Understanding the StaxManagement Role
The StaxManagement role is an IAM role that is utilised by Stax automation to perform updates and maintenance in your Stax accounts.
From time to time, Stax automation will update your Stax accounts. Updates are most commonly applied by the Account Assurance process. The updates may include improved security controls, additional features or just routine maintenance. Stax leverages the StaxManagement IAM role to apply these updates and manages this role in accordance with the principle of least privilege.
Using CloudTrail to identify StaxManagement activities
AWS CloudTrail can be leveraged to determine what activities the StaxManagement role has performed within your account.
When reviewing CloudTrail logs, the
sessionContext section will contain a reference to the StaxManagement role. Specifically, it will contain the below attributes:
"arn": "arn:aws:iam::<AWSAccountID>:role/stax/StaxManagement", "userName": "StaxManagement"