104 posts tagged with "Changed"

API Tokens are security credentials that can be used to authenticate to the Stax API via the Stax SDK for Python. They have been accessible via Preview mode in the Console, whilst we have expanded and improved upon the functionality. We have released API Tokens out of Preview and the feature is now available for general use.

To access API Tokens, click the Customer Menu in the left-hand nav, then choose API Tokens from the drop-down menu.

For more information, see:

• Authenticating to the Stax API

• API Tokens

Stax has made changes to improve the speed of Workloads development and deployment.

Validation of the Workload Manifest and AWS CloudFormation templates for the Create Workload Catalogue Item and Update Workload Catalogue Item APIs has been modified.

Previously, these APIs processed this validation asynchronously. This necessitated users to check either the Task results or the Status of the item to determine if the action was successful.

This validation will, instead, now occur synchronously. Any issues with validation will return a HTTP Status 400 and an appropriate error detailing the issue.

Version 1.0.5 of the Python SDK has been released, bringing some improvements to the reliability of the authentication process, some usability improvements to the examples and a minor change to the metadata the SDK provides to Stax.

For more details about the Python SDK, check it out on Github

Stax has applied an update to our Identity Service to improve our platform's performance and reliability.

You will also notice a new look to our identity and authentication flows with refreshed styling and modern design. We hope you'll enjoy it!

Keep an eye out for emails from Stax as we no longer send as postmaster. We thought this might make it a bit easier to find us in your inbox.

These changes have been applied automatically by Stax during our advertised maintenance period.

When VPCs are created within the Stax Networks feature, VPC flow logging is enabled. Logs are stored in an S3 bucket in your logging account. To improve the compliance posture of this information, Stax has increased the log retention duration of the VPC flow logs from the default of 90 days to a new value of 365 days.

If you have any questions regarding this change, please raise a support case with your enquiry.

A change has been introduced to the Stax Console and API to allow additional control over federated users within the Stax identity service. These users can now be disabled within the Stax API and Console, not only via a federated identity provider.

Additionally, the deprecated concept of Stax root users has been removed from the identity service.

• Changed: Federated users can now be deactivated through the Stax console

• Changed: Federated users can now be deactivated through the Stax API/SDK

• Removed: Root users are no longer included in the response to a GET request for the Stax API's /users endpoint

• Removed: Stax no longer supports filtering on root users

As part of our ongoing commitment to security and reliability, we've made some changes to your IDAM service with release 9.0.3-8-1272a06:

• IDAM now runs in a high availability configuration giving you single-AZ (Availability Zone) redundancy

• Some changes to the network configuration of IDAM have been made to better meet our recommended best practice approach

• Some changes have been made to the IDAM log storage bucket to enforce encryption in line with best practice

These changes have been applied automatically by Stax during our advertised maintenance period.

As per item 2.8 of the CIS AWS Foundations Benchmark, all Customer Master Keys (CMKs) created by the Stax platform in customer AWS accounts now have automatic yearly rotation enabled.

This change does not impact CMKs created by Stax customers either within the AWS Console/SDK/API, or via the Stax Workloads service.

This change applies to the following CMKs in your AWS accounts:

• spotlight-etl-sns

• stax-alarm-sns-key

More info​

Below is an excerpt from the CIS AWS Foundations Benchmark document that provides some more context around this recommendation:

2.8 Ensure rotation for customer created CMKs is enabled

AWS Key Management Service (KMS) allows customers to rotate the backing key which is key material stored within the KMS which is tied to the key ID of the Customer Created customer master key (CMK). It is the backing key that is used to perform cryptographic operations such as encryption and decryption. Automated key rotation currently retains all prior backing keys so that decryption of encrypted data can take place transparently. It is recommended that CMK keyrotation be enabled.

As per AWS best practices, all S3 buckets created by the Stax platform in customer AWS Accounts will have enforced encryption of data in transit using HTTPS (TLS).

This change does not impact buckets created by Stax customers either within the AWS Console/SDK/API, or via the Stax Workloads service.

This change applies to the following legacy S3 buckets in your AWS Accounts:

• juma-cloudtrail-*

• juma-cloudtrail-master-accesslogbucket-*

• juma-cloudtrail-master-jumaaccesslogbucket-*

• juma-jumatrail-*

• juma-config-*

• juma-session-manager-*

The following legacy S3 buckets will be removed in your AWS Accounts:

• stax-billing-*

• stax-billing-accesslogs-*

• juma-billing-*

Please note: The legacy S3 buckets that are removed contain only outdated billing information. These buckets have not been in use since February 2020 and as such no impact is expected by this removal. The best way to access your billing information is with Stax's Cost & Compliance module.

As per AWS best practices, all SNS topics created by the Stax platform in customer AWS Accounts have encryption enabled using KMS. One unused SNS Topic has been removed from accounts.

• Changed: Encrypted stax-assurance-cis-benchmark-EventIngestTopic topic in all accounts

• Changed: Encrypted staxtrail-<org-id> topic in logging account

• Changed: Encrypted cloudtrail-<org-id> topic in logging account

• Changed: Encrypted stax-assurance-event-processor-EventIngestTopic topic in security account

• Removed: stax-config-<org-id> topic in logging account, as it was not used

If you have your own sources publishing messages to these topics, you will need to configure the source with the right permissions to be able to continue publishing to the topic. For more information on this,see publishing to encrypted topics.