108 posts tagged with "Changed"

Stax has changed how Rules relating to S3 buckets being publicly open are evaluated by including the FULL_CONTROL**is not granted to groupsAllUsers**orAllAuthenticatedUsers check.

If you observe buckets that were previously compliant now showing as non-compliant, it is likely due to the stricter requirement for the bucket to meet the additional control described above. For more information and remediation, visit S3 Buckets shouldn't be Publicly Open.

A number of Rule names have been updated to improve usability and clarity. This change applies to the following Rule Bundles:

• APRA, version 1.0
• EC2 Best Practice, version 1.0
• IAM Best Practice, version 1.0
• RDS Best Practice, version 1.0
• SNS Best Practice, versions 1.0 and 1.1
• SQS Best Practice, versions 1.0 and 1.1
• S3 Best Practice, versions 1.0 and 1.1
• Stax Foundation Compliance, version 1.0

In addition to these changes, Stax has added more detail to Rule descriptions, across all Rule Bundles, to provide a more detailed understanding of each Rule's intent and evaluation. These changes do not impact how Rules are evaluated.

If you have any questions regarding this change, please reach out to your Customer Success Manager or raise a support case with your inquiry.

An update has been applied to the Stax Identity Service to improve performance and reliability.

The update implements security and stability updates to the underlying software, as well as some visual updates to various screens. No functional changes have been introduced.

These changes have been applied automatically by Stax during the advertised maintenance window. There is no impact to service expected as a result of this upgrade. Should you experience any issues, please raise a support case.

To ensure you receive notice of upcoming changes to Stax, make sure you're subscribed to the status page.

Managing Views in Stax is now simpler with improvements released today. A Manage Segments button has been added to simplify adding, editing, and deleting a View's segments. For multi-dimensional Views, the interface has been simplified to rename Dimensions to Columns and Conditions to Rows. This makes it easier to understand your multi-dimensional Views and how they will be segmented.

Version 1.2.0 of the Python SDK has been released.

This change sets the default logging level from DEBUG to INFO. It also removes the configuration of loggers that were out of scope of this SDK, such as boto3, botocore, nose and urllib3. Previously these loggers were being configured to level WARNING. Users of the SDK should check and ensure the logging of these libraries is configured to their desired level.

See Stax Python SDK for more details.

Stax Permission Sets now supports increased limits for Permission Sets and Assignments. The maximum number of Permission Sets is now 50. Previously this limit was 10. The maximum number of Assignments for a Permission Set is now 100. Previously this limit was 50.

To get started, see Permission Sets in the docs.

Permission Sets allows for fine-grained control of permissions when users log in to Stax-managed AWS accounts. The feature has been accessible in Preview Mode for some time, but is now generally available.

See Permission Sets to get started.

Limited access to the Management account is now available for Stax-managed AWS Organizations using an account ownership model in which the management account is owned by a reseller. The account is available and can be logged into from the list of Stax-managed AWS accounts in the Stax Console.

This change allows for configuration and visibility of services that are only available in the Management account of AWS Organizations.

For information on the Management account, see Foundation Accounts.

To enable users to access the Management account, grant access by assigning one or more of the three built-in roles to a group of users. See Manage Groups for specific guidance. At this time, the Permission Sets feature is not supported for the Management account.

Stax has updated the SNS topics are not exposed Rule to allow SNS topics shared with a specific AWS Organization or AWS Account to pass the Rule. This means that the Rule will only fail for SNS topics that are shared with no limitations.

The Rule now checks for the existance of a condition checking for a condition restricting access to a specific aws:PrincipalOrgId or aws:PrincipalAccount.

When creating networks using Stax Networks, several CloudFormation stacks are created for provisioning these resources. To allow for easier downstream consumption of resources created as part of these deployments, Stax has added additional outputs to the CloudFormation stacks.

The following fields have been added to both VPC and Transit VPC stacks:

• IGWId (Internet Gateway ID)

The following fields have been added to Transit VPC stack only:

• NATGatewayOne
• NATGatewayTwo
• NATGatewayThree

These outputs are created under certain conditions:

• The IGWId output is only created if Internet Gateway is enabled
• NATGatewayOne is only created if NAT Gateway is enabled
• NATGatewayTwo and NATGatewayThree are only created if redundant NAT is enabled