The Stax Accounts feature allows you to securely and easily create, view and centrally manage your AWS Accounts and get started deploying applications, workloads and resources. You can create and manage accounts within the Stax console or via the Stax API to gather detailed information about your accounts, onboard any existing accounts living outside of Stax, and apply AWS service control policies. You have SSO access to the AWS Console/CLI for these accounts through Stax if you wish to natively utilize the AWS services.
About Stax-Managed AWS Accounts
All AWS Accounts created via Stax are hardened with security configurations that help you to achieve compliance with the CIS AWS Foundations Benchmark. This hardening is applied via the Stax Assurance process.
Stax tenancies are provisioned with three AWS accounts that form the Foundation Accounts: Management, Security, and Logging. These accounts are required to operate the AWS Organization itself and contain much of the infrastructure provisioned by Stax for the purposes of managing the Organization.
These accounts are allocated to individual Account Types to enable more granular AWS account access permissions. In addition, the Security and Logging accounts are allocated to the Stax-managed Security OU for the purposes of applying controls and protections to the accounts.
Account Compliance Score
Within the Stax Console, customers can view each account's compliance score. Representing the risk and compliance posture of each account, the score is evaluated against the Stax Foundation Compliance Rule Bundle which is based on the CIS AWS Foundations Benchmark, the AWS Well-Architected Framework and Stax security and best practice guidelines.
An External Account is any AWS Account that has been discovered by Stax as part of onboarding an AWS Organization with existing application accounts. These accounts have not been created within Stax using the Create Account feature but can be optionally onboarded and managed alongside your other accounts in Stax. External Accounts can be identified by their origin.
An account can have an origin of Stax or External.
- Accounts with an origin of Stax were created within Stax.
- Accounts with an origin of External were not created in Stax but have been discovered or onboarded into Stax. Regardless of their status, External Accounts can always be identified by their origin value.
The status of an account in Stax represents its lifecycle or stage. Valid account statuses include:
|INITIALIZING||An account has been created within Stax and Stax Assurance is in progress|
An external account that has been linked to your Stax-managed AWS Organization and is visible in the Stax console. Discovered accounts have the following attributes:
|ERROR||Issues occurred during discovery or onboarding of this external account|
|ONBOARDING||This external account is proceeding through the Stax Assurance process|
|ACTIVE||Stax Assurance has completed and the account is now ready for use|
|SUSPENDED||This account has been suspended, users can no longer log in to this account|
|MAINTENANCE||This account is undergoing maintenance and is unavailable|
|CLOSED||This account has been closed in AWS and is no longer accessible|