Configure AWS Accounts
Stax provides a number of optional advanced hardening options for your AWS Accounts. These hardening options are not suitable for all customer use cases so it is important that you understand to understand the impact that each of these options will have on your AWS Accounts.
| Hardening Option | Description | Link |
|---|---|---|
| EC2 - EBS Encryption By Default | Enforce the encryption of the new EBS volumes and snapshot copies that you create, using the configured default KMS key. Encryption by default has no effect on existing EBS volumes or snapshots. This is set at the EC2 Service level for each enabled AWS Region. | AWS Docs |
| EC2 - Image Block Public Access | Blocks all public sharing of your EBS snapshots. Users in the account cannot request new public sharing. Additionally, snapshots that were already publicly shared are treated as private and are no longer publicly available. This is set at the EC2 Service level for each enabled AWS Region. | AWS Docs |
| EC2 - Snapshot Block Public Access | Blocks any attempts to make an AMI public, helping to prevent unauthorized access and potential misuse of AMI data. Enabling block public access does not affect your AMIs that are already publicly available. This is set at the EC2 Service level for each enabled AWS Region. | AWS Docs |
| S3 - Block Public Access | By default, new buckets, access points, and objects don't allow public access. However, users can modify bucket policies, access point policies, or object permissions to allow public access. S3 Block Public Access settings override these policies and permissions so that you can limit public access to these resources. This is set globally at the AWS Account level. Before applying these settings, verify that your applications will work correctly without public access. | AWS Docs |
Important
Stax does not allow these advanced hardening options to be disabled through the console once enabled. To do this you must please raise a support case.
Further protections
To prevent these AWS Account hardening options from being modified by Administrators within the AWS Accounts it is recommended to enable the associated Configurable Guardrails which will prevent all users from changing these values.
Before You Begin
- Estimated time to complete: 5 minutes
- Ensure you are a member of the Admin role in your Stax tenancy
Setting Up AWS Account configuration
- Log in to the Stax Console
- Click on the Organization menu item, and then click on the Foundation Services sub-item
- Click on the AWS Accounts tile
- You should see a number of options for configuring the AWS Accounts
- Click on the edit button to begin updating your AWS Account settings
- Enable each hardening option by clicking on the corresponding toggle.
- Review your changes and click on the Save button
Allow for some time while configuration is in progress. One configured, the AWS Accounts tile should transition from Configuring to Active on the Foundation Services page.