Understanding the StaxManagement Role

The StaxManagement role is an IAM role that is utilised by Stax automation to perform updates and maintenance in your Stax accounts.

Article Tags
On This Page
Using CloudTrail to identify StaxManagement activitiesStax Management RolesSee also

From time to time, Stax automation will make updates to Stax-managed AWS accounts. Updates are most commonly applied by the Account Assurance process. The updates may include improved security controls, additional features, or just routine maintenance. Stax leverages IAM roles to apply these updates and manages these roles in accordance with the principle of least privilege. There are different roles used from time to time for specific tasks. A list of these is available by reviewing Stax Management Roles below.

Using CloudTrail to identify StaxManagement activities

AWS CloudTrail can be leveraged to determine what activities the StaxManagement role has performed within your account.

When reviewing CloudTrail logs, the sessionContext section will contain a reference to the StaxManagement role. Specifically, it will contain the below attributes:

"arn": "arn:aws:iam::<AWSAccountID>:role/stax/StaxManagement",
"userName": "StaxManagement"

Stax Management Roles

From time to time, other roles may be utilized by Stax to implement changes and updates. These roles should be monitored accordingly in any security or other log analytics tooling in use.

  • StaxApiTokenManagement
  • StaxAWSSupportManagement
  • StaxEventBusTargetRole
  • StaxEventsManagement
  • StaxIdamManagement
  • StaxManagement
  • StaxNetworkingManagement
  • StaxOrgManagement
  • StaxPermissionSetsManagement
  • stax-spotlight-service-role-StaxIamRole-<unique_id>
  • staxid-workload-deploy-admin

See also