Why does Stax need access to AWS Accounts?
Stax interacts at the AWS level with accounts to perform numerous tasks. Stax would be unable to function without this access. Stax typically does not make use of the OrganizationAccountAccessRole outside of onboarding processes and instead utilizes named roles in accounts.
What changes does Stax make to AWS Organizations and Organization Management Accounts?
During the provisioning process, Stax makes minimal changes to AWS accounts. Some billing features are enabled, S3 buckets are created in the management account for holding billing data. Additionally, an Organizational Unit is created to hold accounts, plus another Unallocated OU for accounts in the Account Pool.
What changes does Stax make to AWS Accounts?
During the provisioning phase Stax makes minimal changes to individual accounts. Several organizational changes are made, but before accounts are onboarded and have the Stax Assurance process executed upon them, accounts are only observed in a read-only fashion to facilitate retrieving data for use in the Cost and Rules modules.
Can I only create AWS Accounts using Stax?
It depends. If your account ownership model is one where the customer owns the management account, you can create AWS accounts in the organization from the management account. If your account ownership model has the reseller owning the management account, you will be required to use Stax to create AWS accounts.