AWS CloudFormation templates

Sandbox Studio is packaged as a set of AWS CloudFormation stacks. If you decide to manually install Sandbox Studio, you must deploy them in the order shown below and into specific AWS accounts. This page explains each stack, where to deploy it, and why the order matters.

Stack Summary

#	Stack	What it does	Deploy to	Key AWS Services	Depends on
1	Account Pool	Creates OUs to host sandbox accounts and applies SCPs to govern them.	Org Management Account	AWS Organisational Units (OU's), Service Control Policies (SCP's)	-
2	IDC	Sets up IAM Identity Center groups used by Sandbox Studio users.	Org Management Account	IAM Identity Center Groups	-
3	Network	Provisions a VPC with multiple subnets. Hosts the database in a private subnet and runs Lambda functions in private subnets with egress access.	Hub Account	Amazon VPC, VPC Endpoints
4	Data	Deploys the application database that stores all Sandbox Studio data. Kept separate to simplify upgrades.	Hub Account	Amazon RDS	Network
5	SES	Creates email templates for alerts and notifications.	Hub Account	Amazon SES	-
6	Compute	Core back end components such as event driven Step Functions and CodeBuild tasks that are used to clean up and set up new accounts.	Hub Account	Event Bridge, Lambda, Step Functions, CodeBuild	Data, Network, SES
7	API	The front end compute stack including the API and user facing web application.	Hub Account	Lambda, API Gateway, S3, CloudFront	Compute

Where to get the CloudFormation templates

All templates are published to S3. Choose the version you want and construct URLs as:

The stack names (filenames) are shown below:

SandboxStudio-AccountPool.template.json
SandboxStudio-IDC.template.json
SandboxStudio-Network.template.json
SandboxStudio-Data.template.json
SandboxStudio-SES.template.json
SandboxStudio-Compute.template.json
SandboxStudio-API.template.json

Find the latest version (optional): fetch
https://dist.sandboxstudiosoftware.com/latest.json
and use its "version" value in place of <VERSION>.

Example: if latest.json says {"version":"1.2.3"}, the AccountPool template is
https://sandbox-studio-software-dist.s3.amazonaws.com/versions/1.2.3/SandboxStudio-AccountPool.template.json.

Overview

Core Capabilities

Concepts and definitions

Solution Architecture

AWS services in this solution

Security & Compliance

Roles deployed by the solution

Secrets & Encryption keys

Data stored (and where)

Prerequisite Skills and Specialised Knowledge

Installation Prerequisites

Choosing your region(s)

Choosing the hub account

Understand running costs

Creating sandbox accounts

External identity provider setup (Optional)

Running the Installation Wizard

Update Sandbox Studio

Before you start...

Overview of what you'll do

AWS CloudFormation templates

Step 1: Deploy the AccountPool stack

Step 2: Deploy the IDC stack

Step 3: Deploy the Network stack

Step 4: Deploy the Data stack

Step 5: Deploy the SES stack

Step 6: Deploy the Compute stack

Step 7: Deploy the API stack

Create an IAM Identity Center application

Add initial users

Update AWS AppConfig

Update AWS Secrets Manager

Logging into the web UI

Setup a custom domain (Optional)

Free Tier and Upgrading

End User Licence Agreement (EULA)

AWS CloudFormation templates

Stack Summary

Where to get the CloudFormation templates