What is Stax? Stax is a holistic management and insights platform for organisations to gain visibility and insight into the cost, risk, compliance and quality of their AWS deployments.
How does Stax work? Stax is a SaaS application, running in Amazon Web Services (AWS). It uses AWS billing and usage metadata, and a powerful cost and rules engine to provide its customers insight into the cost, risk and quality of those services.
What information does Stax use from my AWS Accounts? Stax uses metadata from your AWS accounts – information about how you are using AWS such as cost, usage, utilisation etc. This metadata is accessed securely via the AWS API.
Getting started How can I get Stax up and running? You can use Stax for free for 30 days. Just fill out our sign up form and someone in our team will be in touch to get you started. You’ll need to agree to our T&Cs, and then give Stax read-only access to your AWS usage data, by running a CloudFormation script over the accounts you’d like to have visibility of in Stax, which takes one or two minutes per account. Once that’s done we’ll pull your data into Stax, and you’ll be ready to go. How many AWS accounts can I have visibility of in Stax? As many as you need! Stax can provide visibility across one or multiple root accounts, and there is no limit to the number of service, or sub, accounts that can be connected to Stax. Once connected, Stax provides visibility across your AWS accounts, with the ability to drill down to views inside your accounts as well. What deployment models are available for Stax? Stax is available as a SaaS-based solution. If required, we can provide a deployment of Stax that is located within your AWS environment. Contact a Stax sales representative to help you decide on the right solution for you.
Using Stax How is Stax accessed by users? Access to Stax is through the use of federated credentials or Stax user accounts. Federated credentials are managed directly by you, the customer. If Stax user accounts are in place, users with the correct domain email address can sign up through the sign up URL. Their identity is confirmed via a link to their email address. Stax user accounts can be locked to specified users, with additional users provisioned at the request of the customer. If local credentials are used, passwords are hashed using an application salt and a per-row salt and encrypted using bcrypt. All access is managed centrally.
Does Stax integrate with any secure authentication mechanisms? Yes, Stax integrates with Single Sign On (SSO) to enable identity federation for access to Stax. We can work with most identity providers, including SAML, Active Directory, ADFS, PingFederate, Google Apps and many, many more.
Security How is my AWS metadata accessed by Stax? Stax requires customers to provide read-only access to their AWS billing and usage information. Data from the customer’s AWS resources is accessed by a Stax IAM role which is a delegated 3rd party with read-only access.
Can Stax access any of my customer data? Only AWS billing and usage metadata is transmitted directly from AWS. Stax does not have access to any customer ICT systems, and cannot read or access any of your data that is stored in AWS.
Is my AWS metadata secure in Stax? Stax uses best practice security and encryption methods that have been independently tested. Data in Stax is encrypted at rest, in transit and on the file system as it is exchanged between AWS and Stax. All metadata reads are subject to IAM access control and all API calls are logged through CloudTrail. No metadata is accessible by third parties and Stax will not disclose data to third parties unless legally required to do so.
Do I need to install agents for Stax to work? No. Stax is agentless, and operates only via the read-only IAM policy. Stax does not have permissions to modify or update any of your AWS services.
Will Stax impact the performance of my AWS deployment? No. Stax operates by interacting with AWS APIs, and does not impact the performance of any of your AWS services.