Installation Guide
The Installation Guide provides step-by-step instructions for deploying Sandbox Studio into your AWS environment. It covers an overview of the solution’s architecture, including how the platform integrates with AWS to provision, manage, and clean up sandbox accounts.
You will learn how to prepare your environment, configure necessary AWS services, and apply the required permissions and security settings. This guide will take you through the installation process from start to finish, ensuring that Sandbox Studio is deployed correctly and ready to use.
Solution overview
The overview describes the Features and Benefits, Use cases and concept and definitions.
Overview
What is Sandbox Studio? Sandbox Studio is a web-based solution that helps cloud administrators m...
Core Capabilities
Sandbox Studio provides a range of tools to make AWS sandbox account management fast, safe, and c...
Concepts and definitions
Term / Concept Description Account Recycling The process of cleaning and reusing...
Architecture overview
The architecture of Sandbox Studio brings together multiple AWS services to deliver secure, tempo...
Solution Architecture
Sandbox Studio solution is built entirely on AWS services, with each component playing a specific...
AWS services in this solution
Sandbox Studio uses a combination of AWS managed services to securely deliver, manage, and clean ...
Security & Compliance
This page provides an overview of the security model used by Sandbox Studio. It explains how the ...
Roles deployed by the solution
Sandbox Studio installs multiple roles in your environment, each serving different purposes ...
Secrets & Encryption keys
Secrets Sandbox Studio creates 4 secrets in AWS Secrets Manager: Secret name ...
Data stored (and where)
Overview Sandbox Studio provisions a single-AZ database by default (db.t4g.micro). You can modif...
Plan your deployment
This section describes the Regions, cost, security, and other considerations prior to deploying t...
Prerequisite Skills and Specialised Knowledge
Overview This solution requires foundational knowledge of AWS and specific AWS services. The lev...
Installation Prerequisites
Before installing Sandbox Studio, it is important to confirm that the required prerequisites are ...
Choosing your region(s)
When setting up Sandbox Studio, choosing the correct AWS Regions is an important step. The region...
Choosing the hub account
Sandbox Studio requires multiple AWS accounts to function. These accounts follow a hub-and-spoke ...
Understand running costs
Running Sandbox Studio does involve some ongoing AWS costs, but these are generally modest and re...
Creating sandbox accounts
Sandbox Studio works by managing a pool of AWS accounts. These accounts are pre-provisioned by yo...
External identity provider setup (Optional)
Many organisations, particularly those running a multi-account AWS environment, use AWS IAM Ident...
Deploy the Solution
To help streamline the setup of Sandbox Studio, we’ve provided an installation script that checks...
Deploy the Solution Manually
Note: We strongly recommend using the installation script available here to deploy the Sandbox St...
Before you start...
Before you embark on this manual AWS CloudFormation adventure, let us remind you that we've poure...
Overview of what you'll do
Installing Sandbox Studio manually follows three main stages. Each stage builds on the last, so i...
AWS CloudFormation templates
Sandbox Studio is packaged as a set of AWS CloudFormation stacks. If you decide to manually insta...
Step 1: Deploy the AccountPool stack
Install the AccountPool CloudFormation stack in the organisation management account. How to Inst...
Step 2: Deploy the IDC stack
Install the IDC CloudFormation stack in the organisation management account. How to Install this...
Step 3: Deploy the Network stack
Install the Network CloudFormation stack in the hub account. How to Install this Stack Login ...
Step 4: Deploy the Data stack
Install the Data CloudFormation stack in the hub account. How to Install this Stack Login to ...
Step 5: Deploy the SES stack
Install the SES CloudFormation stack in the hub account. How to Install this Stack Login to t...
Step 6: Deploy the Compute stack
Install the Compute CloudFormation stack in the hub account. How to Install this Stack Login ...
Step 7: Deploy the API stack
Install the API CloudFormation stack in the hub account. How to Install this Stack Login to t...
Post-deployment configuration tasks
Note: You only need to read this section if you have decided to deploy the solution manually. On...
Create an IAM Identity Center application
Login to the AWS console and open IAM Identity Center. Navigate to Applications → Add ap...
Add initial users
The IDC CloudFormation deployment creates three default groups in IAM Identity Center (you can cu...
Update AWS AppConfig
AWS AppConfig is used by Sandbox Studio to store its runtime configuration. You will need to upda...
Update AWS Secrets Manager
AWS Secrets Manager is used to store the SAML Identity Provider (IdP) certificate securely. The S...
Logging into the web UI
Once you have completed the installation of Sandbox Studio, you can log into the web user interfa...
Setup a custom domain (Optional)
By default, Sandbox Studio is deployed behind an AWS CloudFront distribution. Users can access it...