Stax implements Policies to protect critical Stax resources within AWS accounts. Working within the boundaries of these Policies requires some basic consideration.
stax-protection-standard/stax-protection-partner Policy
To protect critical resources required for the operation of Stax's features and functionality, a default policy (either stax-protection-standard or stax-protection-partner) is applied to AWS organizations. This mandatory Policy can be reviewed in the Policies section of the Stax Console.
There are resource name prefixes reserved for use by Stax. Resources created with these prefixes will be either hidden, or access to them disabled by the Policy.
The reserved prefixes are:
- stax-
- cloudtrail-
Avoid creating resources that begin with any of these prefixes. In most cases AWS and Stax will prohibit you from creating resources using these prefixes. Stax is unable to provide support for editing/updating resources that are created using these prefixes. If you inadvertently create resources using these prefixes, please raise a support case to discuss options for regaining control of the resource.
stax-protection-unsupported-region/stax-protection-unsupported-resell Policy
Stax is unsupported in some AWS regions. This is due to the absence of mandatory AWS services. See Supported Regions for more detail on which regions are supported.
The stax-protection-unsupported-region Policy applies to organizations with an an account ownership model whereby the customer owns the management account. For organizations with a reseller-owned management account, the stax-protection-unsupported-resell Policy is applied. This Policy has additional controls in place to prevent the inaccurate display of some billing information in Stax-managed AWS accounts.