-
- Parent Organization: In this section, you’ll be able to list the parent StackZone Organization if there is one.
- Sub-Organizations: In this section, you’ll be able to add and/or delete child StackZone Organizations
StackZone Roadmap
Request a FeatureLearn how our upcoming development initiatives will further drive StackZone’s capabilities.
* Last Update: 30 August 2024
StackZone Settings
-
-
-
-
- Advanced Permissions: Allows clients to invite or modify existing users with roles other than SuperAdmin or Administrator, limiting them to seeing certain accounts and regions in the dropdown menus when filtering.
- Users: In this section, authorized users will be able to invite and assign different roles to external users and also modify roles for the existing ones within the organization.
- Audit Trail: In this section, authorized users will be able to filter StackZone activities for the entire Organization for up to 30 days. This includes API activities in each module, which action was executed, and by whom. For this release, only logs related to Provisioning actions/deployment will be available.
- Organization Details: In this section, you’ll be able to visualize and update your company details, manage your StackZone Organization and also download the Terms and Conditions.This new feature will allow you to enable “Experimental Features” which will let you try out features we’re working on and give you the opportunity to leave us feedback.
- Billing: This feature will allow you to review your current subscriptions, download invoices, update billing contact email, set up payment methods, redeem coupon vouchers and more!
- User Session Management on the Access Management > Users section: from this screen, users with the SuperAdmin and Administrator roles will be able to logout users from your organization by clicking on the Logout users icon in the table. Also, you can get information about logged-in users: date, time, IP address, as well as last login date.
-
AWS
Dashboard
-
-
-
-
- Compliance Status History: This allows you to view the compliance history of your resources directly within the StackZone Dashboard. Each row will indicate if compliance was going up, down, or remained the same. This enhancement enables you to track and analyze the compliance status of your resources over time, providing valuable insights for maintaining and improving your compliance posture.
- Executed Remediations: In the Dashboard section, you will be able to see how many Config Rules and Remediations were executed by StackZone as well as their current status. This is an important overview feature that lets you understand the real value that StackZone gives to your organization on a daily basis and how it makes your environment better.
-
Provisioning (Engine)
-
-
- Blueprints: The Blueprints feature offers robust capabilities for managing and sharing configurations. Users can seamlessly migrate from one blueprint to another, ensuring smooth upgrades or changes without disrupting existing setups. Additionally, users can export their current configuration settings as a blueprint and save it in the database for easy backup, version control, and reuse. Furthermore, this feature allows users to share blueprints with other organizations, promoting consistency and efficiency by enabling the implementation of proven configurations across different teams and partners.
- Provisioning module for Azure cloud
- Control Tower implementation
- Add the ability for StackZone to support Enterprise AWS SSO
- Add no automatic remediation option for deployed remediations.
-
-
-
- Testing new regions as primary to make them available to deploy StackZone
- Add conditions to resources deployed by StackZone to avoid affecting the overall compliance percentage.
-
-
-
- AWS Education Blueprint
- AWS Config Rules:
- Lambda Tracing
- Elastic Beanstalk Logs to Cloudwatch
- DocumentDB Cluster Backup Retention Check
- DocumentDB Cluster Snapshot Public Prohibited
- DocumentDB Cluster Deletion Protection Enabled
- DocumentDB Cluster Encrypted
- DocumentDB Cluster Audit Logging Enabled
- SageMaker Notebook Instance Root Access Check
- Implement AWS Config Remediations:
- DocumentDB Cluster Backup Retention Check Remediation
- Revoke Unused IAM User Credentials
- Enforce HTTPS On OpenSearch Domain
- Enable Athena WorkGroup Encryption At Rest
- Enable CloudFront Viewer Policy HTTPS
- Enable CloudFront Access Logs
- Enable CloudFront Default Root Object
- Lambda Tracing
- RDS Enhanced Monitoring Enabled
- RDS Cluster Deletion Protection Enabled
- RDS Snapshots Public Prohibited
- EC2 Last Backup Recovery Point
- EFS Last Backup Recovery Point
- DynamoDB Last Backup Recovery Point
- FSX Last Backup Recovery Point
- EC2 Stopped Instances
- RDS Logging Enabled
- Aurora Last Backup Recovery Point
- RDS Last Backup Recovery Point
- S3 Last Backup Recovery Point
- EBS Last Backup Recovery Point
-
- Implement Optional Parameters for:
- EC2 Resources Protected by Backup Plan
- EBS Resources Protected by Backup Plan
- EFS Resources Protected by Backup Plan
- Aurora Resources Protected by Backup Plan
- DynamoDB Resources Protected by Backup Plan
- FSx Resources Protected by Backup Plan
- RDS Resources Protected by Backup Plan
- S3 Resources Protected by Backup Plan
- Implement Optional Parameters for:
-
- Created Healthcare AWS blueprintService Control Policies
-
- Restrict EBS volume type using SCPRestrict instance type using SCP
-
- Implemented region conditions for: EKS, EBS, Backup, EC2, EFS, FSx, SNS, SQS, RedShift, EMR, Sagemaker, Development, ECR, ECS, Cognito and PCI-DSS config rules to avoid deploying them on non-supported regions.
-
- Added Cognito user pool deletion protection.AWS Managed Config Rules:
- RDS Cluster IAM authentication enabled
- RDS Instance IAM authentication enabled
- CLB multiple AZ
- ELBv2 multiple AZ
- S3 lifecycle policy check
- EC2 managed instance (Windows & Linux) applications required
- ELBV2 ACM Certificate Required
- ELB Predefined Security Policy SSL Check
- OpenSearch Logs to CloudWatch
- OpenSearch Encrypted at Rest
- OpenSearch Node to Node Encryption Check
- DynamoDB Table Deletion Protection Config Rule and Remediation
- ECS Containers ReadOnly Access
- ECS Task Definition User For Host Mode Check
- Elasticsearch Logs to CloudWatch
- Elastic Beanstalk Managed Updates Enabled
- S3 Bucket Level Public Access Prohibited
- S3 Bucket ACL Prohibited
- AutoScaling Group Launch Config Public IP Disabled
- API Gateway Associated With WAF
- EC2 Resources Protected by Backup Plan
- EBS Resources Protected by Backup Plan
- EFS Resources Protected by Backup Plan
- Aurora Resources Protected by Backup Plan
- DynamoDB Resources Protected by Backup Plan
- FSx Resources Protected by Backup Plan
- RDS Resources Protected by Backup Plan
- S3 Resources Protected by Backup Plan
- Added Cognito user pool deletion protection.AWS Managed Config Rules:
-
Cost Management
-
-
-
-
- Service Details:
- Security > Config, GuardDuty, KMS
- Logging > Amazon CloudTrail
- Integration > AWS Systems Manager
- Savings Plans: Designed to elevate users’ financial management experience. Users can explore an intuitive Overview screen, where they have the flexibility to customize widgets, filter accounts, and statuses, and visualize data using doughnut charts and summary cards. Tailored recommendations based on plan types, terms, and payment options empower informed decision-making. Users can effortlessly purchase and return plans directly from the platform, streamlining portfolio management. With StackZone’s Savings Plans feature, users can take control of their savings, monitor utilization, and adapt to evolving needs with ease.
- Backfill Tags: The Backfill Tags feature allows users to retroactively enable Cost Allocation Tags for up to 12 months. This feature enhances flexibility and accuracy in managing cost allocation within the StackZone platform.”
- Savings Opportunities: The Savings Opportunities feature offers users a streamlined interface to access recommendations directly from the Savings Opportunities screen, enabling swift action on cost-saving measures. With advanced filtering options, users can easily segment recommendations by multiple criteria such as accounts, regions, and severity levels, while doughnut charts offer visual representations of savings opportunities. Detailed insights are presented through a comprehensive table displaying recommended actions, estimated monthly savings, and savings percentage estimates, enabling users to make informed decisions about cost optimizations.
- Cost Allocation Tags: The Cost Allocation Tags feature in StackZone is designed to provide customers with the capability to manage and control cost allocation tags efficiently. The key functionalities include the activation and deactivation of tags directly from the Cost Allocation Tags screen within the Cost Management module. Additionally, users should be able to filter tags based on their status (Active/Inactive) and types (AWSGenerated/UserDefined). The results are displayed in a table containing essential information such as TagKey, Status, Type, Last Used Date, and Last Updated Date.
- Overview: Get a comprehensive cost view of AWS’s historical and future earnings and expenses for associated services, split by Region and Accounts.
- Summary: From this section, you can get a detailed view of the top-ten most used AWS services in the last month and their cost deviation.
- Budgets: Ability to create budgets from the Cost Management section. Other features include setting alerts within a threshold, listing budgets across the organization, and creating or modifying a subscription for each budget to receive emails on a schedule.
- Reports: Allow listing reports created by you or shared with you across the organization.
- Optimize: In this first version, we will provide you with valuable insights into resource optimization. With the new Finding screen, you can now easily visualize information about different resources through interactive doughnut charts. These charts represent the optimization status of EC2 Instances, ECS Services, Auto Scaling Groups, EBS Volumes, and Lambda Functions.
- Optimize > Recommendations: This feature will let you know which resources require optimization filtering by Accounts, Resource, and Finding type, enabling you to optimize instances, volumes, and functions, according to their convenience, directly from the recommendation screen.
- Reports: Allow users to create subscriptions for each report to receive an email on an indicated schedule. It will be possible to edit report privacy settings as well, and also export to PDF.
- Cost Savings: This new feature will allow you to know which is the coverage regarding services in Savings Plans and Instance Reservations. Also will be able to visualize the coverage in doughnut charts, in order to know whether or not they need to purchase more Savings Plans and/or more Instance reservations.From this section, you will have the chance to set alarms with a certain frequency specifying Account(s), Region(s), Coverage Tye, AWS Service(s), Coverage Percentage, Coverage Period.
- Service Details:
-
Operations
-
-
- Resource Management:
- Databases > ElastiCache
- Storage > Amazon EBS Snapshots
- Storage > Amazon S3: From this section, you can select multiple Buckets and execute actions like Empty, Delete, Malware Protection, and Enable Versioning from the convenient Action button. You can also perform individual actions directly from the table, such as Empty, Delete, Enable Versioning, and Enable SSE.
- Well-Architected Tool: You will have a Quick SCAN capability, to auto-scan and fulfill technical questions regarding the system as well as quick access to key knowledge bases and resources to solve pending actions.
- Resource Management:
-
-
-
- Resource Management:
- Databases > DB Snapshots
- Tag Manager: This feature allows StackZone users to efficiently manage and organize their cloud resources through tags. It streamlines the process of categorizing resources, allowing users to create tag groups, automatically tag resources, and gain insightful visualizations through filtered overviews. Tag Manager also enables users to override existing tag values and facilitates a clear understanding of tagged resources across different accounts and regions.
- Resource Management:
-
-
-
- Findings: The Findings feature in the Security Compliance section enables users to view security discoveries across managed accounts and check their archived/unarchived status. Users can filter by multiple accounts and statuses, analyzing severity, accounts, and finding types through doughnut charts and detailed tables. Users will be able to execute actions like archiving or unarchiving findings and save reports for compliance purposes.
- Resource Management:
- Integration > SSM Documents
- Security > Secrets Manager
- Storage > Amazon EFS
- Compute > Amazon EKS
- Compute > AWS Auto Scaling, Amazon Workspaces
- Compute > Amazon ECS
- Security > AWS KMS
- Databases > Amazon OpenSearch
- Integration > Certificate Manager
- Integration: Cloud Formation
- Compute: Amazon ECS
- Networking: Elastic Load Balancing
- Compute > AWS Lambda Function
- Networking > Elastic IP
- Identity Management
- Advisor: The advisor feature serves as a comprehensive toolset that not only identifies areas for improvement within cloud infrastructure but also provides actionable insights, visualizations, and filtering options to streamline decision-making and drive continuous optimization and enhancement efforts.
- Well Architected Tool: The Well Architected tool is designed to help you review the health of your applications and workloads against architectural best practices, identify opportunities for improvement, and track progress over time. From StackZone, you will have the chance to use a particular “lens” and set a milestone to define a Workload and determine its compliance status for an Organization while simplifying Risk Assessments revisions and actions required to be taken.Another feature will provide Audit status advance of Workload by reviewing its associated MILESTONE dates.
-
Account Management feature: designed to streamline and enhance your AWS account management within StackZone. This feature empowers users with the ability to invite, create, onboard, and offboard AWS accounts, while efficiently organizing them into specific organizational units.
- Invite Existing AWS Accounts to be part of your StackZone organization.
- Create AWS Accounts directly from within StackZone Console.
- Onboard to StackZone and Assign Organizational Units to facilitate efficient resource allocation, access control, and visibility management across your organization’s accounts.
- Offboard an existing account from StackZone
- Resource Finder: This new feature allows you to manage your cloud resources. With intuitive filtering options by Account, Resource types, Regions, and Tags, you can easily locate the information you need. Interactive doughnut charts offer valuable insights into Resource types and their distribution across regions. You will be able to filter by a single tag, identify untagged resources, and save custom reports with filtered information for future reference or team collaboration. With predefined region filters and a tabular view presenting Identifier, Arn, Resource Type, Region, and Tags, ResourceView streamlines cloud resource management, providing unparalleled control and visibility for optimized decision-making.
- Resource Management – Storage:
- Amazon EBS Volumes: From here you will efficiently manage Volumes by selecting multiple instances for actions like detach and delete. Perform individual actions from the table, including detach, delete, create snapshots, and attach.
- Resource Management – Integration Services:
- Amazon SQS: Integration services will enable you to perform various actions on their SQS queues, such as purging, editing encryption settings, and deleting queues. This ensures smooth data processing and optimal resource management.
- Resource Management – Databases:
- Amazon DynamoDB: In this section, you will be able to filter by accounts and regions, and also perform multiple actions such as: deleting tables and creating backups individually for each of them.
- Amazon RDS: In this section, you will be able to select and manage your Amazon RDS resources. By simply clicking on the “Amazon RDS” option in the “Resources” card, you will have the chance to perform various actions on the resources based on your specific needs. These actions will be: start, stop, reboot, terminate, termination protection, and create snapshots.
- Amazon Redshift: By selecting Amazon Redshift, you will be able to filter by multiple accounts, multiple regions, and encrypted status. This filtering will provide you a table with information such as Cluster Name, Account, Region, Node Type, Encrypted, Logging Enabled, Public Access, VPC ID, and Status. Additionally, you will be able to perform multiple actions like delete, reboot, pause, change admin pass, resume, and create snapshot.
- Resource Management – Compute:
- EC2 Instances: In the Compute section, you will have the possibility to select multiple instances and perform different actions on them simultaneously. These actions include starting, stopping, rebooting, and terminating instances. In addition, you also will have the option to execute specific actions on each instance individually like starting, stopping, rebooting, terminating, and backing up instances by simply clicking on the corresponding icon associated with each instance.
- Resource Management – Networking:
- Amazon VPC Services: This new feature will allow you to efficiently manage your VPC services and perform necessary actions based on your requirements. You will also be able to edit DNS resolution, and DNS hostnames, and delete VPCs. You can also filter by account, region, and tenancy.
- Resource Management – Integration Services:
- Amazon SNS: You will have the possibility to easily edit topic names, delete topics, and manage multiple subscriptions simultaneously. This centralized approach simplifies the organization and enhances productivity.
- Overview: In this section, you will be able to filter by multiple Regions and multiple Accounts to get information about managed instances, AWS Support cases, OpsItem by status and by severity, Compliance Summary by Resource Type, Backup Jobs by status, Restore Jobs by status and Backup Summary by Resource Type. To try this feature, you need to enable “Experimental Features” in the StackZone Settings > Organization Details section.
- Backup Audit: This feature is designed to help customers monitor and review the status of their backups in an efficient and organized way. The feature provides a visual representation of the compliance status of the Recovery Point Encrypted and Recovery Point Min Retention policies in a doughnut chart. Customers can filter this chart based on Accounts, Regions, and Periods to see the status of their backups for a particular period, region, or account. Additionally, the feature provides a table that displays the status of the customer’s resources, which includes information on whether the backups are Created, Partial, Completed, Expired, Available, Deleted, or Stopped. The table provides customers with a more detailed view of their backups, enabling them to take quick action if necessary.
- Security Compliance: This new feature allows you to oversee the current compliance status resources by filtering multiple accounts and regions. You will also be able to identify the current compliance status from existing resources that could be remediated and execute the proper remediation to fix the resource with just a single click.
-
Identity Management
-
-
-
-
- The IAM Policy Visualizer feature is designed to allow users to filter AWS policies by account and visualize the permissions associated with those policies. This includes displaying the services and actions that the policies grant permissions for, all presented in an interactive and user-friendly table format.
- PermissionSets: With Custom PermissionSets, users can build customized permission sets using pre-defined managed policies and restrictions.
- PermissionSets: With Default PermissionSets, users can swiftly generate default sets and view them in a structured table format. Accessible via the Identity Manager module, users navigate to the Permission Sets screen and utilize intuitive options to create and delete sets.
- Identity Management: The Identity Management feature within StackZone’s AWS integration lets customers efficiently manage user access. Using the IAM Identity Center, users can create and assign permissions to specific Users and Groups across AWS Accounts. This feature also integrates with Access Analyzer in each AWS Organization’s security account, allowing users to visualize and address security findings. Additionally, it enables users to save reports directly from the Access Analyzer screen, providing a convenient way to capture crucial insights and enhance overall security.
-
Monitoring
-
-
-
- Our Dashboards and Widgets feature in the Monitoring section allows users to save widgets and create dashboards for enhanced analysis and visibility. Users can save widgets from the Monitoring > Resource Metrics screens and access them in the Widgets section, which lists all saved widgets with options to add to dashboards, edit, or delete. Users can create custom or default dashboards, edit dashboards by adding/removing widgets, and change visibility settings. Additionally, dashboards can be shared via unique URLs for public or organizational access. This feature ensures efficient management and organization of widgets and dashboards.
-
-
-
- The Logs feature enables users to manage and monitor Amazon CloudWatch log groups. Users can view log groups and up to 10,000 log events per group, filter by account and region, and see details like Log Group Class, Creation Time, and Retention in Days.
- The Monitoring feature enables users to fully analyze their workload performance. By defining the account(s), region(s), metric(s), and period, StackZone will present the information in easy-to-read graphics. Additionally, users can create personalized dashboards and widgets to track metrics for specific resources like EC2 instances, containers, buckets, etc., visualizing trends over time.
-
Contact Center
-
-
-
-
- The Contact Center feature streamlines the creation and management of Amazon Connect Instances, enabling users to effortlessly establish multi-account-multi-region contact centers through a single interface. Within the Contact Center > Instances section, users can seamlessly create Amazon Connect instances and associate storage configurations stored in S3 buckets via the action button. The feature enhances efficiency by facilitating essential actions directly from the Instances table, including adding users, routing profiles, claim numbers, operational hours, queues, approved domains ,contact flows, and prompts. By offering pre-defined flows and prompts, this feature simplifies the contact center journey, empowering customers to efficiently manage multiple environments while leveraging Amazon Connect’s robust capabilities.
-
Sustainability
-
-
-
-
- The “Sustainability” feature is a powerful tool that will provide customers invaluable insights into the greenhouse gases, particularly carbon dioxide (CO2), associated with their lifestyle choices, purchases, or business operations. By utilizing this tool, customers will be able to better understand the environmental consequences of their actions and make informed decisions to reduce their carbon footprint.
-
AZURE
Dashboard
-
-
-
- Dashboard: In this section, you will be allowed to view recommended actions based on your Azure environment’s status, check the summary of Azure subscriptions and spending, track policy compliance, and see an overview of resource compliance. Additionally, you will be able to explore your Management Groups and view enabled geographic locations on a map.
-
-
Cost Management
-
-
-
- Recommendations: The Recommendations feature allows users to filter recommendations by Subscription ID, providing insights into Total Recommendations, Impacted Resources, and Potential Yearly Savings. It presents recommendations in a table format, detailing ID, Category, Impact, Problem & Solution, and Last Update. This feature streamlines decision-making by offering specific, actionable insights for optimizing Azure subscriptions.
- Overview: The feature will offer small cards showing key cost metrics like Current Month, Projected Cost, Last Month, and Year-to-Date costs. You will also be able to check the Current Month’s costs by location. A bar chart in the Service Details section will represent specific services, offering cost information on hover. Real-time updates will be available when switching scopes.
- Cost Summary: The feature will allow you to get a detailed view of the top-ten Current Costs by Azure services in the last month, MTD, and Last 6 months (average)
- Budgets: Ability to create budgets from the Cost Management section. Other features include setting alerts within a threshold, listing budgets across the organization, and creating or modifying a subscription for each budget to receive emails on a schedule.
- Reports: Allow listing reports created or shared with you across the organization, and also create subscriptions for each report to receive an email on an indicated schedule. It will be possible to edit report privacy settings as well and also export to PDF.
- Service Details: The Service Details feature enables users to filter data by Scope, ID, Location, Category, Interval, and period. This allows for precise analysis, generating a dynamic chart based on selected criteria and displaying cost deviations. Customers can save these customized reports for future reference or sharing.
-
-
Operations
-
-
- Compliance: Users can oversee compliance status and policies via a customizable dashboard, filtering by Scope and multiple IDs. A bar graph visualizes compliance across Resource Types, while a table highlights the Top 5 Non-Compliant Policies. The Policy section allows detailed oversight, providing filtering options by Scope, multiple IDs, Resource Type, and Compliance State. This comprehensive toolset enables precise control and monitoring within StackZone for effective compliance management.
- Resource Inventory: Through a customizable doughnut chart, users can easily view Resource Types based on filters such as Scope, multiple IDs, Resource Types, and Location. Another doughnut chart displays resource Locations, accommodating filtering options of Scope, multiple IDs, Resource Types, and Locations. Moreover, users have the capability to specifically view all resources within a chosen location and access detailed information about each resource, including its associated tags. A dedicated table showcases the count of tags per resource, ensuring a granular understanding of resource attributes for streamlined management and analysis.
-
-
- Overview: The Overview feature lets users filter data by Scope and ID to access key insights such as Total Resources, Secure Score, Resource Health, Recommendations by Severity, and Compliance status. Users can view default data and apply filters to tailor their information. The feature also allows report saving for easy access to critical Azure information.
- Advisor: Azure Advisor optimizes cloud management, aligning with business needs by categorizing recommendations into Security, Reliability, Operational Excellence, and Performance. Users can filter by Subscription ID, view concise table-based recommendations, and access crucial details like ID, Category, Impact, Problem and Solution, and Last Update. This feature streamlines decision-making, saves time, and supports ongoing resource optimization by enabling users to save reports.
- Reports: Allow listing reports created or shared with you across the organization, and also create subscriptions for each report to receive an email on an indicated schedule. It will be possible to edit report privacy settings as well and also export to PDF.
- Overview: The Overview feature lets users filter data by Scope and ID to access key insights such as Total Resources, Secure Score, Resource Health, Recommendations by Severity, and Compliance status. Users can view default data and apply filters to tailor their information. The feature also allows report saving for easy access to critical Azure information.
-