A solid foundation for your AWS environment
Get your project started on AWS quickly with a robust foundation that provides all of the necessary components to operate securely in the cloud.
Stax Foundation Overview
What is Stax Foundation?
The Foundation is the security-hardened multi-account AWS architecture that Stax deploys for you when you sign up to Stax. The Foundation is built in accordance with the AWS Security Reference Architecture (SRA) and AWS Well-Architected Framework. The Foundation consists of three accounts:
Management account, Security account, Logging account
These accounts are hardened to minimize security risks and vulnerabilities. The hardening applied to these accounts aligns with the AWS SRA and CIS Benchmark and includes the configuration of various AWS services, including AWS Cloudtrail, AWS Config, Amazon GuardDuty, AWS Security Hub and Service Control Policies (amongst others).
A complete AWS cloud solution for kick starting your project
With Stax, you’ll have everything you need to get your cloud project started in just a few hours with a solid, secure and reliable base.
Save months of design and development time with Stax’s foundation rather than building your own.
Align to AWS best practice by having dedicated accounts that centrally manage all security protocols and logging activity.
Prevent unintended modifications to your foundation via Stax implemented guardrails.
Consolidated Account Management
Stax leverages your Management Account or provisions you a Management Account to ensure that you operate in alignment with AWS architecture best practices.
Leverage Stax’s configuration of AWS Organization-wide services for centralized governance of security and audit controls, including Organization CloudTrail and delegated administration for Amazon GuardDuty, AWS Security Hub, AWS IAM access analyzer, and AWS Firewall Manager.
Protect your resources and data with Stax-provisioned service control policies (SCPs) which restricts modification and deletion of security and audit configuration and provides boundary protection by applying proactive guardrails which prevent accounts leaving the AWS Organization and prevent unintentional enabling or disabling of regions.
Centralized security controls within the Security Account
Stax enables and consolidates AWS-native security controls within your Security account to ensure you maintain a consistent and holistic approach to threat detection, vulnerability management, and access management.
Administration of these security controls such as Amazon GuardDuty, AWS IAM access analyzer, are delegated to the security account by AWS Organizations which aligns to AWS best practices.
The Stax Identity Service is located in the Security Account to manage access to the Stax console and API, as well as control single sign-on (SSO) permissions for your AWS accounts.
Stay abridged of activity with the Logging Account
Capture, collate and audit activity data from across your entire AWS environment in one succinct, easy-to-access location with the Stax Logging Account.
Leverage a a single source of truth for all audit and log information, with controlled access for security and audit teams. Logs are stored within individual S3 buckets, all of which are configured with encryption, versioning and denial of public access.
Logging services are configured to ensure that all accounts consistently log data to a central location. Services that log to this account include AWS Config, VPC flow logs and Stax Trail - which is a service that logs all Stax API activity.
Want to see how it works?
Our highly skilled experts live and breathe AWS cloud foundation, so if you want to get a hands-on look at how the Stax solution works, get in touch to speak with a member of our team and arrange a product demo.
Frequently Asked Questions
What is a cloud foundation and why is it important for migration?
A cloud foundation is a security-hardened multi-account AWS architecture. This foundation forms the basis of your environment and enables you to scale securely. It will dictate how all the other accounts function within the ecosystem, including defining security protocols, guardrails and access permissions. The foundation is a starting point to which you can migrate your workloads and applications from on-premises infrastructure.
What are qualities of a good cloud foundation?
A high quality AWS cloud foundation follows AWS recommended best practices to achieve a secure multi-account environment. This foundation should separate accounts by a common set of functions and controls to enable secure and scalable growth. In addition, the foundation should be continuously maintained to ensure it stays up to date with the latest AWS releases.
What’s the difference between building a cloud foundation and buying one from a third party?
It takes a significant amount of time, money and resources to build cloud foundations. While the end result can be specifically tailored in every possible way to fulfill precise requirements, the additional expense and development needed often outweighs the benefits it presents. When creating cloud foundations from scratch, a high percentage of time is dedicated to the planning and troubleshooting phases of the project, with each element of the build demanding consideration and revision.
Conversely, an off-the-shelf solution like that offered by Stax gives you a solid set of building blocks to work from. Using Stax’s preconfigured, enterprise grade controls for security, network, connectivity, real-time monitoring, and identity and access management means the slow-moving start-up phases of the project are streamlined and simplified, while inherently adhering to AWS frameworks and benchmarks. This doesn’t mean you can’t customize the foundations to suit your business needs, should you need to — it simply provides a reliable baseline to start from.
What AWS accounts are created automatically by Stax?
The three foundation accounts automatically created by Stax are Management, Security and Logging. These form a well-architected account structure at the core of your AWS environment, empowering you to manage, protect and oversee all accounts in your AWS Organization.
What kind of support is available when getting started with Stax?
As an AWS certified partner, we provide full documentation for our Cloud Management Platform, which contains everything you need to get started with Stax. We have sections on accounts, workloads, networks, views, notifications, cost management, risk management, events and much more, to support whatever tasks your team needs to perform.
If you can’t find the answer to your problem in our documentation, or if you need urgent technical assistance, you can also open a new support case directly from the Stax console to get swift, direct support from our team of experts.