stax via the organization's SSO IdP. Users logging in to Stax via Single Sign-On are created just-in-time and do not need to be invited to Stax first.

If you wish to disable the ability for administrators to invite new local users to Stax, please raise a support case.

See Enforce Single Sign-On for more detail.

For Stax-managed AWS Organizations with an account ownership model whereby the management account is owned by a reseller, AWS Backup can now be configured in member accounts.

For those with customer-owned management accounts, AWS Backup has been configurable for some time. If AWS Backup is already enabled, no change has been made.

If not already enabled, the cross-account feature of AWS Backup has been enabled for all member accounts in Stax-managed AWS Organizations. This allows for secure copying of backups across one or more AWS accounts in your AWS Organization.

Stax's new Public Exposure Rule Bundle contains Rule definitions designed to help you monitor your environment for common misconfigurations that can cause resources and information to be inadvertently exposed.

Combined with Real-Time Rule Alerts and Notifications, this Bundle allows you to be easily notified when a resource enters a state of non-compliance. Rules provided by this Bundle aim to provide guidance around keeping private your EC2, EBS, RDS, ElasticSearch, and other native AWS resources.

Add the Bundle to Stax to get going. Once added, Stax will perform an initial evaluation and populate the Rules page with new results. You can filter the page to show only results from the Public Exposure Bundle if preferred.

Stax is uplifting the Activity page to provide meaningful information and the ability to easily perform common tasks.

The Starred Accounts widget has been updated to allow you to quickly log in to Stax-managed AWS accounts you have starred from the Accounts page.

The Changelog widget has been added to provide access to the most recent entries on the Stax changelog.

Stax has introduced new functionality to improve the behavior of Permission Sets when creating and updating Stax-managed AWS accounts.

When an account is created within an Account Type that has a Permission Set Assignment targeted to it, the Permission Set will be automatically deployed to the account during creation. When an account is moved to a different Account Type, any relevant Permission Sets will be added or removed based on the Assignments in place.

Additionally, deleting groups and Account Types is no longer possible when they are in use by Permission Sets. The API will reject requests with an HTTP 400 error and a message identifying how many attachements are preventing deletion.

Stax has released an update requiring Amazon Elastic Block Store (EBS) volume encryption in management accounts in all regions supported by Stax. This is to comply with CIS AWS Foundations Benchmark v1.4 control 2.2.1.

Stax uses the default aws/ebs encryption key. You can modify the default encryption key as required in the AWS Console.

Stax Networks now supports the EBS Interface VPC Endpoint for VPCs that are part of a Networking Hub.

You can enable the EBS Interface VPC Endpoints for new and existing Networking Hubs using the Stax Console, API, or SDK. See Manage Networking Hubs for more.

The results page for any given rule now supports searching of resources.

Enter a value into the search box then press enter to search the results. You can search by any field displayed in the table of results.

Stax has released a new Config Aggregator named stax-assurance-<stax_organization_id> in your security foundation account. It is an organizational aggregator with the intention of deprecating the current multi-account aggregator juma-assurance-<security_aws_account_id>, to simplify the configuration and management. You will find the aggregator in the AWS region according to your Stax Installation region.

For organizations where the security foundation account is not set up as the organization's delegated administrator account for AWS Config (with service principal config.amazonaws.com), this aggregator will not be created.

During the week beginning 29 November 2021, Stax will start the process of removing the aggregator juma-assurance-<security_aws_account_id> from your security foundation account.

Update: The juma-assurance-<security_aws_account_id> aggregator removal work has been completed for all Stax tenancies.

An update has been applied to Stax Workloads to improve performance and reliability:

• Added a new default tag stax:organisation_alias to Workloads CloudFormation stacks

• Fixed an issue where Stax Workloads could be deployed to Stax-managed AWS accounts that are not active. If the account is not active, the Workloads API will now return a 400 "Bad Request" response, along with an error payload detailing the error.

• Fixed an issue where the Workloads Catalog could display a failed Catalog Version as the latest Catalog Version available for deployment. The Workloads Catalog will now only show the latest active Catalog Version, or null, if no active Catalog Versions are available. If trying to deploy a Workload Catalog with no latest version, the API will now return a 400 "Bad Request" response, along with an error payload detailing the error.

These changes have been applied automatically by Stax. There is no impact to service expected as a result of this update. Should you experience any issues, please raise a support case.