StackZone Roadmap

StackZone Settings

• 
  Planned

  ---

  • Parent Organization: 
    In this section, you’ll be able to list the parent StackZone Organization if there is one.

  • Sub-Organizations:
    In this section, you’ll be able to add and/or delete child StackZone Organizations.

• 
  In Progress

  ---
• 
  Released

  ---

  • Users:
    In this section, authorized users will be able to invite and assign different roles to external users and also modify roles for the existing ones within the organization.
  • Audit Trail:
    In this section, authorized users will be able to filter StackZone activities for the entire Organization for up to 30 days. This includes API activities in each module, which action was executed and by whom. For this release only logs related to Provisioning actions / deployment will be available.
  • Organization Details:
    In this section, you’ll be able to visualize and update your company details, manage your StackZone Organization and also download the Terms and Conditions.This new feature will allow you to enable “Experimental Features” which will let you try out features we’re working on and give you the opportunity to leave us feedback.
  • Billing:
    This feature will allows you to review your current subscriptions, download invoices, update billing contact email, set up payment methods, redeem coupon vouchers and more!
  • Added User Session Management on the Access Management > Users section. from this screen, users with the SuperAdmin and Administrator roles will be able to logout users from your organization by clicking on the Logout users icon in the table. Also, you can get information about logged-in users: date, time, IP address, as well as last login date.

AWS

Dashboard

• 
  Released

  ---

  • Executed Remediations:
    In the Dashboard section, you will be able to see how many Config Rules and Remediations were executed by StackZone as well as their current status. This is an important overview feature that lets you understand the real value that StackZone gives to your organization on a daily basis and how it makes your environment better.

Provisioning (Engine)

• 
  Planned

  ---

  • Control Tower implementation

  • Add the ability for StackZone to support Enterprice SSO

  • Add no automatic remediation option for deployed remediations.

• 
  In Progress

  ---

  • Investigate the possibility of adding more resources to Backup Feature.

   

   

   

• 
  Released

  ---

  • Implement AWS Config Remediations:
    – RDS Enhanced Monitoring Enabled
    – RDS Cluster Deletion Protection Enabled
    – RDS Snapshots Public Prohibited
    – EC2 Last Backup Recovery Point
    – EFS Last Backup Recovery Point
    – DynamoDB Last Backup Recovery Point
    – FSX Last Backup Recovery Point
    – EC2 Stopped Instances
    – RDS Logging Enabled
    – Aurora Last Backup Recovery Point
    – RDS Last Backup Recovery Point
    – S3 Last Backup Recovery Point
    – EBS Last Backup Recovery Point
  • Implement Optional Parameters for:
    – EC2 Resources Protected by Backup Plan
    – EBS Resources Protected by Backup Plan
    – EFS Resources Protected by Backup Plan
    – Aurora Resources Protected by Backup Plan
    – DynamoDB Resources Protected by Backup Plan
    – FSx Resources Protected by Backup Plan
    – RDS Resources Protected by Backup Plan
    – S3 Resources Protected by Backup Plan

  • Created Healthcare AWS blueprint

  • Service Control Policies

    • Restrict EBS volume type using SCP

    • Restrict instance type using SCP

  • Implemented region conditions for:
    EKS, EBS, Backup, EC2, EFS, FSx, SNS, SQS, RedShift, EMR, Sagemaker, Development, ECR, ECS, Cognito and PCI-DSS config rules to avoid deploying them on non-supported regions. ​  

  • Added Cognito user pool deletion protection.

  • AWS Managed Config Rules:

    • RDS Cluster IAM authentication enabled

    • RDS Instance IAM authentication enabled

    • CLB multiple AZ

    • ELBv2 multiple AZ

    • S3 lifecycle policy check

    • EC2 managed instance (Windows & Linux) applications required.

    • ELBV2 ACM Certificate Required 

    • ELB Predefined Security Policy SSL Check 

    • OpenSearch Logs to CloudWatch 

    • OpenSearch Encrypted at Rest

    • OpenSearch Node to Node Encryption Check

    • DynamoDB Table Deletion Protection Config Rule and Remediation

    • ECS Containers ReadOnly Access

    • ECS Task Definition User For Host Mode Check

    • Elasticsearch Logs to CloudWatch

    • Elastic Beanstalk Managed Updates Enabled 

    • S3 Bucket Level Public Access Prohibited 

    • S3 Bucket ACL Prohibited 

    • AutoScaling Group Launch Config Public IP Disabled 

    • API Gateway Associated With WAF

    • EC2 Resources Protected by Backup Plan

    • EBS Resources Protected by Backup Plan

    • EFS Resources Protected by Backup Plan

    • Aurora Resources Protected by Backup Plan

    • DynamoDB Resources Protected by Backup Plan

    • FSx Resources Protected by Backup Plan

    • RDS Resources Protected by Backup Plan

    • S3 Resources Protected by Backup Plan

Cost Management

• 
  Planned

  ---
• 
  In Progress

  ---

  • Cost Savings:
    This new feature will allow you to know which is the coverage regarding services in Savings Plans and Instance Reservations. Also will be able to visualize the coverage in doughnut charts, in order to know whether or not they need to purchase more Savings Plans and/or more Instance reservations.
    From this section, you will have the chance to set alarms with a certain frequency specifying Account(s), Region(s), Coverage Tye, AWS Service(s), Coverage Percentage, Coverage Period.
  • Reports:
    Allows you to create subscriptions for each report to receive an email on an indicated schedule. It will be possible to edit report privacy settings as well, and also export to PDF.
• 
  Released

  ---

  • Overview:
    Get a comprehensive cost view of AWS’s historical and future earnings and expenses for associated services, split by Region and Accounts.
  • Summary:
    From this section, you can get a detailed view of the top-ten most used AWS services in the last month and their cost deviation.
  • Budgets:
    Ability to create Budgets from the Cost Management section. Other features include: setting alerts within a threshold, listing budgets across the organization, and creating or modifying a subscription for each budget to receive emails on a schedule.
  • Reports:
    Allow listing reports created by you or shared with you across the organization.
  • Optimize:
    In this first version, we will provide you with valuable insights into resource optimization. With the new Finding screen, you can now easily visualize information about different resources through interactive doughnut charts. These charts represent the optimization status of EC2 Instances, ECS Services, Auto Scaling Groups, EBS Volumes, and Lambda Functions.
  • ​Optimize > Recommendations:
    This feature will let you know which resources require optimization filtering by Accounts, Resource, and Finding type, enabling you to optimize instances, volumes, and functions, according to their convenience, directly from the recommendation screen.

Operations

• 
  Planned

  ---

   

  • Well-Architected Tool:
    You will have a Quick SCAN capability, to auto-scan and fulfill technical questions regarding the system as well as quick access to key knowledge bases and resources to solve pending actions.
  • Resource Management – Storage:
    – Amazon EBS Snapshots: In this section you will be able to select multiple Snapshots and execute actions such as delete, offering efficient management of Snapshot resources. Additionally, customers have the flexibility to perform individual actions like sharing snapshots and tailoring their storage management approach to specific requirements.
    
  • Resource Management – Databases:
    – Amazon ElastiCache: From here, you will have the possibility to filter by certain criteria like accounts, regions, engine, and status.  The applied filters generate a table displaying details such as Cluster ID, Account, Region, Type, Engine, Rest Encryption, Transit Encryption, and Status and also you will be able to perform multiple actions like reboot, delete, modify node type, and create snapshot.
• 
  In Progress

  ---

  • Tag Manager:
    This feature allows StackZone users to efficiently manage and organize their cloud resources through tags. It streamlines the process of categorizing resources, allowing users to create tag groups, automatically tag resources, and gain insightful visualizations through filtered overviews. Tag Manager also enables users to override existing tag values and facilitates a clear understanding of tagged resources across different accounts and regions.
  • Resource Management – Storage:
    – Amazon S3: From this section, you can select multiple Buckets and execute actions like Empty, Delete, and Enable Versioning from the convenient Action button. You can also perform individual actions directly from the table, such as Empty, Delete, Enable Versioning, and Enable SSE.
    
    
• 
  Released

  ---

  • Well Architected Tool:
    The Well Architected tool is designed to help you review the health of your applications and workloads against architectural best practices, identify opportunities for improvement, and track progress over time. From StackZone, you will have the chance to use a particular “lens” and set a milestone to define a Workload and determine its compliance status for an Organization while simplifying Risk Assessments revisions and actions required to be taken.
    Another feature will provide Audit status advance of Workload by reviewing its associated MILESTONE dates.
  • Account Management feature: designed to streamline and enhance your AWS account management within StackZone. This feature empowers users with the ability to invite, create, onboard, and offboard AWS accounts, while efficiently organizing them into specific organizational units.
    • • Invite Existing AWS Accounts to be part of your StackZone organization.
      • Create AWS Accounts directly from within StackZone Console.
      • Onboard to StackZone and Assign Organizational Units to facilitate efficient resource allocation, access control, and visibility management across your organization’s accounts.
      • Offboard an existing account from StackZone
  • Resource Finder
    This new feature allows you to manage your cloud resources. With intuitive filtering options by Account, Resource types, Regions, and Tags, you can easily locate the information you need. Interactive doughnut charts offer valuable insights into Resource types and their distribution across regions. You will be able to filter by a single tag, identify untagged resources, and save custom reports with filtered information for future reference or team collaboration. With predefined region filters and a tabular view presenting Identifier, Arn, Resource Type, Region, and Tags, ResourceView streamlines cloud resource management, providing unparalleled control and visibility for optimized decision-making.
  • Resource Management – Storage:
    – Amazon EBS Volumes: From here you will efficiently manage Volumes by selecting multiple instances for actions like detach and delete. Perform individual actions from the table, including detach, delete, create snapshots, and attach.
  • Resource Management – Integration Services:
    – Amazon SQS: Integration services will enable you to perform various actions on their SQS queues, such as purging, editing encryption settings, and deleting queues. This ensures smooth data processing and optimal resource management.
  • Resource Management – Databases:
    – Amazon DynamoDB: In this section, you will be able to filter by accounts and regions, and also perform multiple actions such as: deleting tables and creating backups individually for each of them.
    – Amazon RDS: In this section, you will be able to select and manage your Amazon RDS resources. By simply clicking on the “Amazon RDS” option in the “Resources” card, you will have the chance to perform various actions on the resources based on your specific needs. These actions will be: start, stop, reboot, terminate, termination protection, and create snapshots.
    – Amazon Redshift: By selecting Amazon Redshift you will be able to filter by multiple accounts, multiple regions, and encrypted status. This filtering will provide you a table with information such as Cluster Name, Account, Region, Node Type, Encrypted, Logging Enabled, Public Access, VPC ID, and Status. Additionally, you will be able to perform multiple actions like delete, reboot, pause, change admin pass, resume, and create snapshot.
  • Resource Management – Compute:
    – EC2 Instances: In the Compute section, you will have the possibility to select multiple instances and perform different actions on them simultaneously. These actions include starting, stopping, rebooting, and terminating instances. In addition, you also will have the option to execute specific actions on each instance individually like starting, stopping, rebooting, terminating, and backing up instances by simply clicking on the corresponding icon associated with each instance.
  • Resource Management – Networking:
    – Amazon VPC Services: This new feature will allow you to efficiently manage your VPC services and perform necessary actions based on your requirements. You will also be able to edit DNS resolution, and DNS hostnames, and delete VPCs. You can also filter by account, region, and tenancy.
  • Resource Management – Integration Services:
    – Amazon SNS: You will have the possibility to easily edit topic names, delete topics, and manage multiple subscriptions simultaneously. This centralized approach simplifies the organization and enhances productivity.
  • Overview:
    In this section you will be able to filter by multiple Regions and multiple Accounts to get information about managed instances, AWS Support cases, OpsItem by status and by severity, Compliance Summary by Resource Type, Backup Jobs by status, Restore Jobs by status and Backup Summary by Resource Type. To try this feature, you need to enable “Experimental Features” in the StackZone Settings > Organization Details section.
  • Backup Audit: 
    This feature is designed to help customers monitor and review the status of their backups in an efficient and organized way. The feature provides a visual representation of the compliance status of the Recovery Point Encrypted and Recovery Point Min Retention policies in a doughnut chart. Customers can filter this chart based on Account(s), Region(s), and Period to see the status of their backups for a particular period, region, or account. Additionally, the feature provides a table that displays the status of the customer’s resources, which includes information on whether the backups are Created, Partial, Completed, Expired, Available, Deleted, or Stopped. The table provides customers with a more detailed view of their backups, enabling them to take quick action if necessary.
  • Security Compliance:
    This new feature allows you to oversee the current Compliance status resources by filtering multiple accounts and regions. You will also be able to identify the current Compliance status from existing resources that could be remediated and execute the proper remediation to fix the resource with just a single click.

AZURE

Dashboard

• 
  Planned

  ---
• 
  In Progress

  ---

  • Dashboard: 
    • In this section, you will be allowed to view recommended actions based on your Azure environment’s status, check the summary of Azure subscriptions and spending, track policy compliance, and see an overview of resource compliance. Additionally, you will be able to explore your Management Groups and view enabled geographic locations on a map.
• 
  Released

  ---

Cost Management

• 
  Planned

  ---

  • Overview:
  • • The feature will offer small cards showing key cost metrics like Current Month, Projected Cost, Last Month, and Year-to-Date costs. You will also be able to check the Current Month’s costs by location. A bar chart in the Service Details section will represent specific services, offering cost information on hover. Real-time updates will be available when switching scopes.
• 
  In Progress

  ---

  • Cost Summary:
    • The feature will allow you to get a detailed view of the top-ten Current Costs by Azure services in the last month, MTD, and Last 6 months (average)
• 
  Released

  ---