Skip to main content

Access Stax-managed AWS Accounts if Stax is Unavailable

Stax manages your access to AWS accounts. If Stax is unavailable, we suggest that you follow the below advice to gain access to Stax-managed AWS accounts. Monitor Stax's Status Page for updates on its status.

Understanding the Stax Identity Service

The Stax Identity Service resides in each Stax-managed AWS Organization's security foundation accounts and provides the mechanism which authenticates consumers of Stax to the AWS accounts Stax manages. It can be accessed independently of the Stax console and API, making it available in the event of a service-wide Stax outage.

Access AWS Accounts During an Outage

Using a well-known convention, you can derive the URL to log directly in to AWS accounts, bypassing the Stax console and API.

To access an account, you must know the following:

  • Stax Organization Alias: This is the alias you enter when logging in to Stax

  • Stax Installation Region (short): The Stax Installation region after the dash in the name

  • Role Name: This can vary, but is generally either the name of the Permission Set or, in the case of built-in roles, one of the following

    • Admin: admin
    • Developer: developer
    • Read Only: readonly

  • Account Number: The AWS account number

Access AWS Accounts Using Built-In Stax Roles

Determine the authentication URL by replacing the placeholders in the following template:

https://id.security.<organization-alias>.<region>.staxapp.cloud/auth/realms/master/protocol/saml/clients/<role-name>-<account-number>/?RelayState=

For example:

https://id.security.stax-demo.au1.staxapp.cloud/auth/realms/master/protocol/saml/clients/admin-597652611132/?RelayState=

Access AWS Accounts Using Permission Sets Roles

Determine the authentication URL by replacing the placeholders in the following template:

https://id.security.<organization-alias>.<region>.staxapp.cloud/auth/realms/master/protocol/saml/clients/amazon-aws?hint_role=<role-name>&hint_account=<account-number>&RelayState=

For example:

https://id.security.stax-demo.au1.staxapp.cloud/auth/realms/master/protocol/saml/clients/amazon-aws?hint_role=data-scientist&hint_account=474440663511&RelayState=