Architecture overview
The architecture of Sandbox Studio brings together multiple AWS services to deliver secure, temporary sandbox environments. At a high level, the solution uses a combination of managed services that each play a specific role — from provisioning accounts and handling authentication, to monitoring usage and cleaning up resources. These services work together through event-driven automation and serverless functions to ensure scale, reliability, and efficiency. Security and compliance are built into the design, with controls such as least-privilege access, encryption, service control policies (SCPs), and network isolation.
The following sections provide more detail on the overall solution design, the AWS services used, and the security model that underpins it.
Solution Architecture
Sandbox Studio solution is built entirely on AWS services, with each component playing a specific...
AWS services in this solution
Sandbox Studio uses a combination of AWS managed services to securely deliver, manage, and clean ...
Security & Compliance
This page provides an overview of the security model used by Sandbox Studio. It explains how the ...
Roles deployed by the solution
Sandbox Studio installs multiple roles in your environment, each serving different purposes ...
Secrets & Encryption keys
Secrets Sandbox Studio creates 4 secrets in AWS Secrets Manager: Secret name ...
Data stored (and where)
Overview Sandbox Studio provisions a single-AZ database by default (db.t4g.micro). You can modif...